RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

[Bonno Bloksma]

Hi,



Even though I am running an Imail server for a bachelor level education with 
about 2500 active mailboxes and about 15.000 mails per day, I still have 
Declude set to max 150 THREADS. That is plenty to get the mail delivered in 
time.



Declude itself can handle a lot more and using the build in Sniffer helps 
keeping the max heap problem down, but I have never found a good reason the 
increase the THREAD count.

As a matter of fact I have had it even lower in the past and still mail was 
delivered quickly enough for users never to notice it.





Yours sincerely,
Bonno Bloksma
senior systeembeheerder

tio
university of applied sciences for hospitality and tourism
julianalaan 9 / 7553 ab hengelo

netherlands
t +31-74-255 06 10 / f +31-74-255 06 11

 <mailto:b.blok...@tio.nl> b.blok...@tio.nl  /  <http://www.tio.nl> www.tio.nl
Follow us at  <http://twitter.com/#!/hogeschooltio> Twitter /  
<http://www.facebook.com/pages/TIO-Hogeschool-Hospitality-en-Toerisme/103881882987989#!/pages/Hogeschool-Tio/417375345610>
 Facebook /  <http://cognatio.hyves.nl/> Hyves /  
<http://www.youtube.com/user/hogeschooltio> YouTube





Van: IMail Admin [mailto:imailad...@bcwebhost.net]
Verzonden: donderdag 5 mei 2011 22:10
Aan: Declude.JunkMail@declude.com
Onderwerp: Re: [Declude.JunkMail] error 0xC142 smtp.exe



That sounds like me.  What’s the cure?  Drop the number of threads in 
declude.cfg?  I haven’t looked at it yet to see what I have.



From: Andy Schmidt <mailto:andy_schm...@hm-software.com>

Sent: Thursday, May 05, 2011 1:05 PM

To: Declude.JunkMail@declude.com

Subject: RE: [Declude.JunkMail] error 0xC142 smtp.exe



I had encountered the problem when I introduced another Declude add-on to the 
mix (e.g., another command line program that Declude was launching). Eventually 
there were too many command line processes using up too much heap…



Some of us were using the old command-line sniffer and 2 or 3 anti-virus 
command line tools, and invURIBL and various other – each one chipping away at 
the heap.



From: IMail Admin [mailto:imailad...@bcwebhost.net]
Sent: Thursday, May 05, 2011 2:21 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] error 0xC142 smtp.exe



HI Pete,



Thanks for the links.  After reading all of those, and everything they link to, 
I have a better idea of what’s happening.  What Declude originally called the 
“mystery heap” is apparently the desktop heap, which had a system wide limit of 
48 mb (Win2k and Win2k3), allocated between interactive and non-interactive 
desktops.  Presumably, too many processes are launched, exhausting this heap.  
Setting a smaller value for the per-process allocation (512 kb by default) 
should allow more processes to run.  So all of this makes sense but doesn’t 
explain why my server should have this problem.



My business is so small any more than I could imagine using my smart phone to 
run the mail server.  If it’s the smtp32.exe process causing the crash, then 
that would imply to me that I’ve got a lot of outbound messages all at once.  I 
just don’t see how this could happen.  I’m guessing that we’ve got no more than 
a couple hundred mailboxes spread over 30 domains, and no lists larger than 
200.  So how do I find out where all this outbound stuff is coming from? And is 
there a setting I could use to limit the number of outbound messages sent (or 
processed) at one time?



Any suggestions are appreciated.



Thanks,



Ben



P.S. I wonder what would happen if I moved my software (Imail 2006.23) to a Win 
7 PC or a Windows 2010 server? Just thinking out loud.



From: Pete McNeil <mailto:madscient...@microneil.com>

Sent: Wednesday, May 04, 2011 8:34 PM

To: Declude.JunkMail@declude.com

Subject: Re: [Declude.JunkMail] error 0xC142 smtp.exe



On 5/4/2011 11:08 PM, Imail Admin wrote:

Hi,

Â

I recall a while back about errors where you get Error #0xC142 (The 
application failed to initialize) for smtp32.exe, somehow related to Declude.  
We started getting these recently for no particular reason that I can think 
of.  Is there a setting in Declude that helps with this?


IIRC, this is the "mystery heap" problem and solving it will mostly have to do 
with the setting you're using.

http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid=686

There is a particular chunk of memory that runs out if too many 
applications/processes are started at once as children of other processes. In 
your case, for example, too many concurrent instances of SMTP32.exe along with 
a number of other factors.

If I'm guessing correctly, you could suddenly experience this problem due to 
allowing enough SMTP32 processes (usually controlled by the number of 
processing threads you allow) and also having enough mail running through your 
system to exhaust the mystery heap.

This search might help you find what you're looking for in

RE: [Declude.JunkMail] email being delivered with blank body. What happened to body?

[Bonno Bloksma]

Hi,



Time to call Declude on the line or (Linda) via Skype and ask them.

I am using “regular” Declude on an Imail system, not the interceptor version.



Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

 <mailto:b.blok...@tio.nl> b.blok...@tio.nl  /  <http://www.tio.nl> www.tio.nl
Volg ons op  <http://twitter.com/#!/hogeschooltio> Twitter /  
<http://www.facebook.com/pages/TIO-Hogeschool-Hospitality-en-Toerisme/103881882987989#!/pages/Hogeschool-Tio/417375345610>
 Facebook /  <http://cognatio.hyves.nl/> Hyves /  
<http://www.youtube.com/user/hogeschooltio> YouTube



Van: Rick Davidson [mailto:rdavid...@nat.com]
Verzonden: dinsdag 5 april 2011 20:52
Aan: Declude.JunkMail@declude.com
Onderwerp: RE: [Declude.JunkMail] email being delivered with blank body. What 
happened to body?



So running the 3.4.10.59 (or .49 what ever it is supposed to be) resulted in a 
bit of chaos for me



So there were no more blank email bodies but instead it randomly started mixing 
up the Q and D files and delivering message bodies to unintended recipients 
(yea no kidding)



The headers look normal, exactly like they are supposed to be, however the 
message is delivered to the wrong recipient

Received: from nateet1.nat.com (64.143.180.230) by mail.nat.com

(10.101.226.10) with Microsoft SMTP Server (TLS) id 8.3.137.0; Tue, 5 Apr

2011 11:53:48 -0500

Received: from mx1.nat.com (64.143.180.231) by nateet1.nat.com

(64.143.180.231) with Microsoft SMTP Server id 8.3.137.0; Tue, 5 Apr 2011

11:53:42 -0500

Received: from fnbtc.net [209.149.254.11]   by mx1.nat.com 
(Alligate(TM) SMTP

Gateway v3.11.1.27)  with ESMPT id

 for ; 
Tue,

05 Apr 2011 11:53:23 -0500

Received: from ([192.168.3.1])   by mail.fnbtc.net with ESMTP  id

J3NF5H1.30523111;Tue, 05 Apr 2011 12:16:50 -0400

Received: by fnb_tc_02.fnb_tc with Internet Mail Service (5.5.2657.72) id

<2KAZYZJ7>; Tue, 5 Apr 2011 12:37:54 -0400

Message-ID: <4C6283FBCA6604418688004ED2B8EC6C24ED23EB@fnb_tc_02.fnb_tc>

From: Mrs Someone 

To: 'Mr Someone' 

Subject: chairs

Date: Tue, 5 Apr 2011 12:37:53 -0400

MIME-Version: 1.0

X-Mailer: Internet Mail Service (5.5.2657.72)

Content-Type: multipart/alternative;

boundary="_=_NextPart_001_01CBF3AF.CF9AC848"

X-MXRate-Prob: 0

X-MXRate-Country: US

X-MXRate-Action: NONE

X-Alligate-ReceivingIP: [64.143.180.230]

X-Alligate-Country-Chain: United States->Destination

X-Alligate-Tarpit: NOSUBD;GREY (20secs)

X-Alligate-Grey: Passed

X-Alligate-REVDNS: mail.fnbtc.net

X-Alligate-HELO: fnbtc.net

X-Alligate-Spam: NOSUBD;TARPIT;

X-Alligate-MsgScan: (10) NOTGOODSNDR[10];

X-Alligate-ID: 245564

X-Originating-IP: 209.149.254.11

X-Alligate-RcptTo: 

Return-Path: some...@seacoastnational.com

X-RBL-Warning: WEIGHTER: Message failed WEIGHTER test (line 29, weight 1)

X-Declude-Sender: some...@seacoastnational.com [209.149.254.11]

X-Declude-Spoolname: D005433486.smd

X-Declude-RefID: str=0001.0A020202.4D9B4913.0045:SCFSTAT2058654,ss=1,fgs=0

X-SendingHost: seacoastnational.com

X-Country-Chain: UNITED STATES->destination

X-Recipients: some...@nat.com

X-Declude-Fail: BACKSCATTER [4], COMMENTS [7], WEIGHTER [1]

X-Declude-Score: 12





Alligate

11:53:07.578 - (245564) Cmd recd: MAIL FROM: 
size=5349

11:53:07.734 - (245564) Cmd recd: RCPT TO:



Declude Junkmail

04/05/2011 11:53:39.156 Q005433486.smd From: some...@seacoastnational.com To: 
some...@nat.com  IP: 209.xxx.xxx.xx ID: J3NF5H1.30523111



Here is where it goes bad, the handoff from Declude to Exchange, there are two 
new recipients and an additional sender address



2011-04-05T16:53:42.453Z,64.143.180.231,,64.143.180.231,mx1,08CDBFF5751E827C;2011-04-05T16:53:42.296Z;0,mx1\Inbound
 From 
Internet,SMTP,RECEIVE,31471,<4C6283FBCA6604418688004ED2B8EC6C24ED23EB@fnb_tc_02.fnb_tc>,someo...@nat.com;someo...@nat.com,,9626,2,,,chairs,some...@seacoastnational.com,some...@msn.com,10I:



the message above was delivered to someo...@nat.com and someo...@nat.com from 
some...@msn.com instead of what was contained in the headers





Rolled back to previous version…



--

Rick



From: Rick Davidson
Sent: Tuesday, April 05, 2011 8:37 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] email being delivered with blank body. What 
happened to body?



Login to the interim area

Go to interceptor

There is a dir called 3.4.10.59



Swap out the decludeproc.exe files



I am running it this morning and indeed that issue does not exist, however the 
diags.txt says it is 3.4.10.49



--

rick



From: Harry Vanderzand [mailto:ha...@intown.net]
Sent: Tuesday, April 05, 2011 8:05 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] email being delivered with blank body. What 
happened to body?



Where did you get 4

RE: [Declude.JunkMail] email being delivered with blank body. What happened to body?

[Bonno Bloksma]

Hi,



Which version of Declude are you running?

I remember chasing a wierd bug that was sometimes truncating a message to 1k, 
which mostly affected html mail. After declude found the cause for that issue 
they released interim version Declude 4.10.59 which is what I am running now.





Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

 <mailto:b.blok...@tio.nl> b.blok...@tio.nl  /  <http://www.tio.nl> www.tio.nl
Volg ons op  <http://twitter.com/#!/hogeschooltio> Twitter /  
<http://www.facebook.com/pages/TIO-Hogeschool-Hospitality-en-Toerisme/103881882987989#!/pages/Hogeschool-Tio/417375345610>
 Facebook /  <http://cognatio.hyves.nl/> Hyves /  
<http://www.youtube.com/user/hogeschooltio> YouTube



Van: Harry Vanderzand [mailto:ha...@intown.net]
Verzonden: dinsdag 5 april 2011 0:54
Aan: Declude.JunkMail@declude.com
Onderwerp: [Declude.JunkMail] email being delivered with blank body. What 
happened to body?



This is occurring to one of my domains.  No others that I can figure.  I see no 
pattern as to why the mail gets delivered but the body is missing.  Any help is 
sure appreciated.



I run imail with an Alligate front end.



And of course Declude.



Thank you in advance for your assistance.





Thank you



Harry Vanderzand

Intown internet & Erbsville Internet

740 Erbsville Road

Waterloo, ON, N2J3Z4


--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, 
just send an E-mail to imail...@declude.com, and type "unsubscribe 
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] ipv6 and exchange

[Bonno Bloksma]

Hi,

Somewhere this year, maybe even before the summer, we will switch from using 
IMail to Exchange. As a school we get a REAL GOOD deal on the licenses and we 
want to use other software, like a Blackberry server, that does not work 
together with IMail :-( but does with Exchange.

1)
Who has done an IMail to Exchange migration and can give me their migration 
path. That would save me a lot of searching for "the best way" to do it. Of 
course we have allready thought about it and thought about how to do it but we 
probably missed some things. The proper order in which to do things is 
important of course. Password migration is not a problem as all users are 
allready in our AD.

2)
As the ipv4 resourse pool nears depletion at the RIR level as well, and as we 
do a lot of international business with both Africa and Asia, I can start to 
see ipv6 ONLY machines in the near future that need to connect to our 
webservers and mailserver. How far is Declude in it's ipv6 support? I will 
enable ipv6 on my Exchange server when we launch it.

3)
As I want to have a Alligate/Declude server in front of my Exchange server... 
Is seems I need to switch from seperate Alligate / Declude  subsciptions to an 
intigrated subscription. Do I need to contact Declude or Alligate for this? I 
allready have combined Declude and Sniffer and Commtouch is part of my Declude 
subscription so letting Declude handle this would seem te proper way.

4)
As an alternative to handling my own spam/virus filter I can outsource it to 
Microsoft or some other company that does handle ipv6 by now. Does anyone know 
of a lists who supports ipv6 as of now of in the next few months?

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio

hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] 1.8Gig logs dir

[Bonno Bloksma]

Hi,

To those of you never running Hijack and never bothered to look at it I was 
looking where some of my diskspace had gone to and found 1,8Gig of hijack logs 
saying nothing but...
07/26/2009 00:00:44.469 q807b03a1f79c.smd Hijack Test is OFF. No Hijack.CFG 
file found.
07/26/2009 00:00:44.500 q806303d1f789.smd Hijack Test is OFF. No Hijack.CFG 
file found.

Seems I have 1 year worth of hijack logs and only the fact that hijack uses the 
hiMMDD format kept it from growing further. :-(

Declude... please fix this, we don't need hijack logs when there is no hijack.
Everybody else see what you have in the Declude\Logs directory.
I never looked at that directory as every other log file is in my IMail\spool 
directory or in the application directory like the snf log.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] What's wrong with my Declude?

[Bonno Bloksma]

Hi,

I'm running IMail 2006.23 as well and running the latest Declude with build in 
sniffer. It is the easiest to set up.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 


- Original Message - 
  From: Imail Admin 
  To: declude.junkmail@declude.com 
  Sent: Sunday, August 01, 2010 8:40 PM
  Subject: Re: [Declude.JunkMail] What's wrong with my Declude?



  Hi Pete,

  Thanks.  I think I'll try your installer first.  I checked and my Sniffer 
  subscription runs out in late September.  I'm considering the possibility of 
  upgrading Declude (first time in many years) and getting the OEM Sniffer 
  with it.  If I do that, it'll be in September.  My system is so old (Imail 
  2006.23 running on top of Windows Server 2000) that I worry it won't handle 
  the newest versions of these products.

  Thanks,

  Ben

  ---
  [This E-mail was checked by Declude]

  - Original Message - 
  From: "Pete McNeil" 
  To: 
  Sent: Sunday, August 01, 2010 11:28 AM
  Subject: Re: [Declude.JunkMail] What's wrong with my Declude?


  > On 8/1/2010 1:36 PM, Imail Admin wrote:
  >> Hi Pete,
  >>
  >> By SNF I assume you mean Sniffer?  How do I tell for sure which version 
  >> is running and whether it is getting the latest downloads?  I know it's 
  >> running at least partially because the report lists it.  I checked the 
  >> cfg file and it says "configuration for v2r3", so I assume that's version 
  >> 2 and not version 3?  Then I checked my old emails and found that my last 
  >> license renewal was at the end of last August, so I have a valid license. 
  >> I haven't received any noticed since then about newer versions or even 
  >> renewing my license this year.
  >
  > That all sounds about right.
  > I'm betting (based on the above) that you simply never upgraded to version 
  > 3.
  >
  > The best way to do that is to use our installer.
  >
  > http://www.armresearch.com/products/snfClientServerWinInstaller.jsp
  > http://www.armresearch.com/message-sniffer/download/SNF_CS_Installer.exe
  >
  > Another good way (if you're upgrading Declude also) is to switch to the 
  > built-in OEM version of SNF in Declude. (contact Declude about that if you 
  > wish to switch).
  >
  > _M
  >
  > ---
  > [This E-mail was checked by Declude]
  >
  > -- 
  > President
  > MicroNeil Research Corporation
  > www.microneil.com
  >
  >
  >
  > ---
  > This E-mail came from the Declude.JunkMail mailing list.  To
  > unsubscribe, just send an E-mail to imail...@declude.com, and
  > type "unsubscribe Declude.JunkMail".  The archives can be found
  > at http://www.mail-archive.com.
  >
  >
  > 



  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to imail...@declude.com, and
  type "unsubscribe Declude.JunkMail".  The archives can be found
  at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Release 4.10.53 now available

[Bonno Bloksma]

Hi,

Just downloaded the latest global.cfg file to compare mine with and it still 
has the old ZEROHOUR 12 line.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 


- Original Message - 
  From: David Barker 
  To: declude.junkmail@declude.com ; declude.vi...@declude.com ; 
declude.relea...@declude.com 
  Sent: Thursday, July 08, 2010 6:18 PM
  Subject: [Declude.JunkMail] Release 4.10.53 now available


  · Updated AVG SDK to 1.7.9836 to fix the problem with using the SDK 
on a machine with AVG 9.0.837

  · Allow the user to specify HOMEREGION specifically designed for 
users outside of North America and applies to the ROUTING test. Add one of the 
following depending on your region to the declude.cfg (North America is the 
default) More information on your specific country can be found here

  HOMEREGION   Afrinic
  HOMEREGION   Apnic
  HOMEREGION   Anic
  HOMEREGION   Lacnic
  HOMEREGION   Ripe_ncc

  · Changed ZEROHOUR test to work the same as other tests. Remove the 
old line ZEROHOUR 12 Located in the Global.cfg add the new configuration

COMMTOUCH
   ZEROHOUR
x
x
12
   0
   

  · Added "nonzero" option for SNF test. Located in the Global.cfg

SNIFFER
   SNF
x
NONZERO
10
   0
   

   

  · Changed from message id = "TestMessage" to display the spool name

   

  David Barker
  VP Operations Declude
  Your Email security is our business
  978.499.2933 office
  978.988.1311 fax
  dbar...@declude.com

   


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to imail...@declude.com, and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] dns servers for declude

[Bonno Bloksma]

Hi David,

1)
I my case the primary dns server had a failure I was able to repair but *I* was 
on vacation and the helpdesk operator did not have the proper 
permissions/knowlege. For all other operations this was no problem as any of 
the other 4 dns servers were able to take over and it was a low priority event. 
That is, until we realised mai was flowing extreem slow. :-(

2)
Normal behaviour for a dns resolver is to try the next dns server after a delay 
of 2 sec. When there are more then two dns servers and the second does not 
answer as well the timeout round robin gets a bit more complicated on a full 
scale situation.

For Declude it might be a bit more simple.
First 2sec timeout, just try the next dns server.
Second to  (tenth?) failure, same behaviour but keep track.
After that mark the active dns server as the first one to be attempted and 
every 100? attempts check to see if the first dns server has come back.
If the first dns server responds to queries once more switch back as there is 
probably a good reason we marked is as the first dns server.

A simple fail over mechanism might be enough for most of us. I think very few 
of us have more then two dns servers defined in the setup of any machine.


Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 


- Original Message - 
  From: David Barker 
  To: declude.junkmail@declude.com 
  Sent: Tuesday, July 06, 2010 5:54 PM
  Subject: RE: [Declude.JunkMail] dns servers for declude


  Hi Bono,

   

  We can look at adding a second DNS entry to declude. 

