The MS04-35 reissue some how slipped under the radar yesterday of the other
patches.. So far no public exploits for that. However, SANS is indicating
POC code has been released for MS05-05/09.
So far for the cycle I patched one LOW volume production mail server and one
standby server. Both
Yes, I patched 3 servers last night and tested without issue. Most of
the way through a normal workday now, also without issue. Message
volumes are high enough that I expect any problems to have turned up by
now.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hello Sniffer Folks,
This is a _special_ reminder that we are in the process of migrating
our servers and applications to a new facility.
Over the past few weeks we have been testing and tweaking software,
the new hardware, networks, firewalls, configurations, procedures...
and
If I may suggest:
- at least 24 hours before the cut-over, change DNS timeout for A and
CNAME records to 4 hours.
- on the day of the cutover, change DNS timeouts to 1 hour
That will minimize any impact.
- after the cutover was successful, change DNS timeouts for the updated
records to longer
Hello sniffer,
Will anyone who is not still alive please raise your hand
anyone?
All joking aside: We are finished with all of the heavy parts of our
move now and as far as I can tell everything important is working as
it should.
Please let us know how we did.
Thanks,
_M
Pete
Pete McNeil wrote:
Hello sniffer,
Will anyone who is not still alive please raise your hand
anyone?
All joking aside: We are finished with all of the heavy parts of our
move now and as far as I can tell everything important is working as
it should.
Please let us know how we did.
On Friday, February 18, 2005, 12:43:14 PM, Computer wrote:
CHS Hi Sniffer Folks,
CHS
CHS Here's an interesting article:
CHS http://www.technewsworld.com/story/39578.html
I think this is a rehash of a story that showed up a few weeks ago.
One of the advantages of SNF is that it doesn't use
Also, leading Internet service company AOL (NYSE: AOL) said it noticed
a sharp drop in spam being sent to its members during 2004. Yet most
observers say spam is at least as bad
A result of AOL's aggressive legal stand (helped by their location in VA and
the support by their local law
It needs to be a transport sink, or at least work with one in order to
prevent ongoing issues with brute force
spam floods.
Huh? Why would it need to be a transport sink? Why first accept and store
the message - and then generate bounce messages (in case it's a false
positive)?
Scanning at
The idea being that you don't want any more content searching than is
necessary, particularly when a recipients-dictionary-attack is underway.
Okay, but if you wait until the message is stored in the queue and NOW you
have to scan each one with a command-line process - how is THAT better
Hi Andrew:
The idea being that you don't want any more content searching than is
necessary
The content searching happens at the very end of the protocol conversation.
By that time you already have processed your IP, HELO, SENDER etc. policies
(e.g. DNS BL, local BLs, etc.)
Or are you saying
I guess you essentially got my point and what appears to be Sandy's.
Once you take an Exchange server (or any other server) and insert such
a gateway, you loose your ability to do address validation. Nowadays
this is vital due to real world circumstances as you have yourself
experienced. If
Title: Message
Yeah, I mixed up some words earlier in my reply to Sandy's post. I
should have said that it needed to be paired with or run as a
protocol/OnInBound sink that also does address validation. That's
probably what confused you as to the meaning of what I had said
earlier. I'm only
Hi folks,
I think I have ended up on some sort of private email list. Can you please
remove [EMAIL PROTECTED] and [EMAIL PROTECTED] from your mail list.
Thanks!
Ron Doss
Quoting Andy Schmidt [EMAIL PROTECTED]:
It needs to be a transport sink, or at least work with one in order to
prevent
Hello,
Can you please remove me from your mail list. My address is [EMAIL PROTECTED]
and [EMAIL PROTECTED] Thanks!
Ron
Quoting Matt [EMAIL PROTECTED]:
I guess you essentially got my point and what appears to be Sandy's.
Once you take an Exchange server (or any other server) and insert such
On Saturday, February 19, 2005, 4:38:41 AM, Pete wrote:
PM On Saturday, February 19, 2005, 1:20:39 AM, ron wrote:
rdc Hi folks,
rdc I think I have ended up on some sort of private email list. Can you please
rdc remove [EMAIL PROTECTED] and [EMAIL PROTECTED] from your mail list.
PM I found and
Is there a easy way to determine the Sniffer version you are running (i.e.
command line or the like)? Thanks for the aid.
