RE: [Declude.JunkMail] Blacklists Recommendations.
Gary: Thanks a lot for taking the time to put that together. I am going to check out those sites. We do use the multiple tests from NJABL and SORBs. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Monday, November 27, 2006 12:15 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Blacklists Recommendations. BLITZEDALL went offline in May (see http://opm.blitzed.org). Other than that, all the ones you are using I am also using. Other IP4R tests that I am using successfully that you are not: ADNSBL dnsbl.antispam.or.id BASURA bl.emailbasura.org CSMA-SBLbl.csma.biz IMP-SPAMspamrbl.imp.ch SWINOG dnsrbl.swinog.ch JAMMDNSBL dnsbl.jammconsulting.com PSBLpsbl.surriel.com SPAMBAG blacklist.spambag.org SPAMCANNIBALbl.spamcannibal.org TQM3-DYNA dhcp.tqmcube.com TQM3-SPAM spam.tqmcube.com MXRATE sub.mxrate.net FIVETEN blackholes.five-ten-sg.com WHOIS-DYNA combined-HIB.dnsiplists.completewhois.com MXRATE, FIVETEN, and WHOIS-DYNA have multiple lists, and it is good to give separate weights to each. Make sure you check out their web sites for specifics. NJABL and SORBs have multiple tests, make sure you are using all of them, check out their web sites for specifics. Sometimes these sites with multiple tests delete some and add new ones, so it is a good idea to check their web sites every so often to see if there are any changes. For RHSBLs, make sure you are using SURBL (multi.surbl.org). Statistically (using DLanalyzer), the top ten spam catching blacklists for my servers are CBL, SORBS-DUHL, FIVETEN-SPAM, IMP-SPAM, SPAMCOP, PSBL, NJABL-DYNA, UCEPROTECT-1, UCEPROTECT-3, MXRATE-BLOCK. Are you using invURIBL? It is an inexpensive external test, and it will catch a lot of spam. Gary Original Message > From: "Chuck Schick" <[EMAIL PROTECTED]> > Sent: Monday, November 27, 2006 12:55 PM > To: "Declude. JunkMail" > Subject: [Declude.JunkMail] Blacklists Recommendations. > > I am looking for recommendations on other blacklists that Declude > users are successfully using. > > Right now I use. > > Spamcop > list.dsbl.org (trusted) > AHBL > Spamhaus > CBL > UCEB > ORDB > SORBs > NJABL > BLITZEDALL > MailPolice > > > I looked at the Declude list and I am wondering about adding > > spamsources.fabel.dk > bl.csma.biz > 0spam.fusionzero.com > dnsbl.cyberlogic.net > blackholes.five-ten-sg.com (multiple tests) > psbl.surriel.com > db.wpbl.info > > Thoughts on these tests. Any others that people are having luck with? > > We use sniffer with Declude but too much is slipping through. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklists Recommendations.
Blitzedall is dead. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Monday, November 27, 2006 02:02 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Blacklists Recommendations. Darrell: Thanks for the recommendation. I have added MX Rate...Any particular one(s) of the fiveten lists. I Think we used them in the past but had some false positive issues. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, November 27, 2006 10:55 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Blacklists Recommendations. Chuck, I would look to add MxRate and FiveTen. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Chuck Schick" <[EMAIL PROTECTED]> To: "Declude. JunkMail" Sent: Monday, November 27, 2006 12:35 PM Subject: [Declude.JunkMail] Blacklists Recommendations. I am looking for recommendations on other blacklists that Declude users are successfully using. Right now I use. Spamcop list.dsbl.org (trusted) AHBL Spamhaus CBL UCEB ORDB SORBs NJABL BLITZEDALL MailPolice I looked at the Declude list and I am wondering about adding spamsources.fabel.dk bl.csma.biz 0spam.fusionzero.com dnsbl.cyberlogic.net blackholes.five-ten-sg.com (multiple tests) psbl.surriel.com db.wpbl.info Thoughts on these tests. Any others that people are having luck with? We use sniffer with Declude but too much is slipping through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] Blacklists Recommendations.
