FWD: Re: Re[2]: [Declude.JunkMail] Spam getting through
-- Original Message -- From: "Sheldon Koehler" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 28 Oct 2004 12:12:11 -0700 It is obvious they are using "disposable" domain names. They come in flavors like gbzqrx.info and so on. --- Interesting point. At first, I could not understand how spammers could afford "disposable" domain names. Then, I came to the conclusion that they are also bona fide domain name registrars...it costs them nothing to register thousands of "disposable" domain names. -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Lists.
SURBL has a list of TLD's that they use in creating their list. IMO, this should be quite easy to provide, and if you don't intend to just say the word and someone here will I'm sure gladly offer up their own. I'm just going by what I heard from the person who was looking into this -- I'll pass on the information that Bill posted to the appropriate person. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MAILBOX spam
That's just how IMail works. Thanks. Sheldon --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Lists.
Please excuse the wrong terminology usage, I meant the TLDs are "extracted" not "whitelisted". Bill - Original Message - From: "Bill Landry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 3:20 PM Subject: Re: [Declude.JunkMail] SURBL Lists. > - Original Message - > From: "R. Scott Perry" <[EMAIL PROTECTED]> > > > >Scott, is support for URIBLs even on the JunkMail development schedule? > > > > It's something that we looked into. But there was some sort of major > issue > > supporting it, which I believe had to do with third-level domains (such as > > example.co.uk). > > Those are addressed in the SURBL whitelist. See item 2 at > http://www.surbl.org/implementation.html, which states in part: > = > Extract base (registrar) domains from those URIs. This includes removing any > and all leading host names, subdomains, www., randomized subdomains, etc. In > order to determine the base domain it may be necessary to use a table of > country code TLDs (ccTLDs) such as this partially-incomplete one SURBL uses. > For example, any domain found in the two level ccTLD list should have a > three-level domain name extracted (like foo.co.uk) for matching against a > SURBL. Domains not in the ccTLD list should have two levels checked (such as > foo.com). > = > > There is a link there to the current list of two-level TLDs that are > whitelisted, and more are added as they are found. > > Bill > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
Andrew, I consider 1.5 GB the danger zone. Trying running a compact on a 1.5GB with 45 folders. We are talking hours. I showed the user that he must use 3 different PST files, much faster and cleaner now. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Friday, October 29, 2004 3:02 PM > To: '[EMAIL PROTECTED]' > Subject: RE: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal > > 2 GB is the danger zone for .pst files. They can be bigger, but if they do > get corrupted, the Inbox Repair Tool will truncate it just short of 2 GB. I > don't know if there is a fixed maximum of messages. > > Andrew 8) > > -Original Message- > From: Pete McNeil [mailto:[EMAIL PROTECTED] > Sent: Friday, October 29, 2004 2:58 PM > To: John Tolmachoff (Lists) > Subject: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal > > > On Friday, October 29, 2004, 11:57:25 AM, John wrote: > > JTL> FYI, there is a product for Exchange called ActiveFolders that is > JTL> very reasonably priced. It does have the option of searching PST > JTL> files. > > PST files blow up magically at a certain number of messages - I forget how > many, but that's one of the reasons I'm never going near Outlook again. > > All good info though - I've got a file I've started for this thread. I am > listening even if I'm not responding. ;-) > > _M > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
Not number of messages, size. PST files over 1.5GB are extremely problematic and over 2GB at a stop. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Friday, October 29, 2004 2:58 PM > To: John Tolmachoff (Lists) > Subject: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal > > On Friday, October 29, 2004, 11:57:25 AM, John wrote: > > JTL> FYI, there is a product for Exchange called ActiveFolders that is very > JTL> reasonably priced. It does have the option of searching PST files. > > PST files blow up magically at a certain number of messages - I forget > how many, but that's one of the reasons I'm never going near Outlook > again. > > All good info though - I've got a file I've started for this thread. I > am listening even if I'm not responding. ;-) > > _M > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Lists.
- Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> > >Scott, is support for URIBLs even on the JunkMail development schedule? > > It's something that we looked into. But there was some sort of major issue > supporting it, which I believe had to do with third-level domains (such as > example.co.uk). Those are addressed in the SURBL whitelist. See item 2 at http://www.surbl.org/implementation.html, which states in part: = Extract base (registrar) domains from those URIs. This includes removing any and all leading host names, subdomains, www., randomized subdomains, etc. In order to determine the base domain it may be necessary to use a table of country code TLDs (ccTLDs) such as this partially-incomplete one SURBL uses. For example, any domain found in the two level ccTLD list should have a three-level domain name extracted (like foo.co.uk) for matching against a SURBL. Domains not in the ccTLD list should have two levels checked (such as foo.com). = There is a link there to the current list of two-level TLDs that are whitelisted, and more are added as they are found. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
On Friday, October 29, 2004, 6:01:39 PM, Andrew wrote: CA> 2 GB is the danger zone for .pst files. They can be bigger, but if they do CA> get corrupted, the Inbox Repair Tool will truncate it just short of 2 GB. I CA> don't know if there is a fixed maximum of messages. CA> Andrew 8) I was thinking that a way to mitigate part of the "size" problem would be to deliver the search results to different mailboxes based on the patterns matched and/or date/time or some other tweakable parameters. It's all up in the air right now - but there are some good thoughts brewing. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Lists.
