So far, only 1 that cause a message to be held. On the other hand, I find
considerable overlap with some of the other big name tests, so I'm catching
more spam than I did, while also making the stuff I caught before score even
higher.
That is why I stopped using the DUL list; it's a list of dynam
How are the false positive rates ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Thursday, August 28, 2003 12:30 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] OSRELAY question.
Until a few days ago, I was using SORBSA
Until a few days ago, I was using SORBSALL, but on checking out their home
page, I found that it had grown quite a lot since I started using it.
Since JunkMail will only incur the lookup once, I suggest that if you're
using SORBS that you break it up into all the little tests to query the same
rbl
Hi Todd:
Yes we hold on 20.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 5:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] OSRELAY question.
Kami,
I assume based
Kami,
I assume based on your weights that you are Holding at 20?
Todd
At 03:51 PM 8/27/2003 -0400, you wrote:
Hi Todd:
Attached is the IMail blacklist file. It has the detail of all the tests
that we run. As stated earlier we do our tests in IMail and then add the
header to be lat
Thanks Kami,
We are
still on IMail 7.15. IMail 8 is sitting on the shelf until I have
some time to deal with the upgrade. I assume to include one of
these test in Declude it would be in the form of
CHINABLACKHOLE ip4r
china.blackholes.us
127.0.0.2 5 0
Todd
At 03:51 PM 8/27/2003
Hi Todd:
Attached is the IMail blacklist file. It has the detail of all the tests
that we run. As stated earlier we do our tests in IMail and then add the
header to be later evaluated by Declude as filter files.
If you want simply replace this file in the IMail directory (version 8 only)
and al
Kami,
Just to clarify, I wanted to know about your tests labeled BHOLE-
Todd
At 02:09 PM 8/27/2003 -0500, you wrote:
Kami,
Could please elaborate on some of the tests here and how I might
use them in Declude config. You are rating them very high so I assume
they are gi
The replacements that I'm using are marked up red with the results for the
last few hours.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Soft
Kami,
Could please elaborate on some of the tests here and how I might
use them in Declude config. You are rating them very high so I assume they
are giving you good results.
BHOLE-BRAZIL, BHOLE-BRAZIL etc...
Thanks,
Todd
At 09:25 AM 8/27/2003 -0400, you wrote:
Hi Nick:
This is
Hm - may be this list doesn't support HTML mail (or doesn't support
attachments), here is that screen shot again, this time as a BMP file.
The replacements that I'm using are marked up red with the results for the
last few hours
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Cresc
Hm - may be this list doesn't support HTML mail (or doesn't support
attachments), here is that screen shot again, this time as a BMP file.
The problem is that you are trying to send a 250K attachment, which is
clogging up our Internet connection. Perhaps you could convert it to a
small .jpg fil
I've found that my scoring in Declude shouldn't be indicative of what
is most
commonly associated with spam only, but also what is most commonly
associated with other tests and false positives. This speaks to the
trouble with rating
the individual blacklists, scoring them in isolation from one
There's not even a date header in that message. What would an E-mail
client even do with that? 1969?
I probably switched from Scott's methodologies very early on, requiring
a message to fail BADHEADERS, SPAMHEADERS (combined score of 8) plus at
least one other test before it gets rejected wit
Hi;
What I have found working the best was:
1: Add as many of the tests as you want with 0 weight.
2: Add a header for every test
3: Monitor your headers and adjust the weights accordingly.
4: After several months start taking out the tests that their weight has
stayed 0.
This is a lengthy
Please excuse me if this have been discussed before but I wanted to find
out what it would take for the Declude users to develop there own RBL of
some sort?
See http://www.declude.com/junkmail/support/ip4rinfo.htm for information on
how a DNS-based spam database is set up (FYI, "RBL" is a trade
Anyone have the command line to use SPEWS?
Thanks,
Todd
At 01:07 PM 8/27/2003 -0400, you wrote:
And here's my newly edited file:
DSBLip4rlist.dsbl.org*50
MONKEYPROXIESip4rproxies.relays.monkeys.com *
50
ORDBip4rrela
Please excuse me if this have been discussed before but I wanted to find
out what it would take for the Declude users to develop there own RBL of
some sort?
Thanks,
Todd Hunter
Progressive Systems
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mai
Im really surprised that there isn't a site out there that reviews and rates
those RBLs. All I have seen is listings.
