RE: [Declude.JunkMail] Stock Spam

2006-02-03 Thread Cris Porter 
Title: Message



Would 
this get the same result as below ?
 

STOPATFIRSTHIT
 

BODY  75 CONTAINS geocities.comBODY  75 CONTAINS geocities.yahoo.com
 
BODY  100 CONTAINS geocities.

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Scott 
  FisherSent: Thursday, February 02, 2006 11:46 AMTo: 
  Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Stock 
  Spam
  Here's my geocities filter. It's a little more 
  specific so I can weight foreign geocities more than US 
geocities.
   
  STOPATFIRSTHIT
   
  BODY  100 CONTAINS ar.geocities.comBODY  100 CONTAINS geocities.com.arBODY  100 CONTAINS ar.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.com.ar
   
  BODY  100 CONTAINS asia.geocities.comBODY  100 CONTAINS asia.geocities.yahoo.com
   
  BODY  100 CONTAINS au.geocities.comBODY  100 CONTAINS geocities.com.auBODY  100 CONTAINS au.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.com.au
   
  BODY  100 CONTAINS br.geocities.comBODY  100 CONTAINS geocities.com.brBODY  100 CONTAINS br.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.com.br
   
  BODY  100 CONTAINS ca.geocities.comBODY  100 CONTAINS geocities.caBODY  100 CONTAINS ca.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.ca
   
  BODY  100 CONTAINS cf.geocities.comBODY  100 CONTAINS cf.geocities.yahoo.com
   
  BODY  100 CONTAINS cn.geocities.comBODY  100 CONTAINS geocities.cnBODY  100 CONTAINS cn.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.cn
   
  BODY  100 CONTAINS de.geocities.comBODY  100 CONTAINS geocities.deBODY  100 CONTAINS de.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.de
   
  BODY  100 CONTAINS es.geocities.comBODY  100 CONTAINS geocities.esBODY  100 CONTAINS es.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.es
   
  BODY  100 CONTAINS espanol.geocities.comBODY  100 CONTAINS espanol.geocities.yahoo.com
   
  BODY  100 CONTAINS hk.geocities.comBODY  100 CONTAINS geocities.com.hkBODY  100 CONTAINS geocities.hkBODY  100 CONTAINS hk.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.com.hkBODY  100 CONTAINS geocities.yahoo.hk
   
  BODY  100 CONTAINS in.geocities.comBODY  100 CONTAINS geocities.co.inBODY  100 CONTAINS in.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.co.in
   
  BODY  100 CONTAINS it.geocities.comBODY  100 CONTAINS geocities.itBODY  100 CONTAINS it.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.it
   
  BODY  100 CONTAINS kr.geocities.comBODY  100 CONTAINS geocities.co.krBODY  100 CONTAINS kr.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.co.kr
   
  BODY  100 CONTAINS mx.geocities.comBODY  100 CONTAINS geocities.com.mxBODY  100 CONTAINS mx.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.com.mx
   
  BODY  100 CONTAINS sg.geocities.comBODY  100 CONTAINS geocities.com.sgBODY  100 CONTAINS sg.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.com.sg
   
  BODY  100 CONTAINS uk.geocities.comBODY  100 CONTAINS geocities.co.ukBODY  100 CONTAINS uk.geocities.yahoo.comBODY  100 CONTAINS geocities.yahoo.co.uk
   
  BODY  75 CONTAINS geocities.comBODY  75 CONTAINS geocities.yahoo.com
   
   
  
- Original Message - 
From: 
Dave Doherty 

To: Declude.JunkMail@declude.com 

Sent: Thursday, February 02, 2006 9:09 
AM
Subject: Re: [Declude.JunkMail] Stock 
Spam

If you're referring to the geocities 
stuff that's been out the last couple of days, I just use a body 
filter.
 
BODY 3 CONTAINS au.geocities.com
 
Sniffer, which I weight at 
7, picks it up OK, and the added weight of 3 is enough to get to my 
hold weight of 10.
 
-Dave Doherty
 Skywaves, Inc.


  - Original Message - 
  From: 
  Michael 
  Jaworski 
  To: Declude.JunkMail@declude.com 
  
  Sent: Thursday, February 02, 2006 
  9:32 AM
  Subject: [Declude.JunkMail] Stock 
  Spam
  
  Anyone have a good filter strategy on the increasing amount of 
  stock spam??? 
   
  Thanks,
   
  Mike
   

[Declude.JunkMail] Way OT: Server Room Cooling

2005-09-21 Thread Cris Porter 
Can anyone recommend a portable air conditioner to 
cool a 8'x10' server closet ?

I'll have to vent it up thru a drop ceiling and I'm
trying to find something that doesn't require frequent
draining.

Thanks,
Cris Porter
JVC America

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] OT: DNS / Web help

2005-06-06 Thread Cris Porter 



Thanks 
everybody - I had been staring at it so long, 
I 
couldn't see the forest for the trees. (or the 1 for the 2)
 
Amazing how the CORRECT ip address in DNS helps.
 
Sorry 
for the bother.
 
Thanks 
so much!
Cris

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Patrick 
  ChildersSent: Monday, June 06, 2005 9:52 AMTo: 
  Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: DNS 
  / Web help
  When I try to ping sales.jvcdiscusa.com it returns an IP 
  of 65.144.173.133. (Instead of 65.244.173.133) You might want to check your 
  DNS.
   
  HTH,
  Patrick
  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Cris 
PorterSent: Monday, June 06, 2005 10:35 AMTo: 
Declude.JunkMail@declude.comSubject: [Declude.JunkMail] OT: DNS / 
Web help

Question for the Declude collective, this is driving me 
crazy.
 
I've got a website -  http://sales.jvcdiscusa.com 

running on 65.244.173.133
 
I've got an A record in my DNS for the website 
but...
I 
can't open the site using the name but I can using the IP 
address.
If 
I ping the name, I get a DNS lookup for the IP.
 
The only thing different about this site is that it uses Windows 
authentication
to 
force a login.
 
Any ideas?
     
Cris Porter
JVC America

[Declude.JunkMail] OT: DNS / Web help

2005-06-06 Thread Cris Porter 



Question for the Declude collective, this is driving me 
crazy.
 
I've 
got a website -  http://sales.jvcdiscusa.com 

running on 65.244.173.133
 
I've 
got an A record in my DNS for the website but...
I 
can't open the site using the name but I can using the IP 
address.
If I 
ping the name, I get a DNS lookup for the IP.
 
The 
only thing different about this site is that it uses Windows 
authentication
to 
force a login.
 
Any 
ideas?
 
Cris 
Porter
JVC 
America

Re: [Declude.JunkMail] Blank subjects

2004-10-29 Thread Cris Porter 

New example - same problem.

line in global.cfg
SUBJFILTERfilter d:\imail\declude\filters\subject.txt x   5   0

first line in subject.txt
SUBJECT 3 ISBLANK


10/29/2004 11:26:24 Q6ef70429031ee533 GIBBERISH:4 CMDSPACE:9 SPAMCHK:2 .
Total weight = 15.
10/29/2004 11:26:24 Q6ef70429031ee533 Subject:
10/29/2004 11:26:24 Q6ef70429031ee533 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED]  IP: 221.114.77.52 ID:
10/29/2004 11:26:24 Q6ef70429031ee533 Tests failed [weight=15]: HOUR=IGNORE
GIBBERISH=IGNORE CMDSPACE=IGNORE IPNOTINMX=IGNORE SPAMCHK=IGNORE
WEIGHT0915=HOLD
10/29/2004 11:26:24 Q6ef70429031ee533 Last action = HOLD.



Received: from emb1.bcc.univie.ac.at [221.114.77.52] by mail.jvcdiscusa.com
  (SMTPD32-7.13) id AEF7429031E; Fri, 29 Oct 2004 11:25:27 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "Darrin Tapia" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:
Date: Sat, 30 Oct 2004 08:22:08 +
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-Declude-Sender: [EMAIL PROTECTED] [221.114.77.52]
X-Note: This E-mail was scanned by Declude JunkMail for JVC.
X-Note: Failed tests - HOUR, GIBBERISH, CMDSPACE, IPNOTINMX, SPAMCHK,
WEIGHT0915
X-Country-Chain: JAPAN->destination
X-Note: Total spam weight of this E-mail is 15.
X-Note: This E-mail was sent from (timeout) ([221.114.77.52]).



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, October 29, 2004 8:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Blank subjects



>Shouldn't this header fail this test ?

It looks like it should.

What are the Declude JunkMail log file entries for that E-mail?  I'm
wondering if Declude JunkMail saw a different subject for some reason.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.



This outgoing message is guaranteed to be authentic by Message Level users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Blank subjects

2004-10-29 Thread Cris Porter 
Shouldn't this header fail this test ?


To: [EMAIL PROTECTED]
Subject:
Date: Fri, 29 Oct 2004 06:11:58 +
MIME-Version: 1.0



SUBJECT 3 ISBLANK



Cris

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail

2004-07-09 Thread Cris Porter 
I recommend in the future to just tell us what line to add.
A 5mb download seems overkill for this.

Cris Porter
JVC America

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, July 09, 2004 2:02 PM
To: [EMAIL PROTECTED]
Subject: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup
Database test for Declude JunkMail



>M> Why a 5 MB download for an IP4R test?
>
>Yea, I don't get this. Does this harvest virus IPs from our system and
>report them back to Declude?

No.

A beta version of Declude Virus released about 6 months ago added a new
feature to automatically detect forging viruses.  It does this by sending a
DNS packet (very similar to a DNS-based spam database lookup packet) that
includes the IP, and name of the virus.  Our server then determines if the
virus is forging or not.

What we have done is added code to automatically track this data.  It is
completely unrelated to the 5MB download, which simply adds a 50-byte line
to your config file.  :)


-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Surbl.org

2004-04-13 Thread Cris Porter 
Definitely interested in those scripts!

Cris Porter
JVC America

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Roger Eriksson
Sent: Tuesday, April 13, 2004 9:11 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Surbl.org


>  > However I hope to see SURBL soon as an additional Declude test.
>
>I just got caught up on this thread and checked out the website for SURBL
>and I agree! This would help with the stuff that passes all of the other
>tests.
>
>Sheldon
>

Hi,

SURBL is surprisingly effective, considering the fact that it only
contains about 450-500 entries. I have written a simple command
script that downloads the rbldns zone file and converts it to a body
filter. I have scheduled it to run once a day. Here are yesterday's
stats with 9666 hits for the SURBL test (note that the individual
tests show total number of hits, while the spam summary only counts
one hit per message irrespective of the number of recipients):

# Declude test results -- dec0412.log
AHBL-PROXY 1857
AHBL-RHSBL 835
AHBL-SOURCE 302
BADHEADERS 1610
BASE64-PLUS 412
BASE64 786
CBL 10616
COMMENTS 54
DSBL 8875
DSN 1611
FORGEDLOCAL 781
GREYLIST 5
HELOBOGUS 2616
MAILFROM 487
MAILPOLICE 554
MESSAGE OK 2294
NETBL 463
OPM 554
ORDB 24
REVDNS 3028
RSL 673
SBL 571
SNIFFER-ADULT 897
SNIFFER-CASINO 35
SNIFFER-CREDIT 1057
SNIFFER-EMAIL 8
SNIFFER-EXP 578
SNIFFER-GEN 824
SNIFFER-GREY 2
SNIFFER-INSUR 571
SNIFFER-MAL 2
SNIFFER-MEDIA 2172
SNIFFER-OBFUSC 201
SNIFFER-PHARM 5279
SNIFFER-PRINT 0
SNIFFER-RICH 840
SNIFFER-SCAM 119
SNIFFER-TOOLS 0
SNIFFER-TRAVEL 43
SNIFFER 12628
SORBS-DUHL 7512
SPAMCOP 10546
SPAMDOMAINS 3380
SPAMHEADERS 293
SPAMTRAP 121
SPFFAIL 209
SURBL 9666
URLDBL 76
WEIGHT15-19 846
WEIGHT20 11987
WHITELISTED 110

Unique messages for local delivery: 5812
Held spam: 4256 (73%)
Marked spam: 455 (7%)
Non-spam: 1101 (18%)


Furthermore, SURBL has a rather low overlap with most other tests
(only unique hits are counted here):

#Test check - dec0412.log

Test: SURBL
Number of unique hits: 2849

Shared with SBL (421 hits): 69 (2%)
Shared with DSBL (3018 hits): 1951 (68%)
Shared with SPAMCOP (3673 hits): 2208 (77%)
Shared with AHBL-SOURCE (261 hits): 49 (1%)
Shared with CBL (3563 hits): 2232 (78%)
Shared with AHBL-PROXY (683 hits): 420 (14%)
Shared with OPM (200 hits): 132 (4%)
Shared with RSL (240 hits): 163 (5%)
Shared with ORDB (22 hits): 8 (0%)
Shared with SORBS-DUHL (2510 hits): 1494 (52%)
Shared with DSN (479 hits): 299 (10%)
Shared with AHBL-RHSBL (346 hits): 184 (6%)
Shared with MAILPOLICE (492 hits): 171 (6%)
Shared with MAILFROM (161 hits): 67 (2%)
Shared with BADHEADERS (682 hits): 290 (10%)
Shared with HELOBOGUS (940 hits): 537 (18%)
Shared with SPFFAIL (125 hits): 101 (3%)
Shared with SPAMHEADERS (248 hits): 43 (1%)
Shared with REVDNS (1528 hits): 645 (22%)
Shared with COMMENTS (46 hits): 19 (0%)
Shared with BASE64 (577 hits): 3 (0%)
Shared with SNIFFER (4485 hits): 2830 (99%)
Shared with SNIFFER-TRAVEL (7 hits): 7 (0%)
Shared with SNIFFER-INSUR (66 hits): 44 (1%)
Shared with SNIFFER-TOOLS (0 hits): 0 (0%)
Shared with SNIFFER-MEDIA (360 hits): 323 (11%)
Shared with SNIFFER-EMAIL (8 hits): 1 (0%)
Shared with SNIFFER-PHARM (2188 hits): 1650 (57%)
Shared with SNIFFER-SCAM (35 hits): 5 (0%)
Shared with SNIFFER-ADULT (470 hits): 290 (10%)
Shared with SNIFFER-MAL (2 hits): 0 (0%)
Shared with SNIFFER-PRINT (0 hits): 0 (0%)
Shared with SNIFFER-RICH (377 hits): 65 (2%)
Shared with SNIFFER-CREDIT (249 hits): 172 (6%)
Shared with SNIFFER-CASINO (14 hits): 5 (0%)
Shared with SNIFFER-GREY (2 hits): 0 (0%)
Shared with SNIFFER-OBFUSC (130 hits): 85 (2%)
Shared with SNIFFER-EXP (234 hits): 108 (3%)
Shared with SNIFFER-GEN (343 hits): 75 (2%)
Shared with SPAMDOMAINS (970 hits): 630 (22%)
Shared with SPAMTRAP (29 hits): 18 (0%)
Shared with FORGEDLOCAL (330 hits): 75 (2%)
Shared with NETBL (214 hits): 125 (4%)
Shared with URLDBL (52 hits): 6 (0%)
Shared with BASE64-PLUS (384 hits): 2 (0%)
Shared with GREYLIST (5 hits): 0 (0%)
Shared with WEIGHT15-19 (455 hits): 198 (6%)
Shared with WEIGHT20 (4256 hits): 2519 (88%)


If anyone is interested, I can make the SURBL script available for
download (together with some other scripts, e.g., the log analysis
and test check scripts that generated the results seen above). The
best solution is of course to have the SURBL test implemented
directly in Declude, especially since it is a realtime blocklist, but
until then this filter will do just fine.

/Roger
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.de

SpamDomains was incorrectly RE: [Declude.JunkMail] Gibberish filter not working

2004-02-17 Thread Cris Porter 
Thanks.
I just noticed all headers are showing (timeout) on reverse DNS.
Time to do more digging.

Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Tuesday, February 17, 2004 9:07 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Gibberish filter not working



>Shouldn't the e-mail with the following header have failed the SPAMDOMAINS
>test ?
>I have HOTMAIL.COM followed by MSN.COM on a line in my spamdomains.txt
file.

No, because:

>X-Note: This E-mail was sent from (timeout) ([68.38.193.241]).

The reverse DNS entry lookup timed out.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Gibberish filter not working

2004-02-17 Thread Cris Porter 
Shouldn't the e-mail with the following header have failed the SPAMDOMAINS
test ?
I have HOTMAIL.COM followed by MSN.COM on a line in my spamdomains.txt file.

Cris Porter
JVC America

Original header ===
Received: from pcp08119495pcs.nrockv01.md.comcast.net [68.38.193.241] by
mail.jvcdiscusa.com
  (SMTPD32-7.13) id AA03A540138; Tue, 17 Feb 2004 06:33:07 -0600
Received: from 205.100.216.113 by 68.38.193.241; Tue, 17 Feb 2004 18:24:38
+0600
Message-ID: <[EMAIL PROTECTED]>
From: "Barry Keene" <[EMAIL PROTECTED]>
Reply-To: "Barry Keene" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: EXCLUSIVE REPORTS - ATWEC [ATWT] is ready for increased
production...
Date: Tue, 17 Feb 2004 11:27:38 -0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--4703830421352371"
X-IP: 88.176.193.224
X-Priority: 3
X-Declude-Sender: [EMAIL PROTECTED] [68.38.193.241]
X-Note: This E-mail was scanned by Declude JunkMail for JVC.
X-Note: Failed tests - IPNOTINMX, SPAMCHK, WEIGHT0109
X-Country-Chain: UNITED STATES->destination
X-Note: Total spam weight of this E-mail is 8.
X-Note: This E-mail was sent from (timeout) ([68.38.193.241]).
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 374803116

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Report System

2003-07-31 Thread Cris Porter 
Darrell,
Send me a copy, please.
I would like to port it to ASP.

Thanks,
Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Darrell LaRock
Sent: Thursday, July 31, 2003 3:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Report System


Terry,

I used delog for awhile, but I needed several other features that did not
come with delog.  So I developed an application that had all of the features
that I needed.  Below is a sample report that I generated(tab format).  The
reports can be in tab, csv, or html format and you have the ability to email
them as well.

There are many other things that dlanalyzer can report on.  You can get
reports on domains, users, tests, and different reporting periods.  The
combinations are endless.

Right now I am finishing up database support and a few other miscellaneous
features I wanted to add in..

If you would like to try it out let me know and I will make it available..

Darrell


Start Time: 6/1/2003 12:00:00 AM
End Time: 6/2/2003 12:00:00 AM
Total Messages: 25935
Messages That Failed: 18252
Spam Percentage: 70.38%

TEST# FAILEDPercentage
BADHEADERS  373514.40%
BASE64  12034.64%
BLACKLIST   13255.11%
COMMENTS668 2.58%
DECREASEIPWGHT  40  0.15%
DECREASEWEIGHT  557 2.15%
DECREASEWEIGHTLOW   313 1.21%
DSBL380714.68%
DSN 12154.68%
EASYNET-DNSBL   741828.60%
FXBLACKLIST 25749.92%
HELOBOGUS   477618.42%
HEUR10  289911.18%
IPBLACKLIST 5   0.02%
MAILFROM385 1.48%
NJABL   408 1.57%
NOABUSE 334112.88%
NONENGLISH  214 0.83%
NOPOSTMASTER402015.50%
OLDEMPLOYEE 29  0.11%
ORDB261 1.01%
OSDUL   113 0.44%
OSLIST  2   0.01%
OSRELAY 343 1.32%
OSSOFT  326512.59%
OSSRC   330812.75%
POSTMASTER  12  0.05%
REVDNS  423116.31%
ROUTING 14875.73%
SNIFFER 328512.67%
SNIFFERAV   12  0.05%
SNIFFERCASINO   159 0.61%
SNIFFERDEBT 815 3.14%
SNIFFEREXP  269 1.04%
SNIFFERGETRICH  630 2.43%
SNIFFERGREY 421 1.62%
SNIFFERINK  196 0.76%
SNIFFERINSURAN  58  0.22%
SNIFFEROBFUS350 1.35%
SNIFFERPHARM17276.66%
SNIFFERPORN 16306.28%
SNIFFERSCAM 1   0.00%
SNIFFERSPAMWAR  127 0.49%
SNIFFERTHEFT138 0.53%
SNIFFERTRAVEL   438 1.69%
SPAMCOP 417216.09%
SPAMHEADERS 416016.04%
WEIGHT1010482   40.42%
WEIGHT5 769 2.97%
WORDFILTER  782630.18%

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Terry Parks
Sent: Thursday, July 31, 2003 2:26 PM
To: Declude. JunkMail
Subject: [Declude.JunkMail] Report System

While it's quiet I'd like to know which system is best at reporting status
of the email system in terms of most messages sent from/delivered to
address, etc. I need a good summary reporting system that will email me
these results. I've tried delog but the email feature doesn't work.

Terry


---
[This E-mail scanned for viruses by Surfside Internet]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Best Practices question

2003-07-17 Thread Cris Porter 
Me too!

Cris Porter

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of VanTech.Net
Sent: Thursday, July 17, 2003 9:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Best Practices question


Karl,

Please do so, I would be interested in it!

Aaron Caviglia

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems
Eng. (Karl Drugge)
Sent: Thursday, July 17, 2003 7:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Best Practices question


Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW..
yuck. FIND will work, but I'd have to wash my hands afterwards. My
computer is supposed to do my work FOR me, on a daily basis, and mail me
my checks at home ! ( I wish ! )...

Just write up a quick PERL/WSH/Shell script to parse the info, then
schedule it with AT to run whenever you want. I wrote mine up a few
weeks ago. If people want I'll post it. It's in PERL, so you'll need
active PERL installed, and you might need to tweak it for your local
settings. It's not as clean as Scott or another professional programmer
might make it, but it's quick, dirty, and gets the job done.

 Here's a sample of what mine does ( on a pretty slow day for SPAM ):


  Total number of messages 665
  Total Passed, including whitelisted,   523,percentage : 78.6
  Total HELD 21, percentage : 3.2
  Total BOUNCED  121,percentage : 18.2

Total of Whitelisted 218
Total of SPAMCOP 25
Total of NOABUSE 66
Total of NOPOSTMASTER58
Total of BADHEADERS  38
Total of BASE64  1
Total of HELOBOGUS   99
Total of MAILFROM1
Total of PERCENT 0
Total of REVDNS2 34
Total of ROUTING 13
Total of SPAMHEADERS 40
Total of FILTERWORDS 248
Total of BLACKLIST   34
Total of REVDNSPROBLEM   77
Total of IPBlacklist 31


Karl Drugge, Systems Network Engineer




-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 17, 2003 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Best Practices question


>How can I determine the amount of caught/received emails with JunkMail?

>It would take me an eternity to go through each log file.

There are several ways that you can do this.  For example, you can do a
directory of the \IMail\spool\spam directory, where the held E-mails
are.  To find out how many are to you, you can use "find" with the /C
switch.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] OT: Network Security Analysis

2003-04-03 Thread Cris Porter 
Thanks, Adrian.
I looking for someone to do white-hat hacking from the internet
and report vulnerabilities and solutions.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Adrian Titei
Sent: Thursday, April 03, 2003 2:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] OT: Network Security Analysis


Cris,

For security analysis only I could definitely recommend
www.securityspace.com. I have used them and their reports are pretty
comprehensive. Have a look at their site. If you need to analyse your
network design and/or add/reconfigure servers, firewalls,
etc., then you probably need to find a local security consultant.

Cheers,
Adrian

Cris Porter wrote:
>
> Can anyone recommend a good vendor to do a
> thorough security analysis?
>
> Cris Porter
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.

--
Regards,
Adrian Titei
Director of IT
Jumbo Entertainment Inc.

p: 905-634-4244 x 232
f: 905-632-2964
e: [EMAIL PROTECTED]

===> Confidentiality Notice: <
This e-mail message and any attachment to same  contains confidential
information intended only for the person(s) to whom the said
e-mail is intended to be sent.  Any review, retransmission, dissemination or
other use of or the taking of any action and reliance
upon this information by persons or entities other than the intended
recipient violates confidentiality and is prohibited.  If you
have received this e-mail message in error, please notify the sender
immediately and delete the e-mail message from your computer.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] OT: Network Security Analysis

2003-04-03 Thread Cris Porter 
Can anyone recommend a good vendor to do a 
thorough security analysis?

Cris Porter

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Populardomains test

2002-12-09 Thread Cris Porter 
What if you set the positive weight of the popular domains equal to the
negative weight of the IPNOTINMX test?

Won't only invalid mail from these domains add to the accumulated weight?

Cris Porter
JVC America

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff
Sent: Monday, December 09, 2002 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Populardomains test


>I'm missing something that could trigger false positives?

What if I send you a note from my yahoo.com account that just happens to
trigger one of your filters because I am telling you about a new spam
technique?

With the way you have it set, just me sending a mail to you from my
yahoo.com account is now at 55% (or is that 70% if abuse is 15% and
postmaster is 15%) of your hold weight.

While I am also testing for those domains, I have that combination (total if
it fails domain, abuse and postmaster) at 50% of subject modification and
40% of hold.

Just my .02.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835
www.reliancesoft.com


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Filtering E-Greetings

2002-12-03 Thread Cris Porter 
Get JunkMail, then add Sniffer and let them
do the filtering for you. My time spent filtering
has dropped off dramatically since installing it.

Cris Porter
JVC America

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Delbridge
Sent: Tuesday, December 03, 2002 12:01 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Filtering E-Greetings


Hi all,

What's the best approach for filtering the e-greetings scumware?  I run
both Declude Virus and JunkMail, and from what I've read in the forum
archives, JunkMail is the tool to use.

The options discussed so far don't appear to be conclusive.  Filtering
by phrase in the body will catch legit mail.  Filtering by e-greeting
domains will require frequent updates, and there is no authoritative
source for such a list.

What to do?

Any advice is greatly appreciated.

Dave
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Newbie question about baseline

2002-10-04 Thread Cris Porter 

Most of the rules I had were looking for phrases in the header.
Those had virtually no chance of false positives.
I moved those to my Declude word filter file with a weight that will
hold them or, if they fail other tests, will delete them.

I only use Hold and Delete actions so my spambox only catches a few messages
a day.
As soon as I finish moving my remaining rules, I'll be deleting my spam
mailbox.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Keith Purtell
Sent: Friday, October 04, 2002 3:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Newbie question about baseline


That's interesting. When you move a rule over to Declude, do you make the
decision based a certainty
of minimal false positives or what?

As for SpamReview, here's what I've been doing to simplify viewing of likely
spam. I have an IMail
rule that catches some of the unique Declude language in the header, that
re-directs to the IMail
spambox. Then I open the box with Web Messaging. That way I don't have to
review spam in two
different places.

Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
Email:  [EMAIL PROTECTED]


CONFIDENTIALITY NOTICE: This email message, including any attachments, is
for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please
contact the sender by reply email and destroy all copies of the original
message.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Cris Porter
Sent: Friday, October 04, 2002 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Newbie question about baseline


I've been using Junkmail for a little over a year.
I've continued using I-mail rules also.
I've made 2 changes that cut down my spambox tremendously.

1) We subscribed to Sniffer and gave it a weight high enough to hold
anything tripping it.
2) I've been slowly moving my catchphrases from I-mail rules to Declude
word/phrase filters.

Also, get SpamReview. It's great for reviewing help spam.

Cris Porter
JVC America


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Keith Purtell
Sent: Friday, October 04, 2002 2:27 PM
To: Declude JunkMail (E-mail)
Subject: [Declude.JunkMail] Newbie question about baseline


I've been using JunkMail for several weeks now. Not sure I'm using it
correctly. I've tinkered with
the weighting system, added a hophigh of 1, established a three weight
system (WEIGHT10, WEIGHT20,
WEIGHT30) with different actions for each one (WARN, SUBJECT, DELETE), etc.
Also read posts to this
list with great interest. And continued to handle some spam with Imail's
rules.ima file.

However, when I check the server each morning, the spambox has at least 250
new messages, and one
Monday I found 1,000. Bear in mind we only have approx 200 employees
nationwide and serve a niche
market. I've tried to be aggressive about automatically deleting certain
incoming mail, especially
using rules.ima. Hence the term "baseline" in my subject. Do more
experienced postmasters find this
much junk on their server and just delete it manually, or do they make
better use of the software to
automatically delete spam?

Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
Email:  [EMAIL PROTECTED]


CONFIDENTIALITY NOTICE: This email message, including any attachments, is
for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please
contact the sender by reply email and destroy all copies of the original
message.




---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Newbie question about baseline

2002-10-04 Thread Cris Porter 

I've been using Junkmail for a little over a year.
I've continued using I-mail rules also.
I've made 2 changes that cut down my spambox tremendously.

1) We subscribed to Sniffer and gave it a weight high enough to hold
anything tripping it.
2) I've been slowly moving my catchphrases from I-mail rules to Declude
word/phrase filters.

Also, get SpamReview. It's great for reviewing help spam.

Cris Porter
JVC America


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Keith Purtell
Sent: Friday, October 04, 2002 2:27 PM
To: Declude JunkMail (E-mail)
Subject: [Declude.JunkMail] Newbie question about baseline


I've been using JunkMail for several weeks now. Not sure I'm using it
correctly. I've tinkered with
the weighting system, added a hophigh of 1, established a three weight
system (WEIGHT10, WEIGHT20,
WEIGHT30) with different actions for each one (WARN, SUBJECT, DELETE), etc.
Also read posts to this
list with great interest. And continued to handle some spam with Imail's
rules.ima file.

However, when I check the server each morning, the spambox has at least 250
new messages, and one
Monday I found 1,000. Bear in mind we only have approx 200 employees
nationwide and serve a niche
market. I've tried to be aggressive about automatically deleting certain
incoming mail, especially
using rules.ima. Hence the term "baseline" in my subject. Do more
experienced postmasters find this
much junk on their server and just delete it manually, or do they make
better use of the software to
automatically delete spam?

Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
Email:  [EMAIL PROTECTED]


CONFIDENTIALITY NOTICE: This email message, including any attachments, is
for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please
contact the sender by reply email and destroy all copies of the original
message.

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] MonkeyProxies

2002-10-01 Thread Cris Porter 

How is everyone weighting this test?
Are there many false positives?

Cris Porter
JVC America
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Handling Held Spams

2002-06-06 Thread Cris Porter 

Do you delete automatically ?
If so, how ?

Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Madscientist
Sent: Thursday, June 06, 2002 9:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Handling Held Spams


We delete held spam after 30 days.
If a false positive possibility arrizes, we will use a file - search in
our holding bin to identify any messages that have the correct keywords
- If we verify the false positive this way we can not only put it back
in stream, but also adjust our filtering scheme to compensate. This way
we spend almost no time on dealing with the issue (we have very few
false positives)... But when a false positive does show up we have
everything we need to handle it quickly.

Hope this helps,
_M

| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Mark MItchell
| Sent: Wednesday, June 05, 2002 10:51 PM
| To: [EMAIL PROTECTED]
| Subject: [Declude.JunkMail] Handling Held Spams
|
|
| Hello,
|
|   I was wondering how people handle all the held spam?  From
| my estimates, my mailserver is holding over 1 million spams
| per month.  I only have BADHEADERS and MAILFROM set for hold
| and rest for warn.  Are those the two that most people have
| set to hold?  Any way to make it so the spam forwards to a
| specific email address so I can search it easier if a
| customer complains that there message was marked spam?
|
| Thanks,
| Mark
|
|
| ---
| [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  You can E-mail [EMAIL PROTECTED] for
assistance.  You can visit our web site at http://www.declude.com .


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.JunkMail] Blacklisting bounce

2002-04-25 Thread Cris Porter 


If I add bounce@ and bounce- to my blacklist
file, will it block all mail from
[EMAIL PROTECTED] and [EMAIL PROTECTED] ?

Cris Porter
Jvc America

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

RE: [Declude.JunkMail] orbz is now dsbl

2002-03-25 Thread Cris Porter 

Isn't the idea that mail admins will receive spam and then
test the source for an open relay and have the source send the mail
to dsbl ?

Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Todd Holt
Sent: Monday, March 25, 2002 10:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] orbz is now dsbl


Is the idea that mail admins will forward the mail they consider spam to the
dsbl address?  If so, I see a new feature request for SpamReview!! :-)

Todd

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Monday, March 25, 2002 10:43 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] orbz is now dsbl



>Then only the SPAMmers that have the dsbl mail address on their list (or
>aren't smart enough to know to remove it) will get blacklisted.  I give
more
>credit to the SPAMmers than that, so far. :-)

That's not the idea.  It may be the idea that is being portrayed for legal
reasons, though.

The idea is that dsbl won't test any mailservers.  *But*, they are hoping
that others will.  People will run open relay testers, and have the E-mail
sent to the dsbl list.  So they will end up (if all goes as planned) with
most open relays listed, but with the legal excuse of "We aren't scanning
any servers; your mail server sent us mail so you got listed".
 -Scott

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .
---
[This E-mail scanned for viruses by Declude Virus]


---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

RE: [Declude.JunkMail] Declude console

2002-02-19 Thread Cris Porter 

Just downloaded the console exe to my imail folder and changed my
global.cfg file and it fired up immediately!  It's a shame it doesn't
work with terminal server.

-Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Tuesday, February 19, 2002 1:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Declude console



>Could it be that I was in a terminal server session?

That could account for why you didn't see any information in it.
-Scott

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

RE: [Declude.JunkMail] Why doesn't this get caught?

2002-02-14 Thread Cris Porter 

Try adding 270net.com to your blacklist.

Cris Porter
JVC America

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Flook
Sent: Thursday, February 14, 2002 8:56 AM
To: Declude JunkMail List (E-mail)
Subject: [Declude.JunkMail] Why doesn't this get caught?


I was hoping someone could fill me in as to why this email doesn't get
trapped by my blacklist.  Other domains get caught that are in my
blacklist.txt file (such as ANYTHING.em5000.com), but this one always gets
through (I have it spelled right in the file as em5000.net).  Could it be
the ? mark in the From address that throws off the blacklist filter?

Thanks-
Steve

HEADER INFO:
Received: from webster.270net.com ([216.127.139.53]) by wyatt.270net.com
with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id 16ZNB4GC; Thu, 14 Feb 2002 09:41:24 -0500
Received: from SMTP32-FWD by 270net.com
(SMTP32) id A06A4; Thu, 14 Feb 2002 09:42:01 -0500
Received: from exploder8.em5000.net [64.37.114.78] by webster.270net.com
(SMTPD32-7.05) id ACB84D02CA; Thu, 14 Feb 2002 09:42:00 -0500
From: PerfectOffers <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
Subject: RE: $49 Family Healthcare!
To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
X-Info: To report abuse forward this mail to
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> . Please include all mail
header fields!
X-Owner: perfectoffers;npdoqdu*270qhw=frp;
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="101354989349804"
X-RMD-Text: yes
Date: Thu, 14 Feb 2002 06:42:04 PST
X-Mailer: 2.0-b55-VC_IPA [Jan 1 2002, 13:54:45]
Message-ID: <13020200035$101181316451529$1895161752$[EMAIL PROTECTED]
<mailto:13020200035$101181316451529$1895161752$[EMAIL PROTECTED]>>
X-Note: RDNS Real-Origin: exploder8.em5000.net. [64.37.114.78]
X-Note: SMTP Real-From:
101181316451529-13020200035-270net.com?[EMAIL PROTECTED]
<mailto:101181316451529-13020200035-270net.com?[EMAIL PROTECTED]>
X-Note: SMTP Real-To: (1) [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
X-Note: Tests Failed, If Any (.cfg) =
--101354989349804
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--101354989349804
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.JunkMail] Blacklisting domains

2002-02-06 Thread Cris Porter 

Scott,

Any ETA for an update that will allow us to 
blacklist entire domains (ie pm0.net) ?

I don't want to keep adding subdomains to my blacklist file if 
the fix is imminent.

Cris Porter
JVC America
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

RE: [Declude.JunkMail] Am I blacklisting correctly? (Part 2)

2002-02-01 Thread Cris Porter 

Thanks.
It will be great when I can filter all pm0.net
and others like them with one line in my blacklist file.

I can wait for the next release.
I'll use my kill file in the meantime to block various
***.pm0.net and others like them.

-Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Friday, February 01, 2002 5:14 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Am I blacklisting correctly? (Part 2)



>My log file, cfg, default,and blacklist.txt files are attached.

We have identified a problem with the "fromfile" blacklists that are
causing this.  The partial domain matching isn't working properly.  We will
have this fixed in the next release.  In the meantime, you can still use
"@example.com" (instead of "example.com"), but that will only match the
exact domain (IE "@example.com" won't match "@mail.example.com").  I can
send you an interim release if necessary that takes care of this issue.
-Scott

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.JunkMail] Am I blacklisting correctly? (Part 2)

2002-02-01 Thread Cris Porter 

OK,
I understand that the WARN with other actions not working
is a problem but shouldn't the settings below work to
DELETE mail from the domains listed in the Blacklist.txt file ?
Shouldn't this also catch all the spam from
[EMAIL PROTECTED]
[EMAIL PROTECTED]
etc. ?

I am seeing these HELD for failing other tests. Shouldn't they
be DELETED for failing the Blacklist test ?

Am I setting something wrong ?



--d:\imail\declude\blacklist.txt snippet---
pm0.net NotAllowed
em5000.net NotAllowed
optamail.com Not Allowed
sendoutmail.com NotAllowed
edirectnetwork.net NotAllowed

--Global.cfg snippet---
#
# Definitions of the tests to use (do not edit unless you know what you are
doing).
# These must come before the actions.
#
# First is the name of the check, then the type of check (ip4r is a DNS
lookup using
# the reverse of the IP address).
#
# For type ip4r, 'matchstring' is the string to look for, or "*" for
anything.
#
MYBLACKLIST fromfile d:\imail\declude\blacklist.txt
MYBLACKLIST2 fromfile d:\imail\declude\blacklist.txt

--$default$.junkmail snippet
#
# Actions to take when E-mails fail the various tests
#
MYBLACKLIST DELETE
ORBZIN  WARN
ORBZOUT WARN
ORDBWARN
OSDUL   HOLD
OSFORM  WARN
OSLIST  WARN
OSRELAY WARN
OSSMART WARN
OSSOFT  WARN
OSSRC   HOLD
SPAMCOP WARN
DSN WARN
NOABUSE WARN
NOPOSTMASTERWARN

BADHEADERS  WARN
MAILFROMWARN
PERCENT HOLD
REVDNS  WARN
ROUTING WARN
SPAMHEADERS WARN

WEIGHT10HOLD

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

RE: [Declude.JunkMail] Help! Creating Black Lists

2002-01-31 Thread Cris Porter 

Did you see anything wrong with my previous post ?
Cris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Thursday, January 31, 2002 2:45 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Help! Creating Black Lists



>Can you be more specific on how to setup your own black list in Declude?
>Yes, I know there's a manual at
>www.declude.com/junkmail/manual
.htm
>.

Well, rather than trying to guess what you're having troubles with, how
about either asking a specific question or letting us know what you've
already tried?
 -Scott

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

[Declude.JunkMail] Am I blacklisting correctly?

2002-01-31 Thread Cris Porter 


I've added 2 tests in my global.cfg called
MYBLACKLIST & MYBLACKLIST2 (identical for 2 different actions)
and I've added 2 actions in my $default$.junkmail file to
WARN and HOLD this mail. A lot of the domains in my BLACKLIST.TXT file
are being held for other reasons.
Shouldn't the BLACKLIST warning show up in those held files ?

Cris Porter
JVC America



--Global.cfg snippet---
#
# Definitions of the tests to use (do not edit unless you know what you are
doing).
# These must come before the actions.
#
# First is the name of the check, then the type of check (ip4r is a DNS
lookup using
# the reverse of the IP address).
#
# For type ip4r, 'matchstring' is the string to look for, or "*" for
anything.
#
MYBLACKLIST fromfile d:\imail\declude\blacklist.txt
MYBLACKLIST2 fromfile d:\imail\declude\blacklist.txt

--$default$.junkmail snippet
# Actions to take when E-mails fail the various tests
# LOG will put an entry into the log file for failed message,
# WARN will add a warning to the headers of the message,
# FOOTER will add text to the end of the E-mail (IE:  "ORBS FOOTER [This
message may be spam]")
# HEADER will add text to the beginning of the E-mail
# SUBJECT will add text to the beginning of the subject
# HOLD will hold the message in the spool\spam directory.
# DELETE will delete the E-mail -- don't use unless necessary!
#
MYBLACKLIST WARN
MYBLACKLIST2HOLD




---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .