> I don't want to knock Alligate, it has some nice functionality,
> especially when used without Declude (auto whitelisting and digest
> notification), and it does what it says, but it has a relatively high
> false positive rate in the default configuration and therefore it can't
> be scored higher
Matthew, your MAILPOLICE tests are configured wrong. Those are rhsbl tests, not ip4r
tests. The config lines should read...
MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 10 0
MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 10 0
Bill
-Original Message-
Fro
Hi Matt, I guess I'll chime in here...
On 08/20/03 10:31pm you wrote...
>I just joined the list today, but I found your configuration file from
>back in June and it was very helpful in understanding how to fine tune
>Alligate. I'm going to study it's logs more closely before I start that
>ph
At 10:31 PM 8/20/2003 -0400, you wrote:
I don't want to knock Alligate, it has some nice functionality, especially
when used without Declude (auto whitelisting and digest notification), and
it does what it says, but it has a relatively high false positive rate in
the default configuration and
John,
I just joined the list today, but I found your configuration file from
back in June and it was very helpful in understanding how to fine tune
Alligate. I'm going to study it's logs more closely before I start that
phase though, looking for false positives. I've turned that test down
to
I'd also like to share my configuration. We have about 50 E-mail
domains with about 250 users, with many addresses listed in who-is
records and on Web sites, along with "nobody" alias redirection for all
domains. This results in a lot of garbage coming our way. We are
definitely capturing 95
A little heads-up about SoBig.F ...
2,000 of my inbound e-mail messages today has been this virus, from a
variety of sources.
The messages are the virus itself, neutered versions of the message, and
bounces/warnings from dummy antivirus software on mailservers out there that
still warn the sender
Glad to. By the way, we also use Autowhite (I hate the thought of missing
any mail). Also, our Declude config is near-stock, we hold on 20, delete on
30.
#Alligate for IMail CONFIGURATION FILE (MINIMUM CONFIGURATION)
#PLEASE SEE THE CONFIGURATION INSTRUCTIONS FOR MORE OPTIONS
#GENERAL NOTES
# A
As one of the earlier testers and helped develop the variable scale of
Alligate, I can understand your position. I have a client that gets a lot of
e-mail from the Far East and a lot of bcc broadcasts and lists. Many of
these show elements of spam, but are legit. That is what makes it hard.
There
Rob,
If you don't mind sharing, what config settings do you use for
Alligate..
Keith
-Original Message-
From: Robert Grosshandler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 5:54 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Alligate vs. Message Sniffer...op
We use both. Between them, plus the Declude tests, our false positive level
is very, very low.
Our scoring is such that if an e-mail triggers both Sniffer and Alligate, we
treat as spam. If it triggers both, and has other characteristics of spam,
its score is high enough that it gets deleted wit
I've been a Declude Virus and JunkMail customer for about a year and a
half now. At first the spam blocking was just something that only a few
of my ~250 users (hosting) found beneficial, but in the last 6 months I
have had to continually push the limits with the tests in order to keep
it from
If you will not be accepting E-mail on the server, you will need to either
[1] copy the files from the \IMail\spool\overflow directory back to the
\IMail\spool directory, and have IMail handle the deliveries (in which case
Declude won't get a chance to scan them), or [2] Simulate incoming E-mail
Scott,
I am going to stop the smtp service so no mail will be coming in.
Essentially, at that point I need to clear out that overflow queue..
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, August 20, 2003 2:40 PM
I have a lot of emails failing both spamcop and ossrc , but I cannot fine
any documentation on ether one , I search both the doc and email archives.
Would like a description of the test and what weight do they carry .
Those are standard public spam tests (as in not internal to Declude). You
I have a lot of emails failing both spamcop and ossrc , but I
cannot fine any documentation on
ether one , I search both the doc and email archives.
Would like a description of the test and what
weight do they carry .
Thanks
Howard
This e-mail message, including any attachme
Title: RE: [Declude.JunkMail] Alligate
Scott,
I have a backup mail server that is a bit
under-speed of our primary mail server. Right now the backup mail server is
being pounded with SoBig which has forced the box to 100% cpu and the queue is
growing slowly.
I am going to stop the
I have a backup mail server that is a bit under-speed of our primary mail
server. Right now the backup mail server is being pounded with SoBig
which has forced the box to 100% cpu and the queue is growing slowly.
I am going to stop the smtp service in imail on this backup server while I
sw
John,
We have it as a Declude only test
Keith
-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
Sent: Wed 8/20/2003 1:05 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [Declude.JunkMail] Alligate
Yes, Alligate is a very good product.
I do see a number of false positives, but that is because of my clients.
I have a large client that gets a lot of e-mail from the Far East and broadcast
messages. These, because of the nature, tend to trip tests do to poor formatting or
other problems.
Exa
> Even though the replies come back with 127.0.0.5, I had to
> change my global.cfg entry to:
>
> SECURITYSAGE rhsbl blackhole.securitysage.com * 2 0
>
> in order for it to work correctly.
Ok, now it's reporting some spamming IP's
However all messages SECURITYSAGE has detected on our
Great script, very useful. I'm scheduling it to run on our logs every
day and email it to support, I do the same thing with the declude log
file report.
Cheers
Jools
On Tue, 19 Aug 2003 18:15:52 -0400, you wrote:
>For anyone who wants this, here's a new script that will sort your
>delude log f
Hi,
Is Alligate so good ? What about false positive ?
Thanks
Mehdi Blagui
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de John Tolmachoff (Lists)
Envoyé : mercredi 20 août 2003 06:06
À : [EMAIL PROTECTED]
Objet : RE: [Declude.JunkMail] Alligate
Do you
Title: Nachricht
At the
moment you can add a new WARN action that put's a special X-Header for messages
having more then ~200% of your hold weight.
Now
you can write a script (perl, vbscript, ...) that searches every x minutes in
all files in your \spool\spam directory for this x-header an
24 matches
Mail list logo