Scott, SURBL has a list of TLD's that they use in creating their list. IMO, this should be quite easy to provide, and if you don't intend to just say the word and someone here will I'm sure gladly offer up their own. Matt R. Scott Perry wrote: Scott, is support for URIBLs even on the JunkMail development schedule? It's something that we looked into. But there was some sort of major issue supporting it, which I believe had to do with third-level domains (such as example.co.uk). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
PST files blow up magically at a certain number of messages - I forget how many, but that's one of the reasons I'm never going near Outlook Actually it is the pst file size. OutlookXP 2 gig limit Outlook2003 20 gig limit Kevin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Lists.
Scott, is support for URIBLs even on the JunkMail development schedule? It's something that we looked into. But there was some sort of major issue supporting it, which I believe had to do with third-level domains (such as example.co.uk). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
2 GB is the danger zone for .pst files. They can be bigger, but if they do get corrupted, the Inbox Repair Tool will truncate it just short of 2 GB. I don't know if there is a fixed maximum of messages. Andrew 8) -Original Message- From: Pete McNeil [mailto:[EMAIL PROTECTED] Sent: Friday, October 29, 2004 2:58 PM To: John Tolmachoff (Lists) Subject: Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal On Friday, October 29, 2004, 11:57:25 AM, John wrote: JTL> FYI, there is a product for Exchange called ActiveFolders that is JTL> very reasonably priced. It does have the option of searching PST JTL> files. PST files blow up magically at a certain number of messages - I forget how many, but that's one of the reasons I'm never going near Outlook again. All good info though - I've got a file I've started for this thread. I am listening even if I'm not responding. ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
On Friday, October 29, 2004, 11:57:25 AM, John wrote: JTL> FYI, there is a product for Exchange called ActiveFolders that is very JTL> reasonably priced. It does have the option of searching PST files. PST files blow up magically at a certain number of messages - I forget how many, but that's one of the reasons I'm never going near Outlook again. All good info though - I've got a file I've started for this thread. I am listening even if I'm not responding. ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SURBL Lists.
According to their "lists" page, I don't see any other lists that are:
a) small enough to reasonably search with declude BODY filters
b) differentiated enough from the SpamCop-derived info to be worth the cost
For example, the Outblaze list is ten times the size of the SpamCop list.
This may change in the future, as they've noted that several lists, like the
phishing list, may be broken out eventually.
I'm including my customized version of Roger's script as a .txt file. As
noted in the header, I've updated the URL, and included more short-circuit
features to the resulting Declude filter file. You can choose up to 9 new
lines in there.
In my example, I'm including lines that include a real test I use that I
posted a few days ago, as well as some of Matt Bramble's test names if you
were to use his "beta" Size.vbs or Scott Fisher's Size.exe compiled version.
If you use my version, you'll see a huge drop in your execution time,
because you'll be skipping messages that are large enough to be ham. You
didn't really need to scan every .xls, .doc, .pdf, .jpg, .gif, .bmp, .zip
and everything else for SURBL URIs, did you?
Andrew 8)
-Original Message-
From: Mark E. Smith [mailto:[EMAIL PROTECTED]
Sent: Friday, October 29, 2004 2:03 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] SURBL Lists.
I recently added Roger Eriksson's SURBL filter and was wondering if anyone
was using this to also pull the other SURBL lists at http://www.surbl.org/
Currently Roger's script only uses the sc.surbl.org.rbldnsd list.
http://www.botany.gu.se/download/decludescript/SURBL_filter.zip
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail". The archives can be found at
http://www.mail-archive.com.
