> That's something that a number of people have requested, but has two
> drawbacks: It requires lots of programming time to create, and lots of CPU
> time.
Hmmm... Not to be a pest, but I'm wondering if this wouldn't actually
IMPROVE performance?
Simply substitute all spaces, symbols, SOL, EOL w
Powerful Attack Cripples Internet
Tuesday, October 22, 2002
WASHINGTON (AP) -- An unusually powerful electronic attack briefly
crippled nine of the 13 computer servers that manage global Internet
traffic this week, officials disclosed Tuesday. But most Internet users
didn't notice because th
Can "SPAM:" in the Subject be change for "Possible SPAM" or anything else?
when using SUBJECT config?
Yes, according to the "Actions" section of the manual:
Subject: The SUBJECT action adds "SPAM: " to the subject of the E-mail.
This is an easy way to let users know that the mail is probably
Can "SPAM:" in the Subject be change for "Possible SPAM" or anything else?
when using SUBJECT config?
regards,
--
Fred Sadowick
1stChoiceInternational.com
--
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner@;declude.
I would like to submit a modest recommendation for enhancement to
JunkMail's send filter handling algorithm. It's quite simple: exclude
(wildcard) symbols from pattern recognition.
That's something that a number of people have requested, but has two
drawbacks: It requires lots of programming
Quick Question: could you explain the weighting on declude, I am a little
fuzzy on this...
in the code below where after blacklist.txt x 5 0
what does the x 5 and 0 represent, I understand the 5 is the weighting,
That is correct.
but what is the x
That's a convention used by Declude Junk
Quick Question: could you explain the weighting on declude, I am a little fuzzy on
this...
in the code below where after blacklist.txt x 5 0
what does the x 5 and 0 represent, I understand the 5 is the weighting, but what is
the x and 0 after it
thanks in advancegb
>>IPBLACKLISTTEST ipf
I setup blacklist.txt using the killlistgen program to take local and
external kill lists.
I now have
WEIGHT10WARN
WEIGHT15WARN
WEIGHT20SUBJECT
WEIGHT25DELETE
IPBLACKLISTTEST ROUTETO [EMAIL PROTECTED]
BLACKLISTTEST ROUTETO [EMAIL PROTECTED]
and in config...
IP
> I am not a programmer, so I am not sure, but is there a universal symbol to
> represent punctuation marks?
No. But if there were, it would still be up to Declude JunkMail to
recognize and implement it. Merely sending input to a program doesn't
mean that it will do with it as you want. I've be
OK,
I setup blacklist.txt using the killlistgen program to take local and
external kill lists.
I now have
WEIGHT10WARN
WEIGHT15WARN
WEIGHT20SUBJECT
WEIGHT25DELETE
IPBLACKLISTTEST ROUTETO [EMAIL PROTECTED]
BLACKLISTTEST ROUTETO [EMAIL PROTECTED]
and in config...
>No, by "symbols" I mean "punctuation."
I am not a programmer, so I am not sure, but is there a universal symbol to
represent punctuation marks? Or would it have to be more of a representation
of an object and then you would have to define what the object is?
>If you have managed filters at any l
No, by "symbols" I mean "punctuation."
The point of my message is to suggest that most filter keywords (sex,
porn, etc.) are isolated in the subject of a message -- not by spaces --
but by spaces (this porn is for you), punctuation (have some porn!),
end-of-line (here's more porn) or start-of-line
I need more information on whitelists (what and how to setup) and how to
block IP's (I got a list) using declude.
The manual is at http://www.declude.com/junkmail/manual.htm . If you have
any questions, feel free to ask.
-Scott
---
[This E-mail was scanned for viruses by D
> Okay, I pasted it into kill.1st in the imail directory, I'm done??
That's KILL.LST not kill.1st
Regards,
Tom
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to
o The best flashlight ever!
o Tidings of joy bestowed upon you (not spam)
o This is the best
o Be the best!
o My boss is the dumbest idiot ever (not spam)
o Best-selling DVDs to your front door!!!
