://www.armresearch.com/message-sniffer/forms/form-renewal.asp
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
Answered off-list
_M
On Tuesday, February 14, 2006, 2:07:48 PM, Steve wrote:
SG Hello,
SG Could you please tell me what would cause an email to fail rule # 831417
SG This was a good email flagged this morning and deleted.
SG Regards,
SG Steve Guluk
SG SGDesign
SG (949) 661-9333
SG ICQ:
On Wednesday, February 15, 2006, 3:54:50 PM, Kevin wrote:
KR My users have been getting a lot of FPs by Sniffer lately. They send me
KR the email with the FULL HEADERS displayed and I forward this email on to
KR SortMonster. The program they use to analyze incoming submissions check
KR MY email
On Wednesday, February 15, 2006, 4:32:14 PM, Robert wrote:
RG The X-SNF header. Sounds like a good idea. Is there a cheat sheet someplace
RG for making that happen, if possible, in a Declude / Imail environment?
RG Thanks ahead of time,
In the distribution the option is described in the .cfg
PROTECTED]
JMJ
JMJ -Original Message-
JMJ From: [EMAIL PROTECTED]
JMJ [mailto:[EMAIL PROTECTED]
JMJ On Behalf Of Pete McNeil
JMJ Sent: Wednesday, February 15, 2006 1:28 PM
JMJ To: Kevin Rogers
JMJ Subject: Re: [sniffer] False Positives
JMJ On Wednesday, February 15, 2006, 3:54:50 PM
On Wednesday, February 15, 2006, 4:48:43 PM, Computer wrote:
CHS I second the motion. We have been submitting spam for over a year and I
CHS don't know if a single one was received.
In general, if you've not received an error during delivery, we most
certainly got your message... it may have
On Monday, February 13, 2006, 3:18:00 PM, David wrote:
DS Anyone ever seen this in a log file of a valid license?
DS 20060213200957 De7928e8800a61b18.smd 328 266
DS ERROR_MAX_EVALS 72 0 0 18885 1024
DS This line has shown up 3 times today in a log file that processes
On Wednesday, February 8, 2006, 10:59:09 AM, Darin wrote:
DC I have an idea. These problems seem to stem mostly from changes
DC in the methods of handling rulebase updates.
snip/
DC Would it be feasible to announce in advance when such changes
DC are to be implemented? With advance notice
On Wednesday, February 8, 2006, 11:06:07 AM, Markus wrote:
MG If a experimental rule showed to be reliable they move them in
MG the appropriate category (rich, fraud,...)
MG
MG
MG
MG I'm not sure about this but I think it's so and so it shouldn't
MG be necessary to do something like
On Wednesday, February 8, 2006, 11:19:52 AM, Andy wrote:
AS Pete,
AS The only idea I came up with, would be to have ALL new rules go into a 6
AS hour proving category (=return code) before they are moved into their
AS final category.
AS By using Sniffer return codes, folks could decide to trust
On Wednesday, February 8, 2006, 11:26:46 AM, Darin wrote:
DC There was no error in my comment. I completely understand that some issues
DC will not be foreseeable... I did say mostly, not entirely. The switch to
DC the automated bots caused a rash of false positives in our system.
snip/
On Wednesday, February 8, 2006, 12:34:44 PM, Darin wrote:
DC Perhaps I used the wrong terminology about what changed, since I do not know
DC what your system architecture is, but I remember you mentioning a
DC significant change at the time. Immediately afterwards we saw a rash of
DC false
On Wednesday, February 8, 2006, 12:54:56 PM, David wrote:
DP I am using a smtp proxy called Ewall with Message Sniffer.
DP I just checked inside the Ewall folders and found one named TEMP where I
DP found tens of thousands of files with the .xhdr extension.
DP What are these? Are they needed?
On Wednesday, February 8, 2006, 1:32:05 PM, David wrote:
The .xhdr files are created by SNF and can be turned off in SNF's .cfg
file. They contain text that could be added to the headers of the
message to help debug false positives and/or to trigger other
filtering systems.
