LOL My
log level is MID and I run at 100MB a day.
Craig.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John
TolmachoffSent: Thursday, January 23, 2003 6:39 PMTo:
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results
with our
A very interesting argument.
Can you provide us some config-settings and effectivity stats about your
system?
We all want to have such a large large logfile. ;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Craig Gittens
Sent: Friday, January 24,
Our logs are the 100MB each day and I had to build a log file rotator so we
could open and analyze the logs a little easier. I have the log file rotator
running 4 times a day to keep the log files between 25-35 MB a piece.
The log file rotator uses Cold Fusion, if your interested I can email the
Individual tests like SPAMCHECK and NOXMAIL generate
a number of false positives...
Hi John,
Can you give me some example for false positives created by SpamChk?
Was they triggered from header- link- or keyword-checks?
We've set SpamChk to return his own opinion as a weight to declude. So
Adam,
Would love a copy emailed ([EMAIL PROTECTED]), although my logs
are just now going over 10mb, we keep adding customers weekly, so it
won't be long before it is to large to handle. Thanks for the program,
-Keith
-Original Message-
From: Adam Hobach [mailto:[EMAIL
Can you give me some example for false positives created by SpamChk?
Was they triggered from header- link- or keyword-checks?
You want me to work, don't you? ;)
As soon as I am able to, I will review the SpamCheck log and check.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
It's only cause we see 100,000 emails a day. About 80% fail Spamcop alone
I think. It takes 7-8 hours to run one log file so I don't do it often.
~12,000 email addresses in a single domain. I can't review email otherwise I
would be reviewing +15000 messages a day even after deletes. Read receipts
I use those same settings. But in addition, you can configure BlackICE to auto-block
the too many smtp errors event (dictionary attack) by editing your issuelist.csv
file.
Look for this line:
2001015,SMTP too many errors,0,agg,-1,7,,Spam,The SMTP
And change the agg to IP|RST:
2001015,SMTP
I copied the filed from the web, but when I try to copy it to the Imail
folder I get a sharing violation. I stopped all services in Imail and still
get the sharing violation. The only thing open on the server is Explorer so
I can see the files. Any ideas? I even tried to delete the existing
Renaming it fixes that condition for me
Have a great day!
Rick Davidson
Buckeye Internet Inc.
www.buckeyeweb.com
440-953-1900
-
- Original Message -
From: Jim Rooth [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 24, 2003 10:07 AM
Subject: [Declude.JunkMail] Trouble adding
Thanks...that fixed it. I was afraid to rename it because it said it was in
use. Oh well...Declude -diag says the new one is up and running..1.66 so I
reckon everything is fine in cyber land.
Jim Rooth
Klotron, Inc.
214.244.0979
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL
Try renaming the existing version and then copying in the
new version.
At 10:07 AM 1/24/2003, Jim Rooth wrote:
I copied the filed from the web,
but when I try to copy it to the Imail
folder I get a sharing violation. I stopped all services in Imail
and still
get the sharing violation. The only
My log level is set to low and
yesterday I ran 130 MB? This brings me to ask a question How can I see the
total number ofEmails that Declude processed for that day? This way
I can analyze or get an idea of how much traffic this machine is
seeing?
Thanks,
Kris McElroy[EMAIL
For those using my KillListGen utility automatically download Tom's spam
list and append it to their own, I have posted an updated version
here:
http://www.nerosoft.com/Download/KillListGenInst.exe
This version is identical to the previous version, with one exception: It
will accept multiple
Sorry, it was suggested to me that some newer members might have no idea
what I am talking about. I wrote the utility below that retrieves one or
more files via the web, appends it to a local file, and writes it out to
another file. This allows the use of local blacklists added to regularly
This is what I use, as listed on the
Declude tools page:
http://www.imagefxonline.net/apps/delog/
John Tolmachoff MCSE,
CSSA
IT Manager, Network
Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From:
[EMAIL PROTECTED]
Title: Message
You
could use domlist http://www.declude.com/tools/index.html.
This will analyse your SMTP log file generate by Imail as opposed to those
generated byDeclude.
David
WiSS
Limited
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On
The next phase of Message Sniffer development includes a compound
Bayesian hinting algorythm to help modulate the black/white rule set.
Since Message Sniffer works with Declude that's one way this technology
will find it's way into the mix.