The problem is that it is very, very difficult to determine the key piece
of information: false positive ratios. Most of the information that people
have about the DNS-based spa
The fact that SPEWS is gone is not a bad thing!
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Matthew Bramble
> Sent: Wednesday, August 27, 2003 1:11 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] OSRELAY Replacement question.
>
It's a shame because I was catching a great deal more spam, but I may have
to back off on the weight of this test. This looks like a log file that one
guy has e-mailed from a D-link router. Why don't companies have this stuff
compliant. sigh
Received: from DI-604 [65.41.30.4] by mail.p
Im really surprised that there isn't a site out there that reviews and rates
those RBLs. All I have seen is listings.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Webmaster Oilfield
Directory
Sent: Wednesday, August 27, 2003 7:48 PM
To: [EMAIL PROTECTED
The message below came over the Imail discussion board. Should I be
removing the lines:
OSDIPS ip4r relays.osirusoft.com 127.0.0.3 5 0
OSFORM ip4rrelays.osirusoft.com 127.0.0.8 5 0
OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0
OSPROXY ip4r relays.osirusoft.com 127.0.0.9 7 0
Here is the replacements that I'm using (marked up red) with the results for
the last few hours:
Best Regards
Andy Schmidt
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith
Sent: Wednesday, August 27, 2003 09:44 AM
To: [EMAIL PROTECTED]
Sub
Let me also correct one thing. I mentioned SPEWS as an alternative to
Osirusoft, but that one also comes from their servers :) In otherwords,
don't use that either (as noted in Hank's recent message).
Matt
Andy Schmidt wrote:
Here is the replacements that I'm using (marked up red) with the
And here's my newly edited file:
DSBLip4rlist.dsbl.org*50
MONKEYPROXIESip4rproxies.relays.monkeys.com *
50
ORDBip4rrelays.ordb.org*40
SPAMCOPip4rbl.spamcop.net1
I can't see your replacement suggestion
Best regards
Xavier
- Original Message -
From: "Andy Schmidt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 27, 2003 5:51 PM
Subject: RE: [Declude.JunkMail] OSRELAY Replacement question.
> Here is the replacements that I
Scott:
The message below came over the Imail discussion board. Should I be removing
the lines:
OSDIPS ip4r relays.osirusoft.com 127.0.0.3 5 0
OSFORM ip4rrelays.osirusoft.com 127.0.0.8 5 0
OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0
OSPROXY ip4r relays.osirusoft.com 127.0
FYI Andy, Netscape 7's mail program can't see your information
(winmail.dat problem).
Regarding the discussion, I included several of the FIVETEN tests a few
months back when I saw that Ipswitch was including them in their default
configuration file (figured this would help that source's popula
wow! yes there are a lot... but that begs another important
question... which ones to use.. :( what is everyone else using ???
thanks
sheldon
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 27, 2003 5:41 AM
Subje
Well Scott you are correct again. I had a cut and paste error in the filter
file all of the lines ended with an extra space except the last two lines.
Kevin Bibee
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
> Sent: Wednesday, August
Hi guys,
The "Confirmation Required" message from this list
did not pass the SPAMHEADERS test of Declude..:-)))
Why is that Scott??
Received: from declude.com [66.189.124.29] by mail.cwc.nl with ESMTP
(SMTPD32-7.13) id A85F9A01BA; Wed, 27 Aug 2003 15:55:43 +0200
From: <[EMAIL PROTECTED]>
To: <
The "Confirmation Required" message from this list
did not pass the SPAMHEADERS test of Declude..:-)))
Why is that Scott??
That's because Ipswitch still hasn't fixed the bug in IMail1.exe where it
won't add the Message-ID: header.
-Scott
---
Dec
Hi,
Thanks for your interest in Alligate. We recommend that you first look over
the product documentation so that you will have a good understanding of
Alligate's capabilities and installation requirements.
The documentation can be downloaded at the following address:
http://www.alligate.com/dow
Anyone have any recommendations on what to replace:
#OSDUL ip4rrelays.osirusoft.com127.0.0.3
5 0
#OSFORM ip4rrelays.osirusoft.com127.0.0.8
5 0
#OSLIST ip4rrelays.osirusoft.com127.0.0.7
5 0
#OSRELAY
Hi Nick:
This is what we have in our filter file. We use IMail to do the testing and
then use a filter file to give them weight. Just in case it helps you this
is what we have:
We had all of what is listed in Declude site and wrote a program to evaluate
all the server logs for 5 months and pick
>
> Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that
> there are plenty of spam databases left. :)
>
>-Scott
You are correct - BUT - besides the default ones listed in the
*old* manual how can we know which to use that give the most ac
I checked my logs and the REMOTEIP lines are catching the mail but the
subject lines with "RE: " are not catching the mail. the subject lines
without the "RE: " are catching the emails.
That is odd. Could there be spaces/tabs at the end of the lines that
aren't working?
If that doesn't explain
Okay. another one bites the dust. scheeesch, pretty soon
there won't be many spam databases to choose from will there looks like
they are winning the battle but will they win the war
Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there
are plenty of
The latest news in the Osirusoft saga:
http://slashdot.org/article.pl?sid=03/08/27/0214238&mode=nested&tid=111&tid=126
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send
Okay. another one bites the dust. scheeesch, pretty soon
there won't be many spam databases to choose from will there looks like
they are winning the battle but will they win the war
- Original Message -
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
To: <[E
I would go with option B and comment them out.
Bill
- Original Message -
From: "Robert Grosshandler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 26, 2003 5:55 PM
Subject: RE: [Declude.JunkMail] OSRELAY question.
> I'm feeling dumb this evening, so I'll share my dum
Yes, because if you do not disable the Osirusoft tests, it will only cause
unnecessary mail processing delays, as your queries wait for a response and
eventually time-out (approx 10 seconds), since the rbl is no longer
responding to queries, or is returning bogus responses. In either case, not
a g
Well...made it to their web site and this is what it says
"Due to the severe drain of resources, relays.osirusoft.com will be down for
an undetermined period of time. Please ask all sites using data from
relays.osirusoft.com to stop until further notice. "
So, I have commented out the tests until
I checked my logs and the REMOTEIP lines are catching the mail but the
subject lines with "RE: " are not catching the mail. the subject lines
without the "RE: " are catching the emails.
I have changed the IS in SUBJECT lines to CONTAINS and I get the same
results.
I want these emails because I ha
There have been similar posts on NANOG indicating xxx.osirusoft.com are
returning all 127.0.0.2. Apparently they are under a massive DDOS attack
Rick Rountree
Sr Network Admin
Dundee.Net
At 08:38 PM 8/26/2003, you wrote:
FYI, looks like Joe Jared (of Osirusoft) is finally hanging it up.
Bil
hi scott
does this mean we need to stop using all of the tests below ?
OSDUL ip4rrelays.osirusoft.com 127.0.0.3 5 0
OSFORM ip4rrelays.osirusoft.com 127.0.0.8 6 0
OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0
OSPROXY ip4rrelays.osirusoft.com 127.0.0.9 7 0
OSRELA
I'm feeling dumb this evening, so I'll share my dumb question, sorry in
advance.
The appropriate action for us to take then is to
A) do nothing
B) modify our global.cfg to comment out the 6 or so relays.osirusoft.com
tests
C) Something completely different
Inquiring minds would like to know.
Th
I have setup a filter to froward all email that seems to be from the sobig
virus to a specian mail box.
Global.CFG
SOBIGFILTER filter D:\IMail\Declude\SOBIG.txt x 0
0
sobig.txt
REMOTEIP 0 IS 206.111.17.194
REMOTEIP 0 IS 66.185.39.38
REMOTEIP 0 IS 66.123.247.
FYI, looks like Joe Jared (of Osirusoft) is finally hanging it up.
Bill
- Original Message -
From: "James Miller" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 26, 2003 4:07 PM
Subject: RE: [SAtalk] OSIRUSOFT -- should they be used any more?
> Update OSIRUSOFT issue:
I've seen it to.
Additionally http://relays.osirusoft.com isn't responding and emails are
being bounced.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick
> Sent: Tuesday, August 26, 2003 8:14 PM
> To: Declude. JunkMail (E-mail)
> Subject
Yes, this has been reported both on Imail list and this list at 08/24.
news.prodigy.com
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Chuck S
In going thru the held mail I am finding some emails with this warning.
X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com
This only shows up on a few emails but it causes the email to fail the
OSRELAY test - meaning more false positives. Other emails either do not
have the warning
In going thru the held mail I am finding some emails with this warning.
X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com
This only shows up on a few emails but it causes the email to fail the
OSRELAY test - meaning more false positives. Other emails either do not
have the warning
54 matches
Mail list logo