DP Well I see
If it is not already, the rule will be gone from your rulebase after
your next update.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer
the
CHS rulepanic in place an hour ago it would have saved me a lot of work and
CHS confused customers.
CHS Thank you,
CHS Michael Stein
CHS Computer House
CHS - Original Message -
CHS From: Pete McNeil [EMAIL PROTECTED]
CHS To: sniffer@sortmonster.com
CHS Sent: Tuesday, February 07, 2006 4
I'm not showing this from my location and the server looks ok.
I just downloaded a few rulebases, each in under 3 seconds.
Please provide a traceroute -- that should show us where the issue is
(if it is still there).
Thanks,
_M
On Tuesday, February 7, 2006, 4:39:35 PM, Chuck wrote:
CS
On Tuesday, February 7, 2006, 6:15:13 PM, David wrote:
DS Sorry, wrong thread on the last post.
DS Add'l question. Pete, what is the content of the rule?
The rule info is:
Rule - 828931
NameC%+I%+A%+L%+I%+S%+V%+I%+A%+G%+R%+A
Created 2006-02-07
Source
.. .. .. 13.94 KB/s
JC 15:52:29 (12.45 KB/s) - `.new.gz' saved [2646653]
JC -Original Message-
JC From: [EMAIL PROTECTED]
JC [mailto:[EMAIL PROTECTED]
JC On Behalf Of Pete McNeil
JC Sent: Tuesday, February 07, 2006 4:46 PM
JC To: Chuck Schick
JC Subject: Re: [sniffer] Downloads are slow
On Tuesday, February 7, 2006, 7:48:05 PM, John wrote:
JC I don't get into the sniffer logs like I should, but just noticed this. It
JC is 2/7/06 6:42 CST here, but my logs show 20060208004243, which would
JC indicate +6 hours off of Zulu, Greenwich, Coordinated Universal Time, or
JC whatever we
On Tuesday, February 7, 2006, 8:14:53 PM, David wrote:
DS Hello Pete,
DS Tuesday, February 7, 2006, 8:11:50 PM, you wrote:
DS Not sure, can anyone think of a way to cross check this? What if I put
DS all the released messages back through sniffer?
PM That would be good -- new rules were added
On Thursday, February 2, 2006, 11:46:05 AM, Goran wrote:
GJ This is going to get harder and harder to identify and fight. Is
GJ it worthwhile to put something like this in a new category which
GJ we are very confident about and so if it fails on the new combined
GJ image/text thing we can delete
On Thursday, February 2, 2006, 12:25:01 PM, Grant wrote:
GS Has anyone got an automated updating script for updating rulebases for
GS MDaemon. I am just demoing the software now. The plugin seems to be
GS working well. I have used the Imail script from the website that Bill
GS Landry
On Monday, January 30, 2006, 11:07:26 AM, Michiel wrote:
MP G'day,
MP I'm just wandering... what CAN be done about this? If I send an embedded
MP picture to someone, how's sniffer gonna see the difference between my
MP holiday picture and the stock spam?
MP I reckon it's gonna be tough to block
On Monday, January 30, 2006, 10:16:06 AM, Goran wrote:
GJ Hi,
GJ Are the bots working again? I am seeing a number of the STOCK pitches
GJ coming through (the ones that use the picture attachment eg.
GJ tdimg border=0 alt=
GJ src=cid:a8c0936faa69131141800cf3347d17a4/td)
GJ Sniffer did not catch
On Thursday, January 26, 2006, 11:22:40 AM, Jim wrote:
JMJ I seem to be noticing a lot of spam messages recently that are stock ads
for
JMJ offshore companies; I seem to be getting a lot of these that are not being
JMJ classified by sniffer. I have been forwarding these to the spam@ address,
-Original Message-
JMJ From: [EMAIL PROTECTED]
JMJ [mailto:[EMAIL PROTECTED]
JMJ On Behalf Of Pete McNeil
JMJ Sent: Thursday, January 26, 2006 8:53 AM
JMJ To: Jim Matuska Jr.
