[sniffer] Re: .pdf Attachments
Yes, we're getting tons of these too. Michael Stein Computer House - Original Message - From: Greg Coffey [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Thursday, June 28, 2007 10:20 AM Subject: [sniffer] .pdf Attachments What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Appriver issue
For those of us in the dark about this, can someone explain who Appriver is, and what is has to do with Message Sniffer? Thank you, Michael Stein Computer House - Original Message - From: Kevin Rogers [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Friday, May 18, 2007 6:45 AM Subject: [sniffer] Re: Downloads are not working I sent a message earlier to this list but I'm not sure if it went through. We've been hit by this Appriver issue and it is still going on as far as I can tell. One of our users, call him [EMAIL PROTECTED] sent a message to about 70 people. And this message has been bounced 20 or 30,000 times and counting. At first I thought it was this Exchange issue we experienced last year where a single message was sent over and over. But then I saw that all the headers of the bounced emails contained calls to appriver.com and when I checked here I found this thread. In the end, the only thing I could do was completely remove that user's account and it appears to be OK. But who knows? Things appeared to be OK from 7pm until 1am PST when it all started up again. Anyone have any information on this? Thanks Kevin Pete McNeil wrote: Hello