[sniffer] Re: Is this working?
One good thing about Sniffer is that it works so not much needs to be said :) This list is pretty slow due to few problems. Cordially, Heimir Eidskrem i360, Inc. 11152 Westheimer Suite 147 Houston, TX 77042 Ph: 713-981-4900 [EMAIL PROTECTED] www.i360.net www.i360hosting.com Houston's Leading Internet Consulting Company Phillip Cohen wrote: Since installing Mail Sniffer I have not gotten anything on this list. Has it just been slow and there is no traffic or is sniffer eating up this list as SPAM? Phil # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: FTP server / firewall issues - Resolved.
Now when I run snf2check.exe the rule base fails. Tried to download several time now. using wget and this has been working for years. Suggestions? Darin Cox wrote: Hi Pete, Why the change? FTP is more efficient for transferring files than HTTP. Can we request longer support for FTP to allow adequate time for everyone to schedule, test, and make the change? I remember trying dHTTP initially when this was set up, but it wasn't working reliably, plus FTP is more efficient, so we went that way. wget may work better when we have time to try it. Also, what's this about gzip? Is the rulebase being changed to a .gz file? Compression is a good move to reduce bandwidth, but can we put in a plug for a standard zipfile? Do you have scripts already written to handle downloads the way you want them now? If so, how about a link? Darin. - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Friday, January 05, 2007 4:39 PM Subject: [sniffer] FTP server / firewall issues - Resolved. Hello Sniffer Folks, The firewall issues we were having with our new delivery server appear to have been resolved. I am showing good traffic via FTP at this time. Normal ftp access for log uploads and SNF rulebase downloads via www.sortmonster.net / ftp.sortmonster.net should work correctly now. Note that FTP downloads of SNF rulebases is deprecated. If you are using FTP to download your rulebase files you should switch to using http w/ gzip as soon as practical. FTP access to SNF rulebase files will continue for a time but support may be removed without notice in the future. It's a safe bet that FTP access for SNF rulebase files will remain functional through the end of this month however. Thanks! _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] ERROR_RULE_AUTH 73
I just switched to persistent mode and now I get this in the log file. 20060717170332-INITIALIZING-00ERROR_RULE_AUTH 730000 20060717170333Db64d01893dac.smd2907343Match 10214806084290664 20060717170333Db64d01893dac.smd2907343Match 1046209601142115964 20060717170333Db64d01893dac.smd2907343Final 1021480600843764 20060717170333Db64b02073d93.smd3484141Clean 000797783 20060717170333Db64c02103d99.smd3391359Clean 0001602565 20060717170333Db64a01ed3d91.smd3250437Match 10508985363268565 20060717170333Db64a01ed3d91.smd3250437Final 1050898530826365 I removed the serial number. My understanding is that auth 73 indicates authorization issue but it still runs? I am a little confused. Using Firedaemon, if someone has instructions on how to set it up I would appreciate it. I need to verify that I did it right. -- Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
Re: [sniffer] [Fwd: Starbucks $500 Prize #972499912]
Request sent. Thank you for your prompt response. Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company Pete McNeil wrote: On Tuesday, March 7, 2006, 5:00:33 PM, Heimir wrote: HE Why is this not filtered? HE Every one of them contains the word HE Domains4u HE I have reported several but they are still coming in. Actually, they are now (I tried coding the message and duped out on the domain rules). Domains4u is not by itself sufficient coding so we don't have a rule like that. If you would like to add that rule we can, but please make the request to support@ and not the public list. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] [Fwd: Starbucks $500 Prize #972499912]
helmets? Why didn't Luke Skywalker tell Darth Vader to turn to the light side of the Force? Why do airlines call flights nonstop? Won't they all stop eventually? Why do bars advertise live bands? What does a dead band sound like? Why do fat chance and slim chance mean the same thing? If your feet smell and your nose runs, are you built upside down? Why do guys wear underpants? Why do people who only eat natural foods drink decaffeinated coffee? Why do they call it disposable douche? Is there a kind of douche you keep after using? Why do they call them apartments when they are all stuck together? Why do they put Braille dots on the keypad of the drive-up ATM? Why do they report power outages on TV? Why do they sell a pound cake that only weighs 12 ounces? Why do 'tug'boats push their barges? Why do we drive on parkways and park on driveways? Why do we have hot water heaters? Why do we play in recitals and recite in plays? Why do we put suits in a garment bag and garments in a suitcase? Why do we sing 'Take me out to the ball game', when we are already there? Why do we wash bath towels? Aren't we clean when we use them? Why does slow down and slow up mean the same thing? -- Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] [Fwd: Diann Helms]
Anyway to stop this spam. We are getting hundreds of them. I have personally gotten 23. From - Wed Feb 15 07:51:25 2006 X-Account-Key: account3 X-UIDL: 384485764 X-Mozilla-Status: 0001 X-Mozilla-Status2: Received: from DM [206.53.51.56] by deepspace.i360.net (SMTPD-8.22) id A08B07E0; Wed, 15 Feb 2006 06:37:31 -0600 Received: from gmail.com (8.8.8/8.8.8) id XAA47062; Wed, 15 Feb 2006 06:37:38 -0600 Message-Id: [EMAIL PROTECTED] From: Shane Redmond [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Diann Helms X-Mailer: Opera7.20/Win32 M2 build 2981 Date: Wed, 15 Feb 2006 06:37:38 -0600 X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 206.53.51.56 with no reverse DNS entry. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 36, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [206.53.51.56] X-Declude-Spoolname: D208b017db78a.smd X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOLEGITCONTENT, IPNOTINMX, REVDNS, CMDSPACE, COUNTRYFILTER, CATCHALLMAILS [70] X-Country-Chain: CANADA-destination X-Note: This E-mail was sent from [No Reverse DNS] ([206.53.51.56]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 384485764 X-IMail-ThreadID: 208b017db78a Braxton, http://uk.geocities.com/proboycott45571 Shane Redmond This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] [Fwd: Diann Helms]
would you share your filters? I assume Declude filters. Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company Markus Gufler wrote: Heimir, It's not a Sniffer-related answer but I personaly use a combination of a text filter file (looking for known geocities-links) and the IP-blacklist SORBS-DUHL (who contains dialup ip-ranges). As all my customers are connecting with SMTP-Auth or from known IP-ranges I can whitelist them. So the combination of this two filters can catch most of this stuff, as legit messages containing geocities-link shouldn't come from dial-up Ip's to my server. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Wednesday, February 15, 2006 2:53 PM To: sniffer@sortmonster.com Subject: [sniffer] [Fwd: Diann Helms] Anyway to stop this spam. We are getting hundreds of them. I have personally gotten 23. From - Wed Feb 15 07:51:25 2006 X-Account-Key: account3 X-UIDL: 384485764 X-Mozilla-Status: 0001 X-Mozilla-Status2: Received: from DM [206.53.51.56] by deepspace.i360.net (SMTPD-8.22) id A08B07E0; Wed, 15 Feb 2006 06:37:31 -0600 Received: from gmail.com (8.8.8/8.8.8) id XAA47062; Wed, 15 Feb 2006 06:37:38 -0600 Message-Id: [EMAIL PROTECTED] From: Shane Redmond [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Diann Helms X-Mailer: Opera7.20/Win32 M2 build 2981 Date: Wed, 15 Feb 2006 06:37:38 -0600 X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 206.53.51.56 with no reverse DNS entry. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 36, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [206.53.51.56] X-Declude-Spoolname: D208b017db78a.smd X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOLEGITCONTENT, IPNOTINMX, REVDNS, CMDSPACE, COUNTRYFILTER, CATCHALLMAILS [70] X-Country-Chain: CANADA-destination X-Note: This E-mail was sent from [No Reverse DNS] ([206.53.51.56]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 384485764 X-IMail-ThreadID: 208b017db78a Braxton, http://uk.geocities.com/proboycott45571 Shane Redmond This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Damn viagra spam
I have reported between 5 and 10 I guess. Sniffer get some of them. Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company Darin Cox wrote: We just reported one to Sniffer support for analysis as well. Darin. - Original Message - From: Heimir Eidskrem [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Wednesday, September 14, 2005 3:34 PM Subject: [sniffer] Damn viagra spam We are getting tons of spam for viagra and other drugs. Not being stopped by sniffer. From - Wed Sep 14 14:23:59 2005 X-Account-Key: account2 X-UIDL: 397213080 X-Mozilla-Status: 0011 X-Mozilla-Status2: Received: from chartcourse.com [200.152.123.222] by deepspace.i360.net (SMTPD-8.20) id A7660304; Wed, 14 Sep 2005 14:17:58 -0500 Received: from [192.168.232.240] (helo=elevator) by chartcourse.com with smtp (Paradisaic kw 5.29 (Jactation)) id lBCMAK-xJNrNU-Ty for [EMAIL PROTECTED]; Wed, 14 Sep 2005 14:17:22 -0500 Message-ID: [EMAIL PROTECTED] Reply-To: Shayna Riffe [EMAIL PROTECTED] From: Shayna Riffe [EMAIL PROTECTED] To: Ealdgyth Rancourt [EMAIL PROTECTED] Subject: Re: Really Works Very Good Pharmaceu tical Date: Wed, 14 Sep 2005 14:17:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0047_01C5B937.04839800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.152.123.222; X-RBL-Warning: IPNOTINMX: X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 29, weight 20) X-Declude-Sender: [EMAIL PROTECTED] [200.152.123.222] X-Declude-Spoolname: D776501961CDF.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: CBL, IPNOTINMX, COUNTRYFILTER, CATCHALLMAILS [50] X-Country-Chain: BRAZIL-destination X-Note: This E-mail was sent from recreio.speednetrj.com ([200.152.123.222]). X-IMAIL-SPAM-STATISTICS: (776501961cdf, 0.9721) X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 397213080 X-IMail-ThreadID: 776501961cdf This is a multi-part message in MIME format. --=_NextPart_000_0047_01C5B937.04839800 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable LeViAmCiXaVa viagbi= alnali trraenisxum a = nbsp; $3$1$3 .33.21.75 Our Website FaBeToEa st st talsy DeliPricnbs= p;ConOrde veryesfide= ring nti ality= ball go? writing represented an incoherent chain of certain utterances, = certain --=_NextPart_000_0047_01C5B937.04839800 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-ascii META content=3DMSHTML 6.00.2800.1106 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVnbsp;/DIV DIV style=3DFLOAT: leftFONT face=3DCourierLeBRBVi/BBRAmB= RBCi/BBRXaBRBVa/B/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierviBRBag/BBRbi= BRBal/BBRnaBRBli/B/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCouriertrBRBra/BBRen= BRBis/BBRxBRBum/B/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourieraBRnbsp;BRnbsp;BR= nbsp;BRnbsp;BRnbsp;/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierBRB$3/BBRBRB= $1/BBRBRB$3/B/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierBRB.33/BBRB= RB.21/BBRBRB.75/B/FONT/DIV DIV style=3DCLEAR: bothnbsp;/DIV DIVA href=3Dhttp://www.amyslate.com;Our Website/A/DIV DIVnbsp;/DIV DIV style=3DFLOAT: leftFONT face=3DCourierFaBRBeBRToBREa/FON= T/DIV DIV style=3DFLOAT: leftFONT face=3DCourierstnbsp;BRstnbsp;= BRtalBRsynbsp;/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierDeliBRPricBRnbs= p;ConBROrde/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierveryBResBRfideBR= ring/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierBRBRntiBR/FONT/DIV DIV style=3DFLOAT: leftFONT face=3DCourierBRBRalityBR/FONT= /DIVDIV style=3DCLEAR: bothnbsp;/DIV/BODY/HTML --=_NextPart_000_0047_01C5B937.04839800-- This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[Fwd: RE: Re: [sniffer] Damn viagra spam]
Nice, bouncing spam.. Good job... Original Message Subject:RE: Re: [sniffer] Damn viagra spam Date: Wed, 14 Sep 2005 13:08:46 -0700 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] MDaemon has identified your message as spam. It will not be delivered. From : [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject : [***SPAM*** Score/Req: 31.1/6.0] Re: [sniffer] Damn viagra spam Message-ID: [EMAIL PROTECTED] Yes, score=31.1 required=6.0 tests=DRUGS_ERECTILE, FORGED_RCVD_HELO,SUBJECT_DRUG_GAP_VIA,UPPERCASE_25_50,URIBL_AB_SURBL, URIBL_JP_SURBL,URIBL_SBL,URIBL_WS_SURBL autolearn=no version=3.0.4 *** * 1.8 SUBJECT_DRUG_GAP_VIA Subject contains a gappy version of 'viagra' * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * 4.0 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: amyslate.com] * 9.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: amyslate.com] * 8.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: amyslate.com] * 8.0 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: amyslate.com] * 0.0 DRUGS_ERECTILE Refers to an erectile drug * 0.2 UPPERCASE_25_50 message body is 25-50% uppercase : Message contains [1] file attachments -- Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company pd5001098.eml Description: Binary data
Re: [sniffer] Headers showing up in message body after switchingto Mdaemon
We are using Imail/Declude and I have seen this in several messages too. A part of the header is showing up in the message usually as the last part of the body content. I will see if I can find some and send it. Heimir Jim Matuska wrote: Yes, something is going on weird in Mdaemon. The strange thing is I got both copies of your message, the one to me direct and the one to the sniffer list. The strange thing is the one Pete sent to the list I had to pull out of the bad message directory as it did not make it to me. I'm not sure what the difference is. I also found I get the following errors in the Mdaemon log for these messages: Fri 2005-08-19 11:10:33: Error parsing C:\MDaemon\Queues\Local\pd5017032.msg Fri 2005-08-19 11:10:33: Message moved to c:\mdaemon\queues\bad\pd5001091.msg Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: Alberto Santoni [EMAIL PROTECTED] To: sniffer@SortMonster.com Cc: [EMAIL PROTECTED] Sent: Friday, August 19, 2005 11:15 AM Subject: RE: Re[2]: [sniffer] Headers showing up in message body after switching to Mdaemon Hello I received messages of this kind me too. Then I must understand that the cause is MDaemon and not iMail? Alberto -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: venerdì 19 agosto 2005 20.03 To: Jim Matuska Cc: [EMAIL PROTECTED] Subject: Re[2]: [sniffer] Headers showing up in message body after switching to Mdaemon On Friday, August 19, 2005, 12:53:39 PM, Jim wrote: JM Pete, JM The switch in question was from Imail to Mdaemon, so far so I was almost hoping this was a switch to a new version of MDaemon since this seems to be a new phenomena. Thanks for the data! JM good other than a few misc bugs, I like the Mdaemon Sniffer JM integration much better than the declude integration. We're hoping to go this route with other systems too-- but change is slow. The MDaemon folks are very aggressive in seeking new improvements :-) snip/ JM Also Pete for some reason your message to the list got stuck JM in the bad message queue but I recieved my original post to the JM list. Any thoughts? Please cc: me direct [EMAIL PROTECTED] if JM you can so I don't have to read the response from my bad message JM queue when it comes from the list. Can you check the headers for the SNF results and any other tests which might have cause the message to get captured? There's something there that needs to be fixed. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Porn Spam again
Anyway that sniffer could trigger on this type of stuff? Blonde Tit Licked By Black Guy On Backseat blonde whore screws three guys Adorable Blond Teen Hardcore Blowjob Dark Haierd Abbes Suck Big Black Dick 3some Movies Pornstar Brandi Lyons Hardcore On Couch Movies -- Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] A lot of Porn Spam getting through.
im seeing the same, been reporting for a while. heimir Chuck Schick wrote: Anyone else seeing this? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] RuleBase ktk82hrr
Something is not right with my rulebase I think. I went from 11mb to 23mb then down to 5mb. Is that right? H. Pete McNeil wrote: On Wednesday, January 5, 2005, 1:22:29 AM, Landry wrote: LW Yep, just checked mine rulebase too, went from 17mb to just under 25mb. LW Things still appear to be functioning okay. The effect is as if we tuned the rulebase to allow almost all rules in... like setting the rule strength threshold to 0.1 (or less). Everyting should work fine - maybe even catch one or two more spam. I've found a trick with the internal data that might have caused the problem and I'm running an experiment. If my experiment works then I may be able to re-enable some of the new tuning functions right away. I will keep the list posted, of course. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Error running persitent
We did move Imail to a new server tonight and now im seeing some errors in the sniffer logs. What would cause this? I am using Firedeamon to run sniffer in persitent mode. I must have missed something in the transfer but not sure what. 20041129052719persitent4530ERROR_MSG_FILE690 000 20041129052723Db339005b01ee442c.SMD42215Match 14328549223048 20041129052723Db339005b01ee442c.SMD42215Match 1094036014348 20041129052723Db339005b01ee442c.SMD42215Match 1299365442845348 20041129052723Db339005b01ee442c.SMD42215Match 1320255442745448 20041129052723Db339005b01ee442c.SMD42215Match2743 5484485248 20041129052723Db339005b01ee442c.SMD42215Final 143285490143748 20041129052724persitent4370ERROR_MSG_FILE690 000 20041129052725Db330005701ee1ed1.SMD42231Match 23039662214351 20041129052725Db330005701ee1ed1.SMD42231Match 1094066015751 20041129052725Db330005701ee1ed1.SMD42231Match 1187385230434451 20041129052725Db330005701ee1ed1.SMD42231Match 1354415285087151 20041129052725Db330005701ee1ed1.SMD42231Final 118738520462151 20041129052729persitent4370ERROR_MSG_FILE690 000 20041129052734persitent4210ERROR_MSG_FILE690 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Error running persitent
Heimir Eidskrem wrote: We did move Imail to a new server tonight and now im seeing some errors in the sniffer logs. What would cause this? I am using Firedeamon to run sniffer in persitent mode. I must have missed something in the transfer but not sure what. 20041129052719persitent4530ERROR_MSG_FILE69 0000 20041129052723Db339005b01ee442c.SMD42215Match 14328549223048 20041129052723Db339005b01ee442c.SMD42215Match 1094036014348 20041129052723Db339005b01ee442c.SMD42215Match 1299365442845348 20041129052723Db339005b01ee442c.SMD42215Match 1320255442745448 20041129052723Db339005b01ee442c.SMD42215Match 27435484485248 20041129052723Db339005b01ee442c.SMD42215Final 143285490143748 20041129052724persitent4370ERROR_MSG_FILE69 0000 20041129052725Db330005701ee1ed1.SMD42231Match 23039662214351 20041129052725Db330005701ee1ed1.SMD42231Match 1094066015751 20041129052725Db330005701ee1ed1.SMD42231Match 1187385230434451 20041129052725Db330005701ee1ed1.SMD42231Match 1354415285087151 20041129052725Db330005701ee1ed1.SMD42231Final 118738520462151 20041129052729persitent4370ERROR_MSG_FILE69 0000 20041129052734persitent4210ERROR_MSG_FILE690 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html Never mind Spelling error :) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Porn spam from Earthlink
Pete, I am getting porn spam from EarthLink every day, several timesa day. I get them on 2 of my personal accounts. I have complaint to abuse @ EarthLink for a while now but I do not get any response beside the initial auto response. The spam does not trigger sniffer. Can you help? If so should I just forward you the complete message to [EMAIL PROTECTED] .com? H.
Re: [sniffer] Error_Bad_Matrix
I am having the same problem when I download the update and run snf2check H. - Original Message - From: Landry William [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 2:57 PM Subject: RE: [sniffer] Error_Bad_Matrix I run snf2check.exe against every .snf file downloaded. I just checked it again manually, and no errors were reported. I now have almost 3500 Error_Bad_Matrix entries in today's log. Bill -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 12:52 PM To: [EMAIL PROTECTED] Subject: Re: [sniffer] Error_Bad_Matrix On Mar 25, 2004, at 3:39 PM, Paul Lushinsky wrote: I decided to look in my log files for the past several days because of number of Error_Bad_Matrix related messages. I can't find this message in any of my log files until today starting with the update I auto downloaded at 8:15 this morning, and went until the update at noon. While I was look at the log file, another update notice came, so an update was done and the Error_Bad_Matrix message is back. I'm curious if the people who are seeing these messages are running snf2check.exe before making the rule files live. I do so, and have not seen a single instance of this error. Can you run snf2check.exe on the current bad matrix you have and see if it reports an error? This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- - This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
