RE: [Declude.JunkMail] One step forward, ten back
Thanks for the feedback everyone. As an update to my other email, I received 38 spam messages in the last 12 hours. From what I was used to, this is a 1000% improvement. Obviously our spam account is filling up so I'm going to sort through them and get a feel for what kind of weights they are hitting, then set something else up accordingly. Again, I appreciate the feedback. This does help a lot! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Friday, November 03, 2006 12:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] One step forward, ten back Yes the can coexist but be sure to use weightrange to instead of weight. SPAM-LOWweightrange x x 8 13 SPAM-MEDweightrange x x 14 24 SPAM-HIGH weight x x 25 0 SPAM-LOWSUBJECT [%WEIGHT%] SPAM-MEDHOLD SPAM-HIGH DELETE > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Dave Doherty > Sent: Thursday, November 02, 2006 9:20 PM > To: declude.junkmail@declude.com > Subject: Re: [Declude.JunkMail] One step forward, ten back > > > > I wondered if it's > > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more. > > Absolutely. Several action directives can coexist peacefully in your > $default$.junkmail file, like this: > > WEIGHT10 SUBJECT [%WEIGHT%] > WEIGHT20 MAILBOX SPAM > WEIGHT30 DELETE > > Any message scoring at least 10 will have the weight added at the head > of the subject in brackets, like: > > [12] Buy My Stuff! > > Any message with 20-29 points will be diverted to the spam folder, and > anything scoring 30+ will be deleted. > > > > > - Original Message - > From: "Todd Richards" <[EMAIL PROTECTED]> > To: > Sent: Thursday, November 02, 2006 11:55 PM > Subject: RE: [Declude.JunkMail] One step forward, ten back > > > > > > Thanks Dave. Actually, I do, but with settings of weight20 > > spam > > mailbox>. I was worried about too many false positives. I > wondered > > mailbox>if > > it's > > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more. > > > > As an update, I found that I had a discrepancy in my weights. I > > corrected that, and my filtering is doing great now. I > logged into my > > spam mailbox a little bit ago and the few hundred messages > that are in > > there are definitely > > spam. So it's catching things now and keeping them from my > mailbox - > > which > > was my main goal. However, now I'd like to clean things up > just a little > > more... > > > > Todd > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Dave Doherty > > Sent: Thursday, November 02, 2006 9:34 PM > > To: declude.junkmail@declude.com > > Subject: Re: [Declude.JunkMail] One step forward, ten back > > > > It seems like you're detecting things OK, but not taking > action on the > > results. > > > > Make sure you have directives like > > > > WEIGHT14MAILBOX SPAM > > WEIGHT20DELETE > > > > in your default.junkmail file > > > > > > > > > > - Original Message - > > From: "Todd Richards" <[EMAIL PROTECTED]> > > To: > > Sent: Thursday, November 02, 2006 7:38 PM > > Subject: [Declude.JunkMail] One step forward, ten back > > > > > >> > >> Hi Everyone - > >> > >> We are getting completely hammered by spam and I'm about > at my wits > >> end. A few weeks ago I added a 30-day trial of Message > Sniffer and it > >> doesn't seem > >> to be doing any good. Today, I upgraded to the newest version of > >> Declude. > >> I "think" everything went ok. After reading through the > documentation > >> (again) I went through my global.cfg file and cleaned up > some things that > >> were questionable. For instance, we had several domains > in the WHITELIST > >> TO > >> and WHITELIST FROM. From what I've read and heard through > the lists, > >> it's > >> not a good idea to whitelist anything.In fact, earlier > today I had > >> some > >> spam come through that was "from" a whitelisted doma
Re: [Declude.JunkMail] One step forward, ten back
Hi, As a matter of fact he doesn't have to use weightrange in this case. I use: SPAMSUBJECT weight x x 12 0SPAMHOLD weightrange x x 20 24SPAMDELETE weight x x 25 0 SPAMSUBJECT SUBJECT [SPAM: %WEIGHT%]SPAMHOLD HOLDSPAMDELETE DELETE As the delete action overrules the holdaction the weightrange is not really neccesary but it makes me feel good and is a bit cleaner. I WANT the spamsubject action in case of held mail (anything over 12 points) as I want to have the ability to sort spam mail by points, this way I can do that by sorting it on the subject. Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhovent 040 296 28 28 / f 040 237 35 20[EMAIL PROTECTED] / www.tio.nl - Original Message - From: Kevin Bilbee To: declude.junkmail@declude.com Sent: Friday, November 03, 2006 7:05 AM Subject: RE: [Declude.JunkMail] One step forward, ten back Yes the can coexist but be sure to use weightrange to instead of weight.SPAM-LOW weightrange x x 8 13SPAM-MED weightrange x x 14 24SPAM-HIGH weight x x 25 0SPAM-LOW SUBJECT [%WEIGHT%]SPAM-MED HOLDSPAM-HIGH DELETE> -Original Message-> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dave Doherty> Sent: Thursday, November 02, 2006 9:20 PM> To: declude.junkmail@declude.com> Subject: Re: [Declude.JunkMail] One step forward, ten back> > > > I wondered if it's> > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more.> > Absolutely. Several action directives can coexist peacefully in your > $default$.junkmail file, like this:> > WEIGHT10 SUBJECT [%WEIGHT%]> WEIGHT20 MAILBOX SPAM> WEIGHT30 DELETE> > Any message scoring at least 10 will have the weight added at > the head of > the subject in brackets, like:> > [12] Buy My Stuff!> > Any message with 20-29 points will be diverted to the spam > folder, and > anything scoring 30+ will be deleted.> > > > > - Original Message - > From: "Todd Richards" <[EMAIL PROTECTED]>> To: <declude.junkmail@declude.com>> Sent: Thursday, November 02, 2006 11:55 PM> Subject: RE: [Declude.JunkMail] One step forward, ten back> > > >> > Thanks Dave. Actually, I do, but with settings of weight20 > > > spam> > mailbox>. I was worried about too many false positives. I > wondered > > mailbox>if> > it's> > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more.> >> > As an update, I found that I had a discrepancy in my weights. I > > corrected that, and my filtering is doing great now. I > logged into my > > spam mailbox a little bit ago and the few hundred messages > that are in > > there are definitely> > spam. So it's catching things now and keeping them from my > mailbox - > > which> > was my main goal. However, now I'd like to clean things up > just a little> > more...> >> > Todd> >> >> > -Original Message-> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Dave Doherty> > Sent: Thursday, November 02, 2006 9:34 PM> > To: declude.junkmail@declude.com> > Subject: Re: [Declude.JunkMail] One step forward, ten back> >> > It seems like you're detecting things OK, but not taking > action on the > > results.> >> > Make sure you have directives like> >> > WEIGHT14 MAILBOX SPAM> > WEIGHT20 DELETE> >> > in your default.junkmail file> >> >> >> >> > - Original Message -> > From: "Todd Richards" <[EMAIL PROTECTED]>> > To: <declude.junkmail@declude.com>> > Sent: Thursday, November 02, 2006 7:38 PM> > Subject: [Declude.JunkMail] One step forward, ten back> >> >> >>> >> Hi Everyone -> >>> >> We are getting completely hammered by spam and I'm about > at my wits > >> end. A few weeks ago I added a 30-day trial of Message > Sniffer and it > >> doesn't seem> >> to be doing any good. Today, I upgraded to the newest version of > >> Declude.> >> I "think" everything went ok. After reading through the > documentation> >> (again) I went through my global.cfg file and cleaned up > some things that> >> were questionable. For instance, we had sever
RE: [Declude.JunkMail] One step forward, ten back
Yes the can coexist but be sure to use weightrange to instead of weight. SPAM-LOWweightrange x x 8 13 SPAM-MEDweightrange x x 14 24 SPAM-HIGH weight x x 25 0 SPAM-LOWSUBJECT [%WEIGHT%] SPAM-MEDHOLD SPAM-HIGH DELETE > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dave Doherty > Sent: Thursday, November 02, 2006 9:20 PM > To: declude.junkmail@declude.com > Subject: Re: [Declude.JunkMail] One step forward, ten back > > > > I wondered if it's > > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more. > > Absolutely. Several action directives can coexist peacefully in your > $default$.junkmail file, like this: > > WEIGHT10 SUBJECT [%WEIGHT%] > WEIGHT20 MAILBOX SPAM > WEIGHT30 DELETE > > Any message scoring at least 10 will have the weight added at > the head of > the subject in brackets, like: > > [12] Buy My Stuff! > > Any message with 20-29 points will be diverted to the spam > folder, and > anything scoring 30+ will be deleted. > > > > > - Original Message - > From: "Todd Richards" <[EMAIL PROTECTED]> > To: > Sent: Thursday, November 02, 2006 11:55 PM > Subject: RE: [Declude.JunkMail] One step forward, ten back > > > > > > Thanks Dave. Actually, I do, but with settings of weight20 > > spam > > mailbox>. I was worried about too many false positives. I > wondered > > mailbox>if > > it's > > possible to set another one higher to do the deleting, as > I'm seeing a > > lot of stuff at 40 or more. > > > > As an update, I found that I had a discrepancy in my weights. I > > corrected