Re: [Declude.JunkMail] New Test Idea
I downloaded the surbl code but have not implemented it yet cause of all the monkey business associated with it, I am working on getting it going thanks for that batch file! Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 11, 2004 3:03 PM Subject: Re: [Declude.JunkMail] New Test Idea This was kind of suggested when the SURBL came out. Do you use the SURBL code. I don't know if anyone is interested but I've got a batch file that goes through last month's logs (it works on log level high) and pulls out all matches for a Body URL filter. It can help trim the deadwood. I've attached it renamed as a .txt file. Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 06/11/04 01:12PM >>> Would it be possible for declude to do DNS lookups on the urls in the body of the email message and then run the IP address against an ipfile or a filter file using remoteip? This would defeat the registering of tons of domains that alot of times point back to the same web server. It is easy to find the netblocks that the large discount web hosting companies use so using the remoteip 0 cidr could be used better in the weighting system. For example: Servpath out of San Francisco has these netblocks, alot of legit (i hate using that term here) email marketing spam comes from these netblocks (so much that I block them out right because my users arent allowed to use their email for non business purposes) but for the sake of this example weight could be added to a message if a URL in the body translated to an IP in these ranges. remoteip 10 cidr 64.151.64.0/19 remoteip 10 cidr 69.59.128.0/18 It seems to me that it could be pretty effective, have it run with the DNS tests and before the filters so it could be used in testsfailed end lines My list of URLs is getting huge and I am sure alot of them are obsolete now. What do you think? Doable? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New Test Idea
This was kind of suggested when the SURBL came out.
Do you use the SURBL code.
I don't know if anyone is interested but I've got a batch file that goes through last
month's logs (it works on log level high) and pulls out all matches for a Body URL
filter. It can help trim the deadwood.
I've attached it renamed as a .txt file.
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 06/11/04 01:12PM >>>
Would it be possible for declude to do DNS lookups on the urls in the body
of the email message and then run the IP address against an ipfile or a
filter file using remoteip? This would defeat the registering of tons of
domains that alot of times point back to the same web server. It is easy to
find the netblocks that the large discount web hosting companies use so
using the remoteip 0 cidr could be used better in the weighting system. For
example:
Servpath out of San Francisco has these netblocks, alot of legit (i hate
using that term here) email marketing spam comes from these netblocks (so
much that I block them out right because my users arent allowed to use their
email for non business purposes) but for the sake of this example weight
could be added to a message if a URL in the body translated to an IP in
these ranges.
remoteip 10 cidr 64.151.64.0/19
remoteip 10 cidr 69.59.128.0/18
It seems to me that it could be pretty effective, have it run with the DNS
tests and before the filters so it could be used in testsfailed end lines
My list of URLs is getting huge and I am sure alot of them are obsolete now.
What do you think? Doable?
Rick Davidson
National Systems Manager
North American Title Group
-
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
@echo off
rem
rem Credit for portions of this code go to [EMAIL PROTECTED]
rem
rem These settings must be done (SETTINGS section below) before the script is used:
rem v_path: path to this folder
rem v_logpath: path to the logs
rem v_maxweight: filter max weight (blank or 0 if no max weight should be used)
rem and filter entry weight (defaults to 0 if blank)
rem v_skipweight: filter skip weight (blank or 0 if filter never should be skipped)
rem v_filter: name of the Declude Filter as it appears in the log
set v_maxweight=80
set v_skipweight=240
set v_path=d:\imail\declude\fpfilters
set v_logpath=d:\logs\junkmail
set v_filter=BODYURL-KEYWORDS
rem --- Check settings and change current folder (or exit if path is incorrect): ---
set v_result=ok
if "%v_maxweight%"=="" set v_maxweight=0
if "%v_skipweight%"=="" set v_skipweight=0
if not exist %v_path%\nul (set v_result=path error) & (goto :s_end)
if not exist %v_logpath%\nul (set v_result=log path error) & (goto :s_end)
cd /d %v_path%
Rem --- Get the date for the Log
for /f "tokens=*" %%a in ('date /t') do set v_time=%%a
for /f "tokens=*" %%b in ('time /t') do set v_time=%v_time% %%b
Rem --- Get the previous month
for /f "tokens=1-2 delims=/ " %%a in ('date /t') do set v_Current_month=%%b
if "%V_current_month%"=="01" set v_Previous_month=12
if "%V_current_month%"=="02" set v_Previous_month=01
if "%V_current_month%"=="03" set v_Previous_month=02
if "%V_current_month%"=="04" set v_Previous_month=03
if "%V_current_month%"=="05" set v_Previous_month=04
if "%V_current_month%"=="06" set v_Previous_month=05
if "%V_current_month%"=="07" set v_Previous_month=06
if "%V_current_month%"=="08" set v_Previous_month=07
if "%V_current_month%"=="09" set v_Previous_month=08
if "%V_current_month%"=="10" set v_Previous_month=09
if "%V_current_month%"=="11" set v_Previous_month=10
if "%V_current_month%"=="12" set v_Previous_month=11
Rem --- Extract loglines containing Triggered Contains Filter (filter name)
if exist bodyurl.loglines.txt erase bodyurl.loglines.txt
Rem
Rem Previous Month's logs in the folder code
Rem
findstr /i Triggered.CONTAINS.Filter.%v_filter% %v_logpath%\dec%v_Previous_month%*.log
> bodyurl.loglines.txt
Rem
Rem All logs in the folder code
Rem
Rem findstr /i Triggered.CONTAINS.Filter.%v_filter% %v_logpath%\dec*.log >
bodyurl.loglines.txt
Rem --- Extract domain names from filter file
if exist bodyurl.domains.txt erase bodyurl.domains.txt
for /f "tokens=9 " %%i in ('findstr /i /r /V "FILTER-BYPASS" bodyurl.loglines.txt') do
echo %%i>> bodyurl.domains.txt
rem --- Sort the domain file
if exist bodyurl.sorted.txt erase bodyurl.sorted.txt
sort bodyurl.domains.txt /o bodyurl.sorted.txt
rem --- Dedup sorted file
if exist bodyurl.dedup.txt erase bodyurl.dedup.txt
setlocal
set infile=bodyurl.sorted.txt
set outfile=bodyurl.dedup.txt
type nul > %outfile%
for /f "tokens=1* delims=:" %%a in (
'type %infile%
^| sort
^| findstr /n /v /c:"CoLoRlEsS gReEn IdEaS"'
) do call :dedup %%a "%%b"
endlocal
goto :Makefilter
:de
[Declude.JunkMail] New Test Idea
Would it be possible for declude to do DNS lookups on the urls in the body of the email message and then run the IP address against an ipfile or a filter file using remoteip? This would defeat the registering of tons of domains that alot of times point back to the same web server. It is easy to find the netblocks that the large discount web hosting companies use so using the remoteip 0 cidr could be used better in the weighting system. For example: Servpath out of San Francisco has these netblocks, alot of legit (i hate using that term here) email marketing spam comes from these netblocks (so much that I block them out right because my users arent allowed to use their email for non business purposes) but for the sake of this example weight could be added to a message if a URL in the body translated to an IP in these ranges. remoteip 10 cidr 64.151.64.0/19 remoteip 10 cidr 69.59.128.0/18 It seems to me that it could be pretty effective, have it run with the DNS tests and before the filters so it could be used in testsfailed end lines My list of URLs is getting huge and I am sure alot of them are obsolete now. What do you think? Doable? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
