The one issue with this I have is
1) Forward full
original source to Sniffer with license code.
If we could do it without the license code, it
would be much easier to automate on our end. I already have a process in
place to copy and reroute false positives by rewriting the Q file. I'm
Today I've noticed that there is a relation between
the recipient adresses that was used in the past 36 hours in the numeric spam
messages and the following wave of stock-spam messages containing this
png-graphic. After checking around 10 Mailboxes there is a correspondence of
100%. Or they
Hello Darin,
Wednesday, June 7, 2006, 7:31:29 AM, you wrote:
The one issue with this I have is
1) Forward full original source to Sniffer with license code.
If we could do it without the license code, it would be much
easier to automate on our end. I already have a
Hi Pete,
Can I interpret this as email address and matching source IP are sufficient
if the correct email address is used to submit?
If not, do you have any suggestions on how you would like to see us
inserting the license ID in the D file?
Darin.
- Original Message -
From: Pete
Hello Darin,
Wednesday, June 7, 2006, 8:44:26 AM, you wrote:
Hi Pete,
Can I interpret this as email address and matching source IP are sufficient
if the correct email address is used to submit?
Yes.
If not, do you have any suggestions on how you would like to see us
inserting the license
Hello Scott,
Wednesday, June 7, 2006, 10:08:58 AM, you wrote:
For me the pain of false positives submissions is the research
that happens when I get a no rule found return.
I then need to find the queue-id of the original message and then
find the appropriate Sniffer log
Pete,
An X-Header would be very, very nice to have. I understand the issues
related to waiting to see if something comes through, and because of
that, I would maybe suggest moving on your own.
Sniffer doesn't need to be run on every single message in a Declude
system. Through weight based
Hello Matt,
Wednesday, June 7, 2006, 3:37:36 PM, you wrote:
Pete,
An X-Header would be very, very nice to have. I understand the
issues related to waiting to see if something comes through, and
because of that, I would maybe suggest moving on your own.
I've got it on the list to
Oh, I assumed the rule had been removed. Are
you saying there was a rule in place, but the FP processing somehow failed to
find it? If so, I'd say that is a major failing on the part of the FP
processing.
There's no way thatwe can find time to go
through the Sniffer logs after this bounces
Hello Matt,
Wednesday, June 7, 2006, 4:22:05 PM, you wrote:
Pete,
Since the %WEIGHT% variable is added by Declude, it might make
sense to have a qualifier instead of making the values space
delimited.
I don't want to mix delimiters... everything so far is using spaces,
so it makes
Hello Darin,
Wednesday, June 7, 2006, 5:05:28 PM, you wrote:
snip/
Uh, but the D file contains mime segments corresponding to attachments.
That's ok. SNF looks inside those, and w/ the FP scanning software
inside the rfc822 atachment also.
It's not perfect, but the majority of the time it
Hello Darin,
Wednesday, June 7, 2006, 5:09:27 PM, you wrote:
snip/
That would be a bad idea, sorry. After 30 days (heck, after 2) spam is
usually long-since filtered, or dead. As a result, looking at 30 day
old spam would have a cost, but little benefit.
You misinterpreted what I was saying.
(sniff) Aw, cut it out, Matt.
You're making me all weepy.
p.s. Pete, that's pretty darned
amazing!
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of MattSent:
Wednesday, June 07, 2006 3:58 PMTo: Message Sniffer
CommunitySubject: Re: [sniffer]Re[2]:
Awesome. Great job, Pete.
Darin.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Message Sniffer Community sniffer@sortmonster.com
Sent: Wednesday, June 07, 2006 6:49 PM
Subject: [sniffer]Re[2]: [sniffer]Re[2]: [sniffer]Re[2]: [sniffer]FP
suggestions
Hello Matt,
Unfortunately, by the time the message gets to us it is sometimes just
different enough that the original pattern cannot be found. There are
some folks who consistently have success, and some who occasionally
have problems, and a few who always have a problem.
Different in what way? Is the mail
Hello Darin,
Wednesday, June 7, 2006, 7:26:48 PM, you wrote:
Unfortunately, by the time the message gets to us it is sometimes just
different enough that the original pattern cannot be found. There are
some folks who consistently have success, and some who occasionally
have problems, and a few
Of course I'm sending the full message as an
attachment. You can do that with Outlook byattaching and item, then
browsing your mail folders for the message to attach. And yes, that's how
you do it with Outlook Express as well. I don't use Thunderbird or
Netscape mail, but I would assume you
Darin,
Thunderbird and Netscape just takes the full original source and
attaches it as a message/rfc822 attachment. I forwarded this message
back to the list by just pressing Forward. I'm pretty sure that
Outlook Express works simply by just pressing Forward As Attachment, or
at least it
18 matches
Mail list logo