BLITZEDALL went offline in May (see http://opm.blitzed.org). Other than that, all the ones you are using I am also using. Other IP4R tests that I am using successfully that you are not: ADNSBL dnsbl.antispam.or.id BASURA bl.emailbasura.org CSMA-SBLbl.csma.biz IMP-SPAMspamrbl.imp.ch SWINOG dnsrbl.swinog.ch JAMMDNSBL dnsbl.jammconsulting.com PSBLpsbl.surriel.com SPAMBAG blacklist.spambag.org SPAMCANNIBALbl.spamcannibal.org TQM3-DYNA dhcp.tqmcube.com TQM3-SPAM spam.tqmcube.com MXRATE sub.mxrate.net FIVETEN blackholes.five-ten-sg.com WHOIS-DYNA combined-HIB.dnsiplists.completewhois.com MXRATE, FIVETEN, and WHOIS-DYNA have multiple lists, and it is good to give separate weights to each. Make sure you check out their web sites for specifics. NJABL and SORBs have multiple tests, make sure you are using all of them, check out their web sites for specifics. Sometimes these sites with multiple tests delete some and add new ones, so it is a good idea to check their web sites every so often to see if there are any changes. For RHSBLs, make sure you are using SURBL (multi.surbl.org). Statistically (using DLanalyzer), the top ten spam catching blacklists for my servers are CBL, SORBS-DUHL, FIVETEN-SPAM, IMP-SPAM, SPAMCOP, PSBL, NJABL-DYNA, UCEPROTECT-1, UCEPROTECT-3, MXRATE-BLOCK. Are you using invURIBL? It is an inexpensive external test, and it will catch a lot of spam. Gary Original Message > From: "Chuck Schick" <[EMAIL PROTECTED]> > Sent: Monday, November 27, 2006 12:55 PM > To: "Declude. JunkMail" > Subject: [Declude.JunkMail] Blacklists Recommendations. > > I am looking for recommendations on other blacklists that Declude users are > successfully using. > > Right now I use. > > Spamcop > list.dsbl.org (trusted) > AHBL > Spamhaus > CBL > UCEB > ORDB > SORBs > NJABL > BLITZEDALL > MailPolice > > > I looked at the Declude list and I am wondering about adding > > spamsources.fabel.dk > bl.csma.biz > 0spam.fusionzero.com > dnsbl.cyberlogic.net > blackholes.five-ten-sg.com (multiple tests) > psbl.surriel.com > db.wpbl.info > > Thoughts on these tests. Any others that people are having luck with? > > We use sniffer with Declude but too much is slipping through. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklists Recommendations.
Darrell: Thanks for the recommendation. I have added MX Rate...Any particular one(s) of the fiveten lists. I Think we used them in the past but had some false positive issues. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, November 27, 2006 10:55 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Blacklists Recommendations. Chuck, I would look to add MxRate and FiveTen. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Chuck Schick" <[EMAIL PROTECTED]> To: "Declude. JunkMail" Sent: Monday, November 27, 2006 12:35 PM Subject: [Declude.JunkMail] Blacklists Recommendations. I am looking for recommendations on other blacklists that Declude users are successfully using. Right now I use. Spamcop list.dsbl.org (trusted) AHBL Spamhaus CBL UCEB ORDB SORBs NJABL BLITZEDALL MailPolice I looked at the Declude list and I am wondering about adding spamsources.fabel.dk bl.csma.biz 0spam.fusionzero.com dnsbl.cyberlogic.net blackholes.five-ten-sg.com (multiple tests) psbl.surriel.com db.wpbl.info Thoughts on these tests. Any others that people are having luck with? We use sniffer with Declude but too much is slipping through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists Recommendations.
Chuck, I would look to add MxRate and FiveTen. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Chuck Schick" <[EMAIL PROTECTED]> To: "Declude. JunkMail" Sent: Monday, November 27, 2006 12:35 PM Subject: [Declude.JunkMail] Blacklists Recommendations. I am looking for recommendations on other blacklists that Declude users are successfully using. Right now I use. Spamcop list.dsbl.org (trusted) AHBL Spamhaus CBL UCEB ORDB SORBs NJABL BLITZEDALL MailPolice I looked at the Declude list and I am wondering about adding spamsources.fabel.dk bl.csma.biz 0spam.fusionzero.com dnsbl.cyberlogic.net blackholes.five-ten-sg.com (multiple tests) psbl.surriel.com db.wpbl.info Thoughts on these tests. Any others that people are having luck with? We use sniffer with Declude but too much is slipping through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklists Recommendations.
