Re: [Declude.JunkMail] understanding JM scores
Can Scott or someone explain to me how the weight on this message was calculated? The weight is calculated by adding/subtracting every relevant weight for the E-mail. In almost all cases where the weights do not seem to add up, it is because the E-mail did *not* fail a spam test that is set to use a negative weight. For example, E-mails that do not fail the IPNOTINMX or NOLEGITCONTENT tests will normally have points subtracted from their weight (as they are more likely to be legitimate E-mails). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External plus length
I've been testing a script using an external test and I seem to have come across a limitation in the length of the line. The script is definitely being called because it has it's own logging function, but Declude isn't listening to the result code that it gives. I created a single line VBScript to test for the possibility of a length limitation and I found it conclusive...beyond a certain length, the result code given by the script was not used. Would it be possible to use the debug mode, and send me the entries? That should provide some more information as to what is happening. I've checked the code, and don't see anything that looks like it could cause this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Is this the Outlook/Space problem?
Hi, I remember reading about the Outlook and space in the header problem a while ago. I had not seen it until now (I think). Is this that problem? If I read this correctly it was send via Exchange 2000 but I do not think you can tell what version of Outlook sent it, can you? Thanx Subject: ***[SPAM]***[10]***Lunch Date: Fri, 15 Oct 2004 10:32:15 -0500 Message-ID: [EMAIL PROTECTED] X-MIMEOLE: Produced By Microsoft Exchange V6.0.6487.1 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Lunch Thread-Index: AcSyzCXMlZRZbfZLQ9+7A10T/9au/w== From: Person One [EMAIL PROTECTED] To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: HELOBOGUS: Domain .xxx.com has no MX or A records [0301]. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-Declude-Sender: [EMAIL PROTECTED] [205.200.66.154] X-Declude-Spoolname: Ded9412d600fec8af.SMD X-Note: X-Note: Process Time: Scanned at 11:32:45 on 15 Oct 2004 X-Note: Reverse DNS: Sent from 205-200-66-154.static.mts.net ([205.200.66.154]). X-Note: Country Path: CANADA-destination X-Note: X-Note: Tests Failed: CMDSPACE [8], HELOBOGUS [5], NOLEGITCONTENT [0] Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New(?) dynamic netblock at RoadRunner not in the usual lists
I'm getting spam from the following netblock, but with zero ip4r tests triggering. I haven't seen any legitimate mail coming here, so I'm putting a conservative weight on this, and you might find it useful too in a filter file: REMOTEIP 4 CIDR 69.200.64.0/19 Matt from MailPure.com has a DYNAMIC filter that has triggered on this netblock thanks to their reverse DNS naming convention. Bud Durland's HELOisIP has also triggered on this spam. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Is this the Outlook/Space problem?
I remember reading about the Outlook and space in the header problem a while ago. I had not seen it until now (I think). Is this that problem? There's a lot of Outlook problems, several of which involve spaces. :) If I read this correctly it was send via Exchange 2000 but I do not think you can tell what version of Outlook sent it, can you? X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. This one means that Outlook made a technical violation of the RFCs when sending the E-mail. If the person using Outlook is a customer of yours, that is normal behavior of Outlook (unfortunately!). However, if the person using Outlook is not a customer of yours, their mailserver is violating the RFCs, which is a more serious issue. Note that there were some headers missing, which could include the one that says which version of Outlook it is. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Max weight test for sniffer?
