Hi Bonno
tin.it is one of Italians largest ISP's and the (not new) problem is that
many blacklists does catch a RELATIVE high number of spam messages COMPARED
to the number of legit messages simply because the traps measuring this
traffic are located elsewhere then Italy or Europe.
There are
Ciao Filippo
Can you see any pattern of mailfrom, mailto or IP-Address what causes all
this messages in your spool folder?
Telneting to your MX show that you're using Imail 8.05 and I assume in
conjunction with Declude and Sniffer.
It turn's also out that both logos.net and logos.it are not open
ouch I forgot in my previous message: Great script Andrew
-thank you!
Markus
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
AndrewSent: Thursday, June 22, 2006 6:01 PMTo: Message
Sniffer CommunitySubject: [sniffer] Re: AW: [sniffer] Re:
So now we know too that stock spam is send out by beagly infected zombies.
Markus
-Ursprüngliche Nachricht-
Von: Message Sniffer Community
[mailto:[EMAIL PROTECTED] Im Auftrag von Colbeck, Andrew
Gesendet: Freitag, 9. Juni 2006 17:36
An: Message Sniffer Community
Betreff:
Today I've noticed that there is a relation between
the recipient adresses that was used in the past 36 hours in the numeric spam
messages and the following wave of stock-spam messages containing this
png-graphic. After checking around 10 Mailboxes there is a correspondence of
100%. Or they
Mabe people at Sniffer are already aware of this new type of spam. Not the
malformed mailfrom one but this with the short number and nothing else in
subject and body)
Attached are some examples from the last 8 hours. All has failed some other
tests and all has reached a final weight in order to be
an awful lot of junk email not being caught by SNIFFER, it's
being processed by Declude and failing some technical tests
but not by SNIFFER.
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: 06 June 2006 09:41
I use around 80 tests on one system in order to watch them and how theri
performance is going up and down. On other (high traffic) servers I use only
the best one.
I can confirm what others has mentoined as reliable blacklists (expect
fiveten for european systems: fiveteen has a FP-Rate of around
amount of spam going through
Are you sure? That would mean you only nees sniffer, coz none
of sniffer's ham is spam in the final result...
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: dinsdag 6 juni 2006 12:25
Hi Pete
Durring your last reports I haven't seen such a storm on my systems but now
this one I can notice it one some of my servers.
BTW: One of this servers has an usual spam/ham rate of 50/50%
In the last 24 hours it was 90/10%
From the 90% spam 79% was blocked with SBL-XBL durring
Heimir,
It's not a Sniffer-related answer but I personaly use a combination of a
text filter file (looking for known geocities-links) and the IP-blacklist
SORBS-DUHL (who contains dialup ip-ranges). As all my customers are
connecting with SMTP-Auth or from known IP-ranges I can whitelist them. So
would you share your filters?
I assume Declude filters.
Yes.
Attached is the original message from Scott Fisher regarding the
geocities-filter file. (I call it GEOCITIESLINKS)
I've replaced each weight (100 and 75 points) with 0. So this test will add
no weight to the final result.
In
Harry,
(please don't post your entire license code to a public
list.)
regarding the reliability of sniffer we should know that
errors sometimes can happen, even at sniffer-side after they've worked for years
now very relaible. I don't expect that such errors will happen now more
often.
If I understand right you mean that if "experimental" rules
are introduced you want to know about and so temporaly disable ruelbase updates
on you server.
As I know Sniffer has a much smarter way for doing this.
They introduce experimental rules in a separate category (sniffer-exp) and look
14 matches
Mail list logo