   

  1.   What was your DNS failure ?

  2.   Under what circumstances would you want Declude to switch  to the 
secondary DNS server ?

   

  Does anyone have ideas as to what this should look like so that I can scope 
the requirement.


  Thanks
  David

   

  From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Bonno 
Bloksma
  Sent: Sunday, July 04, 2010 4:37 AM
  To: Declude.JunkMail@declude.com
  Subject: [Declude.JunkMail] dns servers for declude

   

  Hi,

   

  I have 5 sites and 5 dns servers. Each is primary for it's own site and 
secondary for another site. I can survive any single dns server failure 
except when it comes to Declude.

   

  A long time ago we were told Declude does not properly follow the Windows 
settings for primary, secondary and if neccesary tertiary dns server and we 
needed to provide ONE dns server in the Declude config.

  After a Declude upgrade a while ago I started with a fresh default config 
file and noticed the dns settings were comented so I left them at that and 
assumed Declude would one again use the same dns servers Windows has configured.

   

  Unfortunately the dns server reponsible for the site where the mailserver is 
failed yesterday for most of the day after a problem during maintenance. The 
secondary server took over for just about all servers / services except the 
Declude service. Mail was realy slow of course. :-(

   

  Is the problem that prevented us in the past from defining more then one dns 
server finaly resolved? Can I have a secondary dns server in Declude today? If 
not now, when can I?

   

  I know I can solve the problem for Declude by using a cluster of dns servers 
with one public ip-number but I have not done anything with clusters yet 
and:

   - my current dns servers have a load of close to nothing

   - my current dns servers are also my Active Directory DCs

   

  Yes, we will have virtual servers pretty soon too so I can have fast fail 
over on the dns server But...

  What if I want to do a fail over to my backup site? The mail server might 
still want to use the dns server at my primary site which will probably have a 
problem because I have switched to the backup site. Any clustering of dns 
servers at my primary site would then still be usesless. I simply want Declude 
to use any of the 5 dns servers I have today.

   

  Met vriendelijke groet,
  Bonno Bloksma
  senior systeembeheerder

  tio 

  hogeschool hospitality en toerisme 
  begijnenhof 8-12 / 5611 el eindhoven
  t 040 296 28 28 / f 040 237 35 20

  b.blok...@tio.nl  / www.tio.nl 

   


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to imail...@declude.com, and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to imail...@declude.com, and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".

[Declude.JunkMail] dns servers for declude

[Bonno Bloksma]

Hi,

I have 5 sites and 5 dns servers. Each is primary for it's own site and 
secondary for another site. I can survive any single dns server failure 
except when it comes to Declude.

A long time ago we were told Declude does not properly follow the Windows 
settings for primary, secondary and if neccesary tertiary dns server and we 
needed to provide ONE dns server in the Declude config.
After a Declude upgrade a while ago I started with a fresh default config file 
and noticed the dns settings were comented so I left them at that and assumed 
Declude would one again use the same dns servers Windows has configured.

Unfortunately the dns server reponsible for the site where the mailserver is 
failed yesterday for most of the day after a problem during maintenance. The 
secondary server took over for just about all servers / services except the 
Declude service. Mail was realy slow of course. :-(

Is the problem that prevented us in the past from defining more then one dns 
server finaly resolved? Can I have a secondary dns server in Declude today? If 
not now, when can I?

I know I can solve the problem for Declude by using a cluster of dns servers 
with one public ip-number but I have not done anything with clusters yet 
and:
 - my current dns servers have a load of close to nothing
 - my current dns servers are also my Active Directory DCs

Yes, we will have virtual servers pretty soon too so I can have fast fail over 
on the dns server But...
What if I want to do a fail over to my backup site? The mail server might still 
want to use the dns server at my primary site which will probably have a 
problem because I have switched to the backup site. Any clustering of dns 
servers at my primary site would then still be usesless. I simply want Declude 
to use any of the 5 dns servers I have today.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] ipv6

[Bonno Bloksma]

Hello,

I am making an inventory right now of all the software that does something with 
ip-numbers and may not support ipv6 numbers yet.
Later this year I will open up our DMZ servers to some ipv6 testing and 
foremost I will need software that does not have a problem with an ipv6 address 
coming by. Does the current version of Declude indeed have no problem if it 
sees an ipv6 address or wil it sort of crash?

Does the current version fully support ipv6 yet and if not is there an expected 
target date for it?

If nothing else at least our mailservers and webservers will fully need to 
support ipv6.


Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] stop scanning after x points

[Bonno Bloksma]

Hi,

I use Declude with build-in Sniffer and InvURIbl. Other then that mostly the 
default tests.
Using the new 4.10.42 version.

I would like Declude to examine the points scored so far before launching 
Sniffer or InvURIbl as those are body tests and need more cpu.
I hold at 20 and delete at 30. I want Sniiffer and InvURI not called if 
standard dns tests have allready scored 60+ points.
Is that possible?

I know I can do something like that in tests I create myself but I have no such 
tests.
If there is not yet a way to tell Delcude to evaluate tests that can score 
negative weights first maybe that would be a good idea as well to combine with 
the conditional calling of more tests.


Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] multistage filtering [OT]

[Bonno Bloksma]

Hi,

With the amount of spam I have to throw away each day no reaching consistant 
levels of over 90%... I can of course get an even faster mailserver but I think 
I would be better of with an extra smtp server in front of my mailserver which 
filters the most blatant spam mail purly based on session info. What passes 
that server can go on to my IMail server and have more contect based filtering 
using Declude, Sniffer, InvURIBL etc.

What would be a good first step server? I have experience with (Debian) Linux 
so a Linux based solution is no problem.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] old decludeproc files

[Bonno Bloksma]

Hi,

In my IMail folder I have a number of files with names like decludeproc.exe
Are these old files laft over after an upgrade?
If so, I can probably delete them right?

Strangely enough I would have expected one of them to have a filedate of today 
as I did an upgrade today but that is not the case. Maybe the original 
timestamp is retained and only the filename has been changed.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Oops deleted declude.exe

[Bonno Bloksma]

Hi,

Small bug in eye brain keyboard interface make me delete the wrong file, 
\imail\declude.exe. :-(
Had it restored from backup in a few minutes but in those few minutes I had 
several lines like:
06:06 17:51 SMTPD(5d0803e2505d) (CP) error 2 executing 
"C:\IMail\Declude.exe" "C:\IMail\spool\Q5d0803e2505d.SMD"
06:06 17:51 SMTPD(5cf903e55025) (CP) error 2 executing 
"C:\IMail\Declude.exe" "C:\IMail\spool\Q5cf903e55025.SMD"
06:06 17:51 SMTPD(5cf904585026) (CP) error 2 executing 
"C:\IMail\Declude.exe" "C:\IMail\spool\Q5cf904585026.SMD"
in my log. 

I now have several D*smd A*.smd pairs in my \imail\spool directory. Can I 
simply rename A to Q and drop the pairs in the \imail\spool\proc directory?


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] INVURIBL WEIGHT?

[Bonno Bloksma]

Hi,

I score it at 25% of my hold weight. A mail may contain a "bad link" for what 
ever reason.
I might increase this in the near future but never more then 50%. I would never 
hold on any one test, that's the power of Declude.

Having said that, I do hold on certain Sniffer results alone like porn.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: Dave Beckstrom 
  To: declude.junkmail@declude.com 
  Sent: Tuesday, April 22, 2008 3:55 PM
  Subject: [Declude.JunkMail] INVURIBL WEIGHT?


  Hi everyone,

   

  I would appreciate hearing some opinions.  How heavy are you weighing 
INVURIBL?  Would half of the hold weight be too much weight?  Would you hold on 
INVURIBL alone?

   

  Thanks,


  Dave

   



  No virus found in this outgoing message.
  Checked by AVG.
  Version: 7.5.524 / Virus Database: 269.23.2/1389 - Release Date: 4/21/2008 
8:34 AM



  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 
  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] getting corresponding subjects

[Bonno Bloksma]

Hi,

Probably someone overhere has needed to do this before. I have had to look at 
OLD logfiles where someone claimed to have sent us a mail and is now sueing us 
for not reacting to that mail. Now we all know mail is not garanteed delevered 
but... she also states that we have replied to that mail. I want to create a 
list of all mail from and to her.

I have a list of all SMTP and SMTPD loglines for mail to and from that 
mailaddress but I want the corresponding subjects as well. Those are in my 
Declude log. What I need is a script that can analyse a file full of loglines 
like this line (but also contains other loglines):
log0520.txt:20060520 235124 127.0.0.1   SMTP (8f560d10de78) rdeliver 
hotmail.com [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 6207
And get the subject line from declude for that session.
dec0520.log:05/20/2006 23:51:21 Q8F560D10DE78 Subject: Tio aanmelding

I have several standard Unix tools on my Windows XP machine and cluld install 
.Net as well if thats needed. What I would like is:
1) For me to create a file with all lines where her e-mail addresses are in, 
she has used at least two different addresses. This is the simple step, just a 
simple grep command.
2) Maybe I now need to generate a list of session ID's for each mail, maybe 
including the date
3a) Get complete mail sessions from the logMMDD.txt files for those sessions 
and the complete mail sessions from the decMMDD.log files
3b) For a simpler overview in court I want a second file with just the 
rdeliver/ldeliver lines and the Subject line.

Who can help?



Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] counting mail

[Bonno Bloksma]

Hi Darrell,

I know about DLAnalyzer but that does to much for me. :-) I just want a few 
simple numbers.

I've also tried it with 
---
grep "Cumulative action(s) on this email" %1 > CumAction.txt
grep -c "LAST ACTION=DELETE" CumAction.Txt >> LastDel.Txt
grep -v -c "LAST ACTION=DELETE" CumAction.Txt >> LastNonDel.Txt
---

But that also produces different numbers.
Of course in this case I understand why, as 1 mail can go to lot's of users. We 
sometimes send mails to 1500+ recipients. That's why I was counting all the 
individual action lines


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: Darrell ([EMAIL PROTECTED]) 
  To: declude.junkmail@declude.com 
  Sent: Friday, February 08, 2008 4:17 PM
  Subject: Re: [Declude.JunkMail] counting mail


  Bonno,

  With emails that have multiple recipients its not uncommon to see last 
  actions multiple times for the same message.  This will skew your results.

  Your better off using a tool like DLAnalyzer to analyze your logs as it 
  takes all of this into account.  Plus it can be scheduled to run 
  automatically and email you the results.

  Darrell
  --
  Check out http://www.invariantsystems.com for utilities for Declude, 
  Imail, mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring, 
  SURBL/URI integration, MRTG Integration, and Log Parsers.




  Bonno Bloksma wrote:
  > Hi,
  >  
  > I've got IMail reporting on so I get an e-mail every day telling me how 
  > many rdeliverd en ldeliverd.
  > I also have my Declude logfiles with action lines for each recipient of 
  > a mail.
  > A lot of mail is within our mailserver as students and staff communicate 
  > between each other.
  >  
  > On a given day, let's take feb 1st, I have:
  > IMail LocalDeliver 8837 and RemoteDeliver 1240
  > Couting from the Declude log using:
  > CountAction.cmd decl0201.txt
  > ---
  > grep "Action(s) taken for" %1 > Action.txt
  > grep -c "LAST ACTION=DELETE" Action.Txt >> LastDel.Txt
  > grep -v -c "LAST ACTION=DELETE" Action.Txt >> LastNonDel.Txt
  > exit
  > ---
  > I get 23758 for LastDel and 4123 for LastNonDel
  >  
  > I cannot find any match in those numbers, nothing even close.
  > I would have expected the LastNonDel to be the total of Local and/or 
  > Remote delivered.
  > What am I missing?
  >  
  >  
  >  
  >  
  > 
  > Met vriendelijke groet,
  > Bonno Bloksma
  > hoofd systeembeheer
  > 
  > tio hogeschool hospitality en toerisme
  > begijnenhof 8-12 / 5611 el eindhoven
  > t 040 296 28 28 / f 040 237 35 20
  > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  / www.tio.nl 
  > <http://www.tio.nl>
  > 
  > ---
  > This E-mail came from the Declude.JunkMail mailing list. To
  > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  > type "unsubscribe Declude.JunkMail". The archives can be found
  > at http://www.mail-archive.com.

  -- 



  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail".  The archives can be found
  at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] counting mail

[Bonno Bloksma]

Hi,

I've got IMail reporting on so I get an e-mail every day telling me how many 
rdeliverd en ldeliverd.
I also have my Declude logfiles with action lines for each recipient of a mail.
A lot of mail is within our mailserver as students and staff communicate 
between each other.

On a given day, let's take feb 1st, I have:
IMail LocalDeliver 8837 and RemoteDeliver 1240
Couting from the Declude log using:
CountAction.cmd decl0201.txt
---
grep "Action(s) taken for" %1 > Action.txt
grep -c "LAST ACTION=DELETE" Action.Txt >> LastDel.Txt
grep -v -c "LAST ACTION=DELETE" Action.Txt >> LastNonDel.Txt
exit
---
I get 23758 for LastDel and 4123 for LastNonDel

I cannot find any match in those numbers, nothing even close. 
I would have expected the LastNonDel to be the total of Local and/or Remote 
delivered.
What am I missing?






Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] AFTERJM

[Bonno Bloksma]

Hi,

Of course I knew it was AVAFTERJM. Seems I made a consistent typo. ;-)

And then of course we would want AVAFTERJM NODELETE, we do not need to scan 
deleted mails anymore. :-)



Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: David Barker 
  To: declude.junkmail@declude.com 
  Sent: Wednesday, February 06, 2008 3:39 PM
  Subject: RE: [Declude.JunkMail] AFTERJM


  The directive is AVAFTERJM 

   

  We can look at setting an option for DELETE only.


  David B

   

  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma
  Sent: Wednesday, February 06, 2008 9:28 AM
  To: Declude.JunkMail@declude.com
  Subject: [Declude.JunkMail] AFTERJM

   

  Hi,

   

  For years we have had AFTERJM as a way to first delete al spam mail and then 
scan the remainder for virusses.

  Lots of us have not used it because a mail that was held or something like it 
would not be scanned. If after that it was put back in the queue it would never 
have been scanned.

   

  A few years ago that wasn't a problem, today it is when 90+% of the mail is 
spam and less then 1% is virus. Virusscanning uses the most cpu as far as I can 
see.

  With the way Declude works now with a Decludeproc service keeping track of 
everything can we not simply have Declude scan all mail for virusses etc unless 
it is deleted first by junkmail?

   

  So whatever action junkmail takes, excluding deleting, the mail will be 
scanned for virusses. That way we don't have to worry anymore when resubmitting 
FP spam to the queue.

  Together with the new Sniffer engine I'd love to use AFTERJM.

   

  Reason for this mail I just had my mailserver brought to it's knees 
scanning a spamburst for nonexisting virusses. I know there are lots of other 
ways to catch spam before it hits the IMail server but that's not needed (yet) 
if I can user AFTERJM.

   

  Met vriendelijke groet,
  Bonno Bloksma
  hoofd systeembeheer

   

  tio hogeschool hospitality en toerisme 

  begijnenhof 8-12 / 5611 el eindhoven
  t 040 296 28 28 / f 040 237 35 20
  [EMAIL PROTECTED]  / www.tio.nl 


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] AFTERJM

[Bonno Bloksma]

Hi,

For years we have had AFTERJM as a way to first delete al spam mail and then 
scan the remainder for virusses.
Lots of us have not used it because a mail that was held or something like it 
would not be scanned. If after that it was put back in the queue it would never 
have been scanned.

A few years ago that wasn't a problem, today it is when 90+% of the mail is 
spam and less then 1% is virus. Virusscanning uses the most cpu as far as I can 
see.
With the way Declude works now with a Decludeproc service keeping track of 
everything can we not simply have Declude scan all mail for virusses etc unless 
it is deleted first by junkmail?

So whatever action junkmail takes, excluding deleting, the mail will be scanned 
for virusses. That way we don't have to worry anymore when resubmitting FP spam 
to the queue.
Together with the new Sniffer engine I'd love to use AFTERJM.

Reason for this mail I just had my mailserver brought to it's knees 
scanning a spamburst for nonexisting virusses. I know there are lots of other 
ways to catch spam before it hits the IMail server but that's not needed (yet) 
if I can user AFTERJM.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] link to documentation

[Bonno Bloksma]

Hi,

Whenever I got a normal mail  with a bug in it like:
> Declude Virus v4.3.46 caught the [Outlook 'MIME segment in MIME Preamble' 
> Vulnerability] virus in [No attachment]
> from [EMAIL PROTECTED] to:  [EMAIL PROTECTED]
I wanted to send them a warning about it. Of course just the warning woud not 
be enogh, I needed to tell them WHAT the error was.

I used to be able to simply send a link to the proper part of the manual on the 
Declude site but. where did it go? Where is the explanation about what each 
Vulnerability is?
The junkmail manual does not seem to have them, in fact searching for the word 
vulnerability in that entire maniual shows zero hits.
Lookin for preamble in the knowledgebase does not show one relevant topic.

Where did all that information go? And if it is still there... if I cannot find 
it how is someone less determined going to find it. I did spend a fair amount 
of time going over the site. :-(


p.s. On the page: http://www.declude.com/articles.asp?ID=100 I tried to click 
on BADHEADER Lookup pointing to http://shopping.declude.com/tools/header.php. 
But that resulted in a 404 error.




Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] badheaders

[Bonno Bloksma]

Hi,

IKEA sends a big mailrun, headers for one of the mail is below.

If I check the BADHEADERS code 802d at tools.declude.com I get:
  SMTP Dialog MX record Lookup failed (error #0 ().
Trying A record for ...A record Lookup failed (error #0 ().

You need an MX record for  in order to send mail to it.  Sorry! 

but that seems not correct somehow. Who "...needs an MX record for ..."WHAT"... 
in order to send mail to it?
Does 217.150.51.120 need to have an MX record? Is THAT the BAD in de HEADER?
Seems to me something with the badheader code 802d isn't right.

---
Received: from mr120.yzmail.nl [217.170.51.120] by student.tio.nl with ESMTP 
(SMTPD-9.21) id A10B0A28;
  Thu, 06 Dec 2007 11:38:03 +0100
Message-Id: <[EMAIL PROTECTED]>
Received: from unknown (HELO localhost.localdomain) ([172.16.0.213]) by 
mr120.yzmail.nl with ESMTP;
  06 Dec 2007 09:41:58 +0100
Content-Type: multipart/alternative;
 boundary="--=_1196930458-27165-74380"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "IKEA FAMILY" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [SPAM: 26]Comfortabel slapen - IKEA FAMILY MAIL december 2007
Return-Path: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-Mailer: Yourzine.nl
X-IMAIL-SPAM-VALFROM: (d10a064b3ec9)
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client 
[802d].
X-RBL-Warning: FROMNOMATCH: Env sender ([EMAIL PROTECTED]) From: ([EMAIL 
PROTECTED]) mismatch.
X-RBL-Warning: SUBCHARS-50: Subject with at least 50 characters found.
X-Declude-Sender: [EMAIL PROTECTED] [217.170.51.120]
X-Declude-Spoolname: Dd10a064b3ec9.smd
X-Declude-RefID: str=0001.0A0B0204.4757C53F.0119,ss=3,sh,fgs=0
X-Declude-Note: Scanned by Declude 4.3.46 for spam. 
"http://www.declude.com/x-note.htm";
X-Declude-Scan: Incoming Score [26] at 11:38:27 on 06 Dec 2007
X-Declude-Fail: BADHEADERS [8], FROMNOMATCH [3], SUBCHARS-50 [1], SPAMSUBJECT 
[12], SPAMHOLD [20], ZEROHOUR [14]
X-Country-Chain: NETHERLANDS->destination
X-fpReview-Weight: 26
-------



Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] filters

[Bonno Bloksma]

Hi,

Every example I see at the Declude site for lines in a filter files seems to 
indicate that I HAVE to have a weight listed or some other action.
What if I want to create a filter file that identifies the specific mails and 
then assign a weight in de global file?