Scott's got a good point though - Bayesian filtering (as
Scott,
Will declude transactions ever interleave in the log file?
It appears they are always like this in the log file
MESSAGE1 FAILED THIS
MESSAGE1 FAILED THIS
MESSAGE1 FAILED THIS
MESSAGE2 FAILED THIS
MESSAGE2 FAILED THIS
Instead of this
MESSAGE1 FAILED THIS
MESSAGE1 FAILED THIS
MESSAGE2
Will declude transactions ever interleave in the log file?
Yes, they can.
Can you confirm if this is the always the case.
In most cases, the log file entries will not be mixed together -- but in
some cases it may occur.
-Scott
---
[This E-mail was scanned
From your website:
Total Emails Clean = 3,464,084
Total Emails Infected = 19,565Inbound=9,556 / Outbound=10,009
Not bad, not bad!
but 10,000 outgoing viri ???
What are your user's doing?
We catch only around 15 viri/day found in 2,500 incoming outgoing
messages/day (0,6%)
More then
I finally installed killlistgen utility that grabs imageonline file
...
The global.cfg file has the following line
KFROM fromfile e:\imail\declude\killlist.txt x 5 0
And
KFROM WARN
Am I missing something here where I'm getting an action of Ignore in
my logs?
David
Action=WARN.
01/24/2003
10009 outbound infected. Wow.
John Tolmachoff MCSE,
CSSA
IT Manager, Network
Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Gittens
Sent: Friday, January
The global.cfg file has the following line
KFROM fromfile e:\imail\declude\killlist.txt x 5 0
KFROM WARN
Am I missing something here where I'm getting an action of Ignore in
my logs?
What is the action listed in the $default$.junkmail file?
That is the one being used.
John Tolmachoff MCSE,
Congratulations, Scott. Declude is mentioned in PCMag,
latest February 25th Issue, page 95. Sniffer is also in
the same listing. Suppose we'll see price increases now.
big grin
--
Roger Heath
[EMAIL PROTECTED]
www.rleeheath.com
--
ActivatorMail(tm) ver.122102 Scanned for all viruses by
Nah, we've been in there a bunch of times and all you get is calls from people
wanting to know if you have a Mac version!
Just kidding, congratulations Scott!
Brian
On 01/24/03 3:52pm you wrote...
Congratulations, Scott. Declude is mentioned in PCMag,
latest February 25th Issue, page 95.
No price increase here :-)
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Heath
| Sent: Friday, January 24, 2003 4:52 PM
| To: Madscientist
| Subject: [Declude.JunkMail] Declude in PCMag
|
|
| Congratulations, Scott. Declude is
Congratulations, Scott. Declude is mentioned in PCMag,
latest February 25th Issue, page 95. Sniffer is also in
the same listing.
Cool. :)
Suppose we'll see price increases now.
Well, if the demand is there for a price increase, we could probably
accommodate it. A show of hands, please?
I would be interested.
- Original Message -
From: Duane Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, January 24, 2003 3:32 PM
Subject: [Declude.JunkMail] new declude log analyzer (BETA)
I have been working on (in my spare time) a declude (eventually
Great, I will get you a copy sometime next week, and look forward to your
feedback.
I assume you are setup with MSSQL 7 or 2000 and IIS 5.
Duane
- Original Message -
From: Jay Calvert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 24, 2003 6:21 PM
Subject: Re:
Shouldn't work with Access if the datasource isn't hard coded?
Like are you creating the database and tables if they don't exist?
Or does it rely on a database already created?
- Original Message -
From: Duane Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 24, 2003
Currently, the program is utilizing MSSQL only. This allows for PHP or ASP
to be hosted on a separate IIS box and access the data from the MSSQL box,
all separate from the IMail server. I assume you could run all 3 on the
same box, or (in the future dump the data to a access file). Currently
As a Mac user (prone to nagging developers), I resemble that remark!;)
On Friday, January 24, 2003 14:05, Brian Milburn [EMAIL PROTECTED] wrote:
Nah, we've been in there a bunch of times and all you get is calls from people
wanting to know if you have a Mac version!
Just kidding,
I have been working on (in my spare time) a declude (eventually imail log
files too) analyzer that will parse the declude virus and junkmail log files
(we don't have hijack ... sorry). Yeah, not another one! Seems as if
everybody has one these days.
Well I took it to another level. The program
34 matches
Mail list logo
