Dave,
It works like two different CONTAINS filters.
It takes the value in the first column, and if the MAILFROM contains
the string, then it checks both columns against the REVDNS entry to see
if either one matches. Since the first column has an @ symbol in it,
that will never match, and the
Matt,
Thanks for the suggestions.
With a maxweight variable it would also make sense to add a body
weight variable (so that this weight easily can be set to a value
other than 0). At present, the processor load shouldn't be any
problem, however, since the number of entries is rather few. This
Delete the nobody alias if it's present. That will let Imail reject
misaddressed messages before it processes them. This is way more
efficient,
and it should cut down on your processor and disk activity quite a lot.
What if nobody is a real address?
Robert
- Original Message -
From:
yahoo.com
would require that all possible REVDNS entries contain yahoo.com so a
message would pass the test if the REVDNS of its originating IP was
abc.yahoo.com, abcyahoo.com or abc.yahoo.com.hk, but not yahoo.ca
Correct, but this has the drawback of blocking [EMAIL PROTECTED] if
they do not
Hello,
I think I'm going to implement the spam domains tests. Anyone have
a file they would like to share that works well for them?
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
Hi;
I know this has
been discussed in the past but I am not sure if any solution is
available.
If one person has
[EMAIL PROTECTED] in the address book it appears that
an email sent to this person and many others will be whitelisted for
all.
We have a
situation that a person receives a
Markus;
Thanks for the detailed feedback and kind words. I haven't had time to
the study our numbers (and I believe our statistical universe is much
smaller than yours), but generally speaking I'm pleased with the results
we're seeing here.
For those who are interested, I'll be posting this
on 4/16/04 8:39 AM, Kami Razvan wrote:
I know this has been discussed in the past but I am not sure if any solution
is available.
If one person has [EMAIL PROTECTED] in the address book it appears that an email
sent to this person and many others will be whitelisted for all.
We have a
If one person has mailto:[EMAIL PROTECTED][EMAIL PROTECTED] in the address book it
appears that an email sent to this person and many others will be
whitelisted for all.
Correct.
We have a situation that a person receives a lot of news emails and has
whitelisted his address. Now anything
Hi Markus:
I'm curious:
All of this 24 messages are NDR's or Notifications send from back
to the recipient.
Why did these NDRs contain a blocked URL? Were they indeed wanted NDRs,
or were they NDRs for Spam that wasn't delivered, which happened to have one
of your users as the faked sender?
As for the maxweight, perhaps someone can do it better, but this works for me:
In the variables ection add:
set V_Maxweight=20
In the code after if not %v_weight%== echo SKIPIFWEIGHT %v_weight%
surbl.filter.tmp
add:
if not %v_maxweight%== echo MAXWEIGHT %v_maxweight% surbl.filter.tmp
Scott
My results from a business setting are very positive also.
294 hits.
292 SPAM
2 NotSpam (both from the declude mailing list hitting on webhosting.yahoo.com)
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 04/16/04 03:25AM
It will take a day or two before the log
Dave, allow me to butt in here with the late night reply and say yes, your
interpretation is exactly right for all 3 of your examples.
And let me also add that clarity certainly does help, for example I saw a
weird false positive and chuckled over it.
I had a sd.txt that listed:
mac.com
I will update the script so that it can handle both maxweight and an
optional exclude file.
I don't think that a variable for setting the weight of rows/entries
different from the maxweight is necessary, since the purpose is to
stop processing at a match, so the maxweight option would set the
I'm curious:
I'm too ;-)
Why did these NDRs contain a blocked URL? Were they indeed
wanted NDRs, or were they NDRs for Spam that wasn't
delivered, which happened to have one of your users as the
faked sender?
After searching trough the logfiles I've discovered that this messages are
I guess I was not clear. I know that SMTP Auth works in IMAIL versions but
my question was does it work in declude for all versions of Imail. Or more
Clearly -
Does the Whitelist AUTH function in Declude work with all versions of
IMAIL - I thought I read that this Declude feature only works
I just tested this and the answer is that the processing will stop immediately.
/Roger
Scott, what will happen if all entries in a filter file have the
weight 0 and I use MAXWEIGHT 0? Will the processing stop immediately
or at the first match?
/Roger
--
For the record, it does not read the whole log unless you are not running it
regularly, it writes the last read position to a file and seeks to that
position on the next gather. If ran regularly using scheduler, it wasn't
that bad of a process hog on my old single proc system. I have not set it
Yes, it only works with Imail versions 8.x and above. That is when Imail
added an indicator in the Q file to show that the sender authenticated to
Imail.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
I've been wanting to use WHITELISTFILE for a while now to do per-domain whitelists since we're using per-domain/per-user settings now ( I'm obsessive, what can I say ), and week provided a very obtuse way of allowing me to do so. So, as the instructions say in the manual ( using Declude 1.75 ), I
I created this because I see quite a few messages that use an
IP for the HELO, (and often it is MY mail server's IP). I
have never, ever, not once seen such a message that wasn't
spam, so on my system that test will be weighted quite heavily.
No other MTA should connect to your MTA using
Reply to: Ryan Carmelo Briones
Re: [Declude.JunkMail] WHITELISTFILE problems on Friday 10:24:44 AM
We also see this working intermittently here, so we are a bit
confused. We are wondering if we have the general format wrong?
[EMAIL PROTECTED]
@news.intelligententerprise.com
I see that the Spamhaus XBL returns values 127.0.0.4-6.
I'm currently using 127.0.0.4.
Can anyone tell me what return values 127.0.0.5 and 127.0.0.6 refer to?
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Anyone?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze -
Hostmaster
Sent: Friday, April 16, 2004 8:26 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spamdomains.txt file
Hello,
I think I'm going to implement the spam domains
One other thing.. If there are changes made to the ipfile.txt file, does the
SMTP server need to be restarted for Declude to see and use these changes?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, April 15, 2004 1:22 PM
One other thing.. If there are changes made to the ipfile.txt file, does the
SMTP server need to be restarted for Declude to see and use these changes?
No; any changes to Declude config files are reflected immediately upon
saving the file.
Markus Gufler wrote:
No other MTA should connect to your MTA using your MTA's IP as HELO string.
I don't know if there is any reason to connect with any other IP-address as
HELO-string.
My thinking exactly
Several people has set up a filter file containing
HELO 0 CONTAINS
You mean as a mailbox name instead of an alias? Good question. I don't know
whether it would retain its wildcard capabilities or not., never tried it.
-Dave
- Original Message -
From: Robert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 15, 2004 4:59 PM
Subject: Re:
http://www.theregister.co.uk/2004/04/16/cosmic_419er/
A little levity for Friday.
Andrew 8)
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED],
Hi, Bill-
I've been trying to use the latest download and I can't figure out what's
wrong. I provide complete paths to the log file and global.cfg. The program
lists the tests that are available, then issues a few 0's. After a while it
gives me a blank report.
LOGLEVEL is set to MID
Any
I simply copied a current DEC.log file into the directory I create
for WAMLOG and ran
Wamlog dec0416.log
And it produced a file wamlog.txt in the same directory
Goran Jovanovic
The LAN Shoppe
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
Roger,
I just downloaded the script and got it to update. Thank you.
I looked through the messages on the list but I could not find what is
the suggested weight for this test. Any suggestions? I am currently
marking SPAM at 10 and seeing how that goes. I would like to start
deleting at 20 or so.
Not surprising that you missed this one, based on the subject line:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg17684.html
Sorry if this has already been answered here. My inbound messages on this
list have been highly out of sort order.
Andrew 8)
-Original Message-
From: Scott
I looked through the messages on the list but I could not
find what is the suggested weight for this test. Any
suggestions?
I can see that SURBL has the same efficiency as CBL, DSBL or XBL-DYNA. So
maybe you can use the same weight as for this tests.
At the moment I use a weight
I say let him pay for the transgressions of his brethren in Lagos! ;)
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
702.319.4349
www.xidix.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Friday, April 16, 2004 1:20 PM
http://www.theregister.co.uk/2004/04/16/cosmic_419er/
In the current edition of c't (german computer magazine) is an article about
scambaiters
http://www.craigscrap.co.uk/scam/scam.pdf (german)
People answering to fraud emails and involving the swindlers in email
dialogs for several weeks and
I tried that first on my laptop, then gave up and tried to run it on the
server with the same results. The wamlog.txt file is empty.
-d
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 5:39 PM
Subject: RE: [Declude.JunkMail]
Thanks, Scott.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 6:58 AM
Subject: Re: [Declude.JunkMail] why does this fail the spam domains test?
yahoo.com
would require that all possible REVDNS entries contain
This works for me:
wamlog dec0416.log c:\imail\declude\global.cfg
Modify the parameters to suite your environment, of course.
Andrew 8)
-Original Message-
From: Dave Doherty [mailto:[EMAIL PROTECTED]
Sent: Friday, April 16, 2004 8:54 PM
To: [EMAIL PROTECTED]
Subject: Re:
Thanks, Andrew-
That follows the pattern I often use with whitelisting... It reinforces the
power of tools we have at our disposal and the care with which we need to
use them.
ie: sex matches a lot of common place names like middlesex and essex.
-d
- Original Message -
From: Colbeck,
40 matches
Mail list logo