JMJ Subject: Re: [sniffer] Stock Market Spam Messages
JMJ On Thursday, January 26, 2006, 11:22:40 AM, Jim wrote:
JMJ I seem
On Thursday, January 19, 2006, 8:37:01 AM, Jeff wrote:
JA
JA
JA I have been having a lot of problems with the rules since Friday.
JA
JA How can I see what rules are set for spamming.
There are many thousands of rules. For security purposes we don't
expose their content freely. If you
On Thursday, January 19, 2006, 12:51:47 PM, David wrote:
DP It seems I can not get mail from Brazil that does not fail the message
DP sniffer test, regardless of content.
DP Is this nation or any other totally black listed?
I'm not aware of any rule that blocks any particular nation, nor any
On Thursday, January 19, 2006, 6:50:32 PM, Dave wrote:
DK My bet is that either OB or WS trees of SURBL are the culprit. I've seen
DK false postives from them before. Can your bot isolate the subs of the multi
DK lookup and only use the more reliable ones like JP, SC, etc?
I'm not sure about
On Wednesday, January 18, 2006, 8:34:15 AM, Filippo wrote:
FP
FP Hello,
FP What's going on with rules? Today for 100 blocked by Sniffer
FP more than 10 where really legitimate.
FP Please advise.
Everything should be functioning normally today.
Please visit:
Everything should be ok today.
Please visit:
http://www.mail-archive.com/sniffer@sortmonster.com/msg02346.html
and
http://www.mail-archive.com/sniffer@sortmonster.com/msg02348.html
Thanks,
_M
On Wednesday, January 18, 2006, 8:57:25 AM, Ali wrote:
AR
AR
AR Hi,
AR
AR
AR
AR I am
On Wednesday, January 18, 2006, 8:57:56 AM, Ali wrote:
AR Hi,
AR Over the last 2 days I have seen a major increase in false positives.
AR Literally all hotmail and yahoo address are being caught by sniffer
AR inclusive of other legit domains.
AR Please confirm what may be causing this and what
On Wednesday, January 18, 2006, 8:42:22 AM, Frederick wrote:
FS Same with me. Last night there was a rules update and it fixed the problem.
FS Check the date of your rules update.
Please visit
http://www.mail-archive.com/sniffer@sortmonster.com/msg02346.html
and
On Wednesday, January 18, 2006, 8:54:49 AM, Darin wrote:
DC Agreed. We counted 100 false positives yesterday, compared to our normal
DC rate of less than 5.
DC No false positives since 6pm ET yesterday, though. Thank goodness.
Please visit:
On Wednesday, January 18, 2006, 11:06:44 AM, Filippo wrote:
FP
FP Hello,
FP What's going on with rules? Today for 100 blocked by Sniffer
FP more than 10 where really legitimate.
Please visit:
http://www.mail-archive.com/sniffer@sortmonster.com/msg02346.html
and
On Wednesday, January 18, 2006, 2:14:34 PM, Darin wrote:
DC Are you just blanket responding to every message to the list with this? If
DC so, you might be wasting your time. I've been following the list, so I know
DC things are back to normal after yesterday's snafu.
Sorry about that... It
of the services hit by these bad entries.
An example of some that we've found in SURBL for example are
declude.com, usinternet.com, and w3.org
It's not clear yet how large the problem is, but I'm sure it will be
resolved soon.
Hope this helps,
Thanks,
_M
Pete McNeil (Madscientist
On Tuesday, January 17, 2006, 7:21:11 AM, Matt wrote:
M Pete,
M w3.org would be a huge problem because Outlook will insert this in the
M XML headers of any HTML generated E-mail.
M If you could give us an idea of when this started and possibly ended,
M that would help in the process of review.
On Tuesday, January 17, 2006, 8:10:44 AM, Darrell wrote:
Dsic Pete,
Dsic I just checked real quick hitting several DNS servers (mine and others)
and
Dsic I am not seeing this - are you still seeing this now?
Nope... it was short lived.
_M
This E-Mail came from the Message Sniffer mailing
On Tuesday, January 17, 2006, 10:15:51 AM, William wrote:
WS ws.surbl.org does not have these domains, and it appears none of
WS the other surbls does either. From
WS http://www.rulesemporium.com/cgi-bin/uribl.cgi :
WS SURBL+ Checker Query Results
WS declude.com is 63.246.13.88 [ rbl
rules removed.
Once I resolve what happened to the bots I will let everyone know.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list
issues.
Hope this helps,
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go
On Tuesday, January 17, 2006, 6:44:20 PM, Frederick wrote:
FS
FS
FS Can you send the update or I will have to disable Sniffer.
FS
FS
FS
FS It is catching almost all our emails.
Your last update was 2144GMT, about 146 minutes ago (if my math is
right). Pacing as at 150 minutes,
for anything unusual. I expect no problems.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
On Friday, January 6, 2006, 2:09:12 PM, Chuck wrote:
CS Hopefully the rulebase is being updated but we are getting slammed by this
CS stuff.
Stock push?
I saw a bunch of broken stock push come through this morning (0330).
Not getting any more through the traps.
Also a lot of image based stock
Yes.
_M
On Wednesday, December 28, 2005, 8:03:01 PM, Thomas wrote:
FT
FT
FT Are they a valid reseller, sniffer-folks??
FT
FT
FT
FT From: [EMAIL PROTECTED]
FT [mailto:[EMAIL PROTECTED] On Behalf Of Kevin
FT Sent: Wednesday, December 28, 2005 8:00 PM
FT To:
I've done a quick review of this. The price quoted there is too low.
I'm sure it's an honest mistake. I'll address it with them ;-)
_M
On Wednesday, December 28, 2005, 8:45:30 PM, John wrote:
JTL
JTL
JTL
JTL Absolutely not. In fact, if you read my post after this, I am
JTL
The biggest concern I have about this is that the price is too low -
that is a violation. I'm sure it was unintentional, and if not, then
the contract will be pulled.
If you read closely, John T isn't on the wrong side here - he's asking
the right questions.
The price at ComputerHouse is out of
of consultants, end
users, VARs, OEMs, service providers, and even plain old interested
parties that use and support SNF. After all, email security is a big
concern for everyone and the best thing we can do is work together.
Hope this helps,
Thanks,
_M
Pete McNeil (Madscientist)
President
,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com
notice the next time.
DC Darin.
DC - Original Message -
DC From: Pete McNeil [EMAIL PROTECTED]
DC To: sniffer@sortmonster.com
DC Sent: Tuesday, December 27, 2005 12:42 PM
DC Subject: [sniffer] Last chance to renew at the old price!
DC Hello Sniffer folks,
DC This is just a friendly
Koontz
JDS Sent: Tuesday, December 27, 2005 1:42 PM
JDS To: [EMAIL PROTECTED]: 'Pete McNeil'
JDS Subject: RE: [sniffer] Last chance to renew at the old price!
JDS Thanks for the explaination. While this is all fine and good, the
JDS reality
JDS is that many IT shops are on fixed budgets outside
On Tuesday, December 27, 2005, 5:14:13 PM, Thomas wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael Murdoch
If you don't feel that's the case, then you
are free to decide if you think otherwise. Thanks and take care!
FT EASY FOX
On Tuesday, December 27, 2005, 1:31:04 PM, Steve wrote:
SJ How can I tell when my subscription expires?
You should have a note from your original purchase or your latest
renewal. Also, you can ask ;-) I'll send you your current expiration
directly.
I hope to put up a self-serve tool for
partnership w/ AppRiver and the formation of ARM, we have sped up
our rulebase delivery process by 267%!! (from 3.6 updates/day to 9.6
updates/day).