FilterText "best" produces 4 hits, 0 misses, 2 false positives
FilterText " best "
Hi all,
I would like to submit a modest recommendation for enhancement to
JunkMail's send filter handling algorithm. It's quite simple: exclude
(wildcard) symbols from pattern recognition. As implemented in my
example below, the feature would be entirely optional, backwards
compatible, and woul
> again, sorry.
No problem.
Nothing that 20 lashes with a wet noodle can't take care of.
;)
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
It did not come through.
Then you are still filtering on those same keywords. :)
Could you send the email to [EMAIL PROTECTED] or maybe point to
where I might find info about this in
the documentation?
The post was just mentioning that filters are fraught with pitfalls, and
gave some exam
> I'm going to respond to this on the Declude Virus forum. :)
> -Scott
I am sooo sorry guys, didn't mean to hog the JUNKMAIL list with my virus
questions rest assured I signed up for the Declude Virus list.
again, sorry.
Paul
---
[This E-mail was scanned for vi
I have a block on the word cum in my wordfilter list and the users name is
acummings.
How can I block the word cum without affecting this user?
That's one of the major difficulties of filtering -- words like "assassin",
"Dick Hitchcock", "chardonney", etc. will get caught.
Unfortunately, the
Scott,
It did not come through. Could you send the email to [EMAIL PROTECTED] or maybe
point to where I might find info about this in
the documentation?
Thanks,
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: [EMAIL PROTECTED]
Voice: 614.318.5036
Fax: 614.318.5005
-
The only anti-virus on the machine is Innocuate. And on access is disabled.
I was able to save the eicar.com file to the drive with no errors.
Do I have to run Declude.exe again? I've only run it once, and
to change I stopped/started SMTP services.
I'm going to respond to this on the Declude
> Were you getting these errors before you started making the changes this
> morning (IE was there any point where it was working correctly)?
No, I've always gotten these errors.
> Do you have an on-access virus scanner running (one that scans files as
> they are saved to the hard drive), which w
Hi,
I need more information on whitelists (what and how to setup) and how to
block IP's (I got a list) using declude.
Thanks,
regards,
--
Fred Sadowick
1stChoiceInternational.com
--
---
[This E-mail was scanned for viruses by Declude Virus (http://w
Thanks for the help.
Philip Butler
Internal Systems Engineer
Region VI ESC
phone 936.435.2503
fax 936.295.1447
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner@;declude.com]On Behalf Of R. Scott Perry
Sent: Tuesday, October 22, 2002 1:55 PM
To: [
okay send it again
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: [EMAIL PROTECTED]
Voice: 614.318.5036
Fax: 614.318.5005
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner@;declude.com]On Behalf Of R. Scott Perry
Sent: Tuesday, October 22,
I use the delete action. How can I find the email in the archives?
If you can turn off that test temporarily, I can re-send it for you. Or,
you can look at the link below to find the URL to the archives.
-Scott
---
[This E-mail was scanned for viruses by Declu
I use the delete action. How can I find the email in the archives?
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: [EMAIL PROTECTED]
Voice: 614.318.5036
Fax: 614.318.5005
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner@;declude.com]On Beh
Put a space after "cum " (without the quote marks, of course) in your filter
file and that will keep it from catching the users name.
Bill
-Original Message-
From: Greg Foulks [mailto:greg.foulks@;nfti.com]
Sent: Tuesday, October 22, 2002 12:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declu
How can I block the word c u m(take out the spaces) without affecting this
user?
If the E-mail I sent to the list was blocked on your server, you'll need to
go through your hold directory to find it. If you use the DELETE action,
well, you'll need to search the archives. :)
I found the problem.
I have a block on the word c u m (take out the spaces) in my wordfilter list and the
users name is ac u mmings (take out the
spaces).
How can I block the word c u m(take out the spaces) without affecting this user?
