Re: [Declude.JunkMail] New Test Idea
I downloaded the surbl code but have not implemented it yet cause of all the monkey business associated with it, I am working on getting it going thanks for that batch file! Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 11, 2004 3:03 PM Subject: Re: [Declude.JunkMail] New Test Idea This was kind of suggested when the SURBL came out. Do you use the SURBL code. I don't know if anyone is interested but I've got a batch file that goes through last month's logs (it works on log level high) and pulls out all matches for a Body URL filter. It can help trim the deadwood. I've attached it renamed as a .txt file. Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 06/11/04 01:12PM >>> Would it be possible for declude to do DNS lookups on the urls in the body of the email message and then run the IP address against an ipfile or a filter file using remoteip? This would defeat the registering of tons of domains that alot of times point back to the same web server. It is easy to find the netblocks that the large discount web hosting companies use so using the remoteip 0 cidr could be used better in the weighting system. For example: Servpath out of San Francisco has these netblocks, alot of legit (i hate using that term here) email marketing spam comes from these netblocks (so much that I block them out right because my users arent allowed to use their email for non business purposes) but for the sake of this example weight could be added to a message if a URL in the body translated to an IP in these ranges. remoteip 10 cidr 64.151.64.0/19 remoteip 10 cidr 69.59.128.0/18 It seems to me that it could be pretty effective, have it run with the DNS tests and before the filters so it could be used in testsfailed end lines My list of URLs is getting huge and I am sure alot of them are obsolete now. What do you think? Doable? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New Test Idea
This was kind of suggested when the SURBL came out. Do you use the SURBL code. I don't know if anyone is interested but I've got a batch file that goes through last month's logs (it works on log level high) and pulls out all matches for a Body URL filter. It can help trim the deadwood. I've attached it renamed as a .txt file. Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 06/11/04 01:12PM >>> Would it be possible for declude to do DNS lookups on the urls in the body of the email message and then run the IP address against an ipfile or a filter file using remoteip? This would defeat the registering of tons of domains that alot of times point back to the same web server. It is easy to find the netblocks that the large discount web hosting companies use so using the remoteip 0 cidr could be used better in the weighting system. For example: Servpath out of San Francisco has these netblocks, alot of legit (i hate using that term here) email marketing spam comes from these netblocks (so much that I block them out right because my users arent allowed to use their email for non business purposes) but for the sake of this example weight could be added to a message if a URL in the body translated to an IP in these ranges. remoteip 10 cidr 64.151.64.0/19 remoteip 10 cidr 69.59.128.0/18 It seems to me that it could be pretty effective, have it run with the DNS tests and before the filters so it could be used in testsfailed end lines My list of URLs is getting huge and I am sure alot of them are obsolete now. What do you think? Doable? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. @echo off rem rem Credit for portions of this code go to [EMAIL PROTECTED] rem rem These settings must be done (SETTINGS section below) before the script is used: rem v_path: path to this folder rem v_logpath: path to the logs rem v_maxweight: filter max weight (blank or 0 if no max weight should be used) rem and filter entry weight (defaults to 0 if blank) rem v_skipweight: filter skip weight (blank or 0 if filter never should be skipped) rem v_filter: name of the Declude Filter as it appears in the log set v_maxweight=80 set v_skipweight=240 set v_path=d:\imail\declude\fpfilters set v_logpath=d:\logs\junkmail set v_filter=BODYURL-KEYWORDS rem --- Check settings and change current folder (or exit if path is incorrect): --- set v_result=ok if "%v_maxweight%"=="" set v_maxweight=0 if "%v_skipweight%"=="" set v_skipweight=0 if not exist %v_path%\nul (set v_result=path error) & (goto :s_end) if not exist %v_logpath%\nul (set v_result=log path error) & (goto :s_end) cd /d %v_path% Rem --- Get the date for the Log for /f "tokens=*" %%a in ('date /t') do set v_time=%%a for /f "tokens=*" %%b in ('time /t') do set v_time=%v_time% %%b Rem --- Get the previous month for /f "tokens=1-2 delims=/ " %%a in ('date /t') do set v_Current_month=%%b if "%V_current_month%"=="01" set v_Previous_month=12 if "%V_current_month%"=="02" set v_Previous_month=01 if "%V_current_month%"=="03" set v_Previous_month=02 if "%V_current_month%"=="04" set v_Previous_month=03 if "%V_current_month%"=="05" set v_Previous_month=04 if "%V_current_month%"=="06" set v_Previous_month=05 if "%V_current_month%"=="07" set v_Previous_month=06 if "%V_current_month%"=="08" set v_Previous_month=07 if "%V_current_month%"=="09" set v_Previous_month=08 if "%V_current_month%"=="10" set v_Previous_month=09 if "%V_current_month%"=="11" set v_Previous_month=10 if "%V_current_month%"=="12" set v_Previous_month=11 Rem --- Extract loglines containing Triggered Contains Filter (filter name) if exist bodyurl.loglines.txt erase bodyurl.loglines.txt Rem Rem Previous Month's logs in the folder code Rem findstr /i Triggered.CONTAINS.Filter.%v_filter% %v_logpath%\dec%v_Previous_month%*.log > bodyurl.loglines.txt Rem Rem All logs in the folder code Rem Rem findstr /i Triggered.CONTAINS.Filter.%v_filter% %v_logpath%\dec*.log > bodyurl.loglines.txt Rem --- Extract domain names from filter file if exist bodyurl.domains.txt erase bodyurl.domains.txt for /f "tokens=9 " %%i in ('findstr /i /r /V "FILTER-BYPASS" bodyurl.loglines.txt') do echo %%i>> bodyurl.domains.txt rem --- Sort the domain file if exist bodyurl.sorted.txt erase bodyurl.sorted.txt sort bodyurl.domains.txt /o bodyurl.sorted.txt rem --- Dedup sorted file if exist bodyurl.dedup.txt erase bodyurl.dedup.txt setlocal set infile=bodyurl.sorted.txt set outfile=bodyurl.dedup.txt type nul > %outfile% for /f "tokens=1* delims=:" %%a in ( 'type %infile% ^| sort ^| findstr /n /v /c:"CoLoRlEsS gReEn IdEaS"' ) do call :dedup %%a "%%b" endlocal goto :Makefilter :de
[Declude.JunkMail] New Test Idea
Would it be possible for declude to do DNS lookups on the urls in the body of the email message and then run the IP address against an ipfile or a filter file using remoteip? This would defeat the registering of tons of domains that alot of times point back to the same web server. It is easy to find the netblocks that the large discount web hosting companies use so using the remoteip 0 cidr could be used better in the weighting system. For example: Servpath out of San Francisco has these netblocks, alot of legit (i hate using that term here) email marketing spam comes from these netblocks (so much that I block them out right because my users arent allowed to use their email for non business purposes) but for the sake of this example weight could be added to a message if a URL in the body translated to an IP in these ranges. remoteip 10 cidr 64.151.64.0/19 remoteip 10 cidr 69.59.128.0/18 It seems to me that it could be pretty effective, have it run with the DNS tests and before the filters so it could be used in testsfailed end lines My list of URLs is getting huge and I am sure alot of them are obsolete now. What do you think? Doable? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.