Re: [Declude.JunkMail] Osirusoft replacement ?
Benny. Thanks to help from members of the list our Declude config is more diversified than before and we are catching equal or more spam with the same or fewer FPs. Keep in mind we have only been using these for the last couple days and are still tuning the Weights We hold at Weight 100 NJABLip4rdnsbl.njabl.org127.0.0.2350 FABELSOURCESip4rspamsources.fabel.dk127.0.0.2350 FIVETEN-SPAMip4rblackholes.five-ten-sg.com127.0.0.2350 FIVETEN-BULKip4rblackholes.five-ten-sg.com127.0.0.4350 FIVETEN-MULTISTAGEip4rblackholes.five-ten-sg.com127.0.0.5250 FIVETEN-SPAMSUPPORTip4rblackholes.five-ten-sg.com127.0.0.7350 FIVETEN-MISCip4rblackholes.five-ten-sg.com127.0.0.9250 FIVETEN-SINGLESTAGEip4rblackholes.five-ten-sg.com127.0.0.6250 FIVETEN-FREEip4rblackholes.five-ten-sg.com127.0.0.12250 INTERSILip4rblackholes.intersil.net127.0.0.2350 SPAMHAUSip4rsbl.spamhaus.org127...0.0.2550 CBLip4rcbl.abuseat.org127.0.0.2450 MAILPOLICE-BULK rhsblbulk.rhs.mailpolice.com 127.0.0.2 45 0 MAILPOLICE-PORNrhsblporn.rhs.mailpolice.com127.0.0.2 55 0 Hope this helps. Todd At 05:10 PM 8/29/2003 +0200, you wrote: trying again anyone have any good replacements after this one died ? Benny --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] osirusoft
With the news of Osirusoft's troubles, Do I need to disable them in Declude? Absolutely. What are the repercussions of having Osirusoft enabled right now? Legit E-mail failing their tests and slowdowns in processing E-mail. The word is that they are blacklisting the world...if you can reach their servers. Matt Dale McDiarmid wrote: Hello... My apologies if this has already been discussed. I'm not normally a member here, and the archives seem only to go up thru Aug. 25th. With the news of Osirusoft's troubles, Do I need to disable them in Declude? What are the repercussions of having Osirusoft enabled right now? Thanks, D. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] osirusoft
yes, you'd better disable them otherwise, the server will slow down considerably (waiting for replies, timout is 10s for each test) you will also start to get false positives, as osirusoft is blacklisting everybody retry again the archives, you should be able to find a replacement i compiled what was posted here, attached is what i came up with - Original Message - From: Dale McDiarmid [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 3:56 PM Subject: [Declude.JunkMail] osirusoft Hello... My apologies if this has already been discussed. I'm not normally a member here, and the archives seem only to go up thru Aug. 25th. With the news of Osirusoft's troubles, Do I need to disable them in Declude? What are the repercussions of having Osirusoft enabled right now? Thanks, D. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 6 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSPROXYip4rrelays.osirusoft.com127.0.0.9 7 0 #OSRELAYip4rrelays.osirusoft.com127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 10 0 #OSDIPS ip4rrelays.osirusoft.com127.0.0.3 5 0 BLITZEDALL ip4ropm.blitzed.org * 5 0 DSBLip4rlist.dsbl.org * 6 0 EASYNET-DNSBL ip4rblackholes.easynet.nl 127.0.0.2 5 0 EASYNET-PROXIES ip4rproxies.blackholes.easynet.nl * 5 0 EXSILIA-SPAMip4rspam.exsilia.net* 3 0 IPWHOIS ip4ripwhois.rfc-ignorant.org* 5 0 MONKEYFORMMAIL ip4rformmail.relays.monkeys.com * 7 0 MONKEYPROXIES ip4rproxies.relays.monkeys.com * 7 0 ORDBip4rrelays.ordb.org * 5 0 SPAMHAUSip4rsbl.spamhaus.org* 3 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 10 0 SBL ip4rsbl.spamhaus.org127.0.0.2 5 0 DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 3 0 NOPOSTMASTERrhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 BADHEADERS badheaders x x 8 0 HELOBOGUS helovalid x x 6 0 MAILFROMenvfrom x x 12 0 PERCENT percent x x 9 0 REVDNS revdnsexistsx x 3 0 ROUTING spamrouting x x 4 0 SPAMHEADERS spamheaders x x 3 0 SPAMDOMAINS spamdomains E:\imailsrvr\declude\sd.txt x 10 0 BASE64 base64 x x 4 0 IPNOTINMX ipnotinmx x x 0 -3 #*** FIVETEN-SPAMip4rblackholes.five-ten-sg.com 127.0.0.230 FIVETEN-BULKip4rblackholes.five-ten-sg.com 127.0.0.450 FIVETEN-MULTISTAGE ip4rblackholes.five-ten-sg.com 127.0.0.530 FIVETEN-SPAMSUPPORT ip4rblackholes.five-ten-sg.com 127.0.0.730 FIVETEN-MISCip4rblackholes.five-ten-sg.com 127.0.0.940 FIVETEN-SINGLESTAGE ip4rblackholes.five-ten-sg.com 127.0.0.630 FIVETEN-FREEip4rblackholes.five-ten-sg.com 127.0.0.12 30 MAILPOLICE-BULKrhsblbulk.rhs.mailpolice.com 127.0.0.250 MAILPOLICE-PORNrhsblporn.rhs.mailpolice.com 127.0.0.250 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10 -20 0 #* # This is an automatically maintained list generated by spamtraps whose messages # are then tested by a community maintained script at http://sourceforge.net/projects/sorbs/ # For the all-in info, see the
Re: [Declude.JunkMail] osirusoft
I'm deep into monitoring false positives, passed spam, and valid near misses. I'll post some info tonight or tomorrow. One thing that is very clear thus far is that FIVETEN detects a lot of spam that other blacklists don't, however they also have a very high false positive rate which is why I score them so low. Three of the FIVETEN tests marked 15 of 40 pieces of spam that got in under the top score, however it also marked 12 of 17 valid near misses (passed legit stuff) from newsletters and other sorts of automated mailings like opt-in lists and receipts. It also marked valid yahoo.com accounts which tend to fail several minor technical tests. Then for my false positives (rejected valid E-mail), it marked 3 of 8 messages. One note about what I am counting as valid here. There are varying levels of commercial E-mail and I am trying to pass anything opted-into directly or resulting from being a customer of that mailer. Most of this stuff is of no value, but I don't want to block it if I can help. SPAMCOP for instance is blocking a fundraising letter from George Bush's campaign that includes the customer's full name, and the NYTimes.com daily update fails FIVETEN-SPAMSUPPORT as well as SPAMHEADERS. Some companies use outside sources for their mailings and they suffer from not choosing wisely the company they deal with. So with the above results, I definitely would include FIVETEN in any setup, but score them very low in respect to others, hoping that they fail some technical tests to put them over the edge. The numbers in the summary are from my settings where I fail on a score of 10, and I don't score technical tests very high (though I'm probably going to increase BADHEADERS). Matt Serge wrote: yes, you'd better disable them otherwise, the server will slow down considerably (waiting for replies, timout is 10s for each test) you will also start to get false positives, as osirusoft is blacklisting everybody retry again the archives, you should be able to find a replacement i compiled what was posted here, attached is what i came up with - Original Message - From: "Dale McDiarmid" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 3:56 PM Subject: [Declude.JunkMail] osirusoft Hello... My apologies if this has already been discussed. I'm not normally a member here, and the archives seem only to go up thru Aug. 25th. With the news of Osirusoft's troubles, Do I need to disable them in Declude? What are the repercussions of having Osirusoft enabled right now? Thanks, D. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. #OSDUL ip4rrelays.osirusoft.com 127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com 127.0.0.8 6 0 #OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 #OSPROXY ip4rrelays.osirusoft.com 127.0.0.9 7 0 #OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com 127.0.0.4 10 0 #OSDIPS ip4rrelays.osirusoft.com 127.0.0.3 5 0 BLITZEDALL ip4r opm.blitzed.org * 5 0 DSBL ip4r list.dsbl.org * 6 0 EASYNET-DNSBL ip4r blackholes.easynet.nl 127.0.0.2 5 0 EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl * 5 0 EXSILIA-SPAM ip4r spam.exsilia.net * 3 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 5 0 MONKEYFORMMAIL ip4rformmail.relays.monkeys.com * 7 0 MONKEYPROXIES ip4rproxies.relays.monkeys.com * 7 0 ORDB ip4r relays.ordb.org * 5 0 SPAMHAUS ip4r sbl.spamhaus.org * 3 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 10 0 SBL ip4r sbl.spamhaus.org 127.0.0.2 5 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 3 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 BADHEADERS badheaders x x 8 0 HELOBOGUS helovalid x x 6 0 MAILFROMenvfrom x x 12 0 PERCENT percent x x 9 0 REVDNS revdnsexists x x 3 0 ROUTING spamrouting x x 4 0 SPAMHEADERS spamheaders x x 3 0 SPAMDOMAINS spamdomains E:\imailsrvr\declude\sd.txt x 10 0 BASE64 base64 x x 4 0 IPNOTINMX ipnotinmx x x 0 -3 #*** FIVETEN-SPAM ip4rblackholes.five-ten-sg.com 127.0.0.230 FIVETEN-BULK ip4rblackholes.five-ten-sg.com 127.0.0.450 FIVETEN-MULTISTAGE ip4rblackholes.five-ten-sg.com 127.0.0.530 FIVETEN-SPAMSUPPORT ip4rblackholes.five-ten-sg.com 127.0.0.730 FIVETEN-MISC ip4rblackholes.five-ten-sg.com 127.0.0.940
Re: [Declude.JunkMail] osirusoft
Is it OK just to comment out the entries for now with a #? Yes, that will work fine (just make sure to do so in the \IMail\Declude\global.cfg file, where the tests are defined). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] osirusoft
Is it OK just to comment out the entries for now with a #? Mike At 11:59 AM 8/28/2003 -0400, you wrote: With the news of Osirusoft's troubles, Do I need to disable them in Declude? Absolutely. What are the repercussions of having Osirusoft enabled right now? Legit E-mail failing their tests and slowdowns in processing E-mail. The word is that they are blacklisting the world...if you can reach their servers. Matt Dale McDiarmid wrote: Hello... My apologies if this has already been discussed. I'm not normally a member here, and the archives seem only to go up thru Aug. 25th. With the news of Osirusoft's troubles, Do I need to disable them in Declude? What are the repercussions of having Osirusoft enabled right now? Thanks, D. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [This E-mail scanned for viruses by Declude Virus] [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Osirusoft Blacklists The World
The message below came over the Imail discussion board. Should I be removing the lines: OSDIPS ip4r relays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 5 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4r relays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 6 0 from my Global.cfg?? Looks like I should but I would like the opinion of the guru. That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] osirusoft down?
Is anyone having problems using relays.osirusoft.com and relays.ordb.org? Should I comment these out in the global.cfg file to avoid excessive timeouts? It's a temporary problem due to the Santa Monica Winds in California, which are apparently blowing cars from one lane on highways to another. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re: [Declude.JunkMail] osirusoft down?
That's Santa _Ana_ winds Scott ;-) Brian, you got it easy up there in Santa Barbra. Try being in the San Gabriel Valley where I live. Remember the 2 big fires we had a number of months ago? All that ash is in the air and in eyes and lungs and everywhere. The area around them looks like a big black cloud. My eyes have been constantly watering for the last 2 days. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