Is there a way to configure the cfg file to only do the sniffer test if below a certain weight? No, that is not currently possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DOW test and Spam on specific days
Assuming we wanted to setup a Sat-Sun DOW test with a weight of 2 for the message hitting on the weekend, I guess we would use: DOW dow 6 7 2 0 Correct? Having said that, does anyone have any metrics on what days more spam comes in? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DOW test and Spam on specific days
I believe Sunday is day zero, so you would need two tests. For example... DOW_SUN dow 0 0 2 0 DOW_SAT dow 6 6 2 0 I don't have statistics to show you, but I can say more spam comes in on a weekday than on weekends, and more on Saturday than Sunday. We weight Sunday a little higher due to much less legit mail on Sunday. Darin. - Original Message - From: Mark Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 5:02 PM Subject: [Declude.JunkMail] DOW test and Spam on specific days Assuming we wanted to setup a Sat-Sun DOW test with a weight of 2 for the message hitting on the weekend, I guess we would use: DOW dow 6 7 2 0 Correct? Having said that, does anyone have any metrics on what days more spam comes in? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DOW test and Spam on specific days
Here are my October totals by day. Day spam totals Date CountOfMessageID DEL SPAM Held SPAM Poss SPAM OK 10/1/2004 4513 2878 57 63 1515 10/2/2004 3169 2915 51 9 194 10/3/2004 2949 2665 57 17 210 10/4/2004 4594 2898 39 42 1615 10/5/2004 4811 3038 41 39 1693 10/6/2004 5035 3193 34 36 1772 10/7/2004 4661 3013 28 32 1588 10/8/2004 4409 2941 28 16 1424 10/9/2004 3188 2942 21 18 207 10/10/2004 1898 1774 11 10 103 10/11/2004 3235 1813 27 20 1375 10/12/2004 4853 3057 43 48 1705 10/13/2004 4946 3087 53 35 1771 10/14/2004 5073 3150 27 34 1862 10/15/2004 4781 3140 19 40 1582 10/16/2004 2904 2659 16 9 220 10/17/2004 2950 2660 20 12 258 10/18/2004 4323 2787 32 45 1459 That said, my opinion is that Day of Week and Hour of Day are too arbitrary to be weighing spam on. - Original Message - From: Mark Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 4:02 PM Subject: [Declude.JunkMail] DOW test and Spam on specific days Assuming we wanted to setup a Sat-Sun DOW test with a weight of 2 for the message hitting on the weekend, I guess we would use: DOW dow 6 7 2 0 Correct? Having said that, does anyone have any metrics on what days more spam comes in? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] WordFilter BODY
Will a wordfilter BODY pick up text in an email that is in html format? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DOW test and Spam on specific days
Scott, you have far less ham on weekends. Hypothetically, a company like yours might use the day of week test to add a little weight on the weekend, on the basis that your false positives from doing so will be fewer. I have a similar volume pattern. And to answer Mark's initial question, another idea for a way to use DOW is to combine it with the COPYFILE action to, say, archive every message that comes in on Thursday. And no, I don't use the DOW test. Andrew 8) -Original Message- From: Scott Fisher [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DOW test and Spam on specific days Here are my October totals by day. Day spam totals Date CountOfMessageID DEL SPAM Held SPAM Poss SPAM OK 10/1/2004 4513 2878 57 63 1515 10/2/2004 3169 2915 51 9 194 10/3/2004 2949 2665 57 17 210 10/4/2004 4594 2898 39 42 1615 10/5/2004 4811 3038 41 39 1693 10/6/2004 5035 3193 34 36 1772 10/7/2004 4661 3013 28 32 1588 10/8/2004 4409 2941 28 16 1424 10/9/2004 3188 2942 21 18 207 10/10/2004 1898 1774 11 10 103 10/11/2004 3235 1813 27 20 1375 10/12/2004 4853 3057 43 48 1705 10/13/2004 4946 3087 53 35 1771 10/14/2004 5073 3150 27 34 1862 10/15/2004 4781 3140 19 40 1582 10/16/2004 2904 2659 16 9 220 10/17/2004 2950 2660 20 12 258 10/18/2004 4323 2787 32 45 1459 That said, my opinion is that Day of Week and Hour of Day are too arbitrary to be weighing spam on. - Original Message - From: Mark Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 4:02 PM Subject: [Declude.JunkMail] DOW test and Spam on specific days Assuming we wanted to setup a Sat-Sun DOW test with a weight of 2 for the message hitting on the weekend, I guess we would use: DOW dow 6 7 2 0 Correct? Having said that, does anyone have any metrics on what days more spam comes in? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WordFilter BODY