@echo off
setlocal
rem - surbl_filter.cmd version 1.2 -
rem - [EMAIL PROTECTED] (April 18, 2004) -
rem
rem This script downloads the rbldns zone file of the Spam URI Realtime Blocklist,
rem converts it to a body filter, and updates the existing filter file. It also
rem creates a log file (surbl_log.txt). The filter is named surbl.txt and requires
rem Declude JunkMail Pro 1.78b or later. Domains and ip addresses in the file
rem surbl_exclude.txt will be excluded from the filter (by partial match). The script
rem uses wget.exe for the download and todos.exe to convert the Unix line breaks.
rem It should be scheduled to run at least once a day.
rem
rem These settings must be done (SETTINGS section below) before the script is used:
rem v_path: path to this folder
rem v_limit: update limit (max number of entries; blank or 0 if size should be
unlimited)
rem v_maxweight: filter max weight (blank or 0 if no max weight should be used)
rem and filter entry weight (defaults to 0 if blank)
rem v_skipweight: filter skip weight (blank or 0 if filter never should be skipped)
rem v_url: download URL for the rbldns zone file
rem v_exclude: test entries in the rbldns zone file (excluded from the filter file)
rem
rem AC Updated Sep-09-2004 to update the v_url value and v_exclude value as per
remchanges posted in the News section at surbl.org
rem AC Updated Oct-07-2004 to add in skipstrings to complement the maxweight and
skipweight
remshort-circuit logic
rem --- SETTINGS ---
rem --- Settings (see explanation above): ---
set v_path=D:\SURBL
set v_limit=3000
set v_maxweight=10
set v_skipweight=25
set v_skipstring1=TESTSFAILED END CONTAINS SKIPATTACH
set v_skipstring2=TESTSFAILED END CONTAINS SIZE-L
set v_skipstring3=TESTSFAILED END CONTAINS SIZE-XL
set v_skipstring4=TESTSFAILED END CONTAINS SIZE-XXL
set v_skipstring5=
set v_skipstring6=
set v_skipstring7=
set v_skipstring8=
set v_skipstring9=
set v_url=http://www.surbl.org/sc.surbl.org.rbldnsd
set v_exclude=test.surbl.org test.sc.surbl.org surbl-org-permanent-test-point.com
2.0.0.127
rem --- MAIN SCRIPT ---
rem --- Create timestamp: ---
for /f "tokens=*" %%a in ('date /t') do set v_time=%%a
for /f "tokens=*" %%b in ('time /t') do set v_time=%v_time% %%b
rem --- Check settings and change current folder (or exit if path is incorrect): ---
if "%v_limit%"=="" set v_limit=0
if "%v_maxweight%"=="" set v_maxweight=0
if "%v_skipweight%"=="" set v_skipweight=0
if not exist %v_path%\nul (set v_result=path error) & (goto :s_end)
cd /d %v_path%
rem --- Download rbldns zone file (or exit if download failed): ---
if exist surbl.rbldns.tmp del surbl.rbldns.tmp
WGet %v_url% -O surbl.rbldns.tmp
if not exist surbl.rbldns.tmp (set v_result=download error) & (goto :s_end)
rem --- Convert line breaks from LF to CRLF (or exit if conversion failed): ---
ToDOS surbl.rbldns.tmp
for /f "tokens=*" %%c in ('findstr /r "$" surbl.rbldns.tmp') do set v_result=ok
if not "%v_result%"=="ok" (set v_result=conversion error) & (goto :s_
Re: [Declude.JunkMail] SURBL Lists.
- Original Message - From: "Mark E. Smith" <[EMAIL PROTECTED]> > I recently added Roger Eriksson's SURBL filter and was wondering if anyone > was using this to also pull the other SURBL lists at http://www.surbl.org/ > Currently Roger's script only uses the sc.surbl.org.rbldnsd list. > > http://www.botany.gu.se/download/decludescript/SURBL_filter.zip I wouldn't even consider it, unless you want to bring you server to its knees trying to process all of those thousands of body searches. Frankly, I am quite surprised that Declude has not implemented support for URIBL queries yet, since I notified Scott in early April of the availability of the URI blacklists, and because they are such a great spam fighting tool. SpamAssassin has been supporting URIBLs for over six months, and many other spam tools are supporting them now, as well. It has greatly increased my SpamAssassin spam detection rates. Scott, is support for URIBLs even on the JunkMail development schedule? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Lists.
A long time ago I tried the big-evil (BE) and the spamassassin (WS) surbl's. These proved to be too big for a filter file (I seem to recall one was about 10,000 entries). There were also too many false positives. Even the SpamCop list has more than doubled in size since April when I was using it. - Original Message - From: "Mark E. Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 4:02 PM Subject: [Declude.JunkMail] SURBL Lists. > I recently added Roger Eriksson's SURBL filter and was wondering if anyone > was using this to also pull the other SURBL lists at http://www.surbl.org/ > Currently Roger's script only uses the sc.surbl.org.rbldnsd list. > > http://www.botany.gu.se/download/decludescript/SURBL_filter.zip > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SURBL Lists.
I recently added Roger Eriksson's SURBL filter and was wondering if anyone was using this to also pull the other SURBL lists at http://www.surbl.org/ Currently Roger's script only uses the sc.surbl.org.rbldnsd list. http://www.botany.gu.se/download/decludescript/SURBL_filter.zip --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MAILBOX spam
When using the MAILBOX action for test failures, we have noticed that forward or alias addresses do not get sent to the spam folder but actually get delivered to the main inbox. Do we have something configured wrong or is there way to fix this or are we stuck with it? That's just how IMail works. If an E-mail is sent to a user account, the action is taken for that user account. If the E-mail is received by the account (meaning that the HOLD, DELETE, ROUTETO, etc. actions aren't used), then the E-mail will be forwarded as-is. IMail will not re-scan the E-mail if the forwarded account is on the IMail server. For an alias, though, the E-mail address that it points to will use the MAILBOX action (unless the E-mail address isn't on the IMail server, since the MAILBOX action is IMail-specific). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Stopping Emails with Nul sendor
Please search the archives, both here and for Imail, on ramifications for doing so. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Cody Wilson > Sent: Friday, October 29, 2004 1:07 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Stopping Emails with Nul sendor > > > Is there a test I can setup with Declude to catch all emails from Null > senders > > From: <> > > I looked in the archives with no success. I know I can setup a rule in Imail > to do it, but that's per domain. I want this to be global for the server. > > Thanks, > Cody Wilson > > > 469.828.4700 PH > 469-828-4702 FX > intercityweb.com > > > > > > --- > [Scanned by Intercity Antivirus - www.intercityweb.com] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Stopping Emails with Nul sendor
Is there a test I can setup with Declude to catch all emails from Null senders From: <> I believe you can create a filter, with a line: MAILFROM 0 ISBLANK in it. If that doesn't work, you can try: MAILFROM 0 CONTAINS <> -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Stopping Emails with Nul sendor
Yes, but why would you want to? Most postmaster messages and bounce notifications come from null. But if you must, and you are running the Pro version of JM, in a filter file use: MAILFROM 50 IS <> However, it's not recommended... Bill - Original Message - From: "Cody Wilson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 1:07 PM Subject: [Declude.JunkMail] Stopping Emails with Nul sendor Is there a test I can setup with Declude to catch all emails from Null senders From: <> I looked in the archives with no success. I know I can setup a rule in Imail to do it, but that's per domain. I want this to be global for the server. Thanks, Cody Wilson 469.828.4700 PH 469-828-4702 FX intercityweb.com --- [Scanned by Intercity Antivirus - www.intercityweb.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MAILBOX spam
I sent this to the wrong list earlier... When using the MAILBOX action for test failures, we have noticed that forward or alias addresses do not get sent to the spam folder but actually get delivered to the main inbox. Do we have something configured wrong or is there way to fix this or are we stuck with it? Sheldon --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Stopping Emails with Nul sendor
Is there a test I can setup with Declude to catch all emails from Null senders From: <> I looked in the archives with no success. I know I can setup a rule in Imail to do it, but that's per domain. I want this to be global for the server. Thanks, Cody Wilson 469.828.4700 PH 469-828-4702 FX intercityweb.com --- [Scanned by Intercity Antivirus - www.intercityweb.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blank subjects
New example - same problem. line in global.cfg SUBJFILTERfilter d:\imail\declude\filters\subject.txt x 5 0 first line in subject.txt SUBJECT 3 ISBLANK 10/29/2004 11:26:24 Q6ef70429031ee533 GIBBERISH:4 CMDSPACE:9 SPAMCHK:2 . Total weight = 15. 10/29/2004 11:26:24 Q6ef70429031ee533 Subject: 10/29/2004 11:26:24 Q6ef70429031ee533 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 221.114.77.52 ID: 10/29/2004 11:26:24 Q6ef70429031ee533 Tests failed [weight=15]: HOUR=IGNORE GIBBERISH=IGNORE CMDSPACE=IGNORE IPNOTINMX=IGNORE SPAMCHK=IGNORE WEIGHT0915=HOLD 10/29/2004 11:26:24 Q6ef70429031ee533 Last action = HOLD. Received: from emb1.bcc.univie.ac.at [221.114.77.52] by mail.jvcdiscusa.com (SMTPD32-7.13) id AEF7429031E; Fri, 29 Oct 2004 11:25:27 -0500 Message-ID: <[EMAIL PROTECTED]> From: "Darrin Tapia" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Date: Sat, 30 Oct 2004 08:22:08 + MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 8bit X-Declude-Sender: [EMAIL PROTECTED] [221.114.77.52] X-Note: This E-mail was scanned by Declude JunkMail for JVC. X-Note: Failed tests - HOUR, GIBBERISH, CMDSPACE, IPNOTINMX, SPAMCHK, WEIGHT0915 X-Country-Chain: JAPAN->destination X-Note: Total spam weight of this E-mail is 15. X-Note: This E-mail was sent from (timeout) ([221.114.77.52]). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, October 29, 2004 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blank subjects >Shouldn't this header fail this test ? It looks like it should. What are the Declude JunkMail log file entries for that E-mail? I'm wondering if Declude JunkMail saw a different subject for some reason. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Pete McNiel's Product Proposal
