I was investigating a spam email as to why it got through declude and found
that the header clearly shows that it failed sufficient tests to be held,
yet it was not.
The declude log shows an error: ERROR: Could not move spam to hold! Code:
32
What is Code: 32?
I checked my old logs and can only
COMMENTS comments 5 x 10 0
where the 5 means that 5 such comments have to be encountered
This means 5 OR MORE comments have to be encountered right? Not exactly 5?
Bill
-Original Message-
From: R. Scott Perry
Sent: Mon, 03 Feb 2003 19:05:41 -0500
Subject: RE: [Declude.JunkMail]
Now that we have the Comments tag, I now find spam with tons of these
peppered throughout:
font color=#5D5AC3
Not really comments, as they are functional, but they're put randomly
throughout the email. Functional, but pointless. Any ideas?
___
Scott MacLean
[EMAIL
A solution is to distinguish between the entire html-body (raw-data) and
a completely html-tag cleaned version. So you can search in the raw data
for tipical html strings and in the cleaned part for tipical keywords.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
I was investigating a spam email as to why it got through declude and found
that the header clearly shows that it failed sufficient tests to be held,
yet it was not.
The declude log shows an error: ERROR: Could not move spam to hold! Code:
32
What is Code: 32?
That indicates that Windows
Hi Scott!
Yes you, no not him, the other one. ;-), If I understood you wrong at first
then please read the last line.
Now that we have the Comments tag, I now find spam with tons of these
peppered throughout:
font color=#5D5AC3
Standard HTML stuff I think.
Not really comments, as they are
What would you do with those mail that change the
color, delete them, put them on hold?
Use it in a weighting system.
Or.. do you think
these color statments are used in the same way the comment
tags are being used, with several tags after one another and
the last having the
on 2/3/03 7:05 PM, R. Scott Perry wrote:
The test is defined in the global.cfg file as follows:
COMMENTS comments 5 x 10 0
where the 5 means that 5 such comments have to be encountered (the 10 is
the weight that will be added for E-mail that fails the
test). Alternatively,
No, the font command is embedded specifically to cause pattern-matching
junk mail scanners to miss the email. I am seeing messages like this:
font color=#5D5AC3Buy my wonderful prodfont color=#5D5AC3uct it will do
mirafont color=#5D5AC3cles and make you younger while enlargfont
I have been off this list for a while and just noticed two new tests in
Scott's spam stats post to the Imail forum. Can anyone tell me where to get
more info on the CYBERSITTER and MAILDEFLECTOR tests? I checked
Cybersitter's site and couldn't find anything.
Is anyone using these tests much?
The test is defined in the global.cfg file as follows:
COMMENTS comments 5 x 10 0
where the 5 means that 5 such comments have to be encountered (the 10 is
the weight that will be added for E-mail that fails the
test). Alternatively, you can use:
COMMENTS comments
Hi;
This Comments filter is already working great. It is catching the trick
quite nicely. Great job..
Any plan to also add the variation of this trick -- simply:
=2Ecom=2F
http=3A=2F=2F
Or the likes? These tricks are now causing our URL filters not to be as
effective.
Regards,
Kami
That's quoted printable stuff.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan
| Sent: Tuesday, February 04, 2003 10:14 AM
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] Declude JunkMail v1.67 (beta) released
|
|
| Hi;
Scott,
Do you have any suggestions on a filter we could use to
accomplish the FOOTER on outgoing email (per prior message)? I have a
customer who wants this for legal reasons. I have asked that he could
place a 'signature' on each of his email clients, however, he doesn't
want to give
First, I know very little about html formatting, but here is my input;
When a message such as a flyer is created in Front Page, each line of text
gets its own formatting information:
###
html
head
meta http-equiv=Content-Language
Hi,
this list has served me well so far:
HELO8 CONTAINS$domain
REVDNS 8 ENDSWITH.a83c9d.net
REVDNS 8 ENDSWITH.are.net
REVDNS 8 ENDSWITH.azogle.com
REVDNS 8 ENDSWITH.bestpost.net
CYBERsitter, now known as SpamManager, is being beta tested by a number of
us with excellent results. It is coming close to being released. Some
information may be found here, www.spammanager.com.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
On the subject of the new comments test, I am looking forward to some one
coming up with a good list to share. ;)
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus
Scott,
Im feeling a bit ignorant so Im hoping that
you can help. I usually try to keep up on the list and usually upgrade
declude.exe within 24 hours of its release. I see discussion of some of
the new features, the autowhitelist on, the comments test etc. Ive
had declude pro junkmail
I m feeling a bit ignorant so I m hoping that you can help. I usually try
to keep up on the list and usually upgrade declude.exe within 24 hours of
its release. I see discussion of some of the new features, the
autowhitelist on, the comments test etc. I ve had declude pro junkmail
and
Thanks. I'll back track through the list to make sure I am getting able
to set up the features that I'm looking for.
Peace - Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Tuesday, February 04, 2003 11:59 AM
To: [EMAIL
John,
Speaking of lists, whose lists do you use.
Keith
-Original Message-
From: John Tolmachoff [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 04, 2003 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Comments
On the subject of the new comments
John,
Speaking of lists, whose lists do you use.
Keith
Currently, I am using mine. However, as time avails, I am going to be
working on incorporating Kami's and Tom's.
I truly feel and am seeing evidence that a balanced approach is the best.
Example, in the last week, not one message
Hi,
not one message deleted by Declude was a false positive
John, how would you know - since they were DELETED and you have no way to
determine their content after the fact?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned
Anyone else out there ever have an issue with spews.org irresponsibly
reporting servers?
They have blacklisted one of my boxes and for a domain we do not even
host. There is not a way to get off their list and their site is quite
flippant.
I can't imagine anyone who could take spews.org
Anyone else out there ever have an issue with spews.org irresponsibly
reporting servers?
No.
But, they will intentionally blacklist IPs that are near a spammer.
They have blacklisted one of my boxes and for a domain we do not even
host. There is not a way to get off their list and their
Scott,
Would it be possible to change the format to this?
COMMENTS comments 5 x 10 0
COMMENTS comments 5 weight 10 0
Where the number is the minimum needed to fail the test.
The second value indicates whether or not the admin wants a cumulative
weight.
The third and forth values indicate
Scott,
As well it should say that! Anyone that would do anything other than
ignore the spews db is out of their minds.
In this case they have been irresponsible. The domain that supposedly
sent spam is not and has never been hosted here.
Furthermore, the inability to be removed and statements
Would it be possible to change the format to this?
COMMENTS comments 5 x 10 0
COMMENTS comments 5 weight 10 0
Where the number is the minimum needed to fail the test.
The second value indicates whether or not the admin wants a cumulative
weight.
The third and forth values indicate base
Spews is a joke and should be taken offline
Agreed.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Agree as well! SPEWS caused more trouble than it did good.
Duane
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 04, 2003 12:16 PM
Subject: RE: [Declude.JunkMail] Comments
Scott,
As well it should say that! Anyone that would do anything
I can't imagine anyone who could take spews.org seriously.
We don't. We completely ignore them. We used to have a class C on a UUNet
T1 and SPEWS had us blacklisted as dial-up IPs.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
Spews Topic:
Spews.org blacklisted one of our mail servers because of a domain that
the client hosts on another host! He has about 20 sites on different
networks and only one sent 1 round of spam from one of his OTHER SITES
BEFORE he moved a domain to us! In other words, the domain in question
Same thing happened to us... You're preaching to the choir on that one.
FWIW, the way we got around it was to work with our ISP and had them
grant us a /29 subnet that wasn't listed on SPEWS.
We then multinetted that network and placed two SMTP servers on it as
gateways/smarthosts.
I've lowered
I do it by using plain old IMAIL Rules...
[rules.ima]
F~[EMAIL PROTECTED]:main
F~[EMAIL PROTECTED]:main
F~[EMAIL PROTECTED]:main
H!~abc123def123ghi123jkl123:NUL
The first 3 lines check the from-address, if there is a match, the message
is places in the 'main' mailbox/folder and rules processing
Mark,
Amazing. Yea... I complete set it to ignore this week. There is no
reason to pay attention to it if they just randomly lump hosts together.
I mean, what is the point?
Regards,
Phillip B. Holmes
Media Resolutions Inc.
Macromedia Alliance Partner
http://www.mediares.com
[EMAIL PROTECTED]
So, if I create say a flyer in Frontpage, then send that as
the body of a message to all of our clients, the multiple
matches will cause a problem, correct?
Hi John,
I mean't to search for normal but uneccessary repeated html-tags like
font ...
This can trigger a lot of false positives not
37 matches
Mail list logo
