[sniffer] Re: What is your oldest production CPU?
Oldest here is an Intel i5-2500k -- Original Message -- From: Darin Cox dc...@4cweb.com Reply-To: Message Sniffer Community sniffer@sortmonster.com Date: Fri, 27 Dec 2013 10:04:12 -0500 Hi Pete, Our oldest production servers still have 1.1 - 1.4 GHz P3's in them. However, for mail our oldest are quad core 3Ghz Xeons. Darin. -Original Message- From: Pete McNeil Sent: Friday, December 27, 2013 9:43 AM To: Message Sniffer Community Subject: [sniffer] What is your oldest production CPU? Hello Sniffer Folks, We would like to know what your oldest production CPU is. When building new binaries of SNF or it's utilities we would like to select the newest CPU we can without leaving anybody behind. We're also evaluating whether we should split binaries into a compatible version base on Intel i686 (or equivalent AMD), and a current version based on Intel Core2 (or equivalent AMD). Please respond here. Thanks for your time!! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com -- Thanks, Greg AllureTech/CoffeyNet www.atwy.net 1546 E Burlington Ave Casper, WY 82601 307.473.2323 -- # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: IP Change on rulebase delivery system
I've been blocking subnets to the mail server manually for the past 10 days or so. Scan the logs and look at common IP sources for spam. PITA but I've got it under control. One of the earlier schemes I noticed was from .pw and .in top level domains. What I'm seeing now are messages coming from assorted domains but from a common subnet and hosting company - some US based. I've had mail queued up for 20-30 mins before delivery before adding some firewall rules. My mail server is an i5 running Windows Server. -- Original Message -- From: Richard Stupek rstu...@gmail.com Reply-To: Message Sniffer Community sniffer@sortmonster.com Date: Thu, 23 May 2013 14:22:59 -0500 Looks like I have this issue again (pegging 4 core cpu) and resetting the process doesn't make a difference. Not sure what is causing it but it does slow down spam detection to 40-50 seconds for many emails. Any ideas what I can look at or do to resolve this? On Fri, Mar 29, 2013 at 12:27 PM, Pete McNeil madscient...@armresearch.comwrote: On 2013-03-29 12:59, Richard Stupek wrote: well when all else fails restarting snf seems to have corrected the issue for now. In that case, it is likely that RAM fragmentation was involved. Dropping the process allowed the fragmentation to be cleared. (theory). Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller ##**##**# This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-digest@sortmonster.**comsniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com** Send administrative queries to sniffer-request@sortmonster.**comsniffer-requ...@sortmonster.com -- Thanks, Greg AllureTech/CoffeyNet www.atwy.net 1546 E Burlington Ave Casper, WY 82601 307.473.2323 -- # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Opening truncate.gbudb.net
We had a hacker send bogus requests for login name, password and birth date to all our mail customers on one domain. 6 gave it up and made my life fun babysitting the mail server for the last week. Makes ya wonder how many give up credit card and bank info? The message did appear very legitimate, much better than average grammar, spelling and syntax. We never ask anyone for their BD but they probably forget that. One impacted customer wanted me to put back their original pw back in. Boss can't learn a new one! Sheesh.. -- Original Message -- From: Colbeck, Andrew acolb...@bentall.com Reply-To: Message Sniffer Community sniffer@sortmonster.com Date: Mon, 10 May 2010 09:03:27 -0700 I looked at the effectiveness of this test and I like what I'm seeing. The volume isn't high, but it is making a difference in the edge cases that are close to my hold weight. In particular, I'm finding that it is triggering on pump and dump DKIM spam from fresh netblocks that would otherwise leak into my mailboxes. Some of those also trigger SNIFFERSCAM. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] .xml Error
When I try to view the log files in the SNF directory, I get XML Parsing Error: junk after document element through Firefox. I get The XML page cannot be displayed Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later when sent to IE. I assume these logs have some valuable info, how do I view them? # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Spam no using CAPTCHA!
Fortunately, from what I've read, CAPTCHA is about worthless if effectiveness counts. Frustrating for humans and not much of a barrier to the bots. -- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: Message Sniffer Community sniffer@sortmonster.com Date: Wed, 11 Jun 2008 08:48:55 -0700 ... and it also means that OCR based spam filtering is succesful enough for the spammers to adopt CAPTCHA-style text-obfuscation-in-images as an evasion method. Andrew. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, June 11, 2008 8:18 AM To: Message Sniffer Community Subject: [sniffer] Re: Spam no using CAPTCHA! Hello Daniel, Wednesday, June 11, 2008, 9:19:47 AM, you wrote: Hi Everyone, I just sent a spam sample to Message Sniffer, that was using CAPTCHA, it said CIALIS in the CAPTCHA. I'm curios to see what Pete thinks of this new tactic? On first look it is simply another way to use an obfuscated image to deliver their message and should be handled the same way. Use of CAPTCHA software to create this obfuscated image is an interesting choice -- it means people making good OCR resistant CAPTCHA generators are now unintentionally helping the blackhats defeat OCR based spam filtering. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] .pdf Attachments
What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: After Updating MXGUARD
What platform is the server running? I had problems running Win2003 and the latest sniffer, had to back up one ver to make it work. -- Original Message -- From: Alberto Santoni [EMAIL PROTECTED] Reply-To: Message Sniffer Community sniffer@sortmonster.com Date: Thu, 28 Jun 2007 20:42:08 +0200 Pete, after a day the SNF doesn't work yet ... what else can I try? I have checked all that possible With my best regards Alberto Santoni --- ASPita Sprl Grande rue au Bois, 196 - 1030 - Brussels +32(0)2 217 85 28 office +32(0)2 735 78 65 fax +32(0)476 53 88 34 mobile Skype: Aspita.be --- -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: 27 June 2007 23:44 To: Message Sniffer Community Subject: [sniffer] Re: After Updating MXGUARD Hello Alberto, Wednesday, June 27, 2007, 5:15:58 PM, you wrote: Hello After an update of MxGuard 1.7 - 3.1 the Sniffer doesn't work any more I have the Sniffer in persistent mode and loaded with Srvany I found many files I never seen in the Sniffer dir .SRV .FIN .XXX Which tests can I do to understand the problem ? It turns out that those files have always been there - but most of them (not the SRV) went away very quickly. Most likely during your transition your SNF workspace got clogged with a lot of these and that is causing some problems. First thing to do is to shut down SMTP SNF (your persistent instance) and clear out all of those job files. Each file represents a sing scan job - the extension represents the status. With everything shut down there should be none of these files so it's safe to delete them. Once that is done you can start things up again and everything should work normally. If not then the normal testing procedures should help you discover the problem quickly. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Lots of Spam getting through last two days
My secondary is catching most but I'm seeing quite a few sliding though Sniffer. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]