That's all for now.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com
Kevin
KS -Original Message-
KS From: [EMAIL PROTECTED]
KS [mailto:[EMAIL PROTECTED]
KS On Behalf Of Pete McNeil
KS Sent: Thursday, December 15, 2005 11:30 AM
KS To: sniffer@sortmonster.com
KS Subject: [sniffer] Joe Jobs...
KS Hello Sniffer Folks,
KS Please be aware that there are several
On Monday, December 5, 2005, 6:02:02 PM, John wrote:
What is the best way to get a spam trap going. I have an old "abandoned" email account that I just use for testing. It gets some spam now, but a low volume. However, 100% of the mail is spam. It would be very easy to filter and keep
On Monday, December 5, 2005, 6:02:02 PM, John wrote:
What is the best way to get a spam trap going.
I forgot to mention another way to set up spamtraps that I definitely "don't recommend". It is, of course, highly theoretical and possibly dangerous ;-)
If a new pc (actually a very
On Tuesday, December 6, 2005, 2:13:43 PM, William wrote:
WVH Pete,
WVH How about just creating some accounts that are commonly targeted by
WVH dictionary attacks, but that were never actually valid accounts on our
WVH server? I could redirect all of them to a common mailbox. There are also a
WVH
On Monday, December 5, 2005, 3:28:17 PM, Scott wrote:
I'm working on setting up a spamtrap that'll be for Sniffer.
One question:
Do you want the email to be filtered?
The following is the best option for us - it provides the most useful data while still keeping the bandwidth as
On Monday, December 5, 2005, 3:33:33 PM, Andrew wrote:
I had the same question, but more specifically:
Is is helpful for sniffer trap (spam and user trap) submissions to skip, or to include messages on which sniffer already hits.
It's best for those messages to be removed. The
day. Now back to work with me...
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions
On Thursday, December 1, 2005, 9:50:35 PM, Computer wrote:
CHS Dear Pete,
CHS Thank you for the beautifully-written and very informative treatise on how
CHS the spammers operate. The time you put into the writing is greatly
CHS appreciated. We also appreciate the work and research you are
On Tuesday, November 22, 2005, 5:54:21 PM, Tech wrote:
Pete,
What do we need to do up increase our rulebase strength
I dont know if its just a larger amount of spam messages in general or a larger % of them getting through but I have customers complaining
I don't recommend
On Thursday, November 10, 2005, 8:07:18 AM, Daniel wrote:
DB Hello,
DB Can anyone tell me if the Mdaemon Plug-in runs in persistent mode? Also are
DB there any plans to bring the plug-in to Version 1 status?
The MDaemon plugin has no need for persistent mode because it is
loaded and kept in
On Thursday, November 10, 2005, 9:40:42 AM, Daniel wrote:
DB Hi Pete,
DB Thanks for the info. I actually already have the current version running.
DB I'm very happy with it's performance. I just did not have a clear
DB understanding on those issues.
DB On another note, when you have the new
On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote:
PtPS _M,
PtPS _M said will create a default installation that emits headers and
puts
PtPS a .cf file in place for SA to interpret them.
PtPS Not sure if this is relevant to your thought process, but we feel that SA
PtPS
This problem with Dr.Watson errors has been covered before on Declude's support list as well as ours. It's actually not SNF itselft that's causing the problem, but rather an undocumented heap in Windows that can run out of space and cause the next item to load to fail with a Dr. Watson error.
It is _VERY_ important to validate rulebase files with the snf2check utility. The snf2check utility tests the rulebase files in ways that the SNF scanning utility does not (for the sake of speed). If you don't check your downloads with the snf2check utility you run the risk of pressing a
On Tuesday, November 8, 2005, 11:02:09 AM, Darin wrote:
Hi Pete,
The rash of false positives seems to have stopped with the last sniffer rulebase update at 10am ET. It had started with a rulebase update at 4:30pm ET yesterday, and continued through the updates at 8:40pm, 12am, 3am, and
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
Hi Pete,
There was a consistent stream of false positives over the mentioned time period, not just a blast at a particular time. They suddenly started at 5pm (shortly after a 4:30pm rulesbase update), and were fairly evenly spread
.
YOU DO NOT NEED TO TAKE ANY ACTION :-)
All of this work will happen on our end of the Internet.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)
This E-Mail came from the Message Sniffer
On Wednesday, November 2, 2005, 4:48:29 PM, Gary wrote:
We have had excellent results from Message Sniffer for severals years now.
However, in the past few days items that I feel should have been caught, were not.
Can I submit some samples to you? I would be glad to zip a couple of raw
On Wednesday, November 2, 2005, 4:56:07 PM, Glenn wrote:
I've had quite a lot of bounces (D/Q.GSE pairs) in the past several weeks due to users with full mailboxes, 99.999% of them are bounces on spam. When I examine the quoted headers in the D.GSE files, an appreciable number of them
On Friday, October 21, 2005, 4:27:20 AM, William wrote:
WVH Pete,
WVH I know that with Sniffer we have the ability to delete certain rulesets,
but
WVH would it be possible to add a custom rule for our server?
Yes.
snip/
WVH Unfortunately, it does NOT work. I have tried numerous
WVH
On Saturday, October 15, 2005, 12:33:47 PM, Rick wrote:
RH My only concern is that all of this was being caught by Sniffer before and
RH all of a sudden very little of it is being caught. We are told that they are
RH working on it to get it fixed but we are getting slammed by customers
RH telling
On Saturday, October 15, 2005, 3:51:22 PM, Scott wrote:
When I submit false positives to Sniffer about half come back rule clean. I then have to go to the logs and pull out those messages and resubmit the false positives with the log lines.
I believe I am FTPing up my log files to
On Friday, October 14, 2005, 9:39:33 AM, Rick wrote:
RH What is going on with the sniffer not catching any of the spam that is now
RH coming through? We are getting slammed with medication, mortgage and other
RH junk email?
Your license has expired.
Please send a note to [EMAIL PROTECTED] to
On Friday, October 14, 2005, 10:59:05 AM, Chuck wrote:
CS We are seeing a lot of the drug spam getting through. Anyway that sniffer
CS could start catching these. And yes I am forwarding them all.
There are a number of new campaigns launched today with some heavy
bandwidth behind them. We have
On Friday, October 14, 2005, 11:18:18 AM, Daniel wrote:
DB Hello Pete,
DB Are you going to implement something similar for false positives?
No.
The false positive process is very interactive, so each case is
handled individually until it is resolved. This works best as it is
currently
On Thursday, October 13, 2005, 12:15:23 PM, Orillia wrote:
OPA Hi everyone. Background. Running IMail 8.15HF2, Declude 1.82 and sniffer.
OPA Using P4, 512MB RAM with about 400 thousand messages a day. The employee
who
OPA used to manage this has left the company and I am now the owner and
On Wednesday, October 12, 2005, 5:03:44 PM, support wrote:
s Dear Pete,
s Are we ready to switch to the POP method of submitting spam, or are we
s waiting for an official announcement/instructions from you?
Anyone can switch to this method at any time. Our current policy is to
ask anyone who
waiting for an official announcement/instructions from you?
Mike Stein
Computer House
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Darin Cox sniffer@SortMonster.com
Sent: Tuesday, October 11, 2005 9:16 AM
Subject: Re[2]: [sniffer] Spam keeps getting through
On Wednesday, October 12, 2005, 6:30:45 PM, William wrote:
WVH Pete,
WVH Was just wondering, I have all of my e-mail pass through an IMGate/Postfix
WVH machine prior to hitting my main mail server. Sometimes, e-mail (especially
WVH spam) gets forwarded from the secondary MX as well. If we use
On Monday, October 10, 2005, 11:46:36 PM, support wrote:
s Dear Pete,
s We had to reinstall Imail, and now I am not seeing any more TMP files in the
s spool folder. Everything seems to be working OK, but I miss those sweet
s little TMP files. Should I be concerned? What may have changed?
forward them?
KR Pete McNeil wrote:
On Monday, October 10, 2005, 7:55:51 PM, Serge wrote:
S just to make sure, can we now send several spams as attachements in one
S email
S ans what adress to use
S i have 3 that got thru my own mailbox in less than 3 hours
S they did not even get tagged
forward them regularly or do we need to change
anything about how the headers display when we forward them?
Pete McNeil wrote:
On Monday, October 10, 2005, 7:55:51 PM, Serge wrote:
S just to make sure, can we now send several spams as
attachements in one
S email
S ans what adress
right-click on the message, Save As... an .eml file, and then attach
KR that .eml file to the message I'm sending to you?
KR And is this true for spam as well - do they need to forward them to me
KR and then me to you?
KR Just making sure I'm doing this right.
KR Thanks
KR Pete McNeil wrote
in the logs.
GC Regards
GC Gulu
GC -Original Message-
GC From: Pete McNeil [mailto:[EMAIL PROTECTED]
GC Sent: 27 September 2005 11:47
GC To: Gulu Chanrai
GC Cc: [EMAIL PROTECTED]
GC Subject: Re[4]: License id nspjnfcl
GC Hmmm.
GC You might try to a whitelist entry in your global.cfg file
On Tuesday, October 11, 2005, 7:53:03 AM, Gulu wrote:
GC Hi Pete,
GC We have started forwarding spam to the mailbox. Are your robots pulling the
GC emails? As I don't see any activity in the logs.
Just to follow up...
Reading [EMAIL PROTECTED] X
The above is a line from a recent Trap Bot
On Tuesday, October 11, 2005, 9:42:59 AM, Pete wrote:
PM On Tuesday, October 11, 2005, 7:53:03 AM, Gulu wrote:
GC Hi Pete,
GC We have started forwarding spam to the mailbox. Are your robots pulling the
GC emails? As I don't see any activity in the logs.
PM Just to follow up...
Sorry, this was
On Tuesday, October 11, 2005, 10:20:19 AM, Stephen wrote:
First, re: the ERROR_RULE_AUTH condition, did you correct the typo I identified from your screen shot?
Second, when you do use FTP (which is not done by the auto update script) you do not need to change directories. In any case, you
On Monday, October 10, 2005, 5:44:21 PM, Chuck wrote:
CS Sniffer is not catching a wave of spam (drug offers) this has been going on
CS for over a week and I have been forwarding examples. Is there anything that
CS can be done?
I strongly suspect you are talking about the druglist spam and it's
On Monday, October 10, 2005, 5:44:21 PM, Chuck wrote:
CS Sniffer is not catching a wave of spam (drug offers) this has been going on
CS for over a week and I have been forwarding examples. Is there anything that
CS can be done?
Short additional follow up... Attached please find a graph of the
spams as attachements in one
S email
S ans what adress to use
S i have 3 that got thru my own mailbox in less than 3 hours
S they did not even get tagged, only failed sorbs and sorbs_dul
S - Original Message -
S From: Pete McNeil [EMAIL PROTECTED]
S To: Chuck Schick sniffer@SortMonster.com
S
On Monday, October 10, 2005, 7:55:51 PM, Serge wrote:
S just to make sure, can we now send several spams as attachements in one
S email
S ans what adress to use
S i have 3 that got thru my own mailbox in less than 3 hours
S they did not even get tagged, only failed sorbs and sorbs_dul
oops.
to temporarily block .zip files - or at least this
particular zip file until the new rules can be pushed out and the
virus scanners catch up.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com
Just very quiet.
Still here :-)
_M
On Monday, October 3, 2005, 9:22:41 PM, Lists wrote:
LS Good its not just me. No I haven't gotten a message until yours since
LS 9/23 either!
LS Maintain,
LS Babul
LS (210) 696-1130, ext. 102
LS (210) 696-0572 [fax]
LS Text Pager Email: [EMAIL PROTECTED]
501 - 600 of 922 matches
Mail list logo