[sniffer] Sniffer, MDLP, and invURIBL?
I'm currently running Sniffer via Declude and use MDLP. Great! Since all the talk about invURIBL on the Imail list I thought I'd give it a try. The only problem I have is that it doesn't seem to be compatible with MDLP. invURIBL assigns its own weight to each message. The global.cfg line is as follows: INV-URIBL external weight "X:\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%" 0 0 I'm not an expert but the %WEIGHT% must pass the weight determined by invURIBL to Declude. I don't know what the variables of the weighting system are. I'm worried that I may start getting a bunch of false positives since MDLP can't manage the weighting of invURIBL. Would appreciate any advice from anyone that knows more about this than I do! Thanks, Joe
Re: [sniffer] Sniffer, MDLP, and invURIBL?
I would actually prefer that MDLP autotune the weight for invURIBL, but since the weights are managed by invURIBL and not Declude I don't know how this will work. -Joe - Original Message - From: Colbeck, Andrew To: sniffer@SortMonster.com Sent: Saturday, February 25, 2006 12:35 PM Subject: RE: [sniffer] Sniffer, MDLP, and invURIBL? Joe, Are you using MDLP to autotune your weights in Declude? If so, you can exclude invURIBL and other tests which you don't want to change, whether because you think the weight is perfect, or because their randomness doesn't fit MDLP's idea of a weighting system. Check out this snippet from The McNeil on this list at some point in the past: "Use the #MDLP:MANUAL feature to lock these tests at the values you set. In your GLOBAL.CFG file create a line that lists the tests you want to adjust manually. #MDLP:MANUAL TEST1 TEST2 TEST3 You can also use more than one line if you wish... #MDLP:MANUAL TEST1 ... #MDLP:MANUAL TEST2 ... #MDLP:MANUAL TEST3 ... The #MDLP:MANUAL directive appears to be a comment to Declude so it will be otherwise ignored. If you have an #MDLP directive you want to comment out then you can add an additional # as in: ##MDLP:... This will cause MDLP to ignore it as well." Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe WolfSent: Saturday, February 25, 2006 9:05 AMTo: sniffer@SortMonster.comSubject: [sniffer] Sniffer, MDLP, and invURIBL? I'm currently running Sniffer via Declude and use MDLP. Great! Since all the talk about invURIBL on the Imail list I thought I'd give it a try. The only problem I have is that it doesn't seem to be compatible with MDLP. invURIBL assigns its own weight to each message. The global.cfg line is as follows: INV-URIBL external weight "X:\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%" 0 0 I'm not an expert but the %WEIGHT% must pass the weight determined by invURIBL to Declude. I don't know what the variables of the weighting system are. I'm worried that I may start getting a bunch of false positives since MDLP can't manage the weighting of invURIBL. Would appreciate any advice from anyone that knows more about this than I do! Thanks, Joe
Re: Re[2]: [sniffer] Last chance to renew at the old price!
FYI, a reseller agreement may include a MAP (Minimum Advertised Price) but it is illegal in the United States for the agreement to determine a minimum selling price. Any such stipulation in an agreement would put both of you in violation of federal price-fixing laws. -Joe - Original Message - From: John T (Lists) To: sniffer@SortMonster.com Sent: Wednesday, December 28, 2005 7:29 PM Subject: RE: Re[2]: [sniffer] Last chance to renew at the old price! According to the Reseller agreement I signed when I became a reseller of Message Sniffer, I can not charge that low of a price. As such, Pete or some one at Sniffer would need to notify me that I had permission to sell at such a low price. What I mean is, be careful. John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of KevinSent: Wednesday, December 28, 2005 5:00 PMTo: sniffer@SortMonster.comSubject: Re: Re[2]: [sniffer] Last chance to renew at the old price! After posting this, another reseller pm me their renewal rate of $269. I didn't know Sniffer had another reseller besides Declude.Anyways, for those who are interested and want to save money, it's https://www.computerhouse.com/ccsecure.html At 01:21 PM 12/28/2005, you wrote: Can we renew at declude.com since their pricing is $292.50? I assume their prices will increase on Jan 1, 2006 too.This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] New virus...