I am looking for recommendations on other blacklists that Declude users are successfully using. Right now I use. Spamcop list.dsbl.org (trusted) AHBL Spamhaus CBL UCEB ORDB SORBs NJABL BLITZEDALL MailPolice I looked at the Declude list and I am wondering about adding spamsources.fabel.dk bl.csma.biz 0spam.fusionzero.com dnsbl.cyberlogic.net blackholes.five-ten-sg.com (multiple tests) psbl.surriel.com db.wpbl.info Thoughts on these tests. Any others that people are having luck with? We use sniffer with Declude but too much is slipping through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists
I have been receiving many messages that are not being caught by Junkmail and are not failing any tests. They are most certainly SPAM and are more than a little obnoxious. I want to blacklist messages of this kind, but want to be completely sure which is the best way. As an example, I have the following line for X-Declude-Sender: X-Declude-Sender: [EMAIL PROTECTED] [24.243.227.175] In the past, I have blacklisted [EMAIL PROTECTED], but the IP address given actually resolves to cs24243227-175.austin.rr.com. Should I be blacklisting the sender or actual resolved address OR both?? The IP blacklists ("ipfile" test type in the global.cfg file) only block IPs, and the sender blacklists ("fromfile" in the global.cfg file) only work on the return address. So you could add 24.243.227.175 to an IP blacklist, or you could add [EMAIL PROTECTED] to a sender blacklist. If you are running Declude JunkMail Pro, you could also add a filter that would block the reverse DNS entry of cs24243227-175.austin.rr.com. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklists
Greetings, I have been receiving many messages that are not being caught by Junkmail and are not failing any tests. They are most certainly SPAM and are more than a little obnoxious. I want to blacklist messages of this kind, but want to be completely sure which is the best way. As an example, I have the following line for X-Declude-Sender: X-Declude-Sender: [EMAIL PROTECTED] [24.243.227.175] In the past, I have blacklisted [EMAIL PROTECTED], but the IP address given actually resolves to cs24243227-175.austin.rr.com. Should I be blacklisting the sender or actual resolved address OR both?? I appreciate all the insight I can get. Thanks. Jim James Colunio Network/System Administrator Elmira College Elmira, NY 14901 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: (4, ):[Declude.JunkMail] Blacklists
Something you might try is setting up a black list file in the GLOBAL.CFG with a weight of 0. ie: SenderBlacklist fromfile C:\IMail\Declude\SenderBlacklist.txt x 0 0 Then you can go in a per-domain or per-user ie: SenderBlacklist DELETE This effectively gives you individual blacklists. Brian Clover -Original Message- From: Rich [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 08, 2003 12:31 AM To: [EMAIL PROTECTED] Subject: (4, ):[Declude.JunkMail] Blacklists Scott and all, We have the ability to develop a whitelist by domain now, how about the ability to create a individual blacklist, say something like this in each junkmail file... WHITELISTFILE C:\maillists\cswanson\whitelist.txt BLACKLISTFILE C:\maillists\cswanson\blacklist.txt What prompted this was a customer who is using the Web Email address book whitelist, and wants to shut down all Hotmail accounts trying to send him mail other then the ones he has in his address book. So if I understand the .JunkMail processing, it's done after the address book is checked. So he'd receive his whitelisted hotmail accounts, and anything else from a hotmail address would be dumped. Kendra Customer Support http://www.kendra.com/support [EMAIL PROTECTED] 425-397-7911 This Email was scanned for viruses Junk Email filtered ISP --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists
We have the ability to develop a whitelist by domain now, how about the ability to create a individual blacklist, say something like this in each junkmail file... WHITELISTFILE C:\maillists\cswanson\whitelist.txt BLACKLISTFILE C:\maillists\cswanson\blacklist.txt The catch here is while they sound similar, whitelisting and blacklisting are very different beasts. Whitelisting involves just one thing: If an E-mail is whitelisted, Declude makes sure that the E-mail is delivered in exactly the same way as it would be delivered if it did not fail any spam tests. Blacklisting, however, is much more complicated. If an E-mail is blacklisted, should Declude JunkMail delete it? We can't do that, because Declude will never delete E-mail unless specifically requested to do so. Should it quarantine the E-mail? That would work for some people, but not everyone. Therefore, we would need to figure out some way of determining what action to take -- and then some people would probably want to have it factor into the weighting system. At that point, do we set it up so that each blacklist entry can have its own action/weight (which some people would want)? Or do we set up the blacklists exactly the same as standard tests (but, that can be done now, although it is tricky for per-user/per-domain blacklists)? This is one of those features that it may be necessary to keep expanding and expanding, which could require major changes to the way that Declude JunkMail works. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklists
Scott and all, We have the ability to develop a whitelist by domain now, how about the ability to create a individual blacklist, say something like this in each junkmail file... WHITELISTFILE C:\maillists\cswanson\whitelist.txt BLACKLISTFILE C:\maillists\cswanson\blacklist.txt What prompted this was a customer who is using the Web Email address book whitelist, and wants to shut down all Hotmail accounts trying to send him mail other then the ones he has in his address book. So if I understand the .JunkMail processing, it's done after the address book is checked. So he'd receive his whitelisted hotmail accounts, and anything else from a hotmail address would be dumped. Kendra Customer Support http://www.kendra.com/support [EMAIL PROTECTED] 425-397-7911 This Email was scanned for viruses Junk Email filtered ISP --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BLACKLISTS -
The blacklist is the one generated by killlistgen. We were going to delete mail based on it...now we downgraded to warn and added to weighting so most do not get thru. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, November 18, 2002 4:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BLACKLISTS - >http://www.informationweek.com/story/IWK20021115S0018 > >After reading this article, I changed our setup to weight the blacklist >to 7 and delete email at weight20. Which blacklist? What was it set to before you read that article? Why did you change it after reading that article? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BLACKLISTS -
SPAM, Monday, November 18, 2002 you wrote: S> After reading this article, I changed our setup to weight the S> blacklist to 7 and delete email at weight20. This waters down the S> blacklist a bit but removes the reliance...anyone else doing the S> same or similar? I think I understand what information in the article made you change your testing. However, it is more and more evident to me and my testing that every community of mail users is different and requires a different set of tests and actions. I think it is entirely possible that one admin might get excellent results with an RBL and another might not. So I think you have to devise a way to constantly monitor and tweak. I think that's the real message of the article - not just that rbl's are not as effective as they once were. However, we employ SNIFFER and get great results. We now fail on it alone after working out our lists and a few other peculiar issues. It has been well worth the fee. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BLACKLISTS -
http://www.informationweek.com/story/IWK20021115S0018 After reading this article, I changed our setup to weight the blacklist to 7 and delete email at weight20. Which blacklist? What was it set to before you read that article? Why did you change it after reading that article? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BLACKLISTS -
Hi, http://www.informationweek.com/story/IWK20021115S0018 After reading this article, I changed our setup to weight the blacklist to 7 and delete email at weight20. This waters down the blacklist a bit but removes the reliance...anyone else doing the same or similar? regards, -- Fred Sadowick 1stChoiceInternational.com -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists vs. Bogus Reply-To
Thanks, Tom. Will do. True. It's just a shame to see an otherwise complete blacklist fail to snag the bad guys. It's got their number. It's just not being pointed to look in the right place (at least, in this particular instance). Why things are this way may be appropriate but over my head. I'm still new to this. Dave Tom wrote: > > But a filter requires the four-column format "HELO 10 CONTAINS > > spammer.com" which would require that we reformat any third-party > > blacklists each and every time we refresh the list, right? Yuck! > > Or is there a way to setup the HELO/EHLO filter against the > > aforementioned two-column blacklist without modification? > > Why not stick the ones that keep coming up in a separate filter file > with the HELO command, this way the are going to be caught one way or > another. > > Regards, > Tom > Image`fx > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. -- David M. Delbridge President & CEO Circa 3000 http://www.circa3k.com 775-832-2445 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklists vs. Bogus Reply-To
> But a filter requires the four-column format "HELO 10 CONTAINS > spammer.com" which would require that we reformat any third-party > blacklists each and every time we refresh the list, right? Yuck! > Or is there a way to setup the HELO/EHLO filter against the > aforementioned two-column blacklist without modification? Why not stick the ones that keep coming up in a separate filter file with the HELO command, this way the are going to be caught one way or another. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists vs. Bogus Reply-To
>Thank you for the clarifications, Scott. > > > To check the HELO/EHLO text (the > > domain that appears in the Received: header), you can set up a HELO filter > > (with Declude JunkMail Pro, using the latest release). > >But a filter requires the four-column format "HELO 10 CONTAINS >spammer.com" which >would require that we reformat any third-party blacklists each and every >time we >refresh the list, right? Yuck! That is correct. On the other hand, if those third-party blacklists are in the one-column format, that means that they were designed specifically to use against the return address, and weren't designed to be used against the HELO/EHLO text. :) >Or is there a way to setup the HELO/EHLO filter >against the aforementioned two-column blacklist without modification? No -- with the HELO in there, Declude JunkMail won't know where in the E-mail you want to search. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists vs. Bogus Reply-To
