Re: [Declude.JunkMail] Declude version 1.79 and Delog
My Declude logs regularly get up to 1.5 GB (log level high). I run DLAnalyzer daily at 12:05 AM. It takes between 45 and 65 minutes depending on the size of the log. - Original Message - From: "Robert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 01, 2004 11:16 PM Subject: Re: [Declude.JunkMail] Declude version 1.79 and Delog > > > But who wants 800MB to 1GB spam log files? > The server is so busy doing declude processes there isn't enough time to run > a log analyzer on the local machine. > It takes to long to transfer the log file to a different machine. > > > Robert > > > - Original Message - > From: R. Scott Perry <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, June 01, 2004 1:39 PM > Subject: RE: [Declude.JunkMail] Declude version 1.79 and Delog > > > > > > > Thanks, we have been running along with MID since the beginning, > > >all along, upgrading the interim releases. We just this week needed to > > >know which line it failed on in one of our filter files. This is what > > >we get now in our log. I will up to HIGH this week. Thanks, > > > > > >Qff4f4d2301429a89 BADHEADERS:8 SPAMHEADERS:8 FILTER-SUBJECT:9 > > >FILTER-BODYURL:20 . Total weight = 45. > > >06/01/2004 00:00:24 Qff4f4d2301429a89 Subject: Indebted to your > > >creditors? We can help > > >06/01/2004 00:00:24 Qff4f4d2301429a89 From: [EMAIL PROTECTED] > > >To: XXX IP: 206.173.149.243 ID: > > >06/01/2004 00:00:24 Qff4f4d2301429a89 Tests failed [weight=45]: > > >BADHEADERS=WARN IPNOTINMX=IGNORE SPAMHEADERS=WARN SNIFFER-NOTFND=IGNORE > > >WEIGHT10=WARN WEIGHT20=SUBJECT FILTER-SUBJECT=IGNORE > > >FILTER-BODYURL=IGNORE > > > > The "Msg failed" lines at LOGLEVEL HIGH include the line in the filter > that > > failed. So when you move to LOGLEVEL HIGH, it will have the information > > you desire. > > > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > > since 2000. > > Declude Virus: Ultra reliable virus detection and the leader in mailserver > > vulnerability detection. > > Find out what you've been missing: Ask for a free 30-day evaluation. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
> But who wants 800MB to 1GB spam log files? > The server is so busy doing declude processes there isn't enough time to run > a log analyzer on the local machine. > It takes to long to transfer the log file to a different machine. Once a week, I zip the previous weeks logs, ftp them to my workstation, and run reports there. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude version 1.79 and Delog
But who wants 800MB to 1GB spam log files? The server is so busy doing declude processes there isn't enough time to run a log analyzer on the local machine. It takes to long to transfer the log file to a different machine. Robert - Original Message - From: R. Scott Perry <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 01, 2004 1:39 PM Subject: RE: [Declude.JunkMail] Declude version 1.79 and Delog > > > Thanks, we have been running along with MID since the beginning, > >all along, upgrading the interim releases. We just this week needed to > >know which line it failed on in one of our filter files. This is what > >we get now in our log. I will up to HIGH this week. Thanks, > > > >Qff4f4d2301429a89 BADHEADERS:8 SPAMHEADERS:8 FILTER-SUBJECT:9 > >FILTER-BODYURL:20 . Total weight = 45. > >06/01/2004 00:00:24 Qff4f4d2301429a89 Subject: Indebted to your > >creditors? We can help > >06/01/2004 00:00:24 Qff4f4d2301429a89 From: [EMAIL PROTECTED] > >To: XXX IP: 206.173.149.243 ID: > >06/01/2004 00:00:24 Qff4f4d2301429a89 Tests failed [weight=45]: > >BADHEADERS=WARN IPNOTINMX=IGNORE SPAMHEADERS=WARN SNIFFER-NOTFND=IGNORE > >WEIGHT10=WARN WEIGHT20=SUBJECT FILTER-SUBJECT=IGNORE > >FILTER-BODYURL=IGNORE > > The "Msg failed" lines at LOGLEVEL HIGH include the line in the filter that > failed. So when you move to LOGLEVEL HIGH, it will have the information > you desire. > > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude version 1.79 and Delog
