Re: [sniffer] reporting spam
??? That can't be done when Sniffer directly POPs a submission mailbox. - Original Message - From: Roger Moser [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Thursday, March 16, 2006 4:18 PM Subject: [sniffer] reporting spam I just found out that when you are reporting received spam to [EMAIL PROTECTED], you should remove the Received: header added by your mail server. Otherwise you might create a rule that filters all mail from your mail server. Roger This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message I've had quitea lot ofbounces (D/Q.GSE pairs) in the past several weeks due to users with full mailboxes,99.999% of them are bounces on spam. WhenI examine the quoted headers in the D.GSE files, an appreciable number of them aren't failing any spam tests, and seems like many of them should at least be failing Sniffer. G.Z. - Original Message - From: Gary Schick To: sniffer@SortMonster.com Sent: Wednesday, November 02, 2005 3:48 PM Subject: [sniffer] Message Sniffer is not detecting some really bad email We havehad excellent resultsfrom Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
Re: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message Yup. Under a heavy load during the daytime and weekdays. Eases late at night, wee morn hours and weekends. - Original Message - From: Jacques Brouwers To: sniffer@SortMonster.com Sent: Wednesday, November 02, 2005 4:37 PM Subject: RE: [sniffer] Message Sniffer is not detecting some really bad email I too have had an unusual amount of spam messages. Graphic pornography to the CEOs box, ouch! I paste the header info into the spam message I forward to them. I have also noticed that the IMail box is running unusually slow the past few days. It seems like it is scanning harder and catching less. Anyone else noticing the slow speed of the IMail box? Jacques From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SchickSent: Wednesday, November 02, 2005 2:48 PMTo: sniffer@SortMonster.comSubject: [sniffer] Message Sniffer is not detecting some really bad email We havehad excellent resultsfrom Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
[sniffer] Auto Sniffer Updates
I've been doing Sniffer updates via a scheduled task. Am trying to get it working via a Program Alias in response to update notifications. Thealias and .cmd fileare in place, butit won't activate via the notifications, even when I send a test message to it. I get acopy of the notification (or test message), and I get an emailed report that the update ran, but my .snf file does NOT change. The update DOES work when the .cmd file is executed manually, so the .cmd file apparently is not the problem. Is there a trick on Program Aliases that I'm missing? Imail 7.15. G.Z.
Re: [sniffer] Auto Sniffer Updates
Well blow me down. That did the trick, least-wise it does for triggering by a test message! I'll know for sure when the next notification arrives. Thanks!!! G.Z. - Original Message - From: George Kulman [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Wednesday, June 15, 2005 4:06 PM Subject: RE: [sniffer] Auto Sniffer Updates You might want to try the following which resolved this problem for me (a while ago) 1. The IMail program alias is: c:\Sniffer\snfupd.bat 2. I created a .bat file which is: echo off cd\ c:\sniffer snfupd.cmd All of my Sniffer programs and files are in the c:\sniffer folder (directory) which isn't required but happens to be the way I chose to do it. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Morgan Sent: Wednesday, June 15, 2005 4:54 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] Auto Sniffer Updates That is what I'm using. I tried editing the .cmd file to do away with the variables and hard-wire my parameters into it. It works either way (before or after eliminating the variables) when executed manually. It does not work via Program Alias -- my .snf file does not change when an update notification arrives. Procedure: I send a test message to the update address. I get back a copy of the test message, and a S n i f f e r update notice indicating that an update occurred . . but, in fact, an update does NOT occur, the .snf file is still date/time stamped the same (I'm not using the -N option on WGET at this point, so a download should always occur). My guess would be either a permissions problem or a path problem. Verify that the account that runs the program alias has permissions to all of the data locations and verify that you are not relying on the PATH environment variable which may be different in each context. Regards, Brad Morgan IT Manager Horizon Interactive Inc. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Auto Sniffer Updates
I had tried renaming the .cmd as .bat and running that via the Alias, but that also didn't work. The nested .bat - .cmd does work, for whatever reason. I did set up the double-alias situation. Thanks for the tip on deleting the .tmp file. I suppose that could run into a conflict if there are other Program Aliases that happen to trigger at the same time, but I don't have that situation so it should be OK. G.Z. - Original Message - From: George Kulman [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Wednesday, June 15, 2005 4:54 PM Subject: RE: [sniffer] Auto Sniffer Updates There seemed to be a problem with IMail running a cmd file and since the bat file worked so I didn't bother checking further. I did two other things which might be of interest to you: I set the Alias that receives the notification email (in my case [EMAIL PROTECTED]) as a standard alias that forwards the email to two addresses. One is my regular email address so that I actually receive a copy of the notification message and the other is [EMAIL PROTECTED] which is the Program Alias that triggers the .bat file. A also added a line to Bill Landry's script to get rid of the tmp file that IMail leaves behind when the script uses the IMail1 program to generate the script results by email. This goes after the script line which generates the email: del %IMailDir%\spool\*.tmp George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn \ WCNet Sent: Wednesday, June 15, 2005 5:31 PM To: sniffer@SortMonster.com Subject: Re: [sniffer] Auto Sniffer Updates Well blow me down. That did the trick, least-wise it does for triggering by a test message! I'll know for sure when the next notification arrives. Thanks!!! G.Z. - Original Message - From: George Kulman [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Wednesday, June 15, 2005 4:06 PM Subject: RE: [sniffer] Auto Sniffer Updates You might want to try the following which resolved this problem for me (a while ago) 1. The IMail program alias is: c:\Sniffer\snfupd.bat 2. I created a .bat file which is: echo off cd\ c:\sniffer snfupd.cmd All of my Sniffer programs and files are in the c:\sniffer folder (directory) which isn't required but happens to be the way I chose to do it. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Morgan Sent: Wednesday, June 15, 2005 4:54 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] Auto Sniffer Updates That is what I'm using. I tried editing the .cmd file to do away with the variables and hard-wire my parameters into it. It works either way (before or after eliminating the variables) when executed manually. It does not work via Program Alias -- my .snf file does not change when an update notification arrives. Procedure: I send a test message to the update address. I get back a copy of the test message, and a S n i f f e r update notice indicating that an update occurred . . but, in fact, an update does NOT occur, the .snf file is still date/time stamped the same (I'm not using the -N option on WGET at this point, so a download should always occur). My guess would be either a permissions problem or a path problem. Verify that the account that runs the program alias has permissions to all of the data locations and verify that you are not relying on the PATH environment variable which may be different in each context. Regards, Brad Morgan IT Manager Horizon Interactive Inc. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Latest medication campaign
I noticed a significantly higher amount of spam get through in the last few days. A few of them got tagged but didn't reach my delete weight. I didn't notice if the majority were pharmaceuticals. I forwarded them all to Sniffer, then . . . DELETE. G.Z. - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Wednesday, April 13, 2005 12:36 PM Subject: RE: [sniffer] Latest medication campaign On the weekend and since, I saw a lot of them get through but Sniffer was dutifully catching them, unfortunately, they also served to highlight Sniffer hyperaccuracy because those messages just weren't reaching my HOLD weight. Check out the Message Sniffer change rates for the last few days: http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp Something is definitely going on. On Sunday, the blue line was almost the entire New Rule group. It started me thinking about making Sniffer my hold weight, and then only applying counterweights. Meanwhile, I've added SURBL-ish testing with a tiny Declude weight, but with a combo of the new test and any Sniffer hit, that seems to have made the difference. I've only seen 1 undeliverable end up in the postmaster box, and I've fixed why that happened (I set my skipweight for various Declude filter text tests too low, so they weren't getting run when the weight was close to my HOLD weight). So now it's back to the server room for me. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, April 13, 2005 10:16 AM To: sniffer@SortMonster.com Subject: [sniffer] Latest medication campaign I am seeing a lot of these get through John T eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Scheduled Updates
Same here, but I have updates scheduled every two hours anyway. Glenn Z. - Original Message - From: Stephen S Zappardo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 2:40 PM Subject: RE: [sniffer] Scheduled Updates I also have not received any email notifications today. Stephen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EI8HT LEGS Technical Support Sent: Tuesday, April 20, 2004 3:29 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Scheduled Updates I am not sure that I have received any emails today about any updates either. Is there something wrong with the emailing out of updates? Sincerely, Grant Griffith EI8HT LEGS Enhanced Web Management http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil Sent: Tuesday, April 20, 2004 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Scheduled Updates I show the latest compile time as 20040420.1644 GMT. I'll check the logs to see if there has been trouble with your update email. Then I will follow up off list. _M At 12:11 PM 4/20/2004, you wrote: Not sure if this is a specific issue but the Sniffer update hasn't updated since Monday at 02:1 BST (British Summer time GMT+1). Are there any issues at the moment? We have this triggered by an email normally. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: 19 April 2004 14:24 To: [EMAIL PROTECTED] Subject: Re: [sniffer] Scheduled Updates At 03:33 AM 4/19/2004, you wrote: The following schedule is based on the first letter of your license ID. Schedules are separated by even and odd hours, and are further separated by 4 minutes for each letter within a given hour. Should we use this system also for uploading the log files? We do not appear to have a problem with uploads at this time, but in any case it would be a good idea to organize scheduled tasks in this way to minimize the possibility of a problem. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] log upload trouble
I've been having trouble for the last 24 hrs or maybe a bit more with log uploads failing. The FTP either fails to connect, or it does connect and the upload begins and then fails after a small percentage done. Uploads are scheduled every 6 hours. Yesterday afternoon I tried renaming the log files from a couple failures and triggering the upload manually, and it also failed An upload started a few mins ago, at 12:05 PM. It progressed almost to completion, and then ended with a reported failure from WS_FTP. Glenn Z. WCNet - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 20, 2004 1:13 AM Subject: Re: [sniffer] Define Persistent sniffer. At 09:50 PM 3/19/2004, you wrote: Pete, I follow this forum pretty well, however, having been out this week on business it seems I have lost alot with this new feature set. If you don't mind, could you define Persistent Sniffer? We average well over a million emails a day between two servers, what impact might I see on our server if I run this? What is the recommended settings? Thanks for the aid. (Seems I'm in the book writing mode this evening... sorry for the bandwidth) Performance Metrics: Our NT4/SP6a test bed, running IMail/Declude/Sniffer in persistent mode. P2/450, 2x 5400rpm IDE drives, mirrored, 256M Ram (No giggles please - This is an intentionally underpowered server - how better to stress test a program like Sniffer?). Sniffer in persistent mode on this box is able to process 120k msgs / month without issue. Logs show that each message on average now takes about 100ms total. Typical values are 20ms queue, 40ms scan though obviously some messages take longer and occasionally longer queue times do creep in. Prior to testing the persistent version of Sniffer, message scan times varied wildly but averaged about 300ms per message with some messages taking 3-5 seconds while waiting for I/O and other processes (Web Mail, IMAP, etc...). In fact, I intentionally waited until the CPU was at 100% (green line 100%, red line 50%+) before starting the service to see how the creatures would handle the transition under heavy stress - The CPU dropped so much that at first I thought I had broken something (one of those oops moments). The CPU now rests on the floor more often than not and generally runs peaks to about 50% unless something odd is going on - such as a defrag run. YMMV - the above data is based on a very narrow data sample and only loosely calculated - and some of it is anecdotal. However most reports from the field seem to support the general scale of improvement. On the back of the envelope I can calculate something like: 1 million per day is probably on the order of 125000 (1M/8hours) during a peak hour. 125000/3600 = about 35 per second. If message sniffer can scan about 10 per second on an overloaded p2/450, then on a 2.4ghz machine with plenty of memory we might expect at least a linear improvement - approximately 5x, but we will say 4x to be safe - 40/sec covers 35/sec so we have our million based on these assumptions. IO not withstandng I would expect a persistent server version of Sniffer on a well provisioned server with a 2.4ghz processor to handle 1 million per day _IF_ that's all it had to do... since there's always more to do and this would be a maximum load scenario, dividing this across two servers should work nicely - though it would probably be time to start considering a third server. Then again, you are probably not running generic single processor servers if you are handling 1 million messages per day ;-) ___ Definition: Probably the simplest definition of Persistent Sniffer as you put it is a lightweight daemon. It can't actually be launched as a daemon/service on it's own, and it is still compatible with the self-organizing-automata version of Sniffer, but it offers many of the performance savings of a daemon/service - along with some added redundancy and flexibility. For example, if the persistent server instance of Sniffer fails, then the other instances simply return to their normal peer-server mode of operation so there is a drop in performance, but not a loss of service. More Detail: Versions of Message Sniffer prior to 2-2 would always load the rule-base each time a message was to be scanned. Specifically, each instance of Message Sniffer was isolated and did the job itself. Up to 90% of the processing time typically required was bound in loading the rule-base file. On our NT test bed, for example, we would regularly see queue/scan times on the order of 1000/10, though more commonly 360/60 at the time when we developed version 2-2. Beginning with Version 2-2, we implemented a cellular peer-server technology with Message Sniffer. This technology allows instances of Message Sniffer running on the same server to interact and