Yes, including the html tags themselves Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Danny K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 5:47 PM Subject: [Declude.JunkMail] WordFilter BODY Will a wordfilter BODY pick up text in an email that is in html format? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WordFilter BODY
Yes. For that matter, a BODY filter could also catch text that is in an attached document. Andrew 8) -Original Message- From: Danny K [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 2:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] WordFilter BODY Will a wordfilter BODY pick up text in an email that is in html format? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] understanding JM scores
So what does the =IGNORE mean in the logs? Such as this: CMDSPACE=IGNORE IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE SPFFAIL=IGNORE LOCALCMDSPACE=IGNORE WEIGHT5=SUBJECT WEIGHT5r=MAILBOX CATCHALLMAILS=IGNORE And if this is only a list of tests that failed, then is there no list of tests the passed? Ben - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 4:06 AM Subject: Re: [Declude.JunkMail] understanding JM scores Can Scott or someone explain to me how the weight on this message was calculated? The weight is calculated by adding/subtracting every relevant weight for the E-mail. In almost all cases where the weights do not seem to add up, it is because the E-mail did *not* fail a spam test that is set to use a negative weight. For example, E-mails that do not fail the IPNOTINMX or NOLEGITCONTENT tests will normally have points subtracted from their weight (as they are more likely to be legitimate E-mails). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] understanding JM scores
So what does the =IGNORE mean in the logs? Such as this: CMDSPACE=IGNORE IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE SPFFAIL=IGNORE LOCALCMDSPACE=IGNORE WEIGHT5=SUBJECT WEIGHT5r=MAILBOX CATCHALLMAILS=IGNORE Those are the actions that are taken. So the subject was modified since the E-mail failed the WEIGHT5 test, and the E-mail was re-routed to another mailbox since it failed the WEIGHT5r test, but no other actions were taken due to the E-mail failing other tests. And if this is only a list of tests that failed, then is there no list of tests the passed? Correct. The E-mail passed any tests that you have defined, but that are not listed. The only other option would be for Declude JunkMail to log every single test for every single E-mail, which could make for large log file entries. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Skipping an external test if the current weight is a certain valu e
No, you can't do this directly with Declude, but indirectly, heck yes. I just wrote a piddling batch file that will let you do this. You can use it for any external test, not just sniffer. You should read it carefully, and then edit your global.cfg accordingly, in particular to put in the correct path for wherever you put this batch file. I've used the sample configuraiton from the Sniffer support pages in my example. Don't forget to rename this attachment from .txt to .cmd Disclaimer #1: I am not a programmer. Disclaimer #2: sniffer in particular is wicked fast, so starting this shell might make no difference in your execution time. Andrew 8) @echo off REM Quicky script to use with Declude as a wrapper around an external test REM If you need more variables, you could simply hardcode the HOLD weight REM value in the IF statement. REM REM It takes two parameters, the current weight that Declude has accrued REM for the message, and the weight at which you want to NOT execute the REM external test, and the rest of the parameters are verbatim for what REM is inside the quotes in the Declude external test definition, e.g. REM REM SNIFFER external * C:\MessageSniffer\snfrv2r3.exe xnk05x5vmipeaof7 10 0 REM REM Would become this, to skip at weight 20: REM REM SNIFFERSKIP external * C:\Util\Skipper.cmd %WEIGHT% 20 C:\MessageSniffer\snfrv2r3.exe xnk05x5vmipeaof7 10 0 REM REM Andrew Colbeck Oct-19-2004 REM For testing purposes, REM out the logging lines and the if line below REM the so that all messages are called, and then check the resulting log. if %1 GEQ %2 goto quit REM The hold weight of 20 wasn't previously reached, so run the external test %3 %4 %5 %6 %7 %8 %9 REM Disable the following REM line if you want some quick log to know whether it's working REM echo Ran with weight %1 and exited with value %errorlevel% when called with %3 %4 %5 %6 %7 %8 %9 d:\Skipper.log exit /b %errorlevel% :quit REM Disable the following REM line if you want some quick log to know whether it's working REM echo Skipped with weight %1 when called with %3 %4 %5 %6 %7 %8 %9 d:\Skipper.log exit /b 0
Re: [Declude.JunkMail] understanding JM scores
Thanks, Scott. Ok, one more: here is the scoring system I use: BADHEADERS badheaders x x 8 0 BASE64 base64 x x 4 0 CMDSPACE cmdspace x x 8 0 COMMENTS comments x x 7 0 HELOBOGUS helovalid x x 5 0 IPNOTINMX ipnotinmx x x 0 -3 MAILFROMenvfrom x x 12 0 NOLEGITCONTENT nolegitcontent x x 0 -5 PERCENT percent x x 10 0 REVDNS revdnsexists x x 4 0 ROUTING spamrouting x x 2 0 SPAMHEADERS spamheaders x x 3 0 SPFPASS spf passx -3 0 SPFFAIL spf failx 3 0 LOCALCMDSPACE filter D:\IMail\Declude\cmdspace.txt x 0 0 According to the log entry, the message should get 8 for failing CMDSPACE, 0 for failing IPNOTINMX, 0 for failing NOLEGITCONTENT, 3 for failing SPFFAIL, and 0 for failing LOCALCMDSPACE. It gets 0 points for passing all of the remaining tests. So that totals to 11, not 5. So how am I misreading this? Also, how can I find out why it failed the SPFFAIL test? Since this was for an internal message, I expected to pass the SPF tests (we have an SPF record). Thanks again, Ben - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 3:25 PM Subject: Re: [Declude.JunkMail] understanding JM scores So what does the =IGNORE mean in the logs? Such as this: CMDSPACE=IGNORE IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE SPFFAIL=IGNORE LOCALCMDSPACE=IGNORE WEIGHT5=SUBJECT WEIGHT5r=MAILBOX CATCHALLMAILS=IGNORE Those are the actions that are taken. So the subject was modified since the E-mail failed the WEIGHT5 test, and the E-mail was re-routed to another mailbox since it failed the WEIGHT5r test, but no other actions were taken due to the E-mail failing other tests. And if this is only a list of tests that failed, then is there no list of tests the passed? Correct. The E-mail passed any tests that you have defined, but that are not listed. The only other option would be for Declude JunkMail to log every single test for every single E-mail, which could make for large log file entries. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Skipping an external test if the current weight is a certain valu e
I just wrote a piddling batch file that will let you do this. You can use it for any external test, not just sniffer. Nothing wrong with your batch, but how about avoiding an external file entirely: c:\winnt\system32\cmd.exe /c if %WEIGHT% LSS 20 c:\MessageSniffer... --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Skipping an external test if the current weight is a certain valu e
If this works it's a slick hack! Well tested Sandy? _M On Tuesday, October 19, 2004, 8:48:47 PM, Sanford wrote: I just wrote a piddling batch file that will let you do this. You can use it for any external test, not just sniffer. SW Nothing wrong with your batch, but how about avoiding an external file SW entirely: SW c:\winnt\system32\cmd.exe /c if %WEIGHT% LSS 20 c:\MessageSniffer... SW --Sandy SW SW Sanford Whiteman, Chief Technologist SW Broadleaf Systems, a division of SW Cypress Integrated Systems, Inc. SW e-mail: [EMAIL PROTECTED] SW SpamAssassin plugs into Declude! SW SW http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ SW Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! SW SW http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ SW SW http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ SW --- SW [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] SW --- SW This E-mail came from the Declude.JunkMail mailing list. To SW unsubscribe, just send an E-mail to [EMAIL PROTECTED], and SW type unsubscribe Declude.JunkMail. The archives can be found SW at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