Scott, Changing to Loglevel High seems to have added the Msg Failed lines to the log. I run delog at the end of the day and see what the results are, but I'm pretty sure it works now. Thanks, Aaron On Jun 1, 2004, at 10:16 AM, R. Scott Perry wrote: Did the Msg Failed line under LOGLEVEL MID to report the individual line numbers that it failed in a filter test get moved to HIGH? With v1.78 and earlier, the "Msg failed" lines were at LOGLEVEL LOW. With v1.79 and later, they are at LOGLEVEL HIGH. I believe that the "Msg failed" lines for filter tests have always included the line number that triggered the filter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Thanks, we have been running along with MID since the beginning, all along, upgrading the interim releases. We just this week needed to know which line it failed on in one of our filter files. This is what we get now in our log. I will up to HIGH this week. Thanks, Qff4f4d2301429a89 BADHEADERS:8 SPAMHEADERS:8 FILTER-SUBJECT:9 FILTER-BODYURL:20 . Total weight = 45. 06/01/2004 00:00:24 Qff4f4d2301429a89 Subject: Indebted to your creditors? We can help 06/01/2004 00:00:24 Qff4f4d2301429a89 From: [EMAIL PROTECTED] To: XXX IP: 206.173.149.243 ID: 06/01/2004 00:00:24 Qff4f4d2301429a89 Tests failed [weight=45]: BADHEADERS=WARN IPNOTINMX=IGNORE SPAMHEADERS=WARN SNIFFER-NOTFND=IGNORE WEIGHT10=WARN WEIGHT20=SUBJECT FILTER-SUBJECT=IGNORE FILTER-BODYURL=IGNORE The "Msg failed" lines at LOGLEVEL HIGH include the line in the filter that failed. So when you move to LOGLEVEL HIGH, it will have the information you desire. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Scott, Thanks, we have been running along with MID since the beginning, all along, upgrading the interim releases. We just this week needed to know which line it failed on in one of our filter files. This is what we get now in our log. I will up to HIGH this week. Thanks, Qff4f4d2301429a89 BADHEADERS:8 SPAMHEADERS:8 FILTER-SUBJECT:9 FILTER-BODYURL:20 . Total weight = 45. 06/01/2004 00:00:24 Qff4f4d2301429a89 Subject: Indebted to your creditors? We can help 06/01/2004 00:00:24 Qff4f4d2301429a89 From: [EMAIL PROTECTED] To: XXX IP: 206.173.149.243 ID: 06/01/2004 00:00:24 Qff4f4d2301429a89 Tests failed [weight=45]: BADHEADERS=WARN IPNOTINMX=IGNORE SPAMHEADERS=WARN SNIFFER-NOTFND=IGNORE WEIGHT10=WARN WEIGHT20=SUBJECT FILTER-SUBJECT=IGNORE FILTER-BODYURL=IGNORE Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, June 01, 2004 1:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Declude version 1.79 and Delog > Did the Msg Failed line under LOGLEVEL MID to report the >individual line numbers that it failed in a filter test get moved to >HIGH? With v1.78 and earlier, the "Msg failed" lines were at LOGLEVEL LOW. With v1.79 and later, they are at LOGLEVEL HIGH. I believe that the "Msg failed" lines for filter tests have always included the line number that triggered the filter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Did the Msg Failed line under LOGLEVEL MID to report the individual line numbers that it failed in a filter test get moved to HIGH? With v1.78 and earlier, the "Msg failed" lines were at LOGLEVEL LOW. With v1.79 and later, they are at LOGLEVEL HIGH. I believe that the "Msg failed" lines for filter tests have always included the line number that triggered the filter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Scott, Did the Msg Failed line under LOGLEVEL MID to report the individual line numbers that it failed in a filter test get moved to HIGH? Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, June 01, 2004 12:50 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude version 1.79 and Delog >I've noticed the logging problem as well and I do have "LOGLEVEL MID" >in my global.cfg. > >That doesn't resolve the issue. Do you have the "Msg failed" lines in your log file? If not, then you should go to "LOGLEVEL HIGH". -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude version 1.79 and Delog
I've noticed the logging problem as well and I do have "LOGLEVEL MID" in my global.cfg. That doesn't resolve the issue. Do you have the "Msg failed" lines in your log file? If not, then you should go to "LOGLEVEL HIGH". -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude version 1.79 and Delog
Scott, I've noticed the logging problem as well and I do have "LOGLEVEL MID" in my global.cfg. That doesn't resolve the issue. Aaron On Jun 1, 2004, at 9:01 AM, R. Scott Perry wrote: I noticed after I upgraded to Declude 1.79, Delog 1.08b is no longer able to calculate the number of failed messages from the declude log files. It returns that 0 failed. Apparently the log files for declude have changed with this new version. Does anybody know if there is a newer version of Delog or another program that can analyze the declude log files? Thanks I believe this is due to the recent change in the log file format. If you change the "LOGLEVEL LOW" line in your \IMail\Declude\global.cfg file to "LOGLEVEL MID", I believe it will start working again. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude version 1.79 and Delog