Keith
winmail.dat
Title: Message
Yup,
just type the executable's filename in a command window, and the version
information is on the last couple of lines in the resulting
help.
Andrew
8)
p.s.
My version says build - v2-3.2 Nov 23 2004 01:21:33
-Original Message-From: Keith Johnson
On Saturday, February 19, 2005, 11:19:32 AM, Keith wrote:
KJ Is there a easy way to determine the Sniffer version you are
KJ running (i.e. command line or the like)? Thanks for the aid.
If you run the SNF executable on the command line by itself it will
tell you the version and build
On Saturday, February 19, 2005, 1:28:14 PM, Dave wrote:
DK I am all in favor of a SUPPORT list to announce timely
DK notifications of problems. solutions and/or changes to your
DK product or services. However, the threads Ive been seeing here
DK lately are 'iMail' specific or involve theoretical
Pete,
Being guilty of being 'chatty' myself, I still second this idea. I
would much prefer to pick through an occasional message dealling with
global announcements regarding the service than picking through both
discussions as well as announcements. I'm not always up to date on this
list and
On Saturday, February 19, 2005, 2:05:09 PM, Matt wrote:
M Pete,
M Being guilty of being 'chatty' myself, I still second this idea. I
M would much prefer to pick through an occasional message dealling with
M global announcements regarding the service than picking through both
M discussions as
Thanks Matt for clarifying my point, and Pete for considering this. Oddly
enough, I would likely subscribe to BOTH lists, but the seperation would
allow me to filter, target and respond to more 'important' emails notices,
and review discussions *IF* and/or when I have time. As an Email/Network
Hello Sniffer Folks,
I have updated the change rates analysis page to show a bar graph of
the recently created rules and their relative strengths (by age).
This replaces the old text report we had before, though the data is
still the same and then some.
Comments welcome.
Thanks,
_M
http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp
Oooh, pretty!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Sunday, February 20, 2005 3:52 PM
To: sniffer@sortmonster.com
Subject: [sniffer] New change rates
Hello Sniffer Folks,
There will be some work on the core router system tonight. This may
result in short, intermittent outages. We do not expect any major
interruptions.
Since Message Sniffer runs locally on your system you should not be
effected. However, you may have trouble reaching
I have been running the demo version of sniffer for about a month or so to
try it out before we buy it and have a few questions.
1. Right now all of the spam is going into a directory called spam, since I
am getting about 12,000 spams a day being filtered I might as well just
have it delete
On Monday, March 7, 2005, 3:13:40 PM, Phillip wrote:
PC I have been running the demo version of sniffer for about a month or so to
PC try it out before we buy it and have a few questions.
PC 1. Right now all of the spam is going into a directory called spam, since I
PC am getting about 12,000
Phillip Cohen wrote:
1. Right now all of the spam is going into a directory called spam,
since I
am getting about 12,000 spams a day being filtered I might as well
just
have it delete everything and save the disk drive, as there is no way
to
easily find an email that has been filtered. Is
At 06:40 PM 3/7/2005 -0500, Frederick Samarelli wrote:
I am seeing a large amount of SPAM Pass Sniffer today.
Am I alone.
Actually mine seems to have had somewhat less bleed through then usual
over the last couple of days.
--
Kirk Mitchell-General Manager[EMAIL PROTECTED]
Keystone
On Monday, March 7, 2005, 6:40:52 PM, Frederick wrote:
FS I am seeing a large amount of SPAM Pass Sniffer today.
FS Am I alone.
I didn't see this. According to MDLP the first half of the day (at
least) was right in the normal range - about 98.5% of spam captured.
No errors. Just SPAM showing as clean.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Frederick Samarelli sniffer@SortMonster.com
Sent: Monday, March 07, 2005 6:56 PM
Subject: Re: [sniffer] SPAM
On Monday, March 7, 2005, 6:40:52 PM, Frederick wrote:
FS I am seeing a large
On Monday, March 7, 2005, 7:00:40 PM, Frederick wrote:
FS No errors. Just SPAM showing as clean.
Be sure to forward / redirect them to the spam@ address if you haven't
already. I'll be making another run in an hour or so - I'll look
closely at anything that doesn't get tagged on the way to me.
I currently forward all spam from my email account can I add a second
address that will be able to forward spam as well?
Jonathan SchoemannNetwork Systems EngineerInformation
ServicesSt. Agnes HealthCare / CSC[EMAIL PROTECTED]410-368-3110
[EMAIL PROTECTED] 03/07/05 07:09PM On Monday, March
On Wednesday, March 9, 2005, 2:59:24 PM, Jonathan wrote:
JS I currently forward all spam from my email account can I add
JS a second address that will be able to forward spam as well?
JS
Yes. You can forward spam from any account you wish. Spam submissions
are considered anonymous and suspect
On Thursday, March 10, 2005, 9:45:11 AM, Mike wrote:
MW When I send messages to the [EMAIL PROTECTED] Can I send these as
attachments. I
MW use outlook and SpamSource http://www.daesoft.com to send to both spamcop
MW and sortmonster. I think you said at one time they had to be individual
MW
On Monday, March 14, 2005, 12:47:33 PM, Nick wrote:
NM Hi there
NM We've just undergone a migration of a 1,000 domain iMail server to
NM SmarterMail (for obvious reasons!), and using Declude and Sniffer on the new
NM system.
NM However, occasionally we see Sniffer jumping out of its perpetual
Hello sniffer list,
Like so many declude/sniffer users, we have been using IMail for the
past seven years and currently host mail for about 1600 domains/5000 users.
We are going to be moving to another mail package (you know why) and I
know I have seen some comments on this list regarding
Hi there
I was contacted off-list this morning by another user with the same question
- below is my reply - we moved just a few days ago from iMail to
SmarterMail. Hope it helps...
---
We too have been looking for an alternative to iMail for a couple of years
Hi Steve,
You wrote:
We are going to be moving to another mail package (you know why)...
I would very much like to hear your comments about Imail and any
difficulties you've encountered and why you feel the need to switch. You
can write to me offline if you'd prefer.
Thank you,
Michael
If possible I'm interessed in this discussion me too
Thank you
Alberto
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Computer House Support
Sent: mardi 15 mars 2005 17:20
To: sniffer@SortMonster.com
Subject: Re: [sniffer] Smartermail
Hi Steve,
You
Whew man, that pretty much sums it up.
It has always annoyed me that we spent almost $900.00 per year for what
amounts to patch access. Functionally IMail has barely changed through
the years and we have been using it since version 3.0.
I really wonder what the heck is going on with Ipswitch.
On Tuesday, March 15, 2005, 1:36:31 PM, Rick wrote:
RH All of a sudden today Sniffer has started taking emails sent between users
RH within a single domain and putting them in our hold system. Any ideas why
RH this might happen and also how I can add a rule so that does not become a
RH problem on
Reading this from Ipswitch's site explains quite a bit, I think:
Alex Neihaus
Vice President, Marketing
Alex Neihaus joined Ipswitch in April 2004 and brought with him a solid
marketing background in collaboration, design and application software
that aligns perfectly with the Ipswitch product
Pete
OK, I now have much more information on this problem with
Declude/Sniffer/SmarterMail.
It seems the current version of Declude does not have an Overflow Directory
for SmarterMail, which therefore allows unlimited Declude processes to be
spawned at any time. At our peak we were seeing a
Thanks John - I didn't know that, but it would explain things...
Nick
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of John Tolmachoff (Lists)
Sent: 16 March 2005 14:40
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Moving Sniffer to
On Wednesday, March 16, 2005, 9:01:34 AM, Nick wrote:
NM Pete
NM OK, I now have much more information on this problem with
NM Declude/Sniffer/SmarterMail.
NM It seems the current version of Declude does not have an Overflow Directory
NM for SmarterMail, which therefore allows unlimited Declude
John,
It is a well known and published fact (on the Imail list) that RAID5
should
never ever be used for the spool directory or any other directory that
has
a
high write activity. This is basic physics. RAID5 should really only
be
used
for high read activity only, such as databases where
Even if you break it into smaller blocks, you still need to transfer the
data to the controller, then the controller has to employ overhead to break
up the block, create the parity information, determine the location for each
block, etc.
With RAID-1 the controller can just write through and
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: 16. marts 2005 17:43
Writing data to a raid 5 takes x+y+z amount of work where y
is described above and z is calculating a CRC stripe which
must now also be saved to a hard
OK that is for hardware level RAID. I had thought that you would offset
the extra processing time by being able to write less to each drive.
Now does anyone know how much overhead Windows 2000/2003 software RAID 1
on dynamic disks produces over hardware level RAID 1?
I am assuming it would be
Uh, sorry, I had thought that discussion was RAID-5 vs. RAID-1?
If someone is running RAID-5, I assume that it's hardware based. If so, then
that person could use the same hardware to configure a RAID-1 array instead
- so why even bother with software RAID then?
If the discussions is software
Now does anyone know how much overhead Windows 2000/2003 software RAID 1
on dynamic disks produces over hardware level RAID 1?
I am assuming it would be substantial.
I have never noticed an issue, and I would only assume there would be an
issue in higher end databases or where the CPU was
IMO, Software RAID is not the way to go on a busy machine. You will
save a measurable amount of overhead by going with hardware based RAID
of any sort since the controller should handle the processes associated
with the RAID. Note that this isn't the case with inexpensive RAID
controllers such
On Wednesday, March 16, 2005, 2:05:00 PM, Goran wrote:
GJ OK that is for hardware level RAID. I had thought that you would offset
GJ the extra processing time by being able to write less to each drive.
GJ Now does anyone know how much overhead Windows 2000/2003 software RAID 1
GJ on dynamic
Matt,
I think that you sort of answered the
question that I did not really ask. I was really trying to get information on
the different performance levels for of S/W vs H/W RAID for an ideal
scanning only box. So let me try this out and people can comment
All SCSI 15K drives with HW
I would just RAID 5 the whole setup. With your 6 drives, you get the
read performance of 4 drives on any partition in this setup, plus you
have a hot spare, and the write performance of close to 4 drives as
well. This is a lot better than your config with a mirrored set of
drives and a RAID 5
Hello Matt,
Wednesday, March 16, 2005, 11:44:08 PM, you wrote:
M I would just RAID 5 the whole setup. With your 6 drives, you
M get the read performance of 4 drives on any partition in this
M setup, plus you have a hot spare, and the write performance of
M close to 4 drives as well. This is a
Matt and Charles,
Thank you for your insight and comments. Now I just have to go and get
the money to get something that I want :)
Goran Jovanovic
The LAN Shoppe
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sophos.com/spaminfo/articles/spamwords.html
Interesting, but a pity they didn't publish a list of, say, their 1,000
most popular obfuscations.
Andrew 8)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
Wow, Pete! Wow.
I didn't feel I could measure up to adding on to that thread, so I
started over.
Although the search space is theoretically huge (you pointed out the
marketecture of large numbers), in practice, the spammers mostly use the
grains quite close to the marble and use the grains over
You truly are a mad scientist - But we love ya! :)
Matt
MaxNett Ltd
T.08701 624 989
F.08701 624 889
www.maxnett.co.uk
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: 23 March 2005 00:37
To: Colbeck, Andrew
Subject: Re: [sniffer]
On Tuesday, March 22, 2005, 8:31:07 PM, Andrew wrote:
snip/
CA How many times have we all been frustrated that a piece of spam ending
CA up in *OUR* mailbox that was s close in content to spam we whacked
CA yesterday?
CA I thought the top n obfuscations might be interesting to look at, and
Pete,
Doesnt Sniffer have a certain level of support for regex's? I know we have
had good luck with regex's like this which catch obfuscation techniques with
viagra with Declude. We found it easier to use regex's than to list all of
the different variations.
On Wednesday, March 23, 2005, 6:04:10 PM, Darrell wrote:
Dsic Pete,
Dsic Doesnt Sniffer have a certain level of support for regex's? I know we
have
Dsic had good luck with regex's like this which catch obfuscation techniques
with
Dsic viagra with Declude. We found it easier to use regex's
A question:
If I have the same spam sent to multiple
recipients, should I be submitting more than one copy to [EMAIL PROTECTED]?
On Thursday, March 24, 2005, 11:00:56 AM, Scott wrote:
SF A question:
SF
SF If I have the same spam sent to multiple recipients, should
SF I be submitting more than one copy to [EMAIL PROTECTED]
If you mean there are multiple recipients in the SMTP envelope then we
only need one copy.
If
Anyway that sniffer could trigger on this type of stuff?
Blonde Tit Licked By Black Guy On Backseat
blonde whore screws three guys
Adorable Blond Teen Hardcore Blowjob
Dark Haierd Abbes Suck Big Black Dick 3some Movies
Pornstar Brandi Lyons Hardcore On Couch Movies
--
Cordially,
Heimir Eidskrem
On Monday, March 28, 2005, 2:09:52 PM, Heimir wrote:
HE Anyway that sniffer could trigger on this type of stuff?
snip/
Yes. The bad news is that this stuff is highly variable and so more of
it gets through than we would like. The good news is that we are
developing filters to deal with it by
Just an FYI from my perspective. As things stand, Sniffer false
positives on dirty language is one of the top 5 types of FP's that I see
with Sniffer. It's not a huge problem, but I definitely wouldn't want
to see any more of it. While some companies do not have an issue with
blocking dirty
Anybody out there using SmarterMail with multiple IP's (like 50 or more)
bound to one or more NIC's?
--
Best Regards,
Steve Oren
President
ServerSide, Inc.
317-596-5000 voice
317-596-5010 fax
888-682-2544 toll free
www.serverside.net
This E-Mail came from the Message Sniffer mailing list. For
I noticed in the archives about a .cfg file one can configure for use
when running Persistent sniffer. How do you download it or obtain it?
Thanks for the aid.
Keith
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
On Wednesday, March 30, 2005, 4:08:35 PM, Keith wrote:
KJ I noticed in the archives about a .cfg file one can configure for use
KJ when running Persistent sniffer. How do you download it or obtain it?
KJ Thanks for the aid.
You can find a sample .cfg file in the latest distribution. If you
On Wednesday, March 30, 2005, 10:50:36 PM, Keith wrote:
KJ Pete,
KJThanks for the follow-up. I was monitoring the
KJ filename.persistent.stat file that yields stats as messages are
KJ processed. Is it normal for it to every now and then flash [File
KJ is Empty], thus no stats at all.
On Friday, April 1, 2005, 8:04:27 AM, Keith wrote:
KJ I have read forum results that this behavior is the reverse of
KJ what should happen, I should get a reduction in CPU. I did this
KJ around 11pm last night, usually during peak times this server
KJ would stay at 65% load. Is there anything I
Pete,
Thanks for the reply.
Running on an IBM Xseries 225 Dual Xeon 2.4Ghz w/ 1GB RAM -
running IBM's ServerRAID 5i in IBM's RAID 10 config (4 73GB 10K drives)
- O/S is Windows 2000 Standard Server SP4
Running Imail 8.15HF1 with Declude JM/Virus 1.82 - BIND DNS
Server
On Friday, April 1, 2005, 11:44:07 AM, Keith wrote:
KJ Pete,
KJ Thanks for the reply.
KJ Running on an IBM Xseries 225 Dual Xeon 2.4Ghz w/ 1GB RAM -
KJ running IBM's ServerRAID 5i in IBM's RAID 10 config (4 73GB 10K drives)
KJ - O/S is Windows 2000 Standard Server SP4
KJ
Pete,
Wow, thank you for the explanation. I did let the persistent
server run for 30 min after I restarted the services. However, I did
stop the services, then started Sniffer service, then restart Imail
services. I could have gotten a backlog of retries at that moment that
pegged the
Keith,
Windows DNS service will handle over a million lookups a day without
blinking. There should be no reason to switch to a different DNS
server. It hardly even registers any CPU load on my boxes. The biggest
CPU hog is the virus scanners, and choosing your virus scanners
carefully will
On Friday, April 1, 2005, 3:37:33 PM, Keith wrote:
snip/
KJ pegged the CPU as you stated. We have batted around running BIND
KJ for NT/2000 on the local machine, but my fear was overhead of
KJ another major process running. I don't have any good stats on how
KJ much CPU/Memory BIND on an Imail
Pete,
Yes the file is changing every few seconds or sooner. Sorry, I just
did a 'grab' of it and posted. The 307 is due to me stopping it after 30 min
or so and altering the few changes to the .conf file. I will continue to
monitor it over the weekend. However, so far so good.
On Saturday, April 2, 2005, 1:07:56 PM, Andrew wrote:
CA Pete, your metaphors are wonderful.
:-)
snip/
CA If I remember correctly, the MaxPollTime was originally much lower. I
CA now use the full 4 seconds, but I don't know how often that's needed. I
CA easily see Declude processes taking
Hello -
I am reviewing your MDLP report at
http://www.sortmonster.com/MDLP/MDLP-Example-Long.html, and find some
tests that are seemingly quite effective that I'm not familiar with. If
anyone has any informaiton about these tests, please let me know:
- FABEL (is this the same as FABELSOURCES
On Saturday, April 2, 2005, 4:09:31 PM, Jay wrote:
JSHNL Hello -
JSHNL I am reviewing your MDLP report at
JSHNL http://www.sortmonster.com/MDLP/MDLP-Example-Long.html, and find some
JSHNL tests that are seemingly quite effective that I'm not familiar with. If
JSHNL anyone has any informaiton
Ahh, that makes more sense now. ham is just what does not pass the
spam threshold. In this light, if Sniffer is hyper accurate and
catches more real spam than all others, it will appear less accurate
overall because of the deficienes in the other tests. For some reason,
I was thinking that ham
Jay, here's more web information on the mxrate tests:
http://www.mxrate.com/lookup/dns.htm
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Saturday, April 02, 2005 1:43 PM
To: Jay Sudowski - Handy Networks LLC
Subject: Re:
I have not had any messages from the list since the 3rd of March. What is
happening on the list?
Rick Hogue
Intent.Net - Web Hosting
3802 Handley Avenue
Louisville, KY 40218
1-502-459-3100
1-800-866-2983 Toll Free
New Books Available
Prosperity Or Better Times Ten
Hot Slot Secrets
The
On Saturday, April 9, 2005, 1:27:51 PM, Rick wrote:
RH I have not had any messages from the list since the 3rd of March. What is
RH happening on the list?
The list has been very quiet.
I got your message twice - once from you directly and once from the
list. This seems correct based on your
On Saturday, April 9, 2005, 1:58:45 PM, Rick wrote:
RH Yes but that really seems strange when I was getting 4 to 10 messages every
RH day. Now I did not get any since the 3rd of March right after you announced
RH that there would be the outage? You may want to check into this closer.
I'm very
I am seeing a lot of these get through
John T
eServices For You
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
On the weekend and since, I saw a lot of them get through but Sniffer
was dutifully catching them, unfortunately, they also served to
highlight Sniffer hyperaccuracy because those messages just weren't
reaching my HOLD weight.
Check out the Message Sniffer change rates for the last few days:
I noticed a significantly higher amount of spam get through in the last few
days. A few of them got tagged but didn't reach my delete weight. I didn't
notice if the majority were pharmaceuticals. I forwarded them all to
Sniffer, then . . . DELETE.
G.Z.
- Original Message -
From:
On Wednesday, April 13, 2005, 1:16:29 PM, John wrote:
JTL I am seeing a lot of these get through
Can you be specific about these ? Please send me a sipped plaintext
or message file. (to [EMAIL PROTECTED])
Thanks,
_M
This E-Mail came from the Message Sniffer mailing list. For information
Something I noticed about these. They are all using RE: or FW: and in the
body they have the original message line. SpamCheck had a line the
CheckWords giving negative 25 to that line. As such, SpamCheck was giving an
overall weight of -19 which was taking away from everything else the message
was
Attached is something that I coded up last night for this guy. It's
designed to be not totally dependant on one pattern so that it might
have some longevity. His forging of a Microsoft format is quite good,
but he does make mistakes and does leave patterns, some of which can be
tagged with a
Quick update. I found a few false positives (about 1 in 50,000
messages) and as a result I modified things a little and added a few
more checks for supposedly rather unique patterns. The new version is
attached. Unless there is a problem I probably won't update it any
more, but I felt that
Hello Sniffer folks,
For those of you who are MDaemon users and may not know, we have
developed a plugin version of Message Sniffer that works on the
latest version of MDaemon (v8).
The folks on the MDaemon beta list have had access to it for a while
now and it has been working well.
Wow - inline Virus scanning - and if I read the flow chart correctly, their
heuristic engine actually sounds like a scoring system for DNSBL and various
other indicators and reject a message during connection.
Now that's the kind of SMTP engine I've been wanting all along.
Best Regards
Andy
Yes, you read it correctly... Mdaemon is capable of blocking spam by sending
'User Unknown' replies during SMTP, which might actively do something
against spammers who clean up their lists when these reponses are received.
Dunno if they're bright enough to do that tho...
Michiel
Pete,
Should we change the license info in the plugin.cfg file to match our
license info or should we wait to do so until the release version comes out?
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Pete McNeil
801 - 900 of 2914 matches
Mail list logo