Thank you for the clarifications, Scott. > To check the HELO/EHLO text (the > domain that appears in the Received: header), you can set up a HELO filter > (with Declude JunkMail Pro, using the latest release). But a filter requires the four-column format "HELO 10 CONTAINS spammer.com" which would require that we reformat any third-party blacklists each and every time we refresh the list, right? Yuck! Or is there a way to setup the HELO/EHLO filter against the aforementioned two-column blacklist without modification? Thanks again. Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists vs. Bogus Reply-To
>How do I apply a blacklist against the "Received:" header -- not merely >the "Reply >To:" header? I realize that this has been discussed ad nauseum, but in >scanning >the archives and manual, I still don't have a clear understanding. The "sender blacklist" will blacklist senders, which is based on the "return address" of the E-mail (where bounce messages go), which is often different than the From: or Reply-To: headers. Note that no E-mail address will appear in the Received: header. >For example, our blacklist (from imagefxonline) contains the offending >"speedi-list.com" domain. Great! However, mail from this spammer is not >being >detected by the blacklist because their Reply-To headers contain an apparently >randomly-generated "beawnez.com." >How do I tell JunkMail to also search the "Received" header, where the >REAL spammer >is identified without reformatting the two-column (domain/reason) blacklist? Declude JunkMail doesn't look at the Reply-To: header (unless you are using a filter that checks the entire E-mail). To check the HELO/EHLO text (the domain that appears in the Received: header), you can set up a HELO filter (with Declude JunkMail Pro, using the latest release). However, note that the HELO/EHLO text is whatever the administrator of the remote mailserver decides it should be. So if the spammer is sending to you directly, it will be made-up. If he is sending through an open relay, he won't have control over the HELO/EHLO text, but the E-mail would more easily be caught based on the IP address of the remote mailserver. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklists vs. Bogus Reply-To
Hi all, How do I apply a blacklist against the "Received:" header -- not merely the "Reply To:" header? I realize that this has been discussed ad nauseum, but in scanning the archives and manual, I still don't have a clear understanding. For example, our blacklist (from imagefxonline) contains the offending "speedi-list.com" domain. Great! However, mail from this spammer is not being detected by the blacklist because their Reply-To headers contain an apparently randomly-generated "beawnez.com." How do I tell JunkMail to also search the "Received" header, where the REAL spammer is identified without reformatting the two-column (domain/reason) blacklist? Any help is greatly appreciated. Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklists
>Is it more efficient to have a single, large Blacklist file or multiple >small ones? Right now I have a single one but it is getting rather >large. A single large blacklist would be *slightly* more efficient. -Scott --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Blacklists
Is it more efficient to have a single, large Blacklist file or multiple small ones? Right now I have a single one but it is getting rather large. Thanks. Hank --- [This E-mail has been scanned for viruses.] [MGT of America, Inc.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] blacklists
>1. The documentation says "You can define as many different IP blacklists as >you like, ..." and I'm taking it at its word. As a practical matter, has >anyone noticed an IP address file size where performance seems to degrade? >This morning, I think I saw a couple of messages in my spam hold directory >from over the weekend that came from addresses I've already blacklisted. Although we haven't run performance tests on the blacklists, you should be able to have a very large number of them before performance becomes an issue. I would expect you should be able to easily have hundreds or several thousand IPs listed. >2. Where does the IP blacklist get the IP address to test? From the message >header, or the message ID, or the SMTP envelope, or from somewhere else? Declude JunkMail uses the IP address of the remote mail server for the IP blacklists. By default, it will get this from the first Received: header of the E-mail (the one that IMail adds, which is a trusted header). It's possible that this may change in certain situations, such as if you use the IPBYPASS or HOP options (for example, if you have it set up so that Declude JunkMail will bypass a backup mail server, the IP blacklist will look at the IP address that connected to your backup mail server instead). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] blacklists
Two blacklist questions. 1. The documentation says "You can define as many different IP blacklists as you like, ..." and I'm taking it at its word. As a practical matter, has anyone noticed an IP address file size where performance seems to degrade? This morning, I think I saw a couple of messages in my spam hold directory from over the weekend that came from addresses I've already blacklisted. 2. Where does the IP blacklist get the IP address to test? From the message header, or the message ID, or the SMTP envelope, or from somewhere else? -- John Shacklett www.continentaloffice.com [EMAIL PROTECTED] [EMAIL PROTECTED] A Zen master once said to me "Do the opposite of whatever I tell you." So I didn't. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .