Yet another update to SPAMC32 that's useful when deployed as
a Declude 'weight' test type. See the release notes below
and download from the traditional /release folder.
As SpamChk is not anymore alone as external 'weight' test maybe also SPAMC32
users are interested in having 'weight+'
Yes, I would be interested in this very much since it would greatly
ease the management, testing and reporting of such tests, and I have
been working on something myself that would be capable of returning
both positive and negative weights and I didn't want to be running it
twice to get the
If you don't mind me expanding on the bitmask ideaSniffer users
would benefit from this greatly as many spams fail multiple Sniffer
tests. This would allow us to score each result code that it returned,
i.e.
SNIFFER-GENERALbitmask 1
"C:\IMail\Declude\Sniffer\execode.exe mycode" 6 0
This is the same idea I mentioned a year
agowhen we were all talking aboutcombo tests in Decludeonly
problem being if you use more unique tests than the numeric type
supported. Assuming the weight/bitmask number is a 4-byte unsigned int,
then we have a maximum of 32 tests.
Darin.
Anyone else seeing this? Wednesday our
incoming spam increased by about 80%, and yesterday it increased another
50%...so there was a total of about a 120% increase in two days.
Someone's been busy. Also, a lot more zombie
spam...
Darin.
There is an additional challenge with working Sniffer this way.
Sniffer uses a competitive selection function to derive a single
result value... this helps to prioritize the rule strength analysis.
If I were to map symbols to bits (which would happen in the .cfg file)
then the log file would need
I could deal with 32 result codes for a single test :)
I'm hoping that Pete will weigh in on this. We had a discussion once
about how to weight multiple hits, and he was leaning towards an
internal probability based method, but this would give us far more
flexibility as administrators IMO.
On 4 Nov 2004 at 16:01, Colbeck, Andrew wrote:
Hi Andrew -
An Off Topic thread ...
On various domains I administer, a single point of failure mailhost
has been good enough, but I'm shortly going to add a second host on a
second network for redundancy.
If you are looking for a location or
On Friday, November 5, 2004, 8:26:30 AM, Darin wrote:
DC Anyone else seeing this? Wednesday our incoming spam
DC increased by about 80%, and yesterday it increased another
DC 50%...so there was a total of about a 120% increase in two days.
DC
DC Someone's been busy. Also, a lot more zombie
On 5 Nov 2004 at 3:34, Serge wrote:
Serge,
i'm more a foxpro guy
hmm - I figured I was the only foxpro guy on this list! :)
-Nick
but i suppose the access code will be easy to translate
would appreciate if you email the code
- Original Message -
From: Scott Fisher [EMAIL
Certainly...I was thinking of it in the broader
sense, though. For example, we run more than 32 tests within Declude, so
it would only work for us if we culled the list down a bit, which we could
probably do quite easily with a lot of the DNSBLs that rarely get hit and are
almost always
Pete,
I'm sure that you would make this optional regardless, but the
functionality would definitely far outweigh the minor bit of confusion
when looking at the logs. If you simply published a map of the bits to
the result code logged, that would be plenty fine as far as I'm
concerned. In my
Darin,
If its an unsigned 4-byte wouldnt it be 4,294,967,295 tests?
Darrell
Darin Cox writes:
This is the same idea I mentioned a year ago when we were all talking about combo tests in Decludeonly problem being if you use more unique tests than the numeric type supported. Assuming the
Darin,
Correct me if I'm wrong, but I was expecting that this would only be
internal to one external test at one time and have no effect on
anything else, i.e. DNSBL's. So the only limitation would be 32 result
codes for each external test which is workable. I would also imagine
that a
Hello,
Just signed back up for this list again. I was wondering if people could
share some sample default junkmail files and cfg files? I am using Declude
for anti-spam only as of now and would be interested in seeing how other
people are setting theirs up. Our current config is working
Title: Message
Matt/Pete:
I may
not have understood your specific problem. But it's no clear in my mind,
what this would gain.
Here
is my sniffer configuration. It already allows me to score each result
code that it returns?
SNIFFER external nonzero "sniffer.exe licensecode" 6
0
Not really.
There was a slight increase of around 5% for the last two
days.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin
CoxSent: Friday, November 05, 2004 2:27 PMTo:
[EMAIL PROTECTED]Subject: [Declude.JunkMail] Huge
increase in spam in
I believe some ip4r return bitmasks
too:
Blitzedall. (the test is 99.8 percent efffective,
so I don't see potential for much improvement).
BLARS. (not used by me since it is not effective.
Maybe some of the bitmasking would help?)
If we are on the dreaming subject for the future,
the
Title: Message
DNS Report for microsoft.com
Generated by www.DNSreport.com at
15:26:05 GMT on 05 Nov 2004.
[ERROR: Timed out getting NS data from parent
server]
If you can handle an Access 2002 DB, I posted a link at the bottom of my
webpage:
http://it.farmprogress.com/declude/declude.htm
The advantage of the db over the code is you can see the table defs. If you
can't handle Access, let me know.
- Original Message -
From: Serge [EMAIL
On Friday, November 5, 2004, 9:44:41 AM, Andy wrote:
AS Matt/Pete:
AS
AS I may not have understood your specific problem. But it's
AS no clear in my mind, what this would gain.
AS
AS Here is my sniffer configuration. It already allows me to
AS score each result code that it returns?
On Friday, November 5, 2004, 8:53:41 AM, Matt wrote:
M Pete,
M I'm sure that you would make this optional regardless, but the
M functionality would definitely far outweigh the minor bit of confusion
M when looking at the logs. If you simply published a map of the bits to
M the result code
On Friday, November 5, 2004, 8:51:04 AM, Darin wrote:
DC Also, I don't know for sure whether Scott or Pete use
DC unsigned 4-byte ints for the weights. Scott actually probably
DC uses signed ints, so you lose half of the bits...and if the
DC weight is a 2-byte signed int then the number of
It's been my experience that such requests aren't generally answered, at
least on the list. More specific requests such as what DUL lists are
you using however generally get answered. The issue is probably
related to people not wanting to give away all of their own work.
Besides, you would
Pete McNeil wrote:
I'm not sure this is really going to be that useful - certainly it
would be more complex - but if enough people are interested in the
feature then I would build it.
I think this would be most useful in combining hits for SNIFFER-IP
and/or SNIFFER-EXPERIMENTAL with
1) Do other people want this functionality in external
apps such as Sniffer (please speak up if either for or
against being able to score multiple hits)?
2) Would Declude be willing to introduce the functionality?
Regarding SPAMCHK I can't see any benefit for bitmask return codes.
Markus Gufler wrote:
The only thing that would be usefull is, if we can differentiate between
positive and negative results. Or in other words: If we want to combine or
analyze SpamChk results it's not so important if the result was +10 or +40.
But it's a big difference if the result was -10 or
www.activeinternet.com
They claim they are great at spam fighting using SpamAssasin.
However, they do not know what they are doing.
They are sending a Challenge/Response to forged senders:
__
PRE
This message has been
Will having a mis-matched round-robin MX record vs. HELO on the SMTP server
cause any issues with Spam filters?
IOW, Let's say I setup 1 MX entry:
MX - MX.domain.com (Pref 10)
Then Round robin:
A - MX.domain.com - 192.168.100.1
A - MX.domain.com - 192.168.100.2
A -
I think the potential to bitmask is a good idea.
I agree that if something that hit two or more Sniffer results, I would be
more tempted to punish harder.
Unfortunately I don't think we are going to see many Declude enhancements in
the near future.
I imagine they are programming like gang-busters
From: "Darin Cox" [EMAIL PROTECTED]Sent: Friday, November 05, 2004 8:30 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Huge increase in spam in the last 2 days Anyone else seeing this? Wednesday our incoming spam increased by about 80%, and yesterday it increased another 50%...so there was a
Regarding SPAMCHK I can't see any benefit for bitmask return codes.
Yeah, me neither with SPAMC32.
I do like the positive/negative concept, and I'd go it one further: a
WEIGHTXn test type, which allows you to multiply the test result by n.
This would allow for negative returns:
SPAMCHK+
http://biz.yahoo.com/fool/041105/1099675080_1.html
Hurray
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
What are we all going to do when there are no more spammers? :)
Sorta' like living in a town that's driven by tourism and saying I hate the
tourists. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
Sent: Friday, November 05, 2004
Thanks, everyone.
I was hoping for more war stories, or specific gotchas with more ornate
configurations, so I'm suprised at the few responses. For example, I've
noted that IMail has a queuing problem with HotMail advertising MX servers
that don't actually accept mail, or that don't exist, which
Colbeck, Andrew wrote:
Thanks, everyone.
I was hoping for more war stories, or specific gotchas with more ornate
configurations, so I'm suprised at the few responses. For example, I've
noted that IMail has a queuing problem with HotMail advertising MX servers
that don't actually accept mail, or
Mark E. Smith wrote:
Sorta' like living in a town that's driven by tourism and saying I hate the
tourists. :)
Actually, we say Since it's tourist season, what's the limit? ;)
--
For it's Tommy this, an' Tommy that, an' Chuck
Thanks, Matt.
For myself, I also found that DNS cacheing and failed domain skipping
were good ideas in the lab, but bad in the real world. I had turned them
off before I saw a problem with Hotmail.com, and later with Microsoft.com
itself. It's a problem with Microsoft and with Ipswitch;
Yep...that's what I said signed int loses a bit... I mentioned it
because I believe Declude probably uses signed ints, since there can be
positive or negative weighting...but you make a good point that if you're
using it for bitmasking, then you could probably use the full bitspace.
But the
I certainly understood your desiresI was
extending it to what was originally proposed a year ago for combo testing within
Declude. I think most people using Pro have gone to filters to do this
instead, since it's easier that way. But those on Standard could use
bitmasking to achieve the
Nope...4 bytes = 32 bits. To be able to isolate a single test from a
combined result, you have to be able to factor the sum somehow. The most
common way to do it is with bit masking.
So consider Test1 that has a weight of 1, Test2 has a weight of 2, Test3 has
a weight of 4, etc. Now if your
Yeah, what Matt said.
In my own words: Everybody has a custom configuration, so what works for
them WON'T work for you.
Since you've only just re-joined the list, I'll mention that Markus Gufler
and Pete McNeil have collaborated on the back-end for a nifty graph
indicating just how useful the
Does anyone have a filter that works well on
stopping Joe Job bounces (preferably while not stopping legit
bounces...)?
There are 3 different type of NDR's caused by joe
jobs.
All 3 are comming back not from spammy servers but from
legit servers bouncing spam messages with wrong recipient addresses. (so far
nothing new)
I've identified the following 3 types
a.) NDR with the part of the original spam
LOL. This is some great information for all the responses that I have
gotten. I have been messing with my configs, seems like weekly, for about 2
years now. Was curios what other people were doing. Running 3 IMail
servers and handling about 700,000 messages a day now for over 500 domains..
Fun
45 matches
Mail list logo