ow works again.
Darrell
-Original Message-
From: Darrell LaRock [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 08, 2004 9:38 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] SURBL issue
Scott,
What version of the script are you using? I just checked mine and i
Scott,
What version of the script are you using? I just checked mine and it is
giving me the same thing on both of my servers. I have surbl_filter.cmd
version 1.1
Tue 09/07/2004 1:23a Update successful [976 entries]
Tue 09/07/2004 1:53a Update failed [conversion error]
Darrell
-Original
Matt,
But if you rename the tests to DYN –
than how you are configuring non-DUL tests twice?
Darrell
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matt
Sent: Saturday, May 15, 2004 6:42
PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail]
DUL skippin
Has anyone else noticed over the last day or so that some of the hotmail
messages are coming from servers without revdns.. This is a snag cause they
are failing both revdns and spamdomains.. Any thoughts?
Received: from hotmail.com [207.68.164.107] by mail2.gannett-tv.com with
ESMTP
(SMTPD32-8
Scott,
It's AT&T's DNS servers. I wonder if they are doing something to block
those kinds of lookup's.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, April 01, 2004 11:02 AM
To: [EMAIL PROTECTED]
Subject: Re: [Dec
I noticed that several RBL's have not been triggered off one of our backup
mail servers over the last 24 hours. For example SPAMCOP hasn't. I turned
on "DEBUG" mode and noticed that it was reporting this
04/01/2004 10:56:53.296 Q3bbb215802381bda Test #18 [ORDB] is same as Test
#18 [ORDB=*]. Answ
How aggressive is SBL compared to SPEWS? I know with SPEWS they list a lot
of adjacent net blocks of the spammers... Does SBL employ the same tactics?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Tuesday, January 06, 200
y also, at least for a short
>period of time. I don't believe there is anything you can do about this
>if I am correct.
>
>Matt
>
>
>
>Darrell LaRock wrote:
>
>>Scott,
>>
>>On the DNSSTUFF, I used the cached ISP report looking at the NS record.
Scott,
On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does it
mean when an ISP has the name server set to ns92.worldnic.com? Does this mean at one
time when the domain was looked up it was not resolved from the root servers?
AT&T Worldnet #1NS=ns1.infi.ne
Scott,
We duplicated the zone files between both providers. So all records are identical.
If the zone files are the same than all of the timeouts should not matter.
Check this out
1.) Do a direct query against ns1.loudcloud.com for wltx.com - Returns 66.54.32.202.
2.) Do a direct query agains
t;wltx.com were cacheing the DNS for longer than the TTL on the domain, or it
>was really high before the change, and they're respecting that.
>
>If you didn't already know it, this site, courtesy of declude.com, is a
>wonderful resource:
>
>http://www.dnsreport.com/
I am absolutly baffled.
Eathlink Dial-up - Does not work
Charter Cable Connection - Does not work
AT&T T1 using local bind server - Works
Roadrunner Cable - Does not work
AOL - Intermittent.
Several users who replied - Works
Darrell
-- Original Message --
This is off topic, but I need some help in a bad way to figure out a DNS problem I am
having that is preventing one of our sites from receiving mail and thier web site from
loading.
We recently (this week) switched the name servers from our current provider to another
provider. The zone files
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, December 05, 2003 2:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] November 2003 Spam Statistics
our gateway now handles all incoming mail and there is no spam c
BODY5 CONTAINS href="http
Should there by any reason why the above filter entry wouldn't be triggered
on an email that contains that string in the html source?
What am I doing wrong?
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
We have a listing in our spam domains file
mac.com apple.com
this line seems to be tripping off on the following
X-RBL-Warning: SPAMDOMAINS: Spamdomain 'mac.com' found: Address of
[EMAIL PROTECTED] sent from invalid [No Reverse DNS].
How do I prevent the "mac.com" spam domain entry from
We make extensive use of filters based on keywords. With short keywords
like like S_e_x we sometimes run into problems with keyword being triggered
based on base64 encoding of an attachment.
Example:
10/13/2003 00:00:36 Q236256fe026ef9a4 Triggered CONTAINS filter WORDFILTER
on sex [weight->2; SEx
Darrell LaRock
Systems Analyst
Gannett Television
716-849-2272
Hod do most folks deal with word filters being triggered on attachments.
See below for example?
10/13/2003 00:00:36 Q236256fe026ef9a4 Triggered CONTAINS filter WORDFILTER
on sex [weight->2; SExQlAnjsABzk
Is there something that
Scott,
I am going to stop the smtp service so no mail will be coming in.
Essentially, at that point I need to clear out that overflow queue..
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, August 20, 2003 2:40 PM
Title: RE: [Declude.JunkMail] Alligate
Scott,
I have a backup mail server that is a bit
under-speed of our primary mail server. Right now the backup mail server is
being pounded with SoBig which has forced the box to 100% cpu and the queue is
growing slowly.
I am going to stop the
We use the following...
REVDNS -10 ENDSWITH .thisdomain.com
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Tuesday, August 05, 2003 4:16 PM
To: Declude JunkMail
Subject: [Declude.JunkMail] Redux: Test Like SPAMDOMAINS But S
> > > At 12:17 PM 8/1/2003 +0200, you wrote:
> > > > >Hi Darrel,
> > > > >
> > > > >Please add me to your list, I'd love to try it out
> > > > >
> > > > >Best regards
> > > > >Lachezar
>
Terry,
I used delog for awhile, but I needed several other features that did not
come with delog. So I developed an application that had all of the features
that I needed. Below is a sample report that I generated(tab format). The
reports can be in tab, csv, or html format and you have the abil
S .aol.com
>
>The above are two entries in our list.
>
>Regards,
>Kami
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
>Sent: Monday, June 23, 2003 5:55 PM
>To: [EMAIL PROTECTED]
>Subject: [D
I have been seeing a lot of mail failing the spam domains test with kodak's
picture cd. It allows users to use their own email address when sending
pictures, but it comes from Kodak's servers.
Is their any other way around this? Right now I setup a filter to subtract
the spam domains weight if p
Scott,
Looks like it fixed it.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, June 12, 2003 10:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] From File Filter Not Being Triggered With
Messages That Hav
The config files were sent to your [EMAIL PROTECTED] account.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, June 12, 2003 9:28 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] From File Filter Not Being
at has the @aol.com address in the file.
The sender is from @aol.com but there was no match form the filter.
Here is a snippet of the log in the attached text file.
Darrell
Darrell LaRock
Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From: [EMAIL PROTECTED]
[mai
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
Sent: Wednesday, June 11, 2003 1:33 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] From File Filter Not Being Triggered With
Messages That Have Many Recipients
I have a from filter that contains email
the filter is not being detected.
I am using version 1.70 of declude. Scott I am emailing directly to you
snippets of the log and config files for a gander.
Darrell LaRock
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Dec
You would use the "whitelist to" command in the global config file.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Link Brokers
Support
Sent: Tuesday, June 10, 2003 2:19 PM
To: Declude Junk Mail
Subject: [Declude.JunkMail] DSN:Let it all through
Karen,
This is something that I brought up on the list awhile back with how to
avoid this. As we were getting hammered with spam getting to the end user
cause they were tagging the whitelisted postmaster account to it.
We do not whitelist the postmaster account, instead you setup a "filter"
test
In regards to Declude does it use the second DNS IP address specified in
IMAIL if the first is not available.
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-m
Scott,
My expected behavior would be that this piece of mail *SHOULD* have had
-3 subtracted from it. This is the behavior that I am shooting for.
Now you asked
>>So, I would need to ask, why do you think that the weight of 3 was not
>>subtracted from the total weight of the E-mail?
The log f
Are you sure about that?
03/31/2003 18:24:22 Qce246c0a00a00dbb WORDFILTER:4 nIPNOTINMX:-3 .
Total weight = 1
03/31/2003 18:24:22 Qce246c0a00a00dbb L1 Message OK
It seems to get triggered for other pieces of mail.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECT
Why didn't negative weight get added for this piece of mail I received
from the IPNOTINMX Test.
Global.cfg
IPNOTINMX ipnotinmx x x 0 -3
Default.junkmail file
IPNOTINMX IGNORE
DNS Lookup
> set q=mx
> netaff.com.
Server: wgrz-lclci01.us.ad.gannett.com
Address:
I have seen random date changes when the battery that powers the RTC
(Real Time Clock) on the MB goes bad.. However, I have only seen this
in really old computers.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karl Hentschel
Sent: Thursday, Ma
Scott,
A couple of notes...
1.) We started with IMail Antivirus and next week it looks like we will
be adding another imail server purchasing Declude AntiVirus for it and
another license for our existing server. My main problem is that to
continue to run Imail AV it costs about $6,500 for a 1 ye
Title: Message
Kami,
I seen several messages today that had
that listed right at the top of the message source.,
Darrell
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Wednesday, March 26, 2003
12:16 PM
To: [EMAIL PROTEC
John,
You are absolutely right on this should be implemented instead of
whitelisting the postmaster or abuse account. This week I can't tell
you how many messages got through because "postmaster@" was listed as a
recipient.
That shouldn't happen anymore...
Darrell
-Original Message-
Scott,
We have achieved the desired behavior with that setup. I sent a test
message tripping off one of the filters and the mail was delivered to
the postmaster and was not delivered to the other recipients.
This is just a testament on how flexible this product is..
Thanks for the help
Darrell
I assume this didn't fail the comments test because it is actually not
formatted like a true html comment
Scott,
To get around this problem do you think this is possible?
Add a lot of negative weight to the message that has a recipient as
postmaster so it won't get bounced. Then create a test that will route
the message back to the postmaster's account? This would then route the
message to the post
I am sure many people have noticed a lot of spam that is like this.
Consider a users email address like this [EMAIL PROTECTED]
Then the subject of the email is
bsmith, have you seen this blah blah
Any thoughts on how to check to see if the right hand side of the email
address is contained in the
We have our domains postmaster addresses whitelisted. I noticed that a
message coming in that has multiple recipients will be delivered to all
the recipients mailboxes as long as it has a whitelisted postmaster
address.
This is not exactly the desired behavior I am looking for.
It should have bl
I am using the copyto function to route a copy of any message that fails
the sniffer test to my email box.
If the message is a false positive I then insert the false positive
message into another email and send it off to the folks at sniffer.
What we found today is that for some reason headers are
For the comments test has anyone found an acceptable value that seems to
trap a lot of spam?
Thanks
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EM
Today I had an instance where all my mail started being held as SPAM. 99% of it was
legit mail. At first I thought it may be a sniffer problem as that was installed
within the last week.
Attached is a snippet of logs that shows declude over and over testing a peice of mail
I disabled Sniffer
I find that interesting that the major ISP's fail those kinds of tests.
Anyone have any idea's on why they wouldn't have those addresses setup?
Dl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Tom Baker |
Netsmith Inc
Sent: Friday, July 26, 2002 4:27
Not to beat a dead horse, are we thinking anytime in the next 2 weeks or
should I plan on just moving with 1.55.
Darrell
Darrell LaRock
Information Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R
Any idea when 1.56 will move from the beta state. We are bringing up a
new mail server and I wanted to know if it is stable enough to go live
with it. I know a couple weeks back there were some posts about
problems that were corrected with an interim release.
Thanks In Advance
dl
---
[This E-m
Someone mentioned earlier that there was a way to invoke declude to
spawn a console in order to see what's happening in real time. Is this
correct and how do you invoke this?
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came fro
Title: Message
Anyone wonder if they intended to send
that message thinking that everyone would automatically block those
sites? Nice little tactic….
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan
Sent: Wednesday, July
03, 2002
The "WARN" action only generates a line in the header of the message.
Are you trying to send an alert to the user that sent it?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Stanley Lyzak
Sent: Monday, July 01, 2002 12:34 PM
To: [EMAIL PROTEC
54 matches
Mail list logo