that, and my filtering is doing great now. I > logged into my > > spam mailbox a little bit ago and the few hundred messages > that are in > > there are definitely > > spam. So it's catching things now and keeping them from my > mailbox - > > which > > was my main goal. However, now I'd like to clean things up > just a little > > more... > > > > Todd > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Dave Doherty > > Sent: Thursday, November 02, 2006 9:34 PM > > To: declude.junkmail@declude.com > > Subject: Re: [Declude.JunkMail] One step forward, ten back > > > > It seems like you're detecting things OK, but not taking > action on the > > results. > > > > Make sure you have directives like > > > > WEIGHT14MAILBOX SPAM > > WEIGHT20DELETE > > > > in your default.junkmail file > > > > > > > > > > - Original Message - > > From: "Todd Richards" <[EMAIL PROTECTED]> > > To: > > Sent: Thursday, November 02, 2006 7:38 PM > > Subject: [Declude.JunkMail] One step forward, ten back > > > > > >> > >> Hi Everyone - > >> > >> We are getting completely hammered by spam and I'm about > at my wits > >> end. A few weeks ago I added a 30-day trial of Message > Sniffer and it > >> doesn't seem > >> to be doing any good. Today, I upgraded to the newest version of > >> Declude. > >> I "think" everything went ok. After reading through the > documentation > >> (again) I went through my global.cfg file and cleaned up > some things that > >> were questionable. For instance, we had several domains > in the WHITELIST > >> TO > >> and WHITELIST FROM. From what I've read and heard through > the lists, > >> it's > >> not a good idea to whitelist anything.In fact, earlier > today I had > >> some > >> spam come through that was "from" a whitelisted domain so > it just let it > >> through. So I commented them out and planned to watch my > spam account > >> (instead of deleting I have caught messages sent to > another account for > >> review) to see the results. > >> > >> So... This happened about 5pm tonight. I went through a > short spurt > >> but in the last 90 minutes since then I alone have > received over 150 > >> spam messages. > >> Before I made my changes tonight, that is about the number I would > >> receive > >> in one day (which is still too many). In one me
Re: [Declude.JunkMail] One step forward, ten back
I wondered if it's possible to set another one higher to do the deleting, as I'm seeing a lot of stuff at 40 or more. Absolutely. Several action directives can coexist peacefully in your $default$.junkmail file, like this: WEIGHT10 SUBJECT [%WEIGHT%] WEIGHT20 MAILBOX SPAM WEIGHT30 DELETE Any message scoring at least 10 will have the weight added at the head of the subject in brackets, like: [12] Buy My Stuff! Any message with 20-29 points will be diverted to the spam folder, and anything scoring 30+ will be deleted. - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 11:55 PM Subject: RE: [Declude.JunkMail] One step forward, ten back Thanks Dave. Actually, I do, but with settings of weight20 mailbox>. I was worried about too many false positives. I wondered if it's possible to set another one higher to do the deleting, as I'm seeing a lot of stuff at 40 or more. As an update, I found that I had a discrepancy in my weights. I corrected that, and my filtering is doing great now. I logged into my spam mailbox a little bit ago and the few hundred messages that are in there are definitely spam. So it's catching things now and keeping them from my mailbox - which was my main goal. However, now I'd like to clean things up just a little more... Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, November 02, 2006 9:34 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] One step forward, ten back It seems like you're detecting things OK, but not taking action on the results. Make sure you have directives like WEIGHT14MAILBOX SPAM WEIGHT20DELETE in your default.junkmail file - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 7:38 PM Subject: [Declude.JunkMail] One step forward, ten back Hi Everyone - We are getting completely hammered by spam and I'm about at my wits end. A few weeks ago I added a 30-day trial of Message Sniffer and it doesn't seem to be doing any good. Today, I upgraded to the newest version of Declude. I "think" everything went ok. After reading through the documentation (again) I went through my global.cfg file and cleaned up some things that were questionable. For instance, we had several domains in the WHITELIST TO and WHITELIST FROM. From what I've read and heard through the lists, it's not a good idea to whitelist anything.In fact, earlier today I had some spam come through that was "from" a whitelisted domain so it just let it through. So I commented them out and planned to watch my spam account (instead of deleting I have caught messages sent to another account for review) to see the results. So... This happened about 5pm tonight. I went through a short spurt but in the last 90 minutes since then I alone have received over 150 spam messages. Before I made my changes tonight, that is about the number I would receive in one day (which is still too many). In one message, this was in the header. To me, it should have failed and been stopped. X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a [20] Does anyone have any suggestions to what I might be doing wrong, or what I should look at next? Would anyone (off-list) be willing to look at my config files and see if something is apparently wrong? Are there any sample files where a newbie might be able to see how others have theirs set up? I have been running Declude for over a year, and with the exception of some minor tweaks, it's pretty much running "out-of-the-box". For those who are interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. Thanks for any input or direction you can offer. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] One step forward, ten back
Definitely. We scaled our weights to hold at 100 and delete at 250. Scaling hold to 100 made it easy to think of percentage of hold weight when assigning individual test weights, and also gives a good bit of granularity for tweaking. You just want to make sure you set delete high enough that your risk of deleting a legit email is within your tolerance. Most of our FPs are in the 100-150 range, but every month or two we'll see one in the 200-250 range. We initially had delete at 300, but never saw any legit mail in the 250-300 range, so we set delete at 250 to reduce the review queue. Darin. - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 11:55 PM Subject: RE: [Declude.JunkMail] One step forward, ten back Thanks Dave. Actually, I do, but with settings of weight20 . I was worried about too many false positives. I wondered if it's possible to set another one higher to do the deleting, as I'm seeing a lot of stuff at 40 or more. As an update, I found that I had a discrepancy in my weights. I corrected that, and my filtering is doing great now. I logged into my spam mailbox a little bit ago and the few hundred messages that are in there are definitely spam. So it's catching things now and keeping them from my mailbox - which was my main goal. However, now I'd like to clean things up just a little more... Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, November 02, 2006 9:34 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] One step forward, ten back It seems like you're detecting things OK, but not taking action on the results. Make sure you have directives like WEIGHT14MAILBOX SPAM WEIGHT20DELETE in your default.junkmail file - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 7:38 PM Subject: [Declude.JunkMail] One step forward, ten back > > Hi Everyone - > > We are getting completely hammered by spam and I'm about at my wits end. > A > few weeks ago I added a 30-day trial of Message Sniffer and it doesn't > seem > to be doing any good. Today, I upgraded to the newest version of Declude. > I "think" everything went ok. After reading through the documentation > (again) I went through my global.cfg file and cleaned up some things that > were questionable. For instance, we had several domains in the WHITELIST > TO > and WHITELIST FROM. From what I've read and heard through the lists, it's > not a good idea to whitelist anything.In fact, earlier today I had > some > spam come through that was "from" a whitelisted domain so it just let it > through. So I commented them out and planned to watch my spam account > (instead of deleting I have caught messages sent to another account for > review) to see the results. > > So... This happened about 5pm tonight. I went through a short spurt but > in > the last 90 minutes since then I alone have received over 150 spam > messages. > Before I made my changes tonight, that is about the number I would receive > in one day (which is still too many). In one message, this was in the > header. To me, it should have failed and been stopped. > > X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 > X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING > [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a > [20] > > Does anyone have any suggestions to what I might be doing wrong, or what I > should look at next? Would anyone (off-list) be willing to look at my > config files and see if something is apparently wrong? Are there any > sample > files where a newbie might be able to see how others have theirs set up? > I > have been running Declude for over a year, and with the exception of some > minor tweaks, it's pretty much running "out-of-the-box". For those who > are > interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 > server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. > > Thanks for any input or direction you can offer. > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] One step forward, ten back