Hi, >> Does anybody know if there is a newer version of Delog or another program that can analyze the declude log files? << I use DLAnalyzer (www.DLAnalyzer.com) with great success. Here a few snippets from reports that I schedule daily: Last Action Report Using Action: DELETE, HOLD, BOUNCEONLYIFYOUMUST Total Messages: 10,253 Matched Last Action: 7,116 Percentage: 69.40% Average Message Weight: 24.00 TEST # FAILED Percentage IPNOTINMX...7,035...68.61% NOLEGITCONTENT..6,734...65.68% SNIFFER.6,051...59.02% SPAMCOP.5,185...50.57% SORBS...4,610...44.96% XBL-DYNA4,322...42.15% DSBLSINGLE..3,653...35.63% NJABLDYNA...3,147...30.69% AHBL1,875...18.29% HELOBOGUS...1,752...17.09% REVDNS..1,745...17.02% SPAMROUTING.1,528...14.90% NJABLPROXIES1,294...12.62% SPAMHEADERS.1,251...12.20% SBL.1,159...11.30% BADHEADERS..1,066...10.40% ... Etc ... (you can sort by name as well) IP Summary Report TEST # MESSAGES Percentage 69.59.140.113..540.55% 69.59.140.120..420.43% 64.119.137.13..350.36% 213.91.6.11340.35% 127.0.0.1..320.33% 209.182.0.195..310.32% ... Etc ... And - here my favorite report (that I send daily to my larger customers). It itemizes any reports that we "HOLD,DELETE,BOUNCE" - so that they know which mails they NEVER even saw in their inboxes (sorry for the wrap-around): Advanced Report 5/31/2004 12:01:13 AM Subject ..: Hi George. it's something increadible... gayer minimizing Qae02200501285d38 From .: [EMAIL PROTECTED] 1 Recipient(s): [EMAIL PROTECTED] 13 Test(s) ...: BYPASS19, NJABL, NJABLDUL, NJABLDYNA, SORBS, SORBS-DUHL, XBL-DYNA, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, SNIFFER, DYNAMIC-IP, WEIGHTKILL 5/31/2004 12:01:31 AM Subject ..: Get all meds over night - no prescription needed Qae10200801289187 From .: [EMAIL PROTECTED] 4 Recipient(s): [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] 12 Test(s) ...: BYPASS19, BYPASS14, SPAMCOP, NJABLDYNA, XBL-DYNA, IPNOTINMX, SPAMROUTING, NOLEGITCONTENT, BCC4, SNIFFER, SPAMDOMAINS, WEIGHTKILL 5/31/2004 12:01:32 AM Subject ..: Visit me Qae13126c014a9cd2 From .: [EMAIL PROTECTED] 1 Recipient(s): [EMAIL PROTECTED] 13 Test(s) ...: BYPASS19, DSBLSINGLE, SPAMCOP, NJABLDYNA, SORBS, SORBS-DUHL, XBL-DYNA, BASE64, IPNOTINMX, NOLEGITCONTENT, SNIFFER, SPAMDOMAINS, WEIGHTKILL 5/31/2004 12:01:53 AM Subject ..: Don't miss these great products Qae2c200901280168 From .: [EMAIL PROTECTED] 1 Recipient(s): [EMAIL PROTECTED] 12 Test(s) ...: BYPASS19, DSBLSINGLE, SPAMCOP, SORBS, XBL-DYNA, HELOBOGUS, IPNOTINMX, REVDNS, SPAMROUTING, NOLEGITCONTENT, SNIFFER, WEIGHTKILL ... Etc ... Number of Unique Messages Blocked: 1376 Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Hentschel Sent: Tuesday, June 01, 2004 11:35 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude version 1.79 and Delog I noticed after I upgraded to Declude 1.79, Delog 1.08b is no longer able to calculate the number of failed messages from the declude log files. It returns that 0 failed. Apparently the log files for declude have changed with this new version. Does anybody know if there is a newer version of Delog or another program that can analyze the declude log files? Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude version 1.79 and Delog
I noticed after I upgraded to Declude 1.79, Delog 1.08b is no longer able to calculate the number of failed messages from the declude log files. It returns that 0 failed. Apparently the log files for declude have changed with this new version. Does anybody know if there is a newer version of Delog or another program that can analyze the declude log files? Thanks I believe this is due to the recent change in the log file format. If you change the "LOGLEVEL LOW" line in your \IMail\Declude\global.cfg file to "LOGLEVEL MID", I believe it will start working again. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude version 1.79 and Delog
I noticed after I upgraded to Declude 1.79, Delog 1.08b is no longer able to calculate the number of failed messages from the declude log files. It returns that 0 failed. Apparently the log files for declude have changed with this new version. Does anybody know if there is a newer version of Delog or another program that can analyze the declude log files? Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.