FYI, there is a product for Exchange called ActiveFolders that is very reasonably priced. It does have the option of searching PST files. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Rick Davidson > Sent: Friday, October 29, 2004 8:38 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] OT: Pete McNiel's Product Proposal > > Great discussion here guys, the SOX guidelines for retention are very open > ended, bottom line is that if a company is mandated to produce documents > they better produce those documents and they better produce them in a > reasonable amount of time. Body searching is essential to being able to do a > thorough retrieval. > > Pete, I think you have a good idea there and I would certainly be interested > in looking at your product. I have spent the past two weeks looking for a > reasonably priced canned solution and have yet to find one. The coolest > product I found was made by iLumin but it was $150,000, many out sourced > archiving companies are built around this technology and are very high > priced as well. > > There is certainly a market out there for a reasonably priced archiving > solution for small to medium sized businesses. Not only would a solution for > SEC and SOX compliance be useful but any company that wanted to protect > themselves against or help in employee litigation cases would find it > useful. Another simple use would be to retrieve lost email or "accidentally > deleted" email in POP3 environments. > > A basic archive to start with would be great and then maybe in the future > add the ability to index and search attachment content :-) > > Rick Davidson > National Systems Manager > North American Title Group > - > - Original Message - > From: "Pete McNeil" <[EMAIL PROTECTED]> > To: "Matt" <[EMAIL PROTECTED]> > Sent: Thursday, October 28, 2004 11:42 PM > Subject: Re[2]: [Declude.JunkMail] Determining a BCC Recipient > > > > On Thursday, October 28, 2004, 10:44:32 PM, Matt wrote: > > > > M> Patrick Childers wrote: > > > >>>Hi Pete, > >>>I think your gut is right. I'm pretty sure that I have 2 clients that > >>>would > >>>be quite interested in "SOXsniffer". > >>> > >>> > > > > M> Not to debate the applicability of the technology, but you shouldn't > > M> proceed under the assumption that government regulators are out there > > M> giving IT staff lists of words to be used in "full-text search" of > > M> E-mail archives. That is not the law, and it is not how subpoenas are > > M> issued. > > > > > > > > All really appreciated Matt. > > > > I think the point is that the basic requirements can easily be met, > > and the search capability, which can be very useful in mundane and > > even positive circumstances, can be provided without a significant > > additional effort. > > > > So, for a very low cost, those who might not otherwise be able to > > afford the high-end systems you allude to can have the core of a > > fairly robust capability. I'm sure that core capability can and will > > be extended as needed if I do the job right. > > > > No assumptions here about marketability or suitability - only a raw > > capability that has a high potential for a low cost... and, based on > > my own experiences, having this kind of thing "in your back pocket" > > can be very powerful. I can recall times when a mechanism like this > > would not only have saved me days - even weeks of work, but also would > > have provided a significant competitive advantage. > > > > Consider auditing an engineering (or any large) project near > > completion or after initial deployment. The ability to extract all > > correspondence on the project in an inexpensive and orderly fashion is > > mind-bendingly powerful. -- Dump the results into a searchable mail > > archive system and you have a searchable, threaded reference that you > > didn't know you would need "until now". > > > > Or... when "the boss" comes down and says: "I need you to tell me > > _exactly_ what happened here..." in that uncomfortable way that only > > pointy-haired fellows can really achieve... Been there, done that, got > > the t-shirt and the bumper sticker. It just makes you shiver. > > > > (Where would we be without Dilbert?) > > > > Anyway - I recognize your point about setting an appropriate policy. I > > just make hammers... I'll let other folks drive the nails where they > > are needed ;-) > > > > This is now decidedly off topic for Declude. > > Sorry for the extra bandwidth. > > > > Best all, > > > > _M > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > > --- > [This E-mai
[Declude.JunkMail] External program - Filter for HEADERCODE
I've created an external program that allows you to write a filter for examining the %headercode% variable. This variable returns a result code of the badheaders/spamheaders test. I use this test to punish spamheader code C040120E which is generated from Brilliant Marketing who otherwise will consistently find new IP/domain names to get through my spam filter. You could also use this filter to credit negative points back for badheader/spamheader return codes that you feel are causing too many false positives. You can download it here under HEADER2 http://it.farmprogress.com/declude/declude.htm
RE: [Declude.JunkMail] Adding Tests failed and weight to the body
Any idea why this isn't working then? The footer isn't in the body. Let's see: 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed WEIGHTLEGIT (Total weight between -5000 and 119.). Action=FOOTER. This shows that Declude JunkMail did add the footer. There's about a 95% chance that the problem is that the footer is there, but your mail client isn't displaying it (which is often the case if there are attachments or MIME segments being used). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FOOTER Action
Looks like the footer action doesn't work with HTML email. Is this a know issue or by design? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Pete McNiel's Product Proposal
Great discussion here guys, the SOX guidelines for retention are very open ended, bottom line is that if a company is mandated to produce documents they better produce those documents and they better produce them in a reasonable amount of time. Body searching is essential to being able to do a thorough retrieval. Pete, I think you have a good idea there and I would certainly be interested in looking at your product. I have spent the past two weeks looking for a reasonably priced canned solution and have yet to find one. The coolest product I found was made by iLumin but it was $150,000, many out sourced archiving companies are built around this technology and are very high priced as well. There is certainly a market out there for a reasonably priced archiving solution for small to medium sized businesses. Not only would a solution for SEC and SOX compliance be useful but any company that wanted to protect themselves against or help in employee litigation cases would find it useful. Another simple use would be to retrieve lost email or "accidentally deleted" email in POP3 environments. A basic archive to start with would be great and then maybe in the future add the ability to index and search attachment content :-) Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Matt" <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 11:42 PM Subject: Re[2]: [Declude.JunkMail] Determining a BCC Recipient On Thursday, October 28, 2004, 10:44:32 PM, Matt wrote: M> Patrick Childers wrote: Hi Pete, I think your gut is right. I'm pretty sure that I have 2 clients that would be quite interested in "SOXsniffer". M> Not to debate the applicability of the technology, but you shouldn't M> proceed under the assumption that government regulators are out there M> giving IT staff lists of words to be used in "full-text search" of M> E-mail archives. That is not the law, and it is not how subpoenas are M> issued. All really appreciated Matt. I think the point is that the basic requirements can easily be met, and the search capability, which can be very useful in mundane and even positive circumstances, can be provided without a significant additional effort. So, for a very low cost, those who might not otherwise be able to afford the high-end systems you allude to can have the core of a fairly robust capability. I'm sure that core capability can and will be extended as needed if I do the job right. No assumptions here about marketability or suitability - only a raw capability that has a high potential for a low cost... and, based on my own experiences, having this kind of thing "in your back pocket" can be very powerful. I can recall times when a mechanism like this would not only have saved me days - even weeks of work, but also would have provided a significant competitive advantage. Consider auditing an engineering (or any large) project near completion or after initial deployment. The ability to extract all correspondence on the project in an inexpensive and orderly fashion is mind-bendingly powerful. -- Dump the results into a searchable mail archive system and you have a searchable, threaded reference that you didn't know you would need "until now". Or... when "the boss" comes down and says: "I need you to tell me _exactly_ what happened here..." in that uncomfortable way that only pointy-haired fellows can really achieve... Been there, done that, got the t-shirt and the bumper sticker. It just makes you shiver. (Where would we be without Dilbert?) Anyway - I recognize your point about setting an appropriate policy. I just make hammers... I'll let other folks drive the nails where they are needed ;-) This is now decidedly off topic for Declude. Sorry for the extra bandwidth. Best all, _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Adding Tests failed and weight to the body
Any idea why this isn't working then? The footer isn't in the body. 10/29/2004 10:52:08 Q58eb9dc3003eff1d WHITELISTFILTER:-1100 . Total weight = -1100. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Using [incoming] CFG file e:\IMail\Declude\netrends.com\mark_smith.junkmail. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed CATCHALLMAILS (). Action=WARN. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed WHITELISTFILTER (Message failed WHITELISTFILTER test (line 5, weight -1100)). Action=WARN. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed IPNOTINMX (). Action=WARN. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed NOLEGITCONTENT (No content unique to legitimate E-mail detected.). Action=WARN. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed MS-WHITE (Message failed MS-WHITE: 0.). Action=WARN. 10/29/2004 10:52:08 Q58eb9dc3003eff1d Msg failed WEIGHTLEGIT (Total weight between -5000 and 119.). Action=FOOTER. 