If you are running your mail server only for yourself feel free to ban .exe's and .zip's. If you are providing mail services to others I STRONGLY suggest you consult an attorney that specializes in Internet related matters. There have been a couple of recent cases where ISP's have been held responsible for non-delivery of messages. I asked two for an opinion on the matter and was told that we should not block or hold any messages unless we believe them to be a specific threat to our systems. After the smoke cleared we came to the conclusion that it's OK to block known viruses and threats, but they had to be known. We no longer hold or delete any known SPAM. We let the users or domain admins determine via rules what they want to block. I also checked with our errors and omissions insurance provider and was told that we would not be covered for non-delivery issues if it was a deliberate act on our part to block them. This has become a hot issue that few want to discuss. It's nearly impossible to find an attorney well versed in the field. As more become aware of the issue I suspect it will become a popular point to litigate (has your ISP caused you damage by failing to deliver important information?, etc.). The bottom line is that if you block items like all .exe's or all .zip's you are taking the responsibility for non-delivery. In the two cases I found one had a disclaimer, and the other a written TOS. It didn't help either in court. Just be very careful. -Joe - Original Message - From: John T (Lists) [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Thursday, October 06, 2005 2:01 AM Subject: RE: [sniffer] New virus... No need to block zips, with Declude just add BANZIPEXTS ON to your virus.cfg file since the payload is an exe within the zip and since we are all already banning executable files, correct? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, October 05, 2005 8:41 PM To: sniffer@sortmonster.com Subject: [sniffer] New virus... Importance: High Hello sniffer, Hello folks... watch out for a new virus email with an attachment named pword _ change . zip - extra spaces added to skip filters ;-) We're adding some SNF rules to catch it. No word about it on virus lists or scanner services yet (that I can see). You may want to temporarily block .zip files - or at least this particular zip file until the new rules can be pushed out and the virus scanners catch up. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Sniffer Resources
How does AVAFTERJM help? Unless you had JunkMail delete the message it would seem that it has to be scanned for viruses either way. I don't know which uses more processor time... Virus or SPAM scanning. If you use a bunch of tests it probably takes more horsepower to scan for SPAM than viruses. If that's the case then it would see like you would want to virus scan FIRST. Any message deleted by the virus scanner don't need to be scanned for SPAM. Maybe I'm way off base? I'm sure not an expert on this! -Joe - Original Message - From: Richard Farris [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Thursday, September 08, 2005 11:48 AM Subject: Re: [sniffer] Sniffer Resources It was suggested that I put AVAFTERJM in my Declude configuration and that has made a huge difference...I have my old server back...I hope this does not cause other problems..we will continue to monitor this.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Richard Farris [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Tuesday, September 06, 2005 10:07 AM Subject: [sniffer] Sniffer Resources When I turn off sniffer my server acts normally on rescources..but when I turn it on it goes to 100% and stays there most of the time...I have tried updating the sniffer and rebooting the server but does not help...it has been doing this for about a month...has anyone else seen this..if not what can I do to resolve it..right now I have sniffer turned off so I can just send mail thru the server.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: Andy Schmidt sniffer@SortMonster.com Sent: Monday, September 05, 2005 9:43 AM Subject: Re: [sniffer] Integration with today's new ORF version: On Monday, September 5, 2005, 9:26:38 AM, Andy wrote: AS http://www.vamsoft.com/orf/agentdefs.asp AS AS It says to contact vendor. Here I am G. Yes indeed. How may I help you? _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Arm Research Labs is officially launched!
I'm not sure what this means. Is SortMonster being acquired by ARM Research Labs? Vice versa? Just joint venture? Sure hope that a plugin to SmarterMail is just around the corner! -Joe - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Thursday, September 01, 2005 12:41 AM Subject: [sniffer] Arm Research Labs is officially launched! Hello Sniffer Folks, ARM Research Labs (ARM) is a privately funded research and development group created to explore and develop new technologies for the Internet-based computing systems and infrastructures. To start with, ARM will be taking Message Sniffer to the next level by deploying it's core technologies on new platforms, creating new products and partnerships to leverage these technologies, and developing the next generation of technologies, products, and services. Though we have been keeping things quiet up to now we have been hard at work: ARM has already produced a new product for Exchange and IIS/SMTP based systems (See: Assert!) and increased our rulebase update rates by more than 40%. Much more is on it's way soon so stay tuned! Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Sniffer and SmarterMail?
Terry, Will take a look at it... never heard of it before. It may be going too far the other way. I'm not looking for something with fewer features than Imail. I don't think SquirrelMail will allow all the domain management features like Imail does (add, remove, modify users, passwords, lists, etc.) but I may be wrong. Thanks, Joe - Original Message - From: Smart Business Support [EMAIL PROTECTED] To: Joe Wolf sniffer@SortMonster.com Sent: Wednesday, June 01, 2005 8:55 PM Subject: Re: [sniffer] Sniffer and SmarterMail? Joe, Wednesday, June 1, 2005 you wrote: JW If there's a better option than SmarterMail I'd love to hear it, JW but I can't compare a $4000+ server to a $600 one. hMailServer is free and open source. Once I finish the script work for calling Sniffer and the work-around for ClamDscan and FPROT I'll post it. Clamdscan is the service (daemon) for ClamAV. No reason that the daemon version of Sniffer couldn't be used as well. The SquirrelMail web interface is not bad although it is PHP 4. The web admin interface is pretty good, too, and can be php 5. --- Terry Fritts This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Sniffer updates...
Title: Message I'm currently using Sniffer via Imail and Declude. We all know that Ipswitch has lost their mind and is abandoning the small ISP, and now it seems that Declude has lost their way. The new version of Declude is tied to a single MAC address. That counts me out since I run multiple NIC's in the same machine and am multi-homed. Their spyware "phone home" system is a violation of our security policies as well. That leads me to Sniffer. I love the product. Does anyone have a complete list of mail servers that have direct support for Sniffer? The Imail / Declude thing is too much to deal with and I'm going to make a change. Thanks, Joe
Re: [sniffer] Sniffer updates...
Title: Message John, I've always respected your opinions. I've respected Scott at Declude as well, but I don't think he has much to say about what happens there anymore. The powers to be at Declude obviously look at their customers as theives trying to steal their product. I have installed a version of Declude that is not covered under by any current service policy in attempts to solve a problem. When I discovered the old version of Declude was not the problem I reverted back. My attempt was rewarded with a threatening email message. I looked at it quite differently. I have no need or want for the new Declude "features", but if the old version I purchased was defective I am due version that worked as advertised. It was up to me to find that out. I'm perfectly happy with the old version, and I expect it to work as advertised. Their attitude is a spin off of the Ipswitch attitude to move on to new versions without ever fixing the old ones. For example, the new version of Declude (2.0) lists 10 new features. Of those 10, four are listed as "fixes" for older versions. I know I'm in the minority but I believe it is Declude's responsibility to provide a fully functional 1.x verson to those who purchased it. The 2.0 should only include new features, not fixes from previous versions. If I wanted to purcase 2.0 for the new features that would be fine, but to be forced to purchase a new version or service agreement to get fixes for problems in a version you already purcased is just plain wrong. What if that mentality were to be accepted in the automobile business? You buy a new car and the air conditioner doesn't work. You're told that instead of the 2004 model you purchased you should pay to upgrade to a 2005 model because we finally got the air conditioner working for 2005. Doesn't matter that your 2004 was advertised with air conditioning or not. I've had it with that kind of attitude. I want a simple, efficient mail server that does exactly what is advertised. Nothing more, nothing less. As for Sniffer. I've had no complaints with it at all. Seems to do exactly what I was told it would do. Thanks to everyone for their input! -Joe - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Wednesday, December 22, 2004 9:58 AM Subject: RE: [sniffer] Sniffer updates... Joe, I will back up MattÂ’s comments. Declude has/is indeed suffering from less than honest/moral individuals/companies and they are correct in taking steps to protect their products and company. Only the method they are using is being questioned. Believe me, those of us heavily involved in Imail/Declude are monitoring this issue and voicing our opinions, both publicly and privately. Lets not throw out the baby with the bath water. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, December 22, 2004 7:23 AMTo: [EMAIL PROTECTED]Subject: Re: [sniffer] Sniffer updates... Joe,In their defense, I don't think that they necessarily knew any better than to have approached it this way. I don't necessarily get that the new ownership has worked from the IT side of the business before and understands security and trust as a corporate administrator would, in fact Barry comes from the marketing side of the business and I'm afraid that this is a bit of trial-by-fire. I expect (hope) that he will get the message and change their ways before this will be released in final format. Scott didn't have the resources to enforce licensing, and as a business, this is critical to their success. I have no qualms with that goal. They didn't intend to violate privacy or functionality, they just overlooked it.The whole IMail debacle is a different story. Most everyone using Declude on that platform will eventually be switching, and Declude has been more than fair by offering free migrations of their license to a different platform, starting with SmarterMail which is very reasonably priced and seemingly quite responsive to their customers.MattJoe Wolf wrote: I'm currently using Sniffer via Imail and Declude. We all know that Ipswitch has lost their mind and is abandoning the small ISP, and now it seems that Declude has lost their way. The new version of Declude is tied to a single MAC address. That counts me out since I run multiple NIC's in the same machine and am multi-homed. Their spyware "phone home" system is a violation of our security policies as well. That leads me to Sniffer. I love the product. Does anyone have a complete list of mail servers that have direct support for Sniffer? The Imail / Declude thing is too much to deal with and I'm going to make a change.
