[sniffer] Standard False Positive Response codes.
Hello folks, To facilitate process automation in larger email systems we have developed a coding scheme and a number of standardized response codes for handling false positive submissions. This will allow you to route our responses to your false positive submissions automatically. I have attached the file StdFalse.txt which contains the current list of standard responses from our process and a legend for creating new response codes. We have been working on this project for a while now and the list is fairly stable. However, we are constantly developing and refining our processes so these responses are likely to change from time to time. Thanks! _M[FPR:0] The message did not match any active black rules as submitted. The rules may have been modified or removed. If you provide matching log entries from your system then we can research this further. Note that sometimes our false processing system may not identify the rules that matched this message on your system due to changes in the submitted content that might occur during the forwarding process. Please also be sure you are running the latest version, that your rulebase file is up to date, and that you do not have any unresolved errors in your Sniffer log file. Bug fixes in newer versions may resolve false positive issues or reduce the risk of false positives through enhanced features and new technologies. Certain errors in your log file may indicate a corrupted rulebase. Note that sometimes our false processing system may not identify the rules that matched this message on your system due to changes in the submitted content that might occur during the forwarding process. --- [FPR:X] This is an experimental ip rule. These rules are generated from our spamtraps and removed on the first false positive report. These rules generally indicate compromized equipment at the IP specified. The rule has been removed. --- [FPR:GR] Rules in group 60 are gray hosting rules. Gray hosting rules are coded for email sources that transmit both spam and non-spam. The Gray hosting rule group is coded with a block-first / white-rule-later strategy. You may wish to weight this rule group differently on your system. You may also block this group or any of it's rules. Would you like to add a white rule based on the following? --- [FPR:GW] Rules in group 60 are gray hosting rules. Gray hosting rules are coded for email sources that transmit both spam and non-spam. The Gray hosting rule group is coded with a block-first / white-rule-later strategy. You may wish to weight this rule group differently on your system. You may also block this group or any of it's rules. A core white rule has been added based on your submission. --- [FPR:HA] This rule is coded for a potentially dangerous coding that references the local file system of the recipient. This is often found in broken spam and possibly malware. Would you like to block this rule? Would you like to add a white rule (please specify source)? --- [FPR:SN] The rule is strong. Would you like to block this rule? Note: --- [FPR:SR] The rule is strong. Would you like to block this rule? Would you like to add a white rule based on the following? --- [FPR:SA] The rule is strong. Would you like to block this rule? Would you like to add a white rule (please specify source)? --- [FPR:+SR] These rules are strong. Would you like to block one or more of these rules (please specify)? Would you like to add a white rule based on the following? --- [FPR:+SA] These rules are strong. Would you like to block one or more of these rules (please specify)? Would you like to add a white rule (please specify source)? --- [FPR:D] The rule has already been removed. --- [FPR:P] This case will be handled by the resolution of a prior - nearly identical submission. --- [FPR:N] Notes / Response to your notes: --- [FPR:C] Your rulebase has been modified as requested. --- [FPR:U] Please submit false positives from a registered email address or authorized alias.
Re: [sniffer] Help
Everything looks good here now...not only was my rulebase corrupted but my upline provider which does some initial spam filtering for me was having trouble with their filter (nothing to do with sniffer)...so I was broken in two places...thanks for all the help.. Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:41 PM Subject: Re: [sniffer] Help This seems like a rulebase thing.We spoke on the phone.If the problem isn't solved by getting a fresh rulebase then we should go hunting for a rule. Send a note to yourself with sniffer on, then grab the sniffer log entries for the captured message and send them to us at [EMAIL PROTECTED] I'll look them up to see what they are and see if we've coded something that's matching your outgoing messages.Thanks,_MAt 12:34 PM 3/26/2004, you wrote: Here is what I have figured out.. With sniffer on I CAN"T send mail to my self although my wife can send mail to me...With sniffer off I CAN send mail to myselfThere has to be something in the rule base that is doing this...or maybe my Windows NT update broke something???Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 7:02 PM Subject: Re: [sniffer] Help MicroNeil Voice Line: 703-779-4909 _M At 01:30 PM 3/25/2004, you wrote: I got it.I am on to something so I might figure it outif I dont is there a number I can call.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 11:27 AM Subject: Re: [sniffer] Help Have you tried a reboot? Checked your error logs? Made sure that DNS and all of your E-mail services are running? Is there even a chance that you will be able to receive this message? Matt Richard Farris wrote: I just did an Windows NT update and now I cant get any email...when I turn sniffer off I at least can send mail to myself but still cant get from outside..any ideas., Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: "Pete McNeil" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 2:01 PM Subject: Re: [sniffer] Possible Bad Rule? We had a badly coded rule that matched yahoo. The rule has been removed. About 30 rulebases went out before it was caught. These are being recompiled with the correction right now. I will see if I can push yours to the top. _M At 02:02 PM 3/24/2004, you wrote: I am getting a lot of complaints today from Yahoo users... Sheldon - Original Message - From: "Darrell LaRock" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: "'SnifferSupport'" [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 10:33 AM Subject: [sniffer] Possible Bad Rule? Pete, I am seeing a ton of false positives for RULE 100543. I sent a few in to you to check out ([EMAIL PROTECTED]). I wanted to post this here as well since it seems to take approx. 24 hours to process false positives. Darrell This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [sniffer] Help
That's good news. Thanks! _M At 01:12 PM 3/27/2004, you wrote: Everything looks good here now...not only was my rulebase corrupted but my upline provider which does some initial spam filtering for me was having trouble with their filter (nothing to do with sniffer)...so I was broken in two places...thanks for all the help.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 1:41 PM Subject: Re: [sniffer] Help This seems like a rulebase thing. We spoke on the phone. If the problem isn't solved by getting a fresh rulebase then we should go hunting for a rule. Send a note to yourself with sniffer on, then grab the sniffer log entries for the captured message and send them to us at [EMAIL PROTECTED] I'll look them up to see what they are and see if we've coded something that's matching your outgoing messages. Thanks, _M At 12:34 PM 3/26/2004, you wrote: Here is what I have figured out.. With sniffer on I CANT send mail to my self although my wife can send mail to me... With sniffer off I CAN send mail to myself There has to be something in the rule base that is doing this...or maybe my Windows NT update broke something??? Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 7:02 PM Subject: Re: [sniffer] Help MicroNeil Voice Line: 703-779-4909 _M At 01:30 PM 3/25/2004, you wrote: I got it.I am on to something so I might figure it outif I dont is there a number I can call.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 11:27 AM Subject: Re: [sniffer] Help Have you tried a reboot? Checked your error logs? Made sure that DNS and all of your E-mail services are running? Is there even a chance that you will be able to receive this message? Matt Richard Farris wrote: I just did an Windows NT update and now I cant get any email...when I turn sniffer off I at least can send mail to myself but still cant get from outside..any ideas., Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 2:01 PM Subject: Re: [sniffer] Possible Bad Rule? We had a badly coded rule that matched yahoo. The rule has been removed. About 30 rulebases went out before it was caught. These are being recompiled with the correction right now. I will see if I can push yours to the top. _M At 02:02 PM 3/24/2004, you wrote: I am getting a lot of complaints today from Yahoo users... Sheldon - Original Message - From: Darrell LaRock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: 'SnifferSupport' [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 10:33 AM Subject: [sniffer] Possible Bad Rule? Pete, I am seeing a ton of false positives for RULE 100543. I sent a few in to you to check out ([EMAIL PROTECTED]). I wanted to post this here as well since it seems to take approx. 24 hours to process false positives. Darrell This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