10/29/2004 10:52:08 Q58eb9dc3003eff1d L1 Message OK 10/29/2004 10:52:08 Q58eb9dc3003eff1d Subject: testing a 10/29/2004 10:52:08 Q58eb9dc3003eff1d From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 65.196.89.132 ID: 10/29/2004 10:52:08 Q58eb9dc3003eff1d Tests failed [weight=-1100]: CATCHALLMAILS=WARN WHITELISTFILTER=WARN IPNOTINMX=WARN NOLEGITCONTENT=WARN MS-WHITE=WARN WEIGHTLEGIT=FOOTER 10/29/2004 10:52:08 Q58eb9dc3003eff1d Last action = IGNORE. GLOBAL.CFG: WEIGHTLEGIT weightrange x x -5000 119 >From my mark_smith.junkmail file: WEIGHTLEGIT FOOTER [SPAM Filter Debug]:[%WEIGHT%]:[%LOCALHOST%]:[%TESTSFAILEDWITHWEIGHTS%] > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of R. > Scott Perry > Sent: Friday, October 29, 2004 10:45 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Adding Tests failed and > weight to the body > > > >I should have rephrased this... > >Can this be done without using the FOOTER action. > >In other words is there a way to do this to all emails without > >impacting other actions? > > > >I guess I could do this with the CATCHALLMAILS filter right? > > That's exactly what I would recommend doing: > > CATCHALLMAILS FOOTER [This E-mail failed the following tests: > %TESTSFAILED]... > > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers since 2000. > Declude Virus: Ultra reliable virus detection and the leader > in mailserver vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > This outgoing message is guaranteed to be authentic by > Message Level users. > Guarantee the authenticity of your email @ > http://www.messagelevel.com. > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Determining a BCC Recipient
Uh oh. Time to backup up and take a breath. I have not been following this, but have meant to go back and read it because of the implications of the subject. Having gone back and read some of the posts, well, Matt, I like you a lot, but there are some issues. Matt said: Not to debate the applicability of the technology, but you shouldn't proceed under the assumption that government regulators are out there giving IT staff lists of words to be used in "full-text search" of E-mail archives. That is not the law, and it is not how subpoenas are issued In reality, that is exactly what they can indeed do. No, I have not reviewed the letter of the law, nor will I, nor do I have a desire to. However, I have been briefed on the matter by the in-house IT staff of clients I am involved with that are either subject to SOX or SEC regulations. Matt said: What is at question here is document retention, or more specifically in this case, E-mail retention. There is nothing specific in Sarbanes-Oxley that indicates anything other than destruction of records, thereby implying that records such as E-mail are required to maintained for a period of 5 years. There is absolutely no mention of required technologies, but it is clearly implied that you can't lose access to such documents due to a failure to properly apply a technological solution that survives that length of time (i.e. archival means need to be accessible going 5 years back at any time). While it is true that no mention of what technology is to be used, there are requirements, particularly in SEC regulations, that once a subpoena is presented, you have a time limit to comply and produce the requested information. This time period can be in as little as 4 hours. Obviously, you are going to need technology to provide copies of all e-mail to and from so and so for the last 3 years in 4 hours. Simply having an archive is not enough. You must have the means to search and retrieve quickly. Matt said: There are applications that archive and mine data from E-mail, but IMO, these are really just big-brother types of apps, and I've never been big on invading people's privacy. There are other services that some companies use under the general guise of "policy enforcement" which is just a fancy way of saying content screening. I think that Sniffer's engine could be set up to do at least part of this work (outside of attachments), but there are large companies out there that already offer such services and this is generally limited to only large customers. I consider this to be an ineffective solution since it can be so easily bypassed with a flash drive on a key chain, or missed by a set of keywords or phrases. Every one is intitled to their opinion. However, truth is the courts have found and upheld that e-mail using company assets are not private, and a company policy must be dictated to enforce such. This means that if a company policy states all e-mail is company property, and no personal e-mail is allowed, or words similar to that effect, the courts have upheld the companies’ explicit right to search, review, archive and take action on e-mails used within the company. Therefore, there is no question of privacy, as it is company property. Matt, I do not see any personal attack on you by Sandy. What I see is his response to specific things you have said which appear to be incorrect. The various regulations regarding e-mail are convoluted for us to understand at best, and while yes every one is entitled to an opinion, it should not be stated as fact. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, October 29, 2004 4:46 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Determining a BCC Recipient Let's please try to keep the personal stuff off of this list for the good of everyone. Even though I might find it a tad bit amusing at times when it is directed at me, I don't think that others appreciate seeing it here, and I generally don't. I hesitated even to draft this reply except that I felt it would possibly help in the future seeing as how repeated this pattern has become. This is a support group where people come to share ideas and learn from others, and flame wars have no place in such a forum. One can express an opinion or attempt to establish fact without in effect attacking or belittling a fellow participant, and unlike the circumstance regarding IMail, there is no reason for anyone to become angry about things so insignificant. I don't claim to be perfect in this regard myself, but I think it needed to be said. Matt Sanford Whiteman wrote: you shouldn't proceed under the assumption that governmentregulators are out there giving IT staff lists of words to be usedin "full-text search" of E-mail arch
RE: [Declude.JunkMail] Adding Tests failed and weight to the body
I should have rephrased this... Can this be done without using the FOOTER action. In other words is there a way to do this to all emails without impacting other actions? I guess I could do this with the CATCHALLMAILS filter right? That's exactly what I would recommend doing: CATCHALLMAILS FOOTER [This E-mail failed the following tests: %TESTSFAILED]... -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Adding Tests failed and weight to the body
Sorry, I should have rephrased this... Can this be done without using the FOOTER action. In other words is there a way to do this to all emails without impacting other actions? I guess I could do this with the CATCHALLMAILS filter right? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. Smith > Sent: Friday, October 29, 2004 10:02 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Adding Tests failed and weight to the body > > Is there any way to add the tests failed and other > information to the body of the message -- maybe as a footer? > > Similar to the FOOTER option in Declude Virus? > > Mark > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Adding Tests failed and weight to the body
Is there any way to add the tests failed and other information to the body of the message -- maybe as a footer? Similar to the FOOTER option in Declude Virus? Mark --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blank subjects
Shouldn't this header fail this test ? It looks like it should. What are the Declude JunkMail log file entries for that E-mail? I'm wondering if Declude JunkMail saw a different subject for some reason. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blank subjects
Shouldn't this header fail this test ? To: [EMAIL PROTECTED] Subject: Date: Fri, 29 Oct 2004 06:11:58 + MIME-Version: 1.0 SUBJECT 3 ISBLANK Cris --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Determining a BCC Recipient
Let's please try to keep the personal stuff off of this list for the good of everyone. Even though I might find it a tad bit amusing at times when it is directed at me, I don't think that others appreciate seeing it here, and I generally don't. I hesitated even to draft this reply except that I felt it would possibly help in the future seeing as how repeated this pattern has become. This is a support group where people come to share ideas and learn from others, and flame wars have no place in such a forum. One can express an opinion or attempt to establish fact without in effect attacking or belittling a fellow participant, and unlike the circumstance regarding IMail, there is no reason for anyone to become angry about things so insignificant. I don't claim to be perfect in this regard myself, but I think it needed to be said. Matt Sanford Whiteman wrote: you shouldn't proceed under the assumption that government regulators are out there giving IT staff lists of words to be used in "full-text search" of E-mail archives. That is not the law, and it is not how subpoenas are issued. First: I clearly noted that legal (or compliance, if distinct) is given all documents, including criteria for an archive search, and that IT staff are not responsible for the search. IT is expected to create a system that compliance officers can use independent of IT (in turn respecting employees' privacy from sysadmins' snooping, restricting access to those that perform that role professionally). The full retention media must also be made available, but the regulators will request pruned material. You seem to think that you're really going to hit it off with regulators by coolly giving them hard drives with terabytes of raw mbox data and nothing more. You obviously don't know how it feels to be faced with hundreds of millions of dollars in fines and the knowledge that every day you delay is another day with your company name in the papers as an "ongoing investigation." You do not mess around or play tough on producing records; you will only go down harder. The examples are legion. Second: last you wrote, you'd only been involved in an investigation that was not bound to SOX or SEC regulations. I see nothing in your new comments, though they're more verbose, that's any more authoritative. Your isolation of SOX seems deliberately naive, since it is commonplace for SOX's open-ended storage requirements to be allied with SEC 17a-4 requirements to ensure coordination between departments and guarantee prompt response to inquiries without the perception of considered obstruction through negligence. And no organization creates separate SOX-compliant systems and SEC-compliant systems if bound by both. Third: my notes are based on our work with three different clients' IT staffs, their inside and outside counsel (two different outside firms), and documents submitted by regulatory agencies that were specific to the cases; it is also based on the experience of building the original, incomplete archiving systems for these clients and later expansions and revisions of these systems to achieve independently verified SEC/NASD compliance. Fourth: there were no "enemy lawyers" involved, unless you consider those attempting to prevent criminal actions--in this case, stealing millions from individual investors to benefit secret corporate alliances--to be your "enemies." Yet, if those are the enemies in question, I'm surprised you're opposed to _Ipswitch's_ recent activity. Aren't they just following in the footsteps of Enron by concealing their probable dead-end status while soliciting huge monies for nonexistent products? How can a private company's secrecy and price gouging be such an abomination, based on the insults you've used on the IMail list, while here you encourage a public company's destruction of records wherever you perceive a loophole? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --