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nf
The first step is to see what is wrong -- checking the log file or
X-RBL-Warning: header will give you details of exactly what the problem is.
The problem is that the machine is using a made-up name, such as
"nonexistenthost.example.com", that just doesn't exist on the Internet. It
needs to ha
I have a block on the word cum in my wordfilter list and the users name is
acummings.
How can I block the word cum without affecting this user?
That's one of the major difficulties of filtering -- words like "assassin",
"Dick Hitchcock", "chardonney", etc. will get caught.
Unfortunately, the
I got in touch with the ISP and it looks like they their mail servers set up
like this: a public smtp server on the outside of the proxy and a private
mail server inside the proxy.
The internal mail server was receiving the messages first (and has no
corresponding host record in the DNS), then sen
I found the problem.
I have a block on the word cum in my wordfilter list and the users name is acummings.
How can I block the word cum without affecting this user?
Greg Foulks, MCP
NewFound Technologies, Inc.
http://www.nfti.com
Email: [EMAIL PROTECTED]
Voice: 614.318.5036
Fax: 614.318.5005
I had a user today come to me and say that none of the emails they sent
today where delivered even though they left the users
outbox. After a general look over I found that every email they were
sending it was being blocked and deleted as spam by declude
global.cfg
Not sure what the problem wa
I had a user today come to me and say that none of the emails they sent today where
delivered even though they left the users
outbox. After a general look over I found that every email they were sending it was
being blocked and deleted as spam by declude
global.cfg
Not sure what the problem was
> You'll need to go back to the original settings that I gave you for the
> "buggy" version of Innocu*:
>
> SCANFILE C:\Progra~1\Comput~1\Inocul~1\inocucmd.exe
> VIRUSCODE 100
>
> Note that there must be no occurrences of "report.txt" in the virus.cfg
> file, and no lines begin
> You'll need to go back to the original settings that I gave you for the
> "buggy" version of Innocu*:
>
> SCANFILE C:\Progra~1\Comput~1\Inocul~1\inocucmd.exe
> VIRUSCODE 100
>
> Note that there must be no occurrences of "report.txt" in the virus.cfg
> file, and no lines beginni
You'll need to go back to the original settings that I gave you for the
"buggy" version of Innocu*:
SCANFILE C:\Progra~1\Comput~1\Inocul~1\inocucmd.exe
VIRUSCODE 100
Note that there must be no occurrences of "report.txt" in the virus.cfg
file, and no lines beginning with "REPOR
> That should go fine.
Nope, same stuff... here's part of the logs.
10/22/2002 12:15:10 Q79640009018ea595 Outlook MIME exploit:
type=audio/x-wav, name=DirectHitMSN[1].scr.
10/22/2002 12:16:10 Q79640009018ea595 ERROR: Virus scanner didn't finish
after 60 seconds; terminating.
10/22/2002 12:16:10
I understand the thought process there, but I don't agree. I have noticed a
number of bulk mailers, the big commercial ones I guess, that have static
and steady IPs. I have an ipfile for those. I also notice a variety of
"domains" that I find rather transient, and I fromfile those. When I scan my
s
Okay, I pasted it into kill.1st in the imail directory, I'm done??
Just seems to easy :)
Thanks
Timothy C. Bohen
CMSInter.Net LLC / Crystal MicroSystems LLC
===
web : www.cmsinter.net
email: [EMAIL PROTECTED]
phone: 989.235.5100 x222
fax : 989.235.5151
>But use at your own risk, and I would suggest a weight system, don't just
block.
Good idea.
Up to know, I have only done blocking by IP address in the Imail SMTP
security for only IP addresses that I have tracked as send large amounts of
virus over a period of time.
I never thought about using
As an FYI and per request of Jon, I added the REPORT line and tried it
again with the MID setting, here is a snip of the logs.
As I suspected, it caused a problem. :)
I have now removed the /LIS and REPORT. We'll see how that goes.
That should go fine.
Oh, can I delete the .vir d
Headers please?
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send
Any idea why this would happen?
Yes, I have a very good idea. It's sending "HELO" or "EHLO" in an SMTP
transaction, followed by a made-up host name.
The log file or X-RBL-Warning: header should show you the hostname that the
ISA Proxy claims to be. Most likely, there is a configuration opt
This is my IP spammer list.
But use at your own risk, and I would suggest a weight system, don't
just block.
---
Steven Cmajdalka [EMAIL PROTECTED]
The Graphics Group
2800 Taylor St
Dallas, TX 75226
---
-Original M
Any idea why this would happen?
Philip Butler
Internal Systems Engineer
Region VI ESC
phone 936.435.2503
fax 936.295.1447
[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
Thanks Scott,
As an FYI and per request of Jon, I added the REPORT line and tried it
again with the MID setting, here is a snip of the logs. I have now removed
the /LIS and REPORT. We'll see how that goes.
Oh, can I delete the .vir directories that Declude didn't yesterday?
That shouldn't
Does anybody use Delcude to kill IP address blocks of known spammers? If so
are you willing to share those blocks? on list or off list
Let me know...
Thanks,
Adam
Adam Hobach
CyberLynk Sales/Support
[EMAIL PROTECTED] or [EMAIL PROTECTED]
--
Thanks Jon! You are such a help! Ok, here is what I have.
> This is the line near the top of the virus.cfg file that says:
> LOGLEVEL (ERROR,WARNING,LOW,MID,HIGH,DEBUG)
Ok, I can do that.
> SCANFILE C:\Progra~1\Comput~1\Inocul~1\inocucmd.exe /LIS .\report.txt
> VIRUSCODE 100
> REPORT infected b
> It will work just fine, except that CA won't be able to report the virus
> name, until they get that bug fixed.
Ok, I'll make that change then. The AV will still say "virus found" and
Declude will deal with it even with no report?
Yes, the virus will still be detected, and Declude Virus will
Scott has been helping you, and since it is his program, he knows best.
>> Change log to MID, then repost please.
>
>MID? Sorry for being dumb here but I don't know what that stands for.
This is the line near the top of the virus.cfg file that says:
LOGLEVEL(ERROR,WARNING,LOW,MID,HIGH,DEB
> It will work just fine, except that CA won't be able to report the virus
> name, until they get that bug fixed.
> -Scott
Ok, I'll make that change then. The AV will still say "virus found" and
Declude will deal with it even with no report?
Paul
---
[This E-mai
Thanks Jon, here's what I know:
> Change log to MID, then repost please.
MID? Sorry for being dumb here but I don't know what that stands for.
> Have to ask, are those the correct directories?
Yes.
> Looks like you also need a line:
>
> REPORT infected by virus.
I don't know. I set it up per
> It seems that the latest release of InoculateIT has a bug in it where it
> will try to scan the report.txt file file that it creates, and then ends
up
> hanging. What I would recommend doing in this case is removing the "/LIS
> .\report.txt" from the SCANFILE line, and removing the "REPORT" li
> It seems that the latest release of InoculateIT has a bug in it where it
> will try to scan the report.txt file file that it creates, and then ends
up
> hanging. What I would recommend doing in this case is removing the "/LIS
> .\report.txt" from the SCANFILE line, and removing the "REPORT" line
I've noticed in the last day's a lot of Logfile-Entries like:
10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]>
10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user
<[EMAIL PROTECTED]
10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTEC
Hi Scott,
I've noticed in the last day's a lot of Logfile-Entries like:
10:21 06:14 SMTPD(0456002E) [207.44.142.84] helo 1
10:21 06:14 SMTPD(0456002E) [207.44.142.84] mail from:
<[EMAIL PROTECTED]>
10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO:
<[EMAIL PROTECTED]>
10:21 06:14 SMTPD(0456002E
60 matches
Mail list logo