Thanks Dave. Actually, I do, but with settings of weight20 . I was worried about too many false positives. I wondered if it's possible to set another one higher to do the deleting, as I'm seeing a lot of stuff at 40 or more. As an update, I found that I had a discrepancy in my weights. I corrected that, and my filtering is doing great now. I logged into my spam mailbox a little bit ago and the few hundred messages that are in there are definitely spam. So it's catching things now and keeping them from my mailbox - which was my main goal. However, now I'd like to clean things up just a little more... Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, November 02, 2006 9:34 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] One step forward, ten back It seems like you're detecting things OK, but not taking action on the results. Make sure you have directives like WEIGHT14MAILBOX SPAM WEIGHT20DELETE in your default.junkmail file - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 7:38 PM Subject: [Declude.JunkMail] One step forward, ten back > > Hi Everyone - > > We are getting completely hammered by spam and I'm about at my wits end. > A > few weeks ago I added a 30-day trial of Message Sniffer and it doesn't > seem > to be doing any good. Today, I upgraded to the newest version of Declude. > I "think" everything went ok. After reading through the documentation > (again) I went through my global.cfg file and cleaned up some things that > were questionable. For instance, we had several domains in the WHITELIST > TO > and WHITELIST FROM. From what I've read and heard through the lists, it's > not a good idea to whitelist anything.In fact, earlier today I had > some > spam come through that was "from" a whitelisted domain so it just let it > through. So I commented them out and planned to watch my spam account > (instead of deleting I have caught messages sent to another account for > review) to see the results. > > So... This happened about 5pm tonight. I went through a short spurt but > in > the last 90 minutes since then I alone have received over 150 spam > messages. > Before I made my changes tonight, that is about the number I would receive > in one day (which is still too many). In one message, this was in the > header. To me, it should have failed and been stopped. > > X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 > X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING > [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a > [20] > > Does anyone have any suggestions to what I might be doing wrong, or what I > should look at next? Would anyone (off-list) be willing to look at my > config files and see if something is apparently wrong? Are there any > sample > files where a newbie might be able to see how others have theirs set up? > I > have been running Declude for over a year, and with the exception of some > minor tweaks, it's pretty much running "out-of-the-box". For those who > are > interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 > server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. > > Thanks for any input or direction you can offer. > > Todd > > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] One step forward, ten back
It seems like you're detecting things OK, but not taking action on the results. Make sure you have directives like WEIGHT14MAILBOX SPAM WEIGHT20DELETE in your default.junkmail file - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 7:38 PM Subject: [Declude.JunkMail] One step forward, ten back Hi Everyone - We are getting completely hammered by spam and I'm about at my wits end. A few weeks ago I added a 30-day trial of Message Sniffer and it doesn't seem to be doing any good. Today, I upgraded to the newest version of Declude. I "think" everything went ok. After reading through the documentation (again) I went through my global.cfg file and cleaned up some things that were questionable. For instance, we had several domains in the WHITELIST TO and WHITELIST FROM. From what I've read and heard through the lists, it's not a good idea to whitelist anything.In fact, earlier today I had some spam come through that was "from" a whitelisted domain so it just let it through. So I commented them out and planned to watch my spam account (instead of deleting I have caught messages sent to another account for review) to see the results. So... This happened about 5pm tonight. I went through a short spurt but in the last 90 minutes since then I alone have received over 150 spam messages. Before I made my changes tonight, that is about the number I would receive in one day (which is still too many). In one message, this was in the header. To me, it should have failed and been stopped. X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a [20] Does anyone have any suggestions to what I might be doing wrong, or what I should look at next? Would anyone (off-list) be willing to look at my config files and see if something is apparently wrong? Are there any sample files where a newbie might be able to see how others have theirs set up? I have been running Declude for over a year, and with the exception of some minor tweaks, it's pretty much running "out-of-the-box". For those who are interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. Thanks for any input or direction you can offer. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] One step forward, ten back
Hi Todd, Note that the rulebase for the trial of Sniffer lags behind the latest definitions by a few days. That makes a huge difference in the capture rate when spam campaigns change as frequently as they have been doing lately. An up-to-date Sniffer rulebase generally captures 90-95% on our systems. So get and subscription and you can set up a program alias in IMail to update your sniffer rulebase when a new one is available. Pete has them up to about every 3 hours now, I believe. I think it's time to start tweaking your weights. Out of the box gets maybe 80%, but with tweaking a number of us get over 99.5% capture rate with few false positives. That's 40 times less spam. Yes, whitelisting is bad due mainly to forging of addresses/domains. Negative weighting is much better. SPF is also a great way to combat forging of you can control what servers mail is sent from. Contact me off list and we can review your configs, but definitely get a sniffer subscription. Darin. - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, November 02, 2006 7:38 PM Subject: [Declude.JunkMail] One step forward, ten back Hi Everyone - We are getting completely hammered by spam and I'm about at my wits end. A few weeks ago I added a 30-day trial of Message Sniffer and it doesn't seem to be doing any good. Today, I upgraded to the newest version of Declude. I "think" everything went ok. After reading through the documentation (again) I went through my global.cfg file and cleaned up some things that were questionable. For instance, we had several domains in the WHITELIST TO and WHITELIST FROM. From what I've read and heard through the lists, it's not a good idea to whitelist anything.In fact, earlier today I had some spam come through that was "from" a whitelisted domain so it just let it through. So I commented them out and planned to watch my spam account (instead of deleting I have caught messages sent to another account for review) to see the results. So... This happened about 5pm tonight. I went through a short spurt but in the last 90 minutes since then I alone have received over 150 spam messages. Before I made my changes tonight, that is about the number I would receive in one day (which is still too many). In one message, this was in the header. To me, it should have failed and been stopped. X-Declude-Scan: Incoming Score [39] at 17:59:29 on 02 Nov 2006 X-Declude-Fail: CBL [6], FIVETEN-SRC [4], SPAMCOP [7], REVDNS [8], ROUTING [2], SNIFFER [12], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT20a [20] Does anyone have any suggestions to what I might be doing wrong, or what I should look at next? Would anyone (off-list) be willing to look at my config files and see if something is apparently wrong? Are there any sample files where a newbie might be able to see how others have theirs set up? I have been running Declude for over a year, and with the exception of some minor tweaks, it's pretty much running "out-of-the-box". For those who are interested, I'm running Imail 8.22 (with latest hotfix) on Windows 2000 server, as well as the Declude Suite, Message Sniffer, and inv-URBL 2.7. Thanks for any input or direction you can offer. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