For instance, we not get some spam with a specific subject, a specific line of 
text in each mail and a link to geocities.
I want mail that has all characteristics to get a certaing weight.
Global.cfg
FILTER-VRIEND  filter C:\IMail\Declude\Filters\Vriend.txt  x 0 0

Vriend.txt
SUBJECT 10 IS zoek een vaste vriend
BODY 2 CONTAINS http://geocities.com/
BODY 5 CONTAINS http://geocities.com/KatieDavenport89
BODY 5 CONTAINS http://geocities.com/ElbertMacias
BODY 5 CONTAINS http://geocities.com/ZachariahBuck33
BODY 5 CONTAINS http://geocities.com/JanHammond97
BODY 5 CONTAINS http://geocities.com/GenaroRogers
BODY 5 CONTAINS Ik zoek een vriend / seks-partner

But this is not quite what I want. I want to assign 15 points if the subject is 
correct, if the specific line of text is there and if there is a geocities link.

And then I could add some weight is a specific geocities link is present.
So... how do I do that?



Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] ZEN test

[Bonno Bloksma]

Hi,

> Due to your HOP setting you are checking multiple hops. 

Ok, that was the intent.

> Since you use a  multihop setting you should score the hops differently
> or run into problems like you identified.  

That's one way of handling it.

> I would suggest reducing it to 1.  This will score the last two hops.

And that's what I don't get. As far as I know I'm at hop 0, the machine sending 
it to me is hop 1.
The machine sending it to that machine is hop 2.

That's as far as I want to check, but in the case below it seemed as if it was 
checking hop 3. The
> Received: from hulsbeek.nl (adsl-dc-34529.adsl.wanadoo.nl 
> [83.116.227.41])by mwinf6301.orange.nl (SMTP Server) with ESMTP id 
line was the third Received line and it was caught bij the ZEN test
> X-RBL-Warning: ZEN: "http://www.spamhaus.org/query/bl?ip=83.116.227.41";

So, am I mistaken in the meaning of the Hop count, or is something else going 
on?





Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: Darrell ([EMAIL PROTECTED]) 
  To: declude.junkmail@declude.com 
  Sent: Wednesday, August 01, 2007 4:48 PM
  Subject: Re: [Declude.JunkMail] ZEN test


  Bonno,

  Due to your HOP setting you are checking multiple hops.  Since you use a 
  multihop setting you should score the hops differently or run into 
  problems like you identified.  I would suggest reducing it to 1.  This 
  will score the last two hops.

  Than you can modify your tests like the following.  The first one only 
  checks the last ip recevied.  The second one checks all of them.  One 
  thing to keep in mind if the LAST test hits so will the ALL test.  So 
  for example if you want the last hop (who connected to you) to have a 
  weight of 3 for the SORBS-SPAM test than you will want to make sure that 
  the sum of the two tests equal that weight.


  SORBS-SPAM(LAST) dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.6 2 0

  SORBS-SPAM(ALL) ip4r dnsbl.sorbs.net 127.0.0.6 1 0

  So in the case above if the second hop was listed we would only assign a 
  score of "1" from the SORBS-SPAM(ALL) test.  If the last hop was listed 
  than we would have a score of "3" since both the (LAST) and (ALL) test 
  would hit.

  Let me know if this is not clear,
  Darrell

  --
  Check out http://www.invariantsystems.com for utilities for Declude, 
  Imail, mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring, 
  SURBL/URI integration, MRTG Integration, and Log Parsers.



  Bonno Bloksma wrote:
  > Hi,
  >  
  > Maybe using the ZEN test isn't such a good idea. It is caching a DSL 
  > line that is several hops down.
  >  
  > In Global.cfg I have Hophigh 2, should I maybe reduca that to 1? Is that 
  > the cause? If so
  > As far as I know my server is Hop 0, the smtp-4 should then be Hop 1, 
  > the me-wanadoo.net should then be Hop 2.
  > So the hulsbeek.nl (adsl-dc-34529 line) should be Hop 3 and not be 
  > checked.
  >  
  > Why was that ip number checked?
  > 
  > --
  > Received: from smtp-4.orange.nl [193.252.22.249] by student.tio.nl with 
  > ESMTP (SMTPD-9.21) id A33707C8;
  >   Mon, 30 Jul 2007 09:28:55 +0200
  > Received: from me-wanadoo.net (localhost [127.0.0.1])by 
  > mwinf6301.orange.nl (SMTP Server) with ESMTP id E8495784for 
  > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>;
  >   Mon, 30 Jul 2007 09:28:54 +0200 (CEST)
  > Received: from hulsbeek.nl (adsl-dc-34529.adsl.wanadoo.nl 
  > [83.116.227.41])by mwinf6301.orange.nl (SMTP Server) with ESMTP id 
  > AF5A9782for <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>;
  >   Mon, 30 Jul 2007 09:28:54 +0200 (CEST)
  > X-ME-UUID: [EMAIL PROTECTED] 
  > <mailto:[EMAIL PROTECTED]>
  > Subject: [SPAM: 22]RE: 5 augustus
  > MIME-Version: 1.0
  > Content-Type: multipart/alternative;
  >  boundary="_=_NextPart_001_01C7D27B.467F4FA9"
  > Date: Mon, 30 Jul 2007 09:28:50 +0200
  > Content-class: urn:content-classes:message
  > X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
  > Message-ID: 
  > <[EMAIL PROTECTED] 
  > <mailto:[EMAIL PROTECTED]>>
  > X-MS-Has-Attach:
  > X-MS-TNEF-Correlator:
  > Thread-Topic: 5 augustus
  > thread-index: AcfSClRkqB1y6CB4TkymtwIq3Exp3QAZtfQA
  > From: "Erve Hulsbeek" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
  > Sender: "Piet Heuvelmans" <[EMAIL PROTECTED] 
  > <mailto:[EMAIL PROTECTED]>>
  > To: "Nienke Koster" <[EMAIL PROTECTED] 
  > <mailto:[EMAIL PROTECTED]>>
  > X-RBL-Warning: F

[Declude.JunkMail] ZEN test

[Bonno Bloksma]

Hi,

Maybe using the ZEN test isn't such a good idea. It is caching a DSL line that 
is several hops down.

In Global.cfg I have Hophigh 2, should I maybe reduca that to 1? Is that the 
cause? If so
As far as I know my server is Hop 0, the smtp-4 should then be Hop 1, the 
me-wanadoo.net should then be Hop 2.
So the hulsbeek.nl (adsl-dc-34529 line) should be Hop 3 and not be checked.

Why was that ip number checked?

--
Received: from smtp-4.orange.nl [193.252.22.249] by student.tio.nl with ESMTP 
(SMTPD-9.21) id A33707C8;
  Mon, 30 Jul 2007 09:28:55 +0200
Received: from me-wanadoo.net (localhost [127.0.0.1])by mwinf6301.orange.nl 
(SMTP Server) with ESMTP id E8495784for <[EMAIL PROTECTED]>;
  Mon, 30 Jul 2007 09:28:54 +0200 (CEST)
Received: from hulsbeek.nl (adsl-dc-34529.adsl.wanadoo.nl [83.116.227.41])by 
mwinf6301.orange.nl (SMTP Server) with ESMTP id AF5A9782for <[EMAIL 
PROTECTED]>;
  Mon, 30 Jul 2007 09:28:54 +0200 (CEST)
X-ME-UUID: [EMAIL PROTECTED]
Subject: [SPAM: 22]RE: 5 augustus
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="_=_NextPart_001_01C7D27B.467F4FA9"
Date: Mon, 30 Jul 2007 09:28:50 +0200
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 5 augustus
thread-index: AcfSClRkqB1y6CB4TkymtwIq3Exp3QAZtfQA
From: "Erve Hulsbeek" <[EMAIL PROTECTED]>
Sender: "Piet Heuvelmans" <[EMAIL PROTECTED]>
To: "Nienke Koster" <[EMAIL PROTECTED]>
X-RBL-Warning: FIVETEN-SRC: 41.227.116.83.blackholes.five-ten-sg.com.
X-RBL-Warning: MXRATE-BLOCK: 
"http://www.mxrate.com/lookup/refused.asp?ipaddress=193.252.22.249";
X-RBL-Warning: ZEN: "http://www.spamhaus.org/query/bl?ip=83.116.227.41";
X-RBL-Warning: SPAMCANNIBAL: "blocked, See: 
http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=193.252.22.249";
X-RBL-Warning: FROMNOMATCH: Env sender ([EMAIL PROTECTED]) From: ([EMAIL 
PROTECTED]) mismatch.
X-Declude-Sender: [EMAIL PROTECTED] [193.252.22.249]
X-Declude-Spoolname: D933701b3b7de.smd
X-Declude-RefID: str=0001.0A0B0204.46AD933D.0104,ss=1,fgs=0
X-Declude-Note: Scanned by Declude 4.3.46 for spam. 
"http://www.declude.com/x-note.htm";
X-Declude-Scan: Incoming Score [22] at 09:29:18 on 30 Jul 2007
X-Declude-Fail: FIVETEN-SRC [3], MXRATE-BLOCK [7], ZEN [7], SPAMCANNIBAL [2], 
FROMNOMATCH [3], SPAMSUBJECT [12], SPAMHOLD [20], ZEROHOUR [0]
X-Country-Chain: NETHERLANDS->FRANCE->destination
X-fpReview-Weight: 22

--


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] logsize

[Bonno Bloksma]

Hi,

Lately more spam is reaching our mailserver, and more is getting deleted. :-)
However, my DecMMDD logfile is growing to 30+ MB each day. So far I have not 
seen any impact but would it be a good idea to start splitting the logfile or 
can Declude easily handle this. I'd rather not split but if needed




Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] cloudmark

[Bonno Bloksma]

Hi,

Anybody had a look at Cloudmark? http://cloudmark.com/
Seems they have a software solution that will intigrate with several different 
MTA's. Maybe it could be connected to Declude?

Anyone at Declude had a look into this yet? Is it something like Comtouch 
Zerohour?


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] all_list.dat

[Bonno Bloksma]

Hi,

I understand the dynamic nature of the network assingments. That was why I 
wrote part 2 of my message. I like to have a way to see how many errors I get 
about corrupt data. If it's just a few per week, no problem. If it gets to be 
sever a day maybe it's time for a new all_list.dat. Right now I don't seem to 
have a way to detect that. :-(


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: Gary Steiner 
  To: declude.junkmail@declude.com 
  Sent: Friday, June 29, 2007 7:37 PM
  Subject: re: [Declude.JunkMail] all_list.dat


  The "corrupt RIPE data" should be referring to 145.53.30.139.  Though if you 
go to www.ripe.net and do a search, 145.53.0.0/16 is listed as belonging to 
Planet Technologies with an email address of [EMAIL PROTECTED] and being in The 
Netherlands.  Which is essentially the same as the listing for 213.75.0.0/16.

  Unfortunately the entries in the RIPE database don't have dates associated 
with them, so you can't tell if those listings were the same back in May when 
the all_list.dat was created.  The listings change all the time, so essentially 
the all_list.dat file is outdated as soon as it comes out.  And it also doesn't 
help that RIPE, ARIN, APNIC, LACNIC, etc. are all separate independent entities 
with separate databases, so when things change Declude has to look in many 
places to update the all_list.dat.

  Gary



  ---- Original Message 
  > From: "Bonno Bloksma" <[EMAIL PROTECTED]>
  > Sent: Friday, June 29, 2007 4:15 AM
  > To: Declude.JunkMail@declude.com
  > Subject: [Declude.JunkMail] all_list.dat
  > 
  > Hi,
  > 
  > I'm using the all-list.dat from may 2007. Occasionaly I was checking the 
declude junkmail logs to see if any new problems with unknown networks would 
arise.
  > But today I found out that information is not in the Declude log at level 
high. In the headers of a mail I found:
  > X-Country-Chain: 'EU' [corrupt RIPE data]->NETHERLANDS->destination
  > 
  > The Received lines are:
  > Received: from hpsmtp-eml16.kpnxchange.com [213.75.38.116] by 
student.tio.nl with ESMTP (SMTPD-9.21) id A48204B4;
  >   Fri, 29 Jun 2007 08:19:46 +0200
  > Received: from hpsmtp-eml05.kpnxchange.com ([213.75.38.105]) by 
hpsmtp-eml16.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830);
  >   Fri, 29 Jun 2007 08:19:46 +0200
  > Received: from colligno601a0c ([145.53.30.139]) by 
hpsmtp-eml05.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959);
  >   Fri, 29 Jun 2007 08:19:45 +0200
  > 
  > In the loglines for this message there is no mention of "corrupt RIPE data" 
which is what I was looking for all the time. So:
  > 
  > 1) Can we have a new all_list.dat with updated info please. KPN is a large 
telco which has 4 ISPs covering the Netherlands.
  > 
  > 2) In what way can I detect when the all_list.dat file is getting oudated, 
when information about networks is missing/corrupt?
  > 
  > 
  > Met vriendelijke groet,
  > Bonno Bloksma
  > hoofd systeembeheer
  > 
  > 
  > 
  > tio hogeschool hotelmanagement en toerisme 
  > begijnenhof 8-12 / 5611 el eindhoven
  > t 040 296 28 28 / f 040 237 35 20
  > [EMAIL PROTECTED]  / www.tio.nl 
  > 
  > ---
  > This E-mail came from the Declude.JunkMail mailing list.  To
  > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  > type "unsubscribe Declude.JunkMail".  The archives can be found
  > at http://www.mail-archive.com. 







  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail".  The archives can be found
  at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] all_list.dat

[Bonno Bloksma]

Hi,

I'm using the all-list.dat from may 2007. Occasionaly I was checking the 
declude junkmail logs to see if any new problems with unknown networks would 
arise.
But today I found out that information is not in the Declude log at level high. 
In the headers of a mail I found:
X-Country-Chain: 'EU' [corrupt RIPE data]->NETHERLANDS->destination

The Received lines are:
Received: from hpsmtp-eml16.kpnxchange.com [213.75.38.116] by student.tio.nl 
with ESMTP (SMTPD-9.21) id A48204B4;
  Fri, 29 Jun 2007 08:19:46 +0200
Received: from hpsmtp-eml05.kpnxchange.com ([213.75.38.105]) by 
hpsmtp-eml16.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830);
  Fri, 29 Jun 2007 08:19:46 +0200
Received: from colligno601a0c ([145.53.30.139]) by hpsmtp-eml05.kpnxchange.com 
with Microsoft SMTPSVC(6.0.3790.3959);
  Fri, 29 Jun 2007 08:19:45 +0200

In the loglines for this message there is no mention of "corrupt RIPE data" 
which is what I was looking for all the time. So:

1) Can we have a new all_list.dat with updated info please. KPN is a large 
telco which has 4 ISPs covering the Netherlands.

2) In what way can I detect when the all_list.dat file is getting oudated, when 
information about networks is missing/corrupt?


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] fiveten-src list

[Bonno Bloksma]

Hi,

I'm using the Fiveten-src test
FIVETEN-SRC  ip4r blackholes.five-ten-sg.com 127.0.0.2  7 0

But at the dnsstuff site it says don't use the fivetensrc test. 

What's right? I've got the FIVETEN-SRC test from the Declude default config 
file, listed at 7 points. I hold at 20.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: server monitoring

[Bonno Bloksma]

Hi,

We use http://www.activexperts-nl.com/ and indeed most report come by e-mail. 
But some that have to do with the connections, or the urgent ones, come via 
SMS. Also reports about the mailserver itself are sent via SMS, I assume one 
can guess why. ;-)
The monitoring server has it's own GSM modem.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: John T (lists) 
  To: declude.junkmail@declude.com 
  Sent: Tuesday, May 22, 2007 4:23 PM
  Subject: RE: [Declude.JunkMail] OT: server monitoring


  That is also why in my monitoring server I have a modem connected to an 
analog phone line.

   

  John T

   

  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
  Sent: Tuesday, May 22, 2007 5:29 AM
  To: declude.junkmail@declude.com
  Subject: Re: [Declude.JunkMail] OT: server monitoring

   

  One thing to think about...

   

  If you set up your own in-house monitoring, you probably will not get an 
alert if your Internet feed fails or you have a massive power problem. 
Outsourcing the monitoring function would eliminate these problems.

   

  -d

- Original Message - 

From: Kevin Bilbee 

To: declude.junkmail@declude.com 

Sent: Monday, May 21, 2007 6:05 PM

Subject: [Declude.JunkMail] OT: server monitoring

 

I am doing research on purchasing/open source server monitoring and would 
like to know what Declude administrators recommend.

 

Survey sais?

 

Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]

Changing the way industry works. 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 


  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases

[Bonno Bloksma]

Hi,

Just read the release notes and noticed that you deleted some tests as well. 
Why were those deleted? Ineffective of deprecated lists?

p.s. Just reduced the weight on UCEPROTEC 1 a 2 to the new level. I'll install 
the latest version this evening, I'm still running 4.3.23 but I have 2 other 
virus test. ;-)


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: David Barker 
  To: declude.junkmail@declude.com 
  Sent: Thursday, April 19, 2007 3:06 PM
  Subject: RE: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases


  Also if you check our release notes
  http://www.declude.com/searchresults.asp?Cat=89 you will see that we had
  suggested lowering the weights on UCEPROTECT1 and UCEPROTECT2

  David Barker
  Your Email Security is our business
  O: 978.499.2933  x7007
  F: 978.988.1311   
  E: [EMAIL PROTECTED]


  

  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin
  Cox
  Sent: Thursday, April 19, 2007 7:04 AM
  To: declude.junkmail@declude.com
  Subject: Re: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases


  Yeah, UCEPROTECT in particular seems to have added a lot of major ISPs
  recently.
   
  We started counterweighting ISPs by REVDNS, but we were spending too much
  time doing that, so we reduced the weight of the UCEPROTECT1 and UCEPROTECT2
  tests.

  Darin.
   
   
  - Original Message - 
  From: Bonno Bloksma <mailto:[EMAIL PROTECTED]>  
  To: Declude.JunkMail@declude.com 
  Sent: Thursday, April 19, 2007 6:57 AM
  Subject: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases

  Hi,
   
  How do you guys deal with it, LOTS of legit mailservers are listed in what
  used to be reliable spamsender databases.

  X-RBL-Warning: SPAMBAG: 109.176.216.212.blacklist.spambag.org.
  X-RBL-Warning: SPAMCANNIBAL: "blocked, See:
  http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=212.216.176.109";
  X-RBL-Warning: UCEPROTECT-1: "Sorry 212.216.176.109 is Level 1 listed at
  UCEPROTECT-NETWORK. See
  http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109";
  X-RBL-Warning: UCEPROTECT-2: "Sorry 212.216.176.109 is Level 2 listed at
  UCEPROTECT-NETWORK. See
  http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109";
   
  But 212.216.176.109 is a normail mailserver vsmtp21.tin.it and is trying to
  deliver mail from a "customer" to us. Have spammers won this race, can we no
  longer trust these databases? Is there a ip list with "all" legitimate
  mailservers for most ISP that I can use to reduce points?
   
  For the hotmail mailservers it was easy to reduce the points, it's a lot
  harder to do for all the other "real" mailservers.

  Met vriendelijke groet,
  Bonno Bloksma
  hoofd systeembeheer


  tio hogeschool hotelmanagement en toerisme 
  begijnenhof 8-12 / 5611 el eindhoven
  t 040 296 28 28 / f 040 237 35 20
  [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>   / www.tio.nl
  <http://www.tio.nl>  

  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 
  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 



  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail".  The archives can be found
  at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] lot's of legit mailservsr in spamdatabases

[Bonno Bloksma]

Hi,

How do you guys deal with it, LOTS of legit mailservers are listed in what used 
to be reliable spamsender databases.

X-RBL-Warning: SPAMBAG: 109.176.216.212.blacklist.spambag.org.
X-RBL-Warning: SPAMCANNIBAL: "blocked, See: 
http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=212.216.176.109";
X-RBL-Warning: UCEPROTECT-1: "Sorry 212.216.176.109 is Level 1 listed at 
UCEPROTECT-NETWORK. See 
http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109";
X-RBL-Warning: UCEPROTECT-2: "Sorry 212.216.176.109 is Level 2 listed at 
UCEPROTECT-NETWORK. See 
http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109";

But 212.216.176.109 is a normail mailserver vsmtp21.tin.it and is trying to 
deliver mail from a "customer" to us. Have spammers won this race, can we no 
longer trust these databases? Is there a ip list with "all" legitimate 
mailservers for most ISP that I can use to reduce points?

For the hotmail mailservers it was easy to reduce the points, it's a lot harder 
to do for all the other "real" mailservers.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] hotmail mailservers in several spamdatabases

[Bonno Bloksma]

Hi,

Ik had to put an extra ip file in place to reduce the points on the hotmail 
mailservers. Several hundred ip numbers for hotmail mailservers are listed in 
several spam databases. I just added an ipfile with:
65.54.244.0/24 hotmail.com mailservers
65.54.245.0/24 hotmail.com mailservers
65.54.246.0/24 hotmail.com mailservers
Which will subtrack 25% of my hold weight to make sure these get through.

How are you guys/gals dealing with this?


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Turning outbound scanning off

[Bonno Bloksma]

Hi,

In virus.cfg you need
INCOMING ON
OUTGOING OFF


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]  / www.tio.nl 
  - Original Message - 
  From: Robert Grosshandler 
  To: declude.junkmail@declude.com 
  Sent: Thursday, December 07, 2006 1:55 AM
  Subject: [Declude.JunkMail] Turning outbound scanning off


  Hi

  Declude is working wonderfully, too wonderfully.  It is scanning e-mail we're 
sending out from our server, and we don't want it to do that, since it adds 
headers and "stuff" that have no purpose, and might actually cause filter 
issues on the receiving end.  We don't need it to do outbound virus scanning, 
either.

  That is, when I compose and send e-mail from my client (Outlook), send it out 
via our Imail server, and the Imail server sends it on its merry way to, say 
Hotmail, it ends up at Hotmail with Declude headers.

  Obviously, we've missed something.

  We've got the following directive in our global.cfg:

  OUTBOUNDSCANNINGSPAM  OFF
  INBOUNDSCANNINGSPAM ON

  What else do we need, and where do we need it?

  Thanks in advance.

  Rob







  ---
  This E-mail came from the Declude.JunkMail mailing list. To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type "unsubscribe Declude.JunkMail". The archives can be found
  at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] clean up virus folder

[Bonno Bloksma]

Hi,
 
How about a simple commandline?
C:
cd \imail\spool\virus
del .
Y
should bring you a long way.
 
If you want to break it down a bit do "Del a*.*", 
"Del b*.*", etc. to be able to let the server "get some air" in 
between.
 
For the future... Here is what I use each 
night:
DTLog is a small program I wrote which prepends 
each line with a date/time stamp. You need to modify those lines. The batchfile 
below is based on what someone else submitted here a while ago.
--
rem @Echo Offrem BB 10-mei-2004rem E-mails 
met virussen niet automatisch verwijderen maar een X aantalrem dagen 
bewaren. We doen dit door een aantal directories te gebruikenrem en deze 
steeds verder op te schuiven door de naam te veranderen. Derem oudste 
directory gooien we weg.SET LOGFILE=C:\Beheer\Logs\Virrot.logSET 
DTLOG=C:\Beheer\DTLog.exe
 
%DTLOG% %LOGFILE% Rotating virus 
directories
 
C:cd \IMail\Spool\Virus
 
rem BB 6-dec-2004rem We bewaren nu 7 dagen 
i.p.v. 5 dagen.
 
If Exist VirusDay7 RD /S /Q VirusDay7IF 
ErrorLevel 1 Goto ErrDel7Set RotDay=6If Exist VirusDay6 Ren VirusDay6 
VirusDay7IF ErrorLevel 1 Goto ErrRotSet RotDay=5If Exist VirusDay5 
Ren VirusDay5 VirusDay6IF ErrorLevel 1 Goto ErrRotSet RotDay=4If 
Exist VirusDay4 Ren VirusDay4 VirusDay5IF ErrorLevel 1 Goto ErrRotSet 
RotDay=3If Exist VirusDay3 Ren VirusDay3 VirusDay4IF ErrorLevel 1 Goto 
ErrRotSet RotDay=2If Exist VirusDay2 Ren VirusDay2 VirusDay3IF 
ErrorLevel 1 Goto ErrRotSet RotDay=1If Exist VirusDay1 Ren VirusDay1 
VirusDay2IF ErrorLevel 1 Goto ErrRotMD VirusDay1IF Exist *.SMD Move 
*.SMD VirusDay1IF ErrorLevel 1 Goto ErrMov1sIF Exist *.GSC Move *.GSC 
VirusDay1IF ErrorLevel 1 Goto ErrMov1g%DTLOG% %LOGFILE% Rotating 
VirusDay directories OKDir VirusDay1 > Temp1Find "File(s)" < Temp1 
>> %LOGFILE%Del Temp1Goto Einde
 
:ErrDel7%DTLOG% %LOGFILE% Error deleting VirusDay7 directory and/or 
filesGoto einde
 
:ErrRot%DTLOG% %LOGFILE% Error Renaming VirusDay%RotDay% 
directoryGoto einde
 
:ErrMov1s%DTLOG% %LOGFILE% Error moving SMD files to VirusDay1 
directoryDir . /a >> %LogFile%Goto Einde
 
:ErrMov1g%DTLOG% %LOGFILE% Error moving GSC files to VirusDay1 
directoryDir . /a >> %LogFile%Goto Einde
 
:EindeSET LOGFILE=SET 
DTLOG=Exit--
 
 


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 


  - Original Message - 
  From: 
  netsolution webmaster 
  To: declude.junkmail@declude.com 
  
  Sent: Tuesday, November 14, 2006 10:24 
  AM
  Subject: [Declude.JunkMail] clean up 
  virus folder
  I have more than 800'000 files in the spool/virus 
  folder.I can not delete these files through windows explorer, windows 
  search or whatever because of the huge number of files.Which 
  tool/method can you recommend to delete all these 
  files?Thanks---This E-mail came from the 
  Declude.JunkMail mailing list.  Tounsubscribe, just send an E-mail to 
  [EMAIL PROTECTED], andtype 
  "unsubscribe Declude.JunkMail".  The archives can be foundat http://www.mail-archive.com.

---This E-mail came from the Declude.JunkMail mailing list.  Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail".  The archives can be foundat http://www.mail-archive.com.

Re: [Declude.JunkMail] One step forward, ten back

[Bonno Bloksma]

Hi,
 
As a matter of fact he doesn't have to use 
weightrange in this case. I use:
SPAMSUBJECT weight  x x 12 0SPAMHOLD weightrange x x 20 24SPAMDELETE weight  x x 25 0
SPAMSUBJECT  SUBJECT [SPAM: 
%WEIGHT%]SPAMHOLD  HOLDSPAMDELETE  DELETE
As the delete action overrules the holdaction the 
weightrange is not really neccesary but it makes me feel good and is a bit 
cleaner.
I WANT the spamsubject action in case of held mail 
(anything over 12 points) as I want to have the ability to sort spam mail by 
points, this way I can do that by sorting it on the subject.


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 


  - Original Message - 
  From: 
  Kevin Bilbee 
  To: declude.junkmail@declude.com 
  
  Sent: Friday, November 03, 2006 7:05 
  AM
  Subject: RE: [Declude.JunkMail] One step 
  forward, ten back
  Yes the can coexist but be sure to use weightrange to instead 
  of weight.SPAM-LOW weightrange x x 8 13SPAM-MED weightrange x x 14 
  24SPAM-HIGH weight x x 25 0SPAM-LOW SUBJECT [%WEIGHT%]SPAM-MED 
  HOLDSPAM-HIGH DELETE> -Original Message-> From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On > Behalf Of Dave Doherty> Sent: 
  Thursday, November 02, 2006 9:20 PM> To: declude.junkmail@declude.com> 
  Subject: Re: [Declude.JunkMail] One step forward, ten back> > 
  > > I wondered if it's> > possible to set another one 
  higher to do the deleting, as > I'm seeing a > > lot of stuff 
  at 40 or more.> > Absolutely. Several action directives can 
  coexist peacefully in your > $default$.junkmail file, like 
  this:> > WEIGHT10 SUBJECT [%WEIGHT%]> WEIGHT20 MAILBOX 
  SPAM> WEIGHT30 DELETE> > Any message scoring at least 10 
  will have the weight added at > the head of > the subject in 
  brackets, like:> > [12] Buy My Stuff!> > Any 
  message with 20-29 points will be diverted to the spam > folder, and 
  > anything scoring 30+ will be deleted.> > > 
  > > - Original Message - > From: "Todd Richards" 
  <[EMAIL PROTECTED]>> To: 
  > 
  Sent: Thursday, November 02, 2006 11:55 PM> Subject: RE: 
  [Declude.JunkMail] One step forward, ten back> > > 
  >> > Thanks Dave.  Actually, I do, but with settings of 
  weight20 > > > spam> > 
  mailbox>.  I was worried about too many false positives.  I 
  > wondered > > mailbox>if> > it's> > 
  possible to set another one higher to do the deleting, as > I'm seeing 
  a > > lot of stuff at 40 or more.> >> > As an 
  update, I found that I had a discrepancy in my weights.  I > > 
  corrected that, and my filtering is doing great now.  I > logged 
  into my > > spam mailbox a little bit ago and the few hundred 
  messages > that are in > > there are definitely> > 
  spam.  So it's catching things now and keeping them from my > 
  mailbox - > > which> > was my main goal.  However, 
  now I'd like to clean things up > just a little> > 
  more...> >> > Todd> >> >> > 
  -Original Message-> > From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of > > Dave Doherty> 
  > Sent: Thursday, November 02, 2006 9:34 PM> > To: declude.junkmail@declude.com> 
  > Subject: Re: [Declude.JunkMail] One step forward, ten back> 
  >> > It seems like you're detecting things OK, but not taking 
  > action on the > > results.> >> > Make 
  sure you have directives like> >> > 
  WEIGHT14    MAILBOX SPAM> > 
  WEIGHT20    DELETE> >> > in your 
  default.junkmail file> >> >> >> 
  >> > - Original Message -> > From: "Todd 
  Richards" <[EMAIL PROTECTED]>> 
  > To: > 
  > Sent: Thursday, November 02, 2006 7:38 PM> > Subject: 
  [Declude.JunkMail] One step forward, ten back> >> 
  >> >>> >> Hi Everyone -> >>> 
  >> We are getting completely hammered by spam and I'm about > at 
  my wits > >> end. A few weeks ago I added a 30-day trial of 
  Message > Sniffer and it > >> doesn't seem> 
  >> to be doing any good.  Today, I upgraded to the newest version 
  of > >> Declude.> >> I "think" everything went 
  ok.  After reading through the > documentation> >> 
  (again) I went through my global.cfg file and cleaned up > some things 
  that> >> were questionable.  For instance, we had several 
  domains > in the WHITELIST> >> TO> >> and 
  WHITELIST FROM.  From what I've read and heard through > the 
  lists, > >> it's> >> not a good idea to whitelist 
  anything.    In fact, earlier > today I had> 
  >> some> >> spam come through that was "from" a whitelisted 
  domain so > it just let it> >> through.  So I 
  commented them out and planned to watch my > spam account> 
  >> (instead of deleting I have caught messages sent to > another 
  account for> >> review) to see the results.> 
  >>> >> So...  This happened about 5pm tonight.  I 
  went through a > short spurt > >> but in the last 90 
  minutes since then I alone have > received over 

Re: [Declude.JunkMail] Declude 4.3

[Bonno Bloksma]

Hi Gary,

What I find particularly amusing is the line "Restrictions apply to 
service providers."
If there is anyone subscribed to this mailing list who is not a service 
provider,

please raise your hand.


Hand !!!

We are a school.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer

tio hogeschool hotelmanagement en toerisme
julianalaan 9 / 7553 ab hengelo
netherlands
t +31 74 255 06 10 / f +31 74 255 06 16
[EMAIL PROTECTED]  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT user profile settings

[Bonno Bloksma]

Hi,

> Serge, basic question here: What is the purpose for moving it in the first
> place?

> several reasons
> first, i am almost out of space on c:,
> but i also find easier to maintain, and i do not like having my files on
the
> system partition, in case i need to  reformat or something

It is virtually impossible to move the whole C:\D&S\... tree to D:\D&S. I've
tried and given up. :-( This to me seems a major bug in the D&S mechanism
but alas, so far no solution. However The majority of the problem can be
solved by transferring just a few things, the my documents folder and the
Outlook Express mail, to the data drive.

What I do:
Select the properties for "my documents" for the selcted user. Change C:
into D: and let it transfer the files. That creates a branch for the currect
user on D:
The go to the D:\D&S\\ folder and create a "Outlook Express" folder.
Start Outlook Express, go to extra*, options*, maintenance*, and change the
archive folder* to the new location (D:\D&S\\OE). Stop and start OE to
transfer all data.
By now you have moved all the "important" stuff to the D: drive.
If needed you can do the same for the Outlook *.PST files, relocate them to
D:\D&S\\Outlook.

* These are translated from a Dutch version so I hope I have the right
names.


Groetjes,

Bonno Bloksma


---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: Imail queue viewing

[Bonno Bloksma]

Hi John,

To jump in on a tangent...


I'm making the jump from Imail 6 on NT4 clear up to Imail 2006.03 on
2kServer.


If you are starting with a new server might I suggest Win2k3 in stead of 
Win2k. As we all know Win2k support will end soon. For a server connected to 
the internet one would want a server where there will be patches etc for a 
while.


For me that means I will be replacing the Win2K server with Imail 8.22 in a 
few months. I'm starting testing with the new setup in a few weeks. I'll 
load the latest Imail and the latest Declude on the latest Windows platform.


Groetjes,


Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Funny RDNS

[Bonno Bloksma]

Hi,



I got a laugh when I saw this RDNS.

ip-66-234-163-182.static.dialup.wireweb.net

A dedicated IP on a dial up. Are we going backwards?


I still have a few dial-up accounts with a static ip number. I only allow 
VPN connections from ip-numbers I know so that's a bonus. It's a left over 
from early days but has it's advantages.


Groetjes,


Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] large mail to large number op recips

[Bonno Bloksma]

Hi,
 
Indeed that is what I want, to catch the 
exceptions.
So WHO has the tool Darin is talking about? 
Anyone?
How can I determine whether recipients * mailsize 
> treshold
I could indeed simply create a test for it and have 
those mails put aside.


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 


  - Original Message - 
  From: 
  Darin Cox 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, February 14, 2006 4:07 
  PM
  Subject: Re: [Declude.JunkMail] large 
  mail to large number op recips
  
  Certainly not for all mail, just for these 
  circumstances... but I understand you want to avoid situations where this is 
  done accidentally.
   
  I think a couple of people had a size test, and 
  you could key off of the number of recipients in combination with this to 
  perform a custom action like routing or deleting... or route it to a program 
  alias that sends you an alert notification.
  Darin.
   
   
  - Original Message - 
  From: Bonno Bloksma 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, February 14, 2006 9:46 AM
  Subject: Re: [Declude.JunkMail] large mail to large number op 
  recips
  
  Hi,
   
  Nope, we don't want to go that way for ALL mail. 
  We''ve got several options to upload files for several purpouses within our 
  school. Our website has lot's of option for that but.. sometimes we want 
  to send something as an attachment. In this case it was a newsletter for our 
  staf which was supposed to be about 200-300 KB, we want those newsletters sent 
  as attachment, not as a link.
   
  For some reason the newsletter ended up 
  to be a Word document 5MB large and was sent without realising it. After that 
  it was sent once more. This time as a PDF file... which happened to be 
  33MB large and was created using the Word document as a base. :-( Both mails 
  went to 250+ recipients. The first mail did not kill the mailserver, the 
  second did. :-(
   
  For exceptions like these I want to have a tool 
  to catch them before it fills up the server.
  
  
  Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
  tio hogeschool hotelmanagement en toerisme 
  begijnenhof 8-12 / 5611 el eindhovent 040 296 
  28 28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 
  
  
- Original Message - 
From: 
Darin Cox 
To: Declude.JunkMail@declude.com 

Sent: Tuesday, February 14, 2006 3:31 
PM
Subject: Re: [Declude.JunkMail] large 
mail to large number op recips

How about implementing a web-based 
upload/download site for this.  I've done this for a couple of graphic 
design firms to allow their customers to upload files, which then sends the 
intended recipient an email notification with a link to 
download.
 
Much, much more efficient than SMTP (mail 
encoding generally runs up the file size about 33% or so), faster, and much 
less network traffic in a distribution situation since many of the 
recipients will not download the file.
 
Also doesn't hang the user's mailbox when 
sending/receiving for several minutes while 
uploading/downloading.
Darin.
 
 
----- Original Message - 
From: Bonno Bloksma 

To: Declude.JunkMail@declude.com 

Sent: Tuesday, February 14, 2006 8:51 AM
Subject: [Declude.JunkMail] large mail to large number op 
recips

Hi,
 
We are a school and:
-  sometimes someone needs to send a large 
e-mail (20-30 MB) to one of the staf or students.
- several times a day we send e-mails to large 
groups of students so the BCC field might contain up to 1500 
addresses.
 
Both items are no problem until they are 
combined like some tried today. :-( Suddenly I lost around 15GB of diskspace 
on my mailserver. At least that is what IMail tried because I only had about 
10GB left on my mailbox drive. Guess what happened? 
 
Is there a way using Declude Junkmail to flag 
this situation and stopping the e-mail while still allowing the two items 
above?
I'm currently using Declude 2.16, Junkmail Std 
and AV Pro.
 


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 

begijnenhof 8-12 / 5611 el eindhovent 040 
296 28 28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 

Re: [Declude.JunkMail] large mail to large number op recips

[Bonno Bloksma]

Hi,
 
I can not do it, I'm not that good with _vbscript_ 
but we have people who can do it.
 
How would I attach this script to the mail 
IMail/Declude chain. Use the undocumented DAISYCHAIN option in Declude? If so, 
what is the correct keyword ans in which file do I put it?


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 


  - Original Message - 
  From: 
  Matt 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, February 14, 2006 4:51 
  PM
  Subject: Re: [Declude.JunkMail] large 
  mail to large number op recips
  You can write it in _vbscript_ and pass the recipients into the 
  script with the argument %RECIPIENTS%Once you have the number of 
  recipients (found by counting the @ symbols in that argument), you can then 
  get the message size and do some multiplication.Here's one big issue 
  though.  If you whitelist your own users, as most of us do, this filter 
  won't work, or at least it shouldn't work.  There is a bug though 
  introduced in 2.x that causes all tests to run despite the sender being 
  whitelisted, but it will cause messages to still score 0 (just wastes 
  resources).  Therefore you might try just deleting or moving the message 
  file with the script instead of filtering it with 
  Declude.MattDarin Cox wrote: 
  



Certainly not for all mail, just for these 
circumstances... but I understand you want to avoid situations where this is 
done accidentally.
 
I think a couple of people had a size test, and 
you could key off of the number of recipients in combination with this to 
perform a custom action like routing or deleting... or route it to a program 
alias that sends you an alert notification.
Darin.
 
 
- 
Original Message ----- 
    From: 
Bonno Bloksma 

To: Declude.JunkMail@declude.com 

Sent: Tuesday, February 14, 2006 9:46 AM
Subject: Re: [Declude.JunkMail] large mail to large number op 
recips

Hi,
 
Nope, we don't want to go that way for ALL 
mail. We''ve got several options to upload files for several purpouses 
within our school. Our website has lot's of option for that but.. 
sometimes we want to send something as an attachment. In this case it was a 
newsletter for our staf which was supposed to be about 200-300 KB, we want 
those newsletters sent as attachment, not as a link.
 
For some reason the newsletter ended 
up to be a Word document 5MB large and was sent without realising it. After 
that it was sent once more. This time as a PDF file... which happened to 
be 33MB large and was created using the Word document as a base. :-( Both 
mails went to 250+ recipients. The first mail did not kill the mailserver, 
the second did. :-(
 
For exceptions like these I want to have a tool 
to catch them before it fills up the server.


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en 
toerisme 
begijnenhof 8-12 / 5611 el eindhovent 
040 296 28 28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 


  - 
  Original Message - 
  From: 
  Darin Cox 

  To: 
  Declude.JunkMail@declude.com 
  
  Sent: 
  Tuesday, February 14, 2006 3:31 PM
  Subject: 
  Re: [Declude.JunkMail] large mail to large number op recips
  
  How about implementing a web-based 
  upload/download site for this.  I've done this for a couple of 
  graphic design firms to allow their customers to upload files, which then 
  sends the intended recipient an email notification with a link to 
  download.
   
  Much, much more efficient than SMTP (mail 
  encoding generally runs up the file size about 33% or so), faster, and 
  much less network traffic in a distribution situation since many of the 
  recipients will not download the file.
   
  Also doesn't hang the user's mailbox when 
  sending/receiving for several minutes while 
  uploading/downloading.
  Darin.
   
   
  - 
  Original Message - 
  From: 
  Bonno Bloksma 
  
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, February 14, 2006 8:51 AM
  Subject: [Declude.JunkMail] large mail to large number op 
  recips
  
  Hi,
   
  We are a school and:
  -  sometimes someone needs to send a 
  large e-mail (20-30 MB) to one of the staf or students.
  - several times a day we send e-mails to 
  large groups of students so the BCC field might contain up to 1500 
  addresses.
   
  Both items are no problem until they are 
  combined like some tried today. :-

Re: [Declude.JunkMail] large mail to large number op recips

[Bonno Bloksma]

Hi,
 
Nope, we don't want to go that way for ALL mail. 
We''ve got several options to upload files for several purpouses within our 
school. Our website has lot's of option for that but.. sometimes we want to 
send something as an attachment. In this case it was a newsletter for our staf 
which was supposed to be about 200-300 KB, we want those newsletters sent as 
attachment, not as a link.
 
For some reason the newsletter ended up 
to be a Word document 5MB large and was sent without realising it. After that it 
was sent once more. This time as a PDF file... which happened to be 33MB 
large and was created using the Word document as a base. :-( Both mails went to 
250+ recipients. The first mail did not kill the mailserver, the second did. 
:-(
 
For exceptions like these I want to have a tool to 
catch them before it fills up the server.


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 


  - Original Message - 
  From: 
  Darin Cox 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, February 14, 2006 3:31 
  PM
  Subject: Re: [Declude.JunkMail] large 
  mail to large number op recips
  
  How about implementing a web-based 
  upload/download site for this.  I've done this for a couple of graphic 
  design firms to allow their customers to upload files, which then sends the 
  intended recipient an email notification with a link to download.
   
  Much, much more efficient than SMTP (mail 
  encoding generally runs up the file size about 33% or so), faster, and much 
  less network traffic in a distribution situation since many of the recipients 
  will not download the file.
   
  Also doesn't hang the user's mailbox when 
  sending/receiving for several minutes while 
uploading/downloading.
  Darin.
   
   
  ----- Original Message - 
  From: Bonno Bloksma 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, February 14, 2006 8:51 AM
  Subject: [Declude.JunkMail] large mail to large number op 
  recips
  
  Hi,
   
  We are a school and:
  -  sometimes someone needs to send a large 
  e-mail (20-30 MB) to one of the staf or students.
  - several times a day we send e-mails to large 
  groups of students so the BCC field might contain up to 1500 
  addresses.
   
  Both items are no problem until they are combined 
  like some tried today. :-( Suddenly I lost around 15GB of diskspace on my 
  mailserver. At least that is what IMail tried because I only had about 10GB 
  left on my mailbox drive. Guess what happened? 
   
  Is there a way using Declude Junkmail to flag 
  this situation and stopping the e-mail while still allowing the two items 
  above?
  I'm currently using Declude 2.16, Junkmail Std 
  and AV Pro.
   
  
  
  Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
  tio hogeschool hotelmanagement en toerisme 
  begijnenhof 8-12 / 5611 el eindhovent 040 296 
  28 28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 
  

[Declude.JunkMail] large mail to large number op recips

[Bonno Bloksma]

Hi,
 
We are a school and:
-  sometimes someone needs to send a large 
e-mail (20-30 MB) to one of the staf or students.
- several times a day we send e-mails to large 
groups of students so the BCC field might contain up to 1500 
addresses.
 
Both items are no problem until they are combined 
like some tried today. :-( Suddenly I lost around 15GB of diskspace on my 
mailserver. At least that is what IMail tried because I only had about 10GB left 
on my mailbox drive. Guess what happened? 
 
Is there a way using Declude Junkmail to flag this 
situation and stopping the e-mail while still allowing the two items 
above?
I'm currently using Declude 2.16, Junkmail Std and 
AV Pro.
 


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 

Re: [Declude.JunkMail] Best Sniffer Weights

[Bonno Bloksma]

Hi,

Sniffer is verry reliable. Place it above the weight you use to mark 
messages as probable spam en below your weight for holding. If you want you 
can have different weights for the different catagories, see below


I score the travel catagorie lower as we are a travel related school. So 
what others might consider spam we might see as ham. I score the porn etc 
catagories at my hold level as I want to allways hold those and the false 
positives in those catagotires are virulually zilz.


I mark the subject at 12 points and hold at 20. So I use.
SNIFFER-TRAVEL  external 047 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 16 0
SNIFFER-INSURANCE external 048 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-AV-PUSH  external 049 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-WAREZ  external 050 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-SPAMWARE external 051 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-SNAKEOIL external 052 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-SCAMS  external 053 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 20 0
SNIFFER-PORN  external 054 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 20 0
SNIFFER-MALWARE  external 055 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-ADVERTISING external 056 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-SCHEMES  external 057 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 20 0
SNIFFER-CREDIT  external 058 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-GAMBLING external 059 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 19 0
SNIFFER-GENERAL  external 060 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 17 0
SNIFFER-EXP-ABSTR external 061 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 17 0
SNIFFER-OBFUSCATION external 062 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 18 0
SNIFFER-IP-RULES external 063 "C:\IMail\Declude\Sniffer\sniffer-id.exe 
sniffer-key" 17 0


Groetjes,


Bonno Bloksma

- Original Message - 
From: "Chris Anton" <[EMAIL PROTECTED]>

To: 
Sent: Monday, January 30, 2006 10:56 PM
Subject: [Declude.JunkMail] Best Sniffer Weights


Hi all. We just installed message sniffer tonight and are working on 
tweaking it. What are your recommendations for best weights?  Also, 
suggestions on other settings welcomed.  Thanks!

-Anton
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[E-mail scanned at tio.nl for viruses by Declude Virus]




---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] CMDSPACE Percent of Weight based on your (DELETE) action

[Bonno Bloksma]

Hi,


I would like to ask those that having been using CMDSPACE; what percentage
of your weight do you assign to this?


Zero. I have backup and anti virus software using Microsoft DLLs which have 
the same bug.


So if I were to use the CMDSPACE it would push some mails to my "subject 
modification" level.  Those senders are on PC which also will fail several 
other tests and do not do smtp auth so no bypass possible.



Groetjes,


Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Decludeproc abend

[Bonno Bloksma]

Title: Message



Hi,
 
I just missed "the goold ol' days" with the cards. 
We still had them but us new guys were allowed to use a screen editor. Even the 
line terminals were for the other guys. Funny thing was... the computer we were 
to use was about two by two by two (yards) and could handle about twelfe to 
fifteen users editing plain tekst files. It was so busy handling the the editing 
that the programs we were creating were then submitted to the "real" computer, 
which was either a Dec 1060 or 2060. Later the 1060 was upgraded to 2060 as 
well. The job which then ran as a job on the big Dec, and they were big in a 
physical way, ran as a batchjob from a card reader, the input would show "x 
cards read". :-)
 
Nice thing about that setup. the jobs we were 
submitting ran at the operator level so.. guess what else we could do. 
:-)
I never found out how to create an account but I 
was able to copy my files ot another existing account and then break in on that 
account, which was childs play. Breaking in on an account was simply entering 
the login name and then hitting Ctrl-Y (I thing it was Ctrl-Y) rappidly to send 
a break to the login program. In would then somtimes forget to ask for the 
password. If it didn't work the first time just try it again, at least one in 
ten times would be successfull. :-)
Groetjes,
 
Bonno Bloksma

  - Original Message - 
  From: 
  Dave Beckstrom 
  
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, December 23, 2005 6:17 
  AM
  Subject: RE: [Declude.JunkMail] 
  Decludeproc abend
  
  
  I started off on an 
  IBM 370/168 in 1980.  The characters on the console were rendered in 
  green print and looked like they had been hand drawn on the screen.  The 
  computer had a CPU meter on it.  The needle would go to 100% utilization 
  and stay there most of the night.  I remember just a few days after 
  starting for the Company someone called me up and asked me to “turn on their 
  focus.”  I thought to myself, “what an idiot.  Its impossible for me 
  to turn on their focus…that must be a knob on their screen”   It was 
  only later I found out Focus was some kind of software application that they 
  wanted me to run.  LOL!
   
  We used to have to 
  remove the disk platters from the disk drives and swap them with other 
  platters.  I think these were 3350 drives   I don’t recall 
  for sure…that was 26 years ago.  We had fourteen 3420 tape drives that I 
  had to kept fed and they were hungry buggers!  I’d walk around with about 
  10 reels of tape on my arm and I’d keep those drives loaded with tapes and 
  have to take the old reels off and hang them back on the racks.  I 
  believer the racks held something in the neighborhood of 18,000 reels of 
  tape.
   
  The first PC we had 
  was one my dad had bought.  It booted off of a tape drive.  There 
  was no such thing as a hard drive at that time  He was gone to work 
  one day and I typed into the computer, “what is your name?”  The PC 
  responded with some cryptic error message that made no sense to me.  I 
  asked a few more questions and finally concluded that the PC was just plain 
  stupid and that it didn’t know a thing!  It was about 2 years later that 
  I went to school for programming.
   
   
   
   
   
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Robert E. 
  SpivackSent: Thursday, 
  December 22, 2005 10:37 PMTo: 
  Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] 
  Decludeproc abend
   
  Ah, you mean using a 
  magic marker to write a visual stripe on the edge of the cards, 
  right?
   
  Bah, we just NEVER 
  dropped our card decks.  Afterall, using columns 72 to 80 for sequence 
  numbers was always for wimps, right?
   
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Dave 
  DohertySent: Thursday, 
  December 22, 2005 7:20 AMTo: 
  Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] 
  Decludeproc abend
   
  
  Thanks for the trip down 
  memory lane, Andy.
  
   
  
  For me it was a 
  new 360(?) in college in 1968. One of the seniors showed me how to run a 
  thin diagonal stripe down the side of the card deck to aid in sorting, should 
  it ever be necessary...
  
   
  
  ABEND was absolutely in 
  the vocabulary at that time. Both as "evening" from my German classes and 
  ABnormalENDing, courtesy of IBM.
  
   
  
  Now I have REALLY 
  dated myself. 
  
   
  
  -d
  
   
  
   
  

- Original Message - 


From: Andy Schmidt 


To: Declude.JunkMail@declude.com 


Sent: 
Wednesday, December 21, 2005 11:44 PM

Subject: RE: 
[Declude.JunkMail] Decludeproc abend

 

Ha - long before 
Gates started college, there was a company called International 
Business Machines. And you had to program sorter/merger machine

[Declude.JunkMail] copy to action

[Bonno Bloksma]

Hi,
 
We want to keep track of all mail from our students 
to the staff and vice versa.
 
All mail where the sender is part of student.tio.nl 
and any one of the recipients (To, CC or BCC) is in tio.nl then a copy needs to 
be sent to a special mailbox [EMAIL PROTECTED]
The same for mail coming from tio.nl where any 
recipient is in student.tio.nl needs to be sent to another special mailbox, [EMAIL PROTECTED]
 
Of course the copied mail by the action itself 
should not be copied to that mailbox, otherwise I'll have a nice loop. 
:-(
Of course I don't want spam to be copied, define 
spam as any mail that meets my deleteweight (SPAMDELETE tag).
Of course I don't want virsses to be copied (but 
I'm using Declude Virus and AVAFTERJM is nowhere in my configs).
 
How do I set this up? I'll probably need 
JunkmailPro (I've got Junkmail Standard) or can I do this with standard IMail 
(v8.22) rules?
 
p.s. Still using Declude 2.06 but I'll switch to 
3.x when I'll upgrade my mailserver to IMail 9 next year. I could upgrade 
Declude to 3.x if needed.


Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED]  / www.tio.nl 

Re: [Declude.JunkMail] outgoing mail declude junkmail

[Bonno Bloksma]

Hi,


Travis what you have there is the rule defined

Now you need to have an action

IE
Weight10 hold
Weight20 delete

By the way you make it confusing by saying weight10 is a hold at 16.

Why not call it weight16?



I do have them specified as hold/delete in the default.junkmail file, this 
is working for incoming mail, just doesn't appear to work for outgoing 
mail.


Right, so define those actions as well in the global.cfg file if you want 
them applied to outgoing mail.


I have it scored at 16, it makes it easier to change the levels as I 
improve the ham/spam ratio...  easier than renaming tests...


Yes, but it is quite easy to just rename those two tests as to not include 
the weight number but the wanted action. That is why my deafult action names 
are:

SPAMSUBJECT
SPAMHOLD
SPAMDELETE
At the definition I can then assing any weight or weight range I want and 
after that it is clear which action to set. It's a one time thing to change 
all (2 in global 1 in default) WEIGHT10 names into SPAMSUBJECT, etc.



Travis



Groetjes,


Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] CMDSPACE Failures

[Bonno Bloksma]

Hi,

> If MS were to fix it, we wouldn't be detecting a lot of the spam.  So,
while
> on one hand it would be nice if it were fixed... on the other hand the
> CMDSPACE test wouldn't be catching nearly as much.

It seems this library is broken. Sophos also has this problem as they use
this MS lib:
---
The library is called CDO (Collaboration Data Objects).

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
dncdsys/html/cdo_roadmap.asp
---

If MS were to fix that lot's of software would be fixed.

> WHITELIST AUTH and custom filters to negate specific senders and servers
> that fail this test is how we manage false positives.

But I cannot get this software, and my backup software, and whatever else is
using this library, to use SMTP AUTH. :-(


Met vriendelijke groet,

Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] testing mailserver

[Bonno Bloksma]

H David,
 
What you saw in the message below was all there is, 
that was the entire message body after my test.
First line was the Received: line, last line was 
the X-IMail-ThreadID: line.
 
As to how to reproduce it, do as I did, I describe 
exactly what I did.
Groetjes,
 
Bonno Bloksma

  - Original Message - 
  From: 
  David 
  Franco-Rocha [ Declude ] 
  To: Declude.JunkMail@declude.com 
  
  Sent: Thursday, November 03, 2005 8:24 
  PM
  Subject: Re: [Declude.JunkMail] testing 
  mailserver
  
  Bonno,
   
  The text actually did appear as the body of the 
  email. The problem was that the headers were added after the body, which has 
  been an ongoing problem. Declude was not able to determine where the headers 
  actually ended and the body began, so it only *looks* like the text is not in 
  the body.
   
  Please send the actual message file as an 
  attachment to [EMAIL PROTECTED] so 
  that we can look at the raw data format of the message.
   
  With regard to these broken emails where headers 
  are placed in the wrong location, we are still doing some testing and expect 
  to have a solution very shortly.
   
  David Franco-Rocha
  Declude Technical / Engineering
   
  
- Original Message - 
From: 
Bonno Bloksma 

To: Declude.JunkMail@declude.com 

Sent: Wednesday, November 02, 2005 6:31 
AM
Subject: [Declude.JunkMail] testing 
mailserver

Hi,
 
I was testing our mailserver by setting up a 
telnet session on port 25 and then entering the commands. I must have done 
something realy wrong as my tekst appears in the headers in a way not even 
Outlook Express can see. ;-0 It will show a blank message.
 
This is wat was delivered to me:
 
Received: from TEST [194.109.165.42] by 
tio.nl  (SMTPD-8.21) id AE3902D0; Wed, 02 Nov 2005 12:08:41 
+0100dit is een testX-RBL-Warning: BADHEADERS: This E-mail was sent 
from a broken mail client [8c200041].X-Declude-Sender: [EMAIL PROTECTED] 
[194.109.165.42]X-Declude-Spoolname: 
D9DFC01B0059C.SMDX-Declude-Note: Scanned at tio.nl by Declude 2.0.6 
(http://www.declude.com/x-note.htm) 
for spam.X-Declude-Scan: Score [8] at 12:09:30 on 02 Nov 
2005X-Declude-Tests: BADHEADERSX-Country-Chain: 
NETHERLANDS->destination---[E-mail scanned at tio.nl for viruses 
by Declude Virus]From: [EMAIL PROTECTED]Date: Wed,  2 
Nov 2005 12:09:30 +0100X-RCPT-TO: <[EMAIL PROTECTED]>Status: 
UX-UIDL: 383765952X-IMail-ThreadID: 9dfc01b0059c
 
See the "dit is een test" below the received 
from line? This is what I did:
 
Start (Windows) telnetset 
LOCAL_ECHOopen mail.tio.nl 25HELO TESTMAIL FROM:<[EMAIL PROTECTED]>RCPT TO:<[EMAIL PROTECTED]>DATAdit is 
een test.QUIT
Did I make a BIG mistake? I know I should have 
added a msgid somewhere and a date line to have a proper valid message but 
is that nessecary in order to have the text after the DATA command appear as 
the body part of a mail?
 
I'm using Declude 2.0.6

 
 
    Met vriendelijke 
groet,
Bonno 
Bloksma
hoofd 
systeembeheer
 
tio hogeschool toerisme 
en hospitality
julianalaan 9 / 7553 ab 
hengelo
t 074 255 06 10 / f 074 
255 06 16
[EMAIL PROTECTED] / www.tio.nl

[Declude.JunkMail] testing mailserver

[Bonno Bloksma]

Hi,
 
I was testing our mailserver by setting up a telnet 
session on port 25 and then entering the commands. I must have done something 
realy wrong as my tekst appears in the headers in a way not even Outlook Express 
can see. ;-0 It will show a blank message.
 
This is wat was delivered to me:
 
Received: from TEST [194.109.165.42] by 
tio.nl  (SMTPD-8.21) id AE3902D0; Wed, 02 Nov 2005 12:08:41 
+0100dit is een testX-RBL-Warning: BADHEADERS: This E-mail was sent from 
a broken mail client [8c200041].X-Declude-Sender: [EMAIL PROTECTED] 
[194.109.165.42]X-Declude-Spoolname: 
D9DFC01B0059C.SMDX-Declude-Note: Scanned at tio.nl by Declude 2.0.6 (http://www.declude.com/x-note.htm) 
for spam.X-Declude-Scan: Score [8] at 12:09:30 on 02 Nov 
2005X-Declude-Tests: BADHEADERSX-Country-Chain: 
NETHERLANDS->destination---[E-mail scanned at tio.nl for viruses by 
Declude Virus]From: [EMAIL PROTECTED]Date: Wed,  2 Nov 
2005 12:09:30 +0100X-RCPT-TO: <[EMAIL PROTECTED]>Status: UX-UIDL: 
383765952X-IMail-ThreadID: 9dfc01b0059c
 
See the "dit is een test" below the received from 
line? This is what I did:
 
Start (Windows) telnetset LOCAL_ECHOopen 
mail.tio.nl 25HELO TESTMAIL FROM:<[EMAIL PROTECTED]>RCPT TO:<[EMAIL PROTECTED]>DATAdit is een 
test.QUIT
Did I make a BIG mistake? I know I should have 
added a msgid somewhere and a date line to have a proper valid message but is 
that nessecary in order to have the text after the DATA command appear as the 
body part of a mail?
 
I'm using Declude 2.0.6

 
 
Met vriendelijke 
groet,
Bonno Bloksma
hoofd 
systeembeheer
 
tio hogeschool toerisme en 
hospitality
julianalaan 9 / 7553 ab 
hengelo
t 074 255 06 10 / f 074 255 
06 16
[EMAIL PROTECTED] / www.tio.nl

[Declude.JunkMail] upgrade to 3.0.5

[Bonno Bloksma]

Hi,
 
Currently using Declude 2.0.6
Do I just stop the queue service and then performe 
the Upgrade or do I have to stop more?
Groetjes,
 
Bonno Bloksma

[Declude.JunkMail] X-Declude-Sender header

[Bonno Bloksma]

Hi,
 

What ip number wil Declude list in the sender line? 
Will that allways be the connecting ip number or will it indeed skip numbers 
listed in an ipbypass line and list the first number after 
that?
Found this in a mail I was looking 
at:
X-Declude-Sender: [EMAIL PROTECTED] 
[217.114.97.6]
 
It has the ip number of the backup mailserver 
listed as the sender. I have this ip number in my global.cfg file listed with an 
ip bypass line
IPBYPASS 217.114.97.6
 
This was in a (fake ebay) mail held by declude 
because of a CR vulnerability. So maybe the declude junkmail processing would 
have corected this line if it had gotten that far but.I'd like to know if 
that's indeed what would have happened or not.
 
Groetjes,
 
Bonno Bloksma

Re: [Declude.JunkMail] VIRUS WARNING

[Bonno Bloksma]

Hi,

A slight addendum to your instructions.

[.]
Then reboot the server. After rebooting, you will now be able to delete 
the two offending files. They are located in:


  c:\winnt\system32\mousebm.exe
  c:\winnt\system32\mousesync.exe


Before rebooting my server I allways RENAME a dangerous file which I am not 
able to delete. Renaming has allways worked so far in cases where I am not 
able to delete a file. That way if I mis a reg key, or don't want to go 
hunting for all keys which launch a virus/trojan/etc., I can still disable 
it and remove it.


p.s. You wrote no virusscanner found it yet, you did report this virus to 
you virus vendor didn't you?


Groetjes,


Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SmarterMail shortcomings in a gateway environment

[Bonno Bloksma]

Hi,


Thank you for the detailed analysis - We have been considering SmarterMail
as a migration path from IMail but will probably "go slow" until they grow
up a bit more.

How about open source?  I seem to recall there are a few open source mail
servers based on decent code (ASP.NET) that run on Windows servers.



The core of Novell netmail has been release to open source 
http://www.novell.com/news/press/archive/2005/02/pr05014.html and is now 
being delevoped as the HULA mail server. However, it's not on a Windows 
server, it will run on Linux. It's got a decent webinterface and also 
supports calendaring. Synchronisation with PDA etc. is allready possible but 
is being further developed as well.


Development of the HULA mailserver is going mucht faster that Novell had 
expected, they have decided to discontinue development of the netmail server 
as HULA will have overtaken it in just one year. Only the core was realse to 
open sorce but that did not stop people from developing the bells and 
whissels around it. :-)


They have most things down pat, one problem they were running into a while 
ago with the user database it that Microsoft had "improved" it's version of 
LDAP in the Active Directory so it would not work in a normal LDAP way.


Right now I'm not thinking about it yet but in the near future.. Also 
the RedHat Enterprise server, which comes with a pricetag, now has it's 
exact freeware copy http://www.centos.org/ (without the RH logo's). So a 
rock stable Linux server platform is now also available for free.


A quote:
At the same time, the new Hula project brings the mail and calendaring 
technology of the Novell NetMail product to the open source realm. Hula is 
positioned to be to collaboration what Apache is to Web serving.


Performance:
It scales. Hula can scale up to 200,000 registered users on a single 
properly configured server, with 50,000 users simultaneously accessing the 
system.


Groetjes,


Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Layman's Explanation of E-Mail Spoofing

[Bonno Bloksma]

Hi,

Just ask them "What is preventing you neighbour to drop a letter in the
mailbox (as in a city mailbox on the corner of the streest where hundres of
people drop mail in) with *your* address as the sender address?" When the
mailman opens the box it cannot be know who dropped what in the box and
whether the information on the envelope is correct.

Groetjes,

Bonno Bloksma


- Original Message - 
From: "Dan Geiser" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, May 17, 2005 4:57 PM
Subject: [Declude.JunkMail] Layman's Explanation of E-Mail Spoofing


> Hello, All,
> I'm having a hard time explaining to some of our customers why there is
> nothing that we can do to stop some unscrupulous spammer or anti-virus
> author from using their e-mail address and spoofing messages to look like
> they are sent "from" them.
>
> It seems that no matter how many times I explain it they just don't get
it.
>
> Does anyone know of a good reputable source on the Internet which explains
> how e-mail addresses are spoofed which I can point them to?  If it was in
> layman's terms all the better but I think just showing them an outside
> resource might be good enough as they seem to think we should be able to
> control it and are shirking our duties.
>
> Thanks,
> Dan Geiser
> [EMAIL PROTECTED]
>
>
> ---
> E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [E-mail scanned at tio.nl for viruses by Declude Virus]
>
>

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] BCC test

[Bonno Bloksma]

Hi,
 
I was just looking at the Junkmail manual and 
noticed the documentation on the BCC test does tell what is does but it does not 
tell how it is supposed to be confugured.
 
Now as a seasoned Declude user I quickly determined 
the meaning of the 10 x 5 0 sequence in the default config but shouldn't the 
documentation be made for first time users? Nowhere have I been able to find a 
explanation of the 4 numbers and/or placeholder x's after a test, nor how a 
testline is constructed. It's probably somewhere but shouldn't that info be in 
the junkmail manual at http://www.declude.com/Version/Manuals/2.0.6.asp ?
 
Also in the docs it states for the BCC 
test:
"This test will catch E-mail that has a lot of 
local recipients that are not listed in the E-mail headers. This test is 
normally only used in advanced setups, as most mailing list E-mail has many 
recipients not listed in the headers."
However, in the default setup this test is enabled, 
that's different from "... normally only used in advanced setups".
 
Groetjes,
 
Bonno Bloksma
 
 

Re: [Declude.JunkMail] Email not being scanned by Declude.

[Bonno Bloksma]

Hi,

Although the IMail services don't have any dependencies I was thinking of
linking some services in order to prevent stuff like this.

I would have Syslog run first, then the Queuemanager and then the other
services. This would for instance automatically stop the SMTP service when
stop/starting the Queuemenager.

So Most services, incl. queue manager, depend on Syslog.
SMTP depends on queuemanager (and syslog)?

Any caveats I should know about?


Groetjes,

Bonno Bloksma


- Original Message - 
From: "Matt" <[EMAIL PROTECTED]>
To: 
Sent: Monday, February 14, 2005 4:47 PM
Subject: Re: [Declude.JunkMail] Email not being scanned by Declude.


> It's actually during the shut down that this happens during a window of
> a few seconds.  In order to avoid this, always stop the SMTP service
> before shutting down, and also before stopping the QueueManager service.
>
> Matt
>
>
>
> Darrell ([EMAIL PROTECTED]) wrote:
>
> >> No changes have been made to Imail.  There is a scheduled task that
runs
> >> at 3:00 AM that reboots the Imail server.  I suspect that the first
> >> queue run after reboot was when they were delivered.
> >
> >
> > Others will chime in, but this is a known issue that after a reboot
> > that the QueueManager will grab email that has not been scanned by
> > Declude yet and deliver them.
> > Darrell
> > 
> > Check out http://www.invariantsystems.com for utilities for Declude
> > And Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI
> > integration, MRTG Integration, and Log Parsers.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
> >
> >
>
> -- 
> =
> MailPure custom filters for Declude JunkMail Pro.
> http://www.mailpure.com/software/
> =
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [E-mail scanned at tio.nl for viruses by Declude Virus]
>
>

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] 2005 SpamHeaders Glitch?

[Bonno Bloksma]

Hi,
I had a couple of false positives this morning caused in part by
SPAMHEADERS
apparently objecting to 2005 as an invalid year. When I checked my 
normal
mail, everything I checked failed SPAMHEADERS.

Time to disable the "SpamHeaders" test until this gets fixed.

I set it to zero weight temporarily.
Just did the same.
I also sent an email direct to Scott and Barry.
To the urgent@ account?
Groetjes,
Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] 2005 SpamHeaders Glitch?

[Bonno Bloksma]

Hi,
I had a couple of false positives this morning caused in part by 
SPAMHEADERS apparently objecting to 2005 as an invalid year. When I 
checked my normal mail, everything I checked failed SPAMHEADERS.

Using Declude 1.79i7.
Hmmm running 1.81 overhere and same problem. SPAMHEADERS on every mail I 
have checked.

Were there any warnings on this?
None that I know.
 Is anybody else seeing it?
Yup.
Groetjes,
Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?
---
[E-mail scanned at tio.nl for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: How to define "spam" and "ham"

[Bonno Bloksma]

Hi,
 
Amazon I happen to know first hand so if it's 
*realy* from amazone I would have a quick look why it was held but. all 
the other domain names I don't know them. Neither do I have the time to 
investigate these things. It's like you wrote, if I see then held... There's 
probably a reason for it. Being the postmaster overhere is a part-time job, this 
is primarily a mailserver for us internaly. We are a "school" with about 
2000 students and staff. I'm processing about 4K messages a day.
 
As to "rules", I don't have specific rules, I just 
want to make sure we keep our mail as clean as possible. It is primarily for 
internal use. If that means some automated messages from some sources don't get 
through, to bad. I'll look into it when someone complains. So far, except 
for some individual cases, no one has complained certain messages did not 
get to them, which to me means I'm doing not to bad.
Groetjes,
 
Bonno Bloksma Back up my hard drive? How do I put it in 
reverse?

  - Original Message - 
  From: 
  Matt 
  To: Declude.JunkMail@declude.com 
  
  Sent: Tuesday, December 21, 2004 3:30 
  AM
  Subject: Re: [Declude.JunkMail] OT: How 
  to define "spam" and "ham"
  Bonno,Unfortunately 'knowing' is rarely the result of 
  first hand experience in this case, at least without a good deal of focus and 
  research over time.  Personally, I have found that E-mail coming from the 
  the better bulk-mail providers rarely breaks my rules.  Generally if you 
  have heard of the company represented in the E-mail and it comes from a first 
  rate bulk-mail provider, they do in fact not violate the rules very often if 
  at all.  Some companies also perform their own bulk-mailing such as 
  Amazon, and they should be especially aware of the potential of being 
  blacklisted.  There are others of course that don't really care, and the 
  primary violation is typically some form of harvesting where they purchase 
  addresses or re-use them from other resources.  It's rare that a company 
  that you have heard of not honoring opt-outs, though sometimes due to multiple 
  internal working groups and not having a central repository for managing such 
  subscriptions, a company might unsubscribe you to one list only to introduce 
  another one that you are default-opted-into.I guess what I was really 
  after was what people like yourself do when you find that an ad for Amazon, 
  J.Crew, Office Max, or even Orbitz is blocked by your system.  Do you 
  block them purposefully?  Do you just go with the flow figuring that if 
  they are blacklisted there is a reason?  Do you research the sender and 
  take corrective action?  Or do you just simply wait for users to complain 
  about something being blocked?  And regardless of the action that you 
  take, what are your 'rules', or are there any specific rules that you or 
  others use?Thanks,MattBonno Bloksma wrote: 
  



Matt,
 
Although I agree with your reasoning, my 
problem would then be how do I determine who belongs to what catagorie? 
Overhere I see stuff getting caught which is definitely a newsletter of some 
sorts but I don't know whether the user requested it or not. Nor whether the 
user might want it or not.
 
As we have a lot of students with a very divers 
interest area it's impossible to know what is normal. Also being the mail 
admin is only a (small) part-time job overhere, as long as it's running. 
;-)
 
I keep telling my students "don't unsubscribe 
as it will only increase your spam". Now maybe *I* can make a exeption by 
reading a list of companies that honor opt-out but I know most of our 
students and staff would not. They'd either unsubscribe or not, without 
reading such a list, "it's too much work". ;-(
 
Groetjes,
 
Bonno Bloksma
 
 

  - 
  Original Message - 
  From: 
  Matt 
  
  To: 
  Declude.JunkMail@declude.com 
  
  Sent: 
  Monday, December 20, 2004 2:01 PM
  Subject: 
  [Declude.JunkMail] OT: How to define "spam" and "ham"
  This was the subject of a 
  recent off-list discussion between myself and Pete where there was a 
  perception that my definition of spam was too conservative or rather my 
  definition of ham was too liberal.  While I readily admit that in 
  practice, I do personally wish to block many fewer things that I 
  consider to be legitimate first-party advertising than most do, I don't 
  necessarily get the impression that the definitions that I use are all 
  that much off the mark.  I have also found that the folks at 
  BondedSender think that I am some sort of anti-advertising zea

Re: [Declude.JunkMail] OT: How to define "spam" and "ham"

[Bonno Bloksma]

Matt,
 
Although I agree with your reasoning, my problem 
would then be how do I determine who belongs to what catagorie? Overhere I 
see stuff getting caught which is definitely a newsletter of some sorts but I 
don't know whether the user requested it or not. Nor whether the user might want 
it or not.
 
As we have a lot of students with a very divers 
interest area it's impossible to know what is normal. Also being the mail admin 
is only a (small) part-time job overhere, as long as it's running. 
;-)
 
I keep telling my students "don't unsubscribe as it 
will only increase your spam". Now maybe *I* can make a exeption by reading a 
list of companies that honor opt-out but I know most of our students and staff 
would not. They'd either unsubscribe or not, without reading such a list, "it's 
too much work". ;-(
 
Groetjes,
 
Bonno Bloksma
 
 

  - Original Message - 
  From: 
  Matt 
  To: [EMAIL PROTECTED] 
  
  Sent: Monday, December 20, 2004 2:01 
  PM
  Subject: [Declude.JunkMail] OT: How to 
  define "spam" and "ham"
  This was the subject of a recent off-list discussion between 
  myself and Pete where there was a perception that my definition of spam was 
  too conservative or rather my definition of ham was too liberal.  While I 
  readily admit that in practice, I do personally wish to block many 
  fewer things that I consider to be legitimate first-party advertising than 
  most do, I don't necessarily get the impression that the definitions that I 
  use are all that much off the mark.  I have also found that the folks at 
  BondedSender think that I am some sort of anti-advertising zealot for 
  reporting what is near universally what we would consider to be spam, so it 
  does go both ways :)  So I wanted to throw this topic out for some 
  feedback and other presentations of one's own definitions and maybe learn 
  something in the process.First off, I naturally follow the basic 
  definition of spam that is widely promoted where spam is both 
  unsolicited and bulk.  What causes such wide derivation from this common 
  definition however is the sub-definition of what constitutes unsolicited, and 
  the gray area that exists beyond this definition due to abuse.The 
  definition that I use to qualify advertising or newsletter related ham is as 
  follows:
  This definition starts with me treating things as ham if it 
comes from a first-party relationship with the sender, however there are 
some exceptions as follows:
[.]
 

Re: [Declude.JunkMail] Email being released today - Advance Notice

[Bonno Bloksma]

Hi Darin,



> But my question was on receiving an SA with the purchase of an upgrade.
>
> So, if we purchase a level upgrade, do we get the current version, or are
we
> stuck with the version that was available when our SA ran out?



Talked to someone from Declude about just that a while ago. Their point
*then* was you would be allowed to use the version which was current at the
moment your SA ran out. My point to then was: a "level upgrade" should
include an upgrade to the version current at the time of the upgrade. Of
course for any bugfix/update after that one would need a valid SA. I still
thing this is a "normal" way of doing business. The other way allows me to
buy an "old" product at today's price.



At that time they did not agree with me but maybe their point has changed.


> Darin.



Groetjes,



Bonno Bloksma



> - Original Message - 
> From: "Don Schreiner" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, December 01, 2004 11:48 AM
> Subject: RE: [Declude.JunkMail] Email being released today - Advance
Notice
>
>
> Barry,
>
> I hate to disagree with you!  See below email. I am also working on
> finding in my archive another email between Scott and self clarifying
> Service Agreements this same topic.
>
> -Don
>
> -Original Message-
> From: R. Scott Perry [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 14, 2003 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: Declude Service Agreement
>
> Thank you for your order for a Service Agreement.
>
> This E-mail confirms the purchase of your 1 Year Service Agreement,
> which
> will be good through January 31, 2004.
>
> The Service Agreement entitles you to free upgrades and support during
> the
> term of the service agreement.  The Service Agreement covers all Declude
>
> programs that you have purchased in the past.  You do not need a new
> activation code; your current activation code will continue to work.
>
> Please note that we now have a special E-mail address for urgent support
>
> issues ([EMAIL PROTECTED]).  Standard support questions can be sent to
> [EMAIL PROTECTED]
>
> If you have any questions, please let me know.  Thanks.
>  -Scott
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry Simpson
> Sent: Wednesday, December 01, 2004 11:10 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Email being released today - Advance
> Notice
>
>
> Explanation of Service Agreements
>
> 1. Service Agreements have always been "Per Server", that is to say that
> if
> you own JunkMail on Two Servers then you should have paid two service
> agreements. In the past this would have cost you $295 * 2 - $590. Today
> it
> will be $132 * 2 = $264. A significant saving.
>
> 2. The rules on upgrades have always been that an upgrade between
> product
> levels e.g. Lite to Standard, does NOT include any extension in Service
> Agreement.
>
> Both these rules have been set by Scott years ago.
>
> - Barry
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Don Schreiner
> Sent: Wednesday, December 01, 2004 10:58 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Email being released today - Advance
> Notice
>
> That is how I recall it too, but not sure based on the sites verbiage.
> We
> have license for Declude Pro AV/JM on one server and separate license
> for
> Declude Standard AV/JM at another server/location. Does the $264 JM/AV
> Service Agreement option cover both these licenses as in the past?
>
> -Don
>
> - Original Message - 
> From: "Darin Cox" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, December 01, 2004 10:34 AM
> Subject: Re: [Declude.JunkMail] Email being released today - Advance
> Notice
>
>
> Sounds like some good changes.
>
> How does upgrading one or more products affect service agreements?  For
> example, if we have JM and AV standard, and upgrade one to Pro, what
> service
>
> agreement would we end up with?
>
> I believe in the old model, upgrading one would effectively result in a
> year
>
> support for both, but I may be incorrect.
>
> Darin.

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] IP block

[Bonno Bloksma]

Hi,

[..]
> This E-mail actually came from 68.251.177.107.  That IP *may* have
received
> it from 222.126.26.96, but unless you can trust that IP, you have to
assume
> that it really came from 68.251.177.107.
>
> One option here would be to use a line "HOPHIGH 2" in your
> \IMail\Declude\global.cfg file, which would scan the first two hops, which
> would also cause the 222.126.26.96 IP to be scanned.

Hold on, maybe I have misunderstood the hophigh feature all this time.

Do you mean to say that by using hophigh 2 I test all ip-numers in the first
*and* in the second hop?

I could definitely use that feature as I have mail forwarded to me from the
ISP that we get some of our (consumer) ADSL connections from. They sent any
info regarding a connection to the e-mail address corresponding with that
connection. Of course I have all those adresses forwarded to me but there is
also a lot of spam coming from those adresses. As they have a massive
mailserver farm it is impossible for me to list all mailservers in my
ipbypass list.

If hophigh is doing what I think you said I can suddenly enable all ip based
tests on those forwarded mails by increasing the hophigh count.

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: expanding beyond one mailhost

[Bonno Bloksma]

Hi Mark,

> Andrew,
> We have 3 equal MX records and 3 A records for "load balancing" and
> redundancy.
> We also have a 4th MX which is physically off-site that's a lower
preference
> level.
>
> I put load-balancing in quotes because we still see our number 1 server
take
> the brunt of the load.

Yup, a normal round-robin setup on a DNS server will also rotate the list of
ip-numbers presented to the "client". Most clients will try the first
ip-number given and if that fails try the second etc. As MX records probably
don't get the "normal" round-robin treatment it is allways the first listed
ip-number which is presented first in the list to the client, and which
thereby gets used most often.

I might be wrong but I think that's the reason fo the observed behaviour.


Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?


---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] IPSwitch ICS

[Bonno Bloksma]

Hi,

> > Perhaps the time has arrived for the folks at Computerized Horizons to
> > release their own full blown MTA... 

> Add my vote, too!
>
> WebMail, POP, IMAP and SMTP. No need for the rest of it, IMHO. I have
> calendaring turned off, and I do not want to get involved with instant
> messaging and the rest. I could probably live without IMAP, too.

Sorry, the reason we went with IMail was the webmail support at the time. We
have completely rewritten the webmail templates to seemlessly integrate it
with our website where our students and teachers can read the mail. As it
also supports POP and IMAP we can also use it for the "regular" e-mail
accounts the staff has, who mostly use Outlook (Express) on their computer
(POP) and the "shared" e-mail accounts which are used by the helpdesk etc.
(IMAP) and people like me who have 2 to 3 systems where they need to be able
to access the mail.

Of course an antivirus and antispam product like Declude only helped to
swing the vote in IMail's favor at the time. We will be looking for
something new in the future ass well. I had not renewed my SA either because
I could not see any new developments we "wanted to have" in the lastest
IMail product. Rights now we are at 8.05 and we'll probably stay there for a
while.

Met vriendelijke groet,

Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?

[Bonno Bloksma]

Hi,

> Hi all.  We've been struggling a bit with this issue.  We have a variety
of
> tests in place, and basically have just changed our settings to:
>
> WEIGHT10 WARN
> WEIGHT20 BOUNCEONLYIFYOUMUST
> WEIGHT40 DELETE
>
> The hope is that it will bounce some of the false positives back to the
> senders so we don't get complaints from people that they are not receiving
> their emails

To bad, but no go. If you have the standard weights in place, chances
you are becoming a spammer yourself is about 80%. That's the spam hitrate
for the weight20 test minus the nonforged headers. About 90% of all spam has
a forged header, the remaining being from "advertising senders" having a
bounce mechanism. So you are sending a lot of spam to innocent victims who's
e-mail adres has been used as a from adres. Also, have a look at your
postmaster account, it should fill up nicely with bounces to forged adresses
that do not exist.

The reason it is called BOUNCEONLYIFYOUMUST is just that. Bounce only if you
MUST and be aware of what you are doing.

Groetjes,

Bonno Bloksma


---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] spam review

[Bonno Bloksma]

Hi,

[... sorting on spam weight in spamreview...]
> > I've solved this be marking the subject line of all hold
> > messages with "[spam %weight%]"

Well, I have that too now but. that did not solve the problem because
the subject column in the top windows is empty. Strange, as the subject line
in the window below that *does* show the subject. Anybody else have this
problem too?

Groetjes,

Bonno Bloksma


---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] added test on Declude site

[Bonno Bloksma]

Hi,
 
I'd like an extra test on the Declude site where I 
can send an email with all three "problems" in them. Reason I'm asking is I 
sometimes want to test what happens when I'n reaching the weight where I change 
the subject or something else. Having just one test fail won't get me there. 
;-)
 
Of course I can wait until the next virus comes 
along that does reach my subject weight but does *not* reach my delete weight. 
However, the point of having a test available isto catch any problem before it 
is a problem right? ;-)
 
Groetjes,
 
Bonno Bloksma
 
 

[Declude.JunkMail] spam review

[Bonno Bloksma]

Hi,
 
Is Spam Review still being maintained? I have been 
able to retrieve an update in the past few months (now using 1.0.48) but 
there is still a bug in there which I would have expected to be fixed 
by now.
 
1) When I have a look at spam the Junk Mail Wanings 
windows only shows the lines starting with X-RBL-Warning:. Ok however, that does 
not include several other Declude headers. Not a real bug but a minor point, 
meaning I have to look at all headers (at the end) to see what Declude 
added.
 
2) Maybe related to 1) But the Weight at the top of 
the Junk Mail Warnings window is allways empty.
 
3) Feature request (if possible)
I would like to sort on this weight. That way I 
could pay more attention to the messages barely failing my review weight and 
merely glance at those almost reaching my delete weight.
 

4) Feature request (if 
possible)If 2) is related to 1) 
maybe it wouldbe possible to have a list of headers to show in the Junk Mail 
Warnings window. Something like:
X-Note:
X-Spam-Tests-Failed:
where X-RBL-Warning: and/or X-RBL: are included by 
default.
 
I have sent a feature request to the author of spam 
review al long time ago about the Message Body window. Unfortunately I never got 
a answer but in case someone who knows more about it reads this
5) Feature request (if 
possible)

It would be nice if the Message Body window had a third option, beside 
Text and HTML, Stipped HTML where all HTML code, and anything that pretends to 
be so, would be stipped and only the bare tekst (in the HTML section) would 
be shown. That way it is a lot easier to see whether something is Spam without 
activating any hidding features spammers like to use to identifi active e-mail 
accounts.
I seems something which can be verry quickly added as most code is allready 
there, al that is needed is stripping any   stuff right? 
Or am I missing something?
 
Groetjes,
 
Bonno Bloksma
 
 

Re: [Declude.JunkMail] How do I get a copy of all messages that fail a certain test?

[Bonno Bloksma]

Hi,

> > Read the archives. A mesage cannot be *both* deleted and send to someone
> > else. A copy to action is just adding an extra recipient to the smtp
> > envelope. As soon as that has been done the delete action will
delete it
> > all, including the just modified smtp envelope.
> >
> > If you want a copyto/delete combination, use the routeto action. That
will
> > send the mesage to another e-mail adderess in stead of to the intended
> > recipient.
>
> Routeto doesn't produce any better results than copyto. If the weight of
the
> incoming message exceeds our delete weight then I don't receive a version
of
> the message.

Like I wrote, routeto is to be used in steds of *BOTH* the Copyto *and* the
delete action. But.

> I'm using the latest interim, with 2 duplicate tests with different
actions.

But you have given them different names right?

> The second test uses the routeto (or copyto) action while the first test
> uses the warn action. I have an independent .junkmail file for the routeto
> (or copyto) e-mail address with no delete actions in that file.

Ok, no delete action.

So that should be the solution. Now have a look at the logfile for messages
which meet the criterea. Just put the loglevel at high for a while if you
havene't done so allready. Debug isn't neccesary here (yet). Have look what
happens, whats actions is declude taking on those mesages?

> For example, a message is sent to [EMAIL PROTECTED] (which uses a .junkmail
> file that does contain delete actions) and the message fails SPECIALTEST
and
> fails enough other tests to exceed our delete weight. Instead of the
copyto
> or routeto action happening (to a special e-mail address with it's own
> .junkmail file which contains no delete actions) the incoming message gets
> deleted.

Right, no delete action.

> 1. Things work perfectly if the message fails the SPECIALTEST and the
weight
> of the incoming message is below the delete weight.
>
> 2. I can't remove the delete action for the delete weight, as over 100,000
> messages a day exceed the delete weight.

Ahum, so the message get's deleted same problem, same cause. However.
there is also an action called COPYFILE (i think). Read the archives as it
is maybe in a beta or in one of the latest interims. The copyfile action
makes a copy but does *not* (yet) include all the declude headers as the
copy gets made before declude adds all it's stuff to the meaasge, although
that may have changed by now.

>
> 3. The [EMAIL PROTECTED] address was just an example. Any message to any
> subscriber could fail the SPECIALTEST and be over the delete weight.
>
> I simply want a copy of every message that fails the SPECIALTEST. Ideas?

I'm not sure about the action name but it's something like that.

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] How do I get a copy of all messages that fail a certain test?

[Bonno Bloksma]

Hi,

Read the archives. A mesage cannot be *both* deleted and send to someone
else. A copy to action is just adding an extra recipient to the smtp
envelope. As soon as that has been done the delete action will delete it
all, including the just modified smtp envelope.

If you want a copyto/delete combination, use the routeto action. That will
send the mesage to another e-mail adderess in stead of to the intended
recipient.

Groetjes,

Bonno Bloksma


- Original Message - 
From: "System Administrator" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 13, 2004 3:35 PM
Subject: Re: [Declude.JunkMail] How do I get a copy of all messages that
fail a certain test?


> on 8/13/04 9:18 AM, Bud Durland wrote:
>
> > I belive the remedy is to create a second test, of the same type with
> > the same criteria, and make COPYTO the action for that new test
>
> I'm currently doing that. Apparently, the over the delete weight messages
> get deleted before the copyto takes place.
>
> Greg
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [E-mail scanned at tio.nl for viruses by Declude Virus]
>
>

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] logfile naming

[Bonno Bloksma]

Hi,

Get the UnixTools for Windows http://unxutils.sourceforge.net/  and use all
the Unix commands you've always wanted in a Windows environment. ;-)

Met vriendelijke groet,

Bonno Bloksma

- Original Message -
From: "Roderick A. Anderson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 01, 2004 1:10 AM
Subject: Re: [Declude.JunkMail] logfile naming


>
> > You could use something like:
> > LOGFILE spool\dec2004.log
>
> I was hoping to avoid a kludge like this.  Coming from a UNIX background
> I don't like to manually do tasks that should be automatic (or
> automagical :-) and easy.
>
> I'm getting pretty good at writing scripts that run from the scheduler
> and do what has to be done.
>
> Thanks to all for the suggestions..
>
>
> Rod
>
> --
> Roderick A. Anderson
> Project Manager
> Technology Services Management Group
<http://www.technologyservicesmanagementgroup.com/>
> Spokane WA, 99202
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [E-mail scanned at tio.nl for viruses by Declude Virus]
>
>

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] spf test

[Bonno Bloksma]

Hi,
 
Per instructions on http://spf.pobox.com/wizard.html I 
have set up my SPF record. However, this TXT record now has a ~all in it to 
signify there may be exeptions to the rule, signifying those would be a softfail 
in stead of a hardfail using the -all rule.
 
Testing this at http://www.dnsstuff.com/pages/spf.htm will 
generate an error:
Testing '~all' on IP=80.126.46.32, target domain tio.nl, CIDR 32, 
default=PASS.  ERROR: unrecognized mechanism '~all'.  Returning 
UNKNOWN per section 3.6.Scott, is there 
something still missing in Declude? Should I use the current spf TXT 
record?
Groetjes,
 
Bonno Bloksma Back up my hard drive? How do I put it in 
reverse?

[Declude.JunkMail] Sniffer and Declude

[Bonno Bloksma]

Hi,I want to score sniffer higher in my 
Declude points but I don't want to score all sniffer results equal. There is an 
experimental group as well as a grey group which I would like to score at the 
level I have it now, where I mark the subject.
 
Do I need to define all sniffer external results, 
or can I have a few lines like:SNIFFER-GREYMAIL external 060 ...\ID.exe AuthCode 10 
0SNIFFER-EXPERIMENTAL external 062 ...\ID.exe AuthCode 10 
0
SNIFFER 
external nonzero ...\ID.exe AuthCode 15 0
Where the last line catches all other results of the 
test?Groetjes,Bonno Bloksma

Re: [Declude.JunkMail] Hijack question

[Bonno Bloksma]

Hi,

> > > >Is it possible to get Hijack to run after DJMP?  This would help me
> > > >to better manage my backup mailserver -
> > >
> > > The only way to do that would be if you are also running Declude
Virus, you
> > > could use the "AVAFTERJM ON" option to force Declude Virus to run
after
> > > Declude JunkMail, which also forces Declude Hijack to run last (since
> > > Declude Hijack always runs after Declude Virus).
> >
> >Wasn't there something about *no virusscanning* if a held e-mail was
> >returned to the queue using this option?
>
> In the past, that was the case.  However, Declude Virus will now always
run
> before Declude Hijack, so this is not an issue anymore.

Eventhough the poster was talking about HiJack, I forgot to mention I was
asking about JunkMail. When using this option will a message held by
Junkmail and returned to the queue ever be scannen for virusses? I remember
reading JM would move it to the hold before VIR could scan it for virusses.
When later returning it to the queue it would never be scanned again, nor
for JM nor for virusses.

Groetjes,

Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Hijack question

[Bonno Bloksma]

Hi,


>
> >Is it possible to get Hijack to run after DJMP?  This would help me
> >to better manage my backup mailserver -
>
> The only way to do that would be if you are also running Declude Virus,
you
> could use the "AVAFTERJM ON" option to force Declude Virus to run after
> Declude JunkMail, which also forces Declude Hijack to run last (since
> Declude Hijack always runs after Declude Virus).

Wasn't there something about *no virusscanning* if a held e-mail was
returned to the queue using this option?


Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] COMBO-Filter solution for todays german polite emails

[Bonno Bloksma]

Hi,
 
We are Dutch, based in the Netherlands and we have 
a .nl domain name. So it's at least more then just .de domains that get spammed. 
It looks like these mails are news reports which are sent to various 
addresses.
Groetjes,
 
Bonno Bloksma

  - Original Message - 
  From: 
  Markus Gufler 
  
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, June 10, 2004 2:23 
  PM
  Subject: RE: [Declude.JunkMail] 
  COMBO-Filter solution for todays german polite emails
  
  Same here.
   
  I've updated and simplyfied the initialy posted filters 
  several times in the last hours.
  For best results please download the newest filter files 
  from http://www.zcom.it/decludeupdater/polit_filter.zip
   
  I'm interested if this wave of spam mails is a global 
  phenomenon, or if they are able to restrict delivery to recipientsof a certain 
  language/country.
  Any info's?
   
  Markus
   
   
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Bonno 
BloksmaSent: Thursday, June 10, 2004 1:51 PMTo: 
[EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] 
COMBO-Filter solution for todays german polite emails

Hi,
 
Spammers are getting smart. This spam did not 
fail any of the test we have in place using (near) default Declude tests. It 
scored 0 points.
Groetjes,
     
Bonno Bloksma

  - Original Message - 
  From: 
  Markus 
  Gufler 
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, June 10, 2004 9:15 
  AM
  Subject: [Declude.JunkMail] 
  COMBO-Filter solution for todays german polite emails
  
  Hi 
  all,
   
  Maybe 
  interesting for german/european email admins:
   
  Some hours ago 
  someone/something has started to send german messages trough the internet 
  containing politic statements.
   
  At the first 
  moment it seems very difficult to filter out this type of messages 
  comming from different IPs
   
  But with the 
  following COMBO filters I can see excellent results
   
  POLIT-CONTENT filter 
  C:\IMail\Declude\lists\filter_polit_content.txt   x 0 
  0
  # contains 
  different tipical body keywords
  # in any case 
  0 points
  POLIT-QMAIL filter 
  C:\IMail\Declude\lists\filter_polit_qmail.txt   x 0 
  0
  # all this 
  messages contains ".qmail@" in the header (message-id 
  part)
  
  # in any case 
  0 points
  POLIT-UMLAUT filter 
  C:\IMail\Declude\lists\filter_polit_umlaut.txt   x 0 
  0
  # All messages 
  doesn't contain any german "umlaut" and special characters (ä, ö, ü, 
  ß)
  
  # in any case 
  0 points# should avoid false 
  positives
  POLIT-COMBO filter 
  C:\IMail\Declude\lists\filter_polit_COMBO.txt   x 0 
  0
  # The logic 
  behind this filter:
  # skip if no 
  POLIT-CONTENT body keyword and no POLIT-QMAIL header string was 
  found
  # skip if any 
  special german character (POLIT-UMLAUT) was found
  # Add 100 
  points if HELOBOGUS has failed (all this messages has a random generated 
  helo string)
   
   
  Filter-files 
  can be downloaded from http://www.zcom.it/decludeupdater/polit_filter.zip
   
   
  Markus 
  

Re: [Declude.JunkMail] COMBO-Filter solution for todays german polite emails

[Bonno Bloksma]

Hi,
 
Spammers are getting smart. This spam did not fail 
any of the test we have in place using (near) default Declude tests. It scored 0 
points.
Groetjes,
 
Bonno Bloksma

  - Original Message - 
  From: 
  Markus Gufler 
  
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, June 10, 2004 9:15 
  AM
  Subject: [Declude.JunkMail] COMBO-Filter 
  solution for todays german polite emails
  
  Hi 
  all,
   
  Maybe interesting 
  for german/european email admins:
   
  Some hours ago 
  someone/something has started to send german messages trough the internet 
  containing politic statements.
   
  At the first 
  moment it seems very difficult to filter out this type of messages 
  comming 
  from different IPs
   
  But with the 
  following COMBO filters I can see excellent results
   
  POLIT-CONTENT filter 
  C:\IMail\Declude\lists\filter_polit_content.txt   x 0 
  0
  # contains 
  different tipical body keywords
  # in any case 0 
  points
  POLIT-QMAIL filter 
  C:\IMail\Declude\lists\filter_polit_qmail.txt   x 0 0
  # all this 
  messages contains ".qmail@" in the header (message-id 
part)
  
  # in any case 0 
  points
  POLIT-UMLAUT filter C:\IMail\Declude\lists\filter_polit_umlaut.txt 
    x 0 0
  # All messages 
  doesn't contain any german "umlaut" and special characters (ä, ö, ü, 
  ß)
  
  # in any case 0 
  points# should avoid false positives
  POLIT-COMBO filter 
  C:\IMail\Declude\lists\filter_polit_COMBO.txt   x 0 
  0
  # The logic behind 
  this filter:
  # skip if no 
  POLIT-CONTENT body keyword and no POLIT-QMAIL header string was 
  found
  # skip if any 
  special german character (POLIT-UMLAUT) was found
  # Add 100 points 
  if HELOBOGUS has failed (all this messages has a random generated helo 
  string)
   
   
  Filter-files can 
  be downloaded from http://www.zcom.it/decludeupdater/polit_filter.zip
   
   
  Markus 
  

Re: [Declude.JunkMail] Upgrade Declude

[Bonno Bloksma]

Hi,

[]
> We normally recommend the latest version (either 1.75 (the latest released
> version) or 1.80 (the latest beta)).  But you need to make sure that your
[]

Hmmm, are you ahead of yourself here? I have not seen a message about 1.80
being released, nor do the junkmail and virus manuals list it. Maybe time
for a vacation. ;-)

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Piecing together a Partial Vulnerability

[Bonno Bloksma]

Hi,

> > Copy the D*.SMD and Q*.SMD files back to you IMail spool
> > directory.  It will
> > be delivered on the next queue run.
> >
>
> As I suspected, this is only half the battle.  Now the user has a two part
> message and Outlook apparently doesn't know what to do with it.

That is strange. Either the action you took with Declude was something other
then standard hold, or maybe did you add a footer?

If it was just hold outlook, any most other mail clients, should be able to
put it back together. If you added a footer edit the D* file or the
resulting e-mail source on the client side. Remove the footer and have
outlook handle the attachment.

> > You might try SpamReview for an easy way to inspect and delete/requeue
> > messages.
> >
>
> Would it handle this two-part case?  Can you give me a pointer?

Spamreview wil not modify the e-mail when Declude simply is told to hold it.
With spamreview one can look at the held messages, either via text mode or
html, and simply requeue or delete them.

http://www.slsoft.com/spamreview.htm

Met vriendelijke groet,

Bonno Bloksma

---
[E-mail scanned at tio.nl for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] missing log part and funny mail

[Bonno Bloksma]

Hi,
 
My question is part Declude JM and part IMail 
but I assumed this would be the best place.
 
A student gets a funny mail from a user claiming to 
be [EMAIL PROTECTED]. This e-mail address 
does not exist. Having a look at the logs it seems this message was created by 
IMail1.exe so it probably was a user using the webinterface, which covers about 
90% of our userbase. :-(  If it was indeed a user using the 
webinterface, how was that user able to change the "from" address as there 
is no field for it in the web interface. As we do not log the webinterface 
usage, I have just changed that, I don't know who was logged it at that 
time.
Which log do I need to enable to find out which 
user sent this message, wil just enabling the log for the webinterface be 
enough?
The option "Ignore source address in security 
check" is enabled, should I disable this? Why is that option in IMail at all, it 
this a common problem?
 
What is really puzzling it that at the same time 
there is a gap in the log for Declude JM. The Imail log and the Declude virus 
log show this message being parsed but the JM part never saw it. Nor did it see 
several messages after that. There is a gap of almost 2 minutes in the JM log. 
Anybody any idea what happened, what would cause something like 
this?
 
I'm using IMail 8.03 and Declude 1.75
Declude virus LogLevel MID
Declude JM LogLevel LOW
 
log1127:20031127 091726 
127.0.0.1   SMTP (03CC01FA) finished 
C:\IMail\spool\Qb314003e011cf42d.SMD status=120031127 091728 
127.0.0.1   SMTP (03CC01FB) processing 
C:\IMail\spool\Q31afc5b0770.GSC20031127 091728 
127.0.0.1   SMTP (03CC01FB) ERR tio.nl not 
local mondeling from <[EMAIL PROTECTED]>20031127 
091728 127.0.0.1   SMTP (03CC01FB) Creating 
message from Postmaster20031127 091728 
127.0.0.1   SMTP (03D00049) processing 
C:\IMail\spool\Q03cc01fb06fa.GSE20031127 091728 
127.0.0.1   SMTP (03CC01FB) finished 
C:\IMail\spool\Q31afc5b0770.GSC status=220031127 091728 
127.0.0.1   SMTP (03D00049) ldeliver 
student.tio.nl r.modderman-main (1)  123420031127 091728 
127.0.0.1   SMTP (03D00049) finished 
C:\IMail\spool\Q03cc01fb06fa.GSE status=120031127 091732 
127.0.0.1   SMTP (03CC01FC) processing 
C:\IMail\spool\Q31b0d3403c8.GSC[..]20031127 091914 
127.0.0.1   SMTPD (005C00AC) [212.61.73.64] 
C:\IMail\spool\Db381005c00aca037.SMD 440220031127 091916 
127.0.0.1   SMTP (03CC0200) processing 
C:\IMail\spool\Qb381005c00aca037.SMD
 
vir1127:11/27/2003 09:17:25 Qb314003e011cf42d Scanned: Virus Free 
[MIME: 2 1625]11/27/2003 09:17:27 Q31afc5b0770 Scanned: Virus Free [MIME: 1 
246]11/27/2003 09:17:31 Q31b0d3403c8 Scanned: Virus Free [MIME: 1 235]
 
dec1127:11/27/2003 09:17:26 Qb314003e011cf362 L1 Message 
OK11/27/2003 09:17:26 Qb314003e011cf362 L2 Message OK11/27/2003 09:17:26 
Qb314003e011cf42d L1 Message OK11/27/2003 09:17:26 Qb314003e011cf42d L2 
Message OK11/27/2003 09:19:04 Qb376005200fc75dc L1 Message OK11/27/2003 
09:19:10 Qb37b005900ac8608 L1 Message OK11/27/2003 09:19:16 
Qb381005c00aca037 L1 Message OK
Groetjes,
 
Bonno Bloksma Back up my hard drive? How do I put it in 
reverse?

Re: [Declude.JunkMail] MS Customer Assistance SPAM

[Bonno Bloksma]

Hi Kami,

I have looked at it and probably overlooked it. I want to filter centain
messages like the "a virus has been removed, see the attached info for more
information" with a VirusWarning.txt attachment about which virus was
detected in which file etc.

I want a filter server wide, or at least domain wide but where do I set this
up? Do you use Declude Junkmail for that or is it a feature in IMail?

Met vriendelijke groet,

Bonno Bloksma

- Original Message -
From: "Kami Razvan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 09, 2003 2:34 PM
Subject: RE: [Declude.JunkMail] MS Customer Assistance SPAM


> Samantha:
>
> Our experience shows that the ones that are delivered are not infected.
>
> It appears that the server that the email is sent through has detected the
> virus and has cleaned the attachment and then sent the email.
>
> We have received many emails stating that the email was detected with a
> virus and disinfected using ...
>
> Every single email that has been delivered and not caught was not infected
> in our case.  We are now filtering it based on content.
>
> Regards,
> Kami
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha
> Sent: Thursday, October 09, 2003 8:28 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] MS Customer Assistance SPAM
>
> I know it is not coming from Microsoft.  I know it is a virus.  What I
don't
> understand is why Declude is not catching it?  Or how to stop it if the
> system is not recognizing it as a virus or spam.
>
> How did you stop it?
>
> Thanks
>
> Samantha
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]
>
>

---
[This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] bypassing uplink

[Bonno Bloksma]

Hi,

At my ISP I have a few mailboxes that are forewarded to me. Unfortunately
this domain (xs4all.nl) is verry popular with spammers as xs4all has tried
several times legally to have spammers procecuted. Hurray but :-( because of
the spam. They have allready installed spam filters so not a lot is coming
through but sometimes a spam mail is deliverded to me. Is there a way to
filter this. Problem is, it's a very large ISP with a lot of mailservers so
it's not just one server I have to skip but probably a whole ISP.

Here are the headers from one mail.

Received: from mxzilla4.xs4all.nl [194.109.6.48] by mailie.tio.nl with ESMTP
  (SMTPD32-7.07) id A200593005C; Fri, 11 Jul 2003 01:08:48 +0200
Received: from maildrop8.xs4all.nl (maildrop8.xs4all.nl [194.109.127.18])
 by mxzilla4.xs4all.nl (8.12.3/8.12.3) with ESMTP id h6AN6WvS071750;
 Fri, 11 Jul 2003 01:06:32 +0200 (CEST)
Received: from mxzilla1.xs4all.nl (mxzilla1.xs4all.nl [194.109.6.54])
 by maildrop8.xs4all.nl (8.12.6/8.12.6) with ESMTP id h6AN6W3s036473;
 Fri, 11 Jul 2003 01:06:32 +0200 (CEST)
X-XS4ALL-DNSBL-Checked: mxzilla1.xs4all.nl checked 200.160.248.42 against
DNS blacklists
X-XS4ALL-Pad: empty
Received: from srv1.cotacao.com.br (www.dolaronline.com.br [200.160.248.42]
(may be forged))
 by mxzilla1.xs4all.nl (8.12.3/8.12.3) with ESMTP id h6AN6TiK028786;
 Fri, 11 Jul 2003 01:06:30 +0200 (CEST)
Received: from doramail-com-bk.mr.outblaze.com ([200.160.248.250])
 by srv1.cotacao.com.br (8.9.3p2/8.9.3) with SMTP id UAA07478;
 Thu, 10 Jul 2003 20:13:34 -0300
Message-Id: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
From: "loving touches" <[EMAIL PROTECTED]>
Subject: Women: Experience Rapid & Intense Orgasms During Intercourse
Date: Thu, 10 Jul 2003 19:01:12 -0400
MIME-Version: 1.0
Content-Type: text/html;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Declude-Sender: [EMAIL PROTECTED] [194.109.6.48]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: IPNOTINMX [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 355773255
[..]

Met vriendelijke groet,

Bonno Bloksma

---
[This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] [Declude.Virus] Updating Declude Junk Mail

[Bonno Bloksma]

Hi,

> To take advantage of the latest tests, you may occasionally want to
upgrade
> your \IMail\Declude\global.cfg file (and possibly the
> \IMail\Declude\$default$.JunkMail file as well).  Now would be a good
time,
> as we recently added several new DNS-based spam tests that should help the
> weighting system (WEIGHT10/WEIGHT20 tests) catch more spam.

So I would replace my global.cfg file with yours and then add/replace my
stuff?

Do I need 1.70 for this or can I use 1.65 as there was a small problem in
1.70 for me? Or should I just get 1.70iXX?

Bonno

---
[This E-mail scanned for viruses by Declude Virus using f-prot and Sophos]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Declude Processes & Server Load

[Bonno Bloksma]

Hi Scott,

> >I see the same (with a very small domain and very light usage).  The mail
> >server is nowhere near the strongest, but is sometmies stressed with 1.70
> >(and was the same with 1.69b) but not 1.65.
>
> My recommendation for those that are experiencing this is to try adding a
> line "DECODE OFF" to the \IMail\Declude\global.cfg file, and see if this
> takes care of the problem.  There were some base64 and HTML decoding
> functions added since 1.65, which use more CPU time than most Declude
> JunkMail functionality.  They can be disabled with the "DECODE OFF" line.

Well as you can read in another mail I went back to 1.65 first. This server
has been running normally for several hours however I also went back
from daisychaining to normal IpSwitch smtp32. If it all runs stable today
then tonight I'll enable daisychaining again to make sure attachments via
the webinterface get scanned. If all still runs normal on tuesday (monday is
a holiday overhere) then I'll go bacl to 1.70 and see if the problem returs.
If it does I'll enable the DECODE OFF option te see if that solves the
problem.

> I'm also going to investigate the changes to the ip4r tests, to see if
that
> may be the root of the problem.  It *shouldn't* be, but then again there
> isn't anything in Declude JunkMail that *should* cause 100% CPU usage.  :)

Right, this setup has been rocksolid for two years so if it realy has been
Declude which was responsible, then that's a first. ;-)

Met vriendelijke groet,

Bonno Bloksma

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Declude Processes & Server Load

[Bonno Bloksma]

Hi,

After three days where the server would max out at 100% due to a lot of
smtp32 processes but.. also where there were not so many smtp32
processes I have now tried to revert back to 1.65, was using 1.70i1. In the
past few days I have reset the server several times but it would max out
againafter a while. A few minutes ago I reverted Declude, reset the server
and so far it is behaving normally.

I'll keep track today and will let you know what the end result is at the
end of the day. If it does not max out at the end of the day then Scott will
have some bug hunting to do. ;-)


Met vriendelijke groet,

Bonno Bloksma

- Original Message -
From: "Dan Patnode" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 05, 2003 12:19 AM
Subject: Re: [Declude.JunkMail] Declude Processes & Server Load


Thats interesting, I upgraded both of the problem servers to 1.70 two days
(about 36 hours) before this hit.  I'm going to see if I can switch back to
1.69iX to see if there is a difference.

Dan


On Wednesday, June 4, 2003 14:50, Frederick Samarelli <[EMAIL PROTECTED]>
wrote:
>I have noticed that using the v1.65 I never see Declude use more the 45%
>CPU.
>
>Using 1.70 Beta I see Declude Max the CPU's 100%
>
>Has anyone else seen the same.
>
>Fred
>
>
>
>
>- Original Message -
>From: "R. Scott Perry" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, June 04, 2003 4:36 PM
>Subject: Re: [Declude.JunkMail] Declude Processes & Server Load
>
>
>>
>> >Assuming we're all talking about the same thing, Declude continues to
run
>> >as a process waiting for replies from IP4r requests but does not consume
>> >much CPU time while doing so.
>>
>> That is correct.  It should use very, very little CPU time while waiting
>> for the results to come back.
>>
>> >Does pulling out IP4r tests during an episode show a immidiate decline
in
>> >CPU use?
>>
>> It shouldn't cause a noticeable decline in CPU use -- I can't explain
>> Kami's results.
>>
>> >Does anyone know how the people hosting the IP4r tests feel about us
>> >slamming them with queries?
>>
>> You're not.  Specifically, they will see the same number of queries
>whether
>> you are running IMail v8's anti-spam, Declude JunkMail's, or some other
>> anti-spam solution.
>>
>> The reason for this is that your local DNS server will cache the results.
>>
>> >Suppose I'm cruising along with 20,000 queries a day, then jump to
>500,000
>> >over a few weeks, surely that makes an impression somewhere?  Is there a
>> >point were we should ask about doing more?
>>
>> There are some spam databases that request that heavy users (typically
>> 100,000+ E-mails/day) do zone transfers (downloading the DNS data a
couple
>> times a day).
>>
>> However, if 80% of the lookups are cached, you're talking about 20,000
>> queries hitting the spam database for every 100,000 E-mails.  The root
DNS
>> servers are able to handle up to tens of thousands of queries every
>second;
>> DNS is very efficient.
>>
>> -Scott
>> ---
>> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
>> Declude Virus: Catches known viruses and is the leader in mailserver
>> vulnerability detection.
>> Find out what you have been missing: Ask for a free 30-day evaluation.
>>
>> ---
>> [This E-mail was scanned for viruses by Declude Virus
>(http://www.declude.com)]
>>
>> ---
>> This E-mail came from the Declude.JunkMail mailing list.  To
>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> type "unsubscribe Declude.JunkMail".  The archives can be found
>> at http://www.mail-archive.com.
>>
>
>---
>[This E-mail was scanned for viruses by Declude Virus
>(http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus using f-prot]


---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] question on spammer

[Bonno Bloksma]

Hi,

> >I am a brand new user of Junk Mail and have a question.
> >I have received a lot of spam from this sender in the past day:
[..]
> Are you positive that it isn't related to an opt-in list from
> promotiondaily.com that you may have subscribed to?  Those IPs are listed
> in INTERSIL and XBL, but aren't listed in some of the major spam databases
> such as SPAMCOP (which means that people receiving the E-mail typically
> aren't complaining about it).

If it possibly is an opt-in list but I or my users are not interested I
usually sent a mail to the postmaster of the sending domein asking them to
delete all e-mail addresses belonging to our domain from their mailing
lists. I'm not giving away any information as a) They allready know our
domain exists and b) The mail is just coming from the postmaster address
which anybody "knows" will exist. Sometimes I get an answer that they
removed said addresses, sometimes e-mail stop coming. If they do keep on
coming I will start reporting them as spam.

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Comments

[Bonno Bloksma]

Hi Scott!

Yes you, no not him, the other one. ;-), If I understood you wrong at first
then please read the last line.

> Now that we have the Comments tag, I now find spam with tons of these
> peppered throughout:
>
> 

Standard HTML stuff I think.

> Not really comments, as they are functional, but they're put randomly
> throughout the email. Functional, but pointless. Any ideas?

The whole idea behind the Comments tag was to flag e-mail that has been made
unique by inserting lots of comments which usually are identical in one
e-mail but different in between mails. That way they don't get caught by
pattern recognizers, however, Declude would catch them by simply counting
the number of comments, which *should* not be to high.

Let's leave the rest of the stuff alone, in my opion it would only burden
Declude with stuff it is not supposed to handle anyway. What would you do
with those mail that change the color, delete them, put them on hold?
Or.. do you think these color statments are used in the same way the
comment tags are being used, with several tags after one another and the
last having the correct color?

Met vriendelijke groet,

Bonno Bloksma

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] [Declude.Virus] Mozilla email client

[Bonno Bloksma]

Hi Scott,

I read about this Bayesian filtering/scanning at some other forum as well.
Is this something that Declude Junkmail does right now or will do in the
(near) future? Would be nice if it were a feature of the scanner on the
server in stead of changing all mail client software? ;-)


Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

- Original Message -
From: "Leonard Jacobs" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 23, 2003 6:40 PM
Subject: [Declude.Virus] Mozilla email client


> Has anyone experimented with the new Mozilla 1.3 alpha email client
> that does Bayesian filtering? http://www.mozilla.org/mailnews/spam.html
> Please let us know your experiences.
>
> Thanks.
>
> ===
>
>   Leonard Jacobs
>   Shambhala Publications
>   300 Massachusetts Avenue
>   Boston, MA 02115
>   http://www.shambhala.com
>   (617) 424-6277, ext. 235 voice
>   (617) 236-1563 fax
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus using f-prot]
>
>

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] An optional web interface for Declude JunkMail?

[Bonno Bloksma]

Hi,

> >That's already there -- the configuration files are plain text files, and
> >can be accessed with ASP, PHP, proprietary interface, etc.  :)
> >
> >I'm not sure if the advantages of an API (not having to deal with the
text
> >files directly) would outweigh the disadvantages (less flexibility).
> >-Scott
>
> Maybe a simple answer to this problem would be a seperate exe
> (decutil.exe(?)) that you could call via the command line (or
> perl/php/etc/etc) to edit the config files.  Something that worked along
the
> lines of:
> decutil.exe [mail_account][action][data], or for example
> decutil.exe [EMAIL PROTECTED] whitelist [EMAIL PROTECTED]

Although *we* would probably not get the added option for manipulating the
spam control, this would let us integrated it in our system quite easily. We
are a school (post highschool and bachelors university) and have all our
student info in a MS SQL database. However we decided to use the IMail
database for all the e-mail box info so we use the commandline tool to
create / change / delete new e-mail boxes. A similar tool would let us
manipulate the spam controll.

However, as a school I would simply enforce the spam control and too bad
some legitimate mail gets caught. I will have a look at those mails once or
twice a week and forward them if they seem legit. For THAT I would like a
simple to use tool, either a small web interface or a gui tool to quickly
look at those mails and hit a forward or a delete key.


Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] An optional web interface for Declude JunkMail?

[Bonno Bloksma]

Hi,

> > Many  people, including me, have asked IpSwitch to do something like
> > this.  Also  because  declude  does  NOT  get  called when e-mail in
> > entered  using  the  web interface.
>
> I  have  Declude  scanning all mail using an undocumented technique. I
> will post it, if you promise not to ask Scott directly (seriously).

Please pretty please. I have had one virus infetion on our PCs allready
because one test was distributed by e-mail to all teachers containing a
virus. It took me a while it was not caught by Declude because the e-mail
was entered via the web interface and not via a normail mailclient. :-(
I am very glad I have insisted in installing a virusscanner on all clients
eventhough the mailserver and most other servers are allready protected.
Nothing should have come through but..

> > IpSwitch  will simply not include this because it would cost them in
> > their virus version sales. :-(
>
> I  believe  it was actually a simple oversight on their part in IMAIL1
> that  hurts  them  as well, and I have faith that they will fix it the
> next time they work on that module. :)

Let's hope so. Simply having Declude scann all mail for virusses, and pretty
soon probably for spam as well, is simplicity itself and is pretty much an
"install and forget" issue. Only once in a while do I check the logs
and. see that Declude is still doing it's work. :-)

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] An optional web interface for Declude JunkMail?

[Bonno Bloksma]

Hi,

> Say the word and I'm sure that we'll be more than happy to start
> campaigning Ipswitch to do it! :)

Many people, including me, have asked IpSwitch to do something like this.
Also because declude does NOT get called when e-mail in entered using the
web interface. IpSwitch will simply not include this because it would cost
them in their virus version sales. :-(

So unless we actually pay for those 20 lines I don't think we'll get it
unless.. everybody refuses to upgrade untill they DO put those few lines
in. That's my policy so far. There is no sense for me in upgrading until
they ad features I WANT and not features IpSwitch thinks I need.

Groetjes,

Bonno Bloksma
 Back up my hard drive? How do I put it in reverse?

> > -Original Message-
> >
> > >Is there any hook into the iMail web interface/server?
> >
> > No.
> >
> > With about 10-20 lines of code, IMail could do it, but they
> > don't seem to
> > think there is a need.  :(
> >
> > If they had, we likely would have had a web interface within
> > a week or so
> > after they added the interface (yes, it would be very easy if
> > they had a
> > web interface).
> >  -Scott

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] IP4R Tests Not Happening AfterRe-Install

[Bonno Bloksma]

Hi,

> >The DNS servers appear to be working fine.  NSLOOKUP from a DOS prompt
> >on the mail server to either of the DNS servers specified in IMail's
> >SMTP service settings answers all of my queries, authoritative and
> >recursive.  Is there another test I might perform?

There is one problem that I have seen only on my private Windoes 2000 Pro
machine so far but.. after a while a nslookup hostname will correctly
give me the ip number but... any program trying to use the hostname will get
a "host not found" from the resolver. Somehow this problem had been on my
machine for a long time and only resetting it seems to help. So if a
nslookup works, see if a ping or something else that does a hostname lookup
throug the resolver still works.


Groetjes,

Bonno Bloksma

---
[This E-mail scanned for viruses by Declude Virus using f-prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.