 |
|
|
ArGoStuff User to User Support Forums
|
 |
|
 |
| Author |
Messages |
|
Dan
Posts: 345
Online: 
ArGoNuke Lt. Commander
 |
| 04-11-2008 5:27 AM |
|
Hi Guys
I have read some posts here on this forum that some users set up their iwn DNSBL, and I have been reading for days now about spam prevention.... I want to kill those spammers "(#/(//Q&¤//Q¤!!!
I use DNSBL, SURBL, Paranoid spamdetector and Spamfighter..... Spamfighter is by far the most effective of the four, but still some emails get through.
I have set up a learning mechanism for Paranoid, so that emails caught by the other filters are cleaned for headerd tags like DNSBL: YES and SpamFighter-result:reject, and are then feed in to the Paranoid learning mechanism.
I also manually learn spam to the spamfighter community. And also soon I think I will install SpamAssassin again....
As all of you know it is very difficult to get rid of all spam, so I figured that the spam caught by the other filters might make Paranoid even better recoknizing spam, so that it might catch some spam that would have pased without the learning....
BUT
I figure that a joint venture for this woould benefit us the most....
I know that Alex plans to make a plugin for Outlook to report spam to Paranoid, and that will for sure make it more easy, also for other users on my mailserver than me.... but I would like to see even more done to solve the spam issue.
1, We coould make a joint DNSBL server
2. We could make a joint online dictionary for Paranoid. This will of course call for Alex to implement it, but in the mean time, we could post or dictionaries and then merge them with our own
Let me know your thoughts.
PS: Really aggressive training Paranoid raised the ration a lot..... so keep traning .-)
|
|
|
|
|
roland
Forum Moderator
Posts: 1073
Online:
ArGoNuke Captain
|
| 04-11-2008 7:25 AM |
|
As far as I know, your plan for a paranoid online dictionary could be already realized. Paranoid has kind a smtp protocoll to use the paranoid service on remote hosts:
HELO domain
HELO
In SMTP this command is used to identify the sender (client) to the server, but Paranoid doesn't require this command.
EHLO domain
EHLO
Same as HELO, but lists the supported server extensions. The Paranoid server supports only single extension - AUTH LOGIN
ACCT:
Specifies the account, that will be used during message scan or learning
MAIL FROM:
MAIL FROM
Same as ACCT
RCPT TO: <[spam|legit]@paranoid[+whitelist]>
RCPT TO
This command used in learning sessions only and specifies the message type - spam or legit.
SET: param=value
Specifies the additional session parameters
DATA
DATA
Starts the transfer of the actual email data
FILE: filename
Specifies the email file (works in local mode)
RSET
RSET
Specifies that the current mail transaction will be aborted
AUTH LOGIN
AUTH LOGIN
Client authentication
QUIT
QUIT
Quits the session
We just need a volunteer who host the paranoid service and database.
-Roland
|
|
|
|
|
Dan
Posts: 345
Online:
ArGoNuke Lt. Commander
|
| 04-11-2008 7:38 AM |
|
Hi Roland what a nice surprise to see you here -)
I know that Paranoid supoprts SMTP. I have struggeled with it to get it to work with my Outlook, but no luck....
As far as I can tell, the joint solution would require some kind of program to make the connection to the Paranoid right, and that is where it all falls apart, because Alex does not have an Outlook toolbar yet??
Guess it could be done using forward from the cliend to a specific learning email, but then we have the problem with polution of the emails learned (new headers and html added by outlook).
So what is really needed to get this up and running, and are there any interest in a joint database for paranoid?
I figure there could be 2 solutions.
1. Each user can download a new dictionary once a day etc
2. Each user can connect remotely to the central MySql
I am willing to host the database, but what kind of bandwidth are we talking???
-Dan |
|
|
|
|
roland
Forum Moderator
Posts: 1073
Online:
ArGoNuke Captain
|
| 04-11-2008 8:11 AM |
|
Without a plugin it can't be done by outlook. But you could convince Archie to implement it into PRO/.NET Webmail ...
I have it on the Todo's for RoundCube Webmailer.
-Roland |
|
|
|
|
Dan
Posts: 345
Online:
ArGoNuke Lt. Commander
|
| 04-11-2008 8:48 AM |
|
Roland are you kidding me :-)
you know I use hMailServer, so why ask Archie to implement it in ArgoMail HEHE
According to Paranoid documentation and Ale, Paranoid can be trained via port 33000 directly from Outlook. |
|
|
|
|
roland
Forum Moderator
Posts: 1073
Online:
ArGoNuke Captain
|
| 04-11-2008 9:03 AM |
|
No, I'm not kidding. If you plan to start a argostuff community project, the report ham/spam feature must be available for ArGo webmails too!
-Roland |
|
|
|
|
Dan
Posts: 345
Online:
ArGoNuke Lt. Commander
|
| 04-11-2008 9:05 AM |
|
ahh on that way....
I figured that we could start out on mail based learning
Then RC
Then an external application like Outlook toolbar etc?
right.
But lets see if the interest is there at all. |
|
|
|
|
HWL
Posts: 57
Online:
ArGoNuke Ensign
|
| 04-11-2008 9:53 AM |
|
with all respect and no complaints, I must say I did NOT find Paranoid to be of much benefit. Between what it missed, the management, and customer complaints about rejects, I am much better off using the DNSBLs and what word filtering exists in Argo (non .Net).
That said, I really would like to see an Argo user DNSBL. For my 20+ domains (3K-5K hits coming in per day), the only spam email getting through the 5 I use right now seems to be the die-hard pros. Don't know if we could stop them - seems to be the stuff with non word subjects like "gfdjkiemn". The crap that gets through, I might add, is stuff people stupidly subscribed to.....but that my $.02 |
|
|
|
|
Dan
Posts: 345
Online:
ArGoNuke Lt. Commander
|
| 04-11-2008 6:06 PM |
|
I have gotten my filter set up pretty tight now, and I really dont get that much spam in my inbox.... my filters have saved me from just around 600 spam mails today, alone on my account!!! two mails slipped through giving me a miss rate of around 0.4% thats pretty good, and those two emails really slipped past my filters before I got them tweaked today....
I had one false positive, but I really dont get that!!!
The eWall log said
212.242.43.251 is listed in l2.apews.org (Result: 127.0.0.2)
So it was marked as spam
But the IP mentioned is not in the email at all. The only IP that got even close was this 212.242.41.51
todays stats
557 caught
1 false positive
2 spam not caught
Its good, but its not perfect, so there is room for improvement, especially on that false positive!!!! |
|
|
|
|
Dan
Posts: 345
Online:
ArGoNuke Lt. Commander
|
| 04-11-2008 6:13 PM |
|
Well turned out that IP was listed, but it belongs to one of the largest ISPs in Denmark....
The listing sounds like this
Oooops 212.242.41.51 is currently listed in APEWS :-(
--------------------------------------------------------------------------------
Entry matching your Query: E-282913
212.242.0.0/16
--------------------------------------------------------------------------------
CASE: C-130
One or more bots in ASN / CIDR, unprofessional / negligent owner
--------------------------------------------------------------------------------
Special Reason:
Only the ASN/CIDR owner can solve this listing by actioning FAQ 42 apews.org SHUTDOWN BOTS, ZOMBIES, NET ABUSE
--------------------------------------------------------------------------------
History:
Entry created 2007-08-07
So.... I have written an email to them asking them to try to get removed from the list, but thats a long shot.....
what to do? Can I whitelist this IP in eWall and will it then slip through the DNSBL check? |
|
|
|
|
Dan
Posts: 345
Online:
ArGoNuke Lt. Commander
|
| 04-12-2008 3:31 PM |
|
Today until now, I have had a 100% perfect filter!!!!
513 spam mails caught
0 false positives
0 spam mails missed by the scanner :-) |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.7
|
|
|
|
|
|
 |
| Mail Server Pro v1.8.9.6 |
- Improved Export to .NET function - sometimes email messages were not getting exported, because
the database of email messages was not up to date. Now each folder gets rebuilt before the export
function;
| | 12/2/2008 11:19:02 PM |
|
| Email Address Validator | We have discontinued our email address validation service, and launched new web site:
http://www.emailaddressvalidator.com
It provides the web service interface to validate lists of email addresses. We hope that our service will help to reduce unwanted traffic on Internet, ensuring that mail is sent only to valid and legitimate addresses.
Sign up now, and get 150 free validations!
| | 11/25/2008 10:13:02 AM |
|
| Mail Server v1.0.5.8 | |
Mail Server
- Mailbags now have an option to accept mail only when specified server is down - will help to fight
with spam which attempt to deliver mail bypassing the main server;
- When delivering mail, if main exchanger returns 4xx reply (temporary problem), the server will not
try other exchangers, will retry later the main exchanger;
- Server options moved from registry to a XML file. 64 bit versions of Vista and 2008 server appear
to be having access rights problems to the Windows registry, and the change will make our server more
compatible with 64 bit versions;
- Added an option to specify the number of lines on the log screen, when using the user interface.
Was causing memory problems if left running for long time;
- Fixed couple of problems, which were showing when SQL server was set up to use
case sensitive SQL statements;
- Made changes in the remoting interface to allow logging in using aliases;
Web Interface
- Made changes to allow logging in using aliases;
- When viewing folders, web interface now displays the name of logged in user;
| | 11/12/2008 2:31:31 PM |
|
| FTP Server v1.0.1.6 |
- Server settings have been moved from registry to the XML file, which will be
located in the common application data directory. 64 bit versions of Windows were
having trouble writing into the registry; similar change
is coming to the mail server;
- If used, XML files (Users.XML, Groups.XML and ServerOptions.XML) will also be moved
to the common application data directory;
| | 11/8/2008 11:41:29 PM |
|
| FTP Server v1.0.1.5 |
- When performing active data transfers on systems with multiple IP addresses, data
connections were using first available IP address, rather than one on which the control
connection was active. It was causing confusion with firewalls and routers;
| | 11/2/2008 9:39:24 PM |
|
|
|
|
|
 |
 |
|
 |
|