Hello Sniffer folks,
The first of the new rulebots is coming online.
Rulebot F001 creates IP rules for sources that consistently fail
many tests while also reaching the cleanest of our spamtraps.
The rules will appear in group 63.
The bot is playing catchup a bit (since there have
Hello Sniffer Folks,
I have just completed work to upgrade the rulebase compiler bots.
They are now significantly more efficient. As a result you will be
seeing updates more frequently.
Previous lag was between 40-120 minutes.
Current lag (sustained) is 5 minutes.
More timely
There's been at least one FP ;)
--
Rule - 861038
NameF001 for Message 2888327: [216.239.56.131]
Created 2006-03-02
Source 216.239.56.131
Hidden false
Blocked false
Origin Automated-SpamTrap
TypeReceivedIP
Created By [EMAIL PROTECTED]
Owner [EMAIL
We just reviewed this morning's logs and had a few false positives. Not
sure if these are due to the new rulebot, but it's more than we've had for
the entire day for the past month.
Rules
--
873261
866398
856734
284831
865663
Darin.
- Original Message -
From: Jay Sudowski -
On Monday, March 6, 2006, 3:13:53 PM, Jay wrote:
JSHNL There's been at least one FP ;)
JSHNL --
JSHNL Rule - 861038
JSHNL NameF001 for Message 2888327: [216.239.56.131]
JSHNL Created 2006-03-02
JSHNL Source 216.239.56.131
JSHNL Hidden false
JSHNL Blocked false
Pete,
Does this mean that you are somehow supporting incremental rule base
updates, or is it that the compiler is just much faster so we will get
the same number of updates, but generally get them 40-120 minutes
earlier in relation to the data that generated them?
Either way, definitely an
On Monday, March 6, 2006, 3:42:50 PM, Darin wrote:
DC We just reviewed this morning's logs and had a few false positives. Not
DC sure if these are due to the new rulebot, but it's more than we've had for
DC the entire day for the past month.
DC Rules
DC --
DC 873261
DC 866398
DC 856734
Pete,
One of these was EarthLink [207.217.120.227], and one of these was
Google Mail [64.233.166.182].
SpamBag lists the EarthLink address as a source of bogus bounces, and I
posit that this would be the source of the mail to the spamtraps that
would trigger the F001 bot.
I would like to state
Thanks, Pete.
Darin.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Darin Cox sniffer@SortMonster.com
Sent: Monday, March 06, 2006 6:17 PM
Subject: Re[2]: [sniffer] New Rulebot F001
On Monday, March 6, 2006, 3:42:50 PM, Darin wrote:
DC We just reviewed this morning's
On Monday, March 6, 2006, 6:09:43 PM, Matt wrote:
M Pete,
M Does this mean that you are somehow supporting incremental rule base
M updates, or is it that the compiler is just much faster so we will get
M the same number of updates, but generally get them 40-120 minutes
M earlier in relation to
On Monday, March 6, 2006, 7:24:20 PM, Andrew wrote:
snip
CA I would like to state that I don't need Message Sniffer to
CA identify servers that send bogus postmaster notifications. This
CA would be entirely due to false positives such as the three
CA examples above.
CA Given that spammers
11 matches
Mail list logo
