Here.
Running SmarterMail 3.3.2369, Declude 4.2.3.
Shayne
Original Message
From: Michael Jaworski [EMAIL PROTECTED]
Sent: Tuesday, November 14, 2006 7:55 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] CMDSPACE/SmarterMail
Anyone using SmarterMail
For Wednesday, November 15th I will be out for most of the day with limited
access to Email. Please contact [EMAIL PROTECTED] or [EMAIL PROTECTED] for
urgent computer matters.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Hi, all-
The last day or two, I've been getting a lot of spam with a first name for
the subject, and the same name in the from display address.
Some of this is geting caught, but a lot is leaking through.
Can anyone think of a way to check whether the subject is contained in the
from
Bill,
IPBYPASS applies to everyone that comes from Postini, and they do leak
spam. To make matters worse, Postini strips some of the original
Received headers. You can use HOPHIGH to get back to the first one
which should be the source that connected to Postini, but I would not
score prior
If this is the one you mean, we are getting lots but message sniffer is
catching them all.
From: Clara Meier [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Probable SPAM:Clara
Date: Wed, 15 Nov 2006 14:36:18 +0180
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;
There are some big differences between clustering and database
mirroring...
Yeaahhh... er... was that in question?
The point of the e-mail you just responded to was you *do not* need
more than one licensed copy of SQL Server to use database mirroring.
The passive server does not
Does anyone have the proper setup in Declude to query
sbl-xbl.spamhaus.org and interpret the result?
I don't think I'm doing it correctly.
Thanks
-David
--
Best regards,
David mailto:[EMAIL PROTECTED]
---
This E-mail came from the Declude.JunkMail mailing list.
Global.cfg
-
SBL ip4rsbl.spamhaus.org * 55 0
XBL ip4rxbl.spamhaus.org * 55 0
or , for combined results,
SBL-XBL ip4rsbl-xbl.spamhaus.org * 55 0
$default$.junkmail
---
SBL WARN
XBLWARN
or , for combined
Yes, it is similar. For some reason, sniffer doesn't seem to getting all of
them.
I wonder if something like
FROM 10 CONTAINS %SUBJECT%
might work
-Dave Doherty
Skywaves, Inc.
97 Webster Street
Worcester, MA 01603
508-425-7176
[EMAIL PROTECTED]
- Original Message -
From: Herb
Hello Darin,
Wednesday, November 15, 2006, 4:12:49 PM, you wrote:
DC SBL ip4rsbl.spamhaus.org * 55 0
DC XBL ip4rxbl.spamhaus.org * 55 0
I was using 127.0.0.2 for SBL and 127.0.0.4 for XBL but Spamhaus lists
.2-4 for SBL and .2-6 for XBL but I guess * would work
Right. * means score on any result.
SBL-XBL combines the two, which is more optimal if you want the results of
both tests and score them the same. So if you run SBL-XBL, make sure you
remove the individual SBL and XBL tests from your config.
Darin.
- Original Message -
From: David
This is how to do it properly. Declude will do the lookup once when
configured like this.
SPAMHAUSdnsbl%IP4R%.sbl-xbl.spamhaus.org127.0.0.2
120
XBLdnsbl%IP4R%.sbl-xbl.spamhaus.org127.0.0.460
BLITZEDALL dnsbl
Hi Matt:
Are you saying there is an advantage of the dnsbl syntax over using the
standard ip4r syntax:
SPAMHAUS ip4rsbl-xbl.spamhaus.org127.0.0.2 120
XBLip4rsbl-xbl.spamhaus.org127.0.0.460
BLITZEDALL ip4rsbl-xbl.spamhaus.org127.0.0.6
can you post the headers from samples that were delivered on different days?
Then we can help I betcha
-Nick
Dave Doherty wrote:
Yes, it is similar. For some reason, sniffer doesn't seem to getting
all of them.
I wonder if something like
FROM 10 CONTAINS %SUBJECT%
might work
-Dave
I don't use sbl-xbl or xbl, so I can't confirm this...
but there website refers to a 127.0.0.5 for a NJABL and the 127.0.0.4 for
CBL
No mention of blitzedall anymore.
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20XBL
What do the different return codes in the XBL mean?
Andy,
What you posted will work exactly the same way and there is no advantage
either way except that your example is more normalized. I use the
variables for a purpose that isn't necessary for most.
Matt
Andy Schmidt wrote:
Hi Matt:
Are you saying there is an advantage of the dnsbl
Then what was wrong with my example?
Darin.
- Original Message -
From: Matt
To: declude.junkmail@declude.com
Sent: Wednesday, November 15, 2006 7:19 PM
Subject: Re: [Declude.JunkMail] Spamhaus
Andy,
What you posted will work exactly the same way and there is no advantage either
You are correct. I clearly missed the change where they removed
BLITZEDALL from distribution with the 127.0.0.6 result. That result is
still listed on the main XBL page, but I didn't get a single hit for it
today, so it clearly isn't working.
NJABL has also been included now with 127.0.0.5
nothing - Matt with his trickery is adding more weight to a last hop
that fails the test...
-Nick
Darin Cox wrote:
Then what was wrong with my example?
Darin.
- Original Message -
*From:* Matt mailto:[EMAIL PROTECTED]
*To:* declude.junkmail@declude.com
Darin,
You were using different addresses for the lookups. It works the same
except that two requests are sent instead of one. If you combine the
SBL, CBL(XBL) and NJABL lookups to use the same sbl-xbl.spamhaus.org
domain, it will only need to do one lookup even if there are multiple
I didn't think there was any difference between the two examples, except for
the different scoring based on DNS result code.
Just curious as to why mine was deemed improper...
Darin.
- Original Message -
From: Nick Hayer
To: declude.junkmail@declude.com
Sent: Wednesday, November
Ok, I was really pointing to using combined results instead of separate. For
the separate results, I was going by the hostnames SpamHaus listed:
http://www.spamhaus.org/sbl/howtouse.html
Their examples were sbl. and xbl. for individual, but I see what you were
saying in terms of Declude lookup
FYI... from http://www.spamhaus.org/xbl/index.lasso
Mail servers already using dnsbl.njabl.org are advised to continue doing so,
as dnsbl.njabl.org is itself a composite list and contains more than the open
proxy IPs list part now incorporated in XBL.
So there is partial, but not complete,
I just read that, too.
I've commented out my NJABLPROXIES ip4r test in my global.cfg and noted
that this is duplicated in my XBL test.
Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Darin Cox
Sent: Wednesday,
Read my post and not Nick's :)
Matt
Darin Cox wrote:
I didn't think there was any difference between the two examples,
except for the different scoring based on DNS result code.
Just curious as to why mine was deemed improper...
Darin.
- Original Message -
*From:* Nick Hayer
And if you're wondering where the BLITZED ip4r test went:
http://wiki.blitzed.org/OPM_status
Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Colbeck, Andrew
Sent: Wednesday, November 15, 2006 5:13 PM
To:
FYI, from Steve Linford of spamhaus:
http://groups-beta.google.com/group/news.admin.net-abuse.email/msg/2d050ab220faf931
http://www.spamhaus.org/zen/
Bill
David Sullivan wrote the following on 11/15/2006 12:58 PM -0800:
Does anyone have the proper setup in Declude to query
27 matches
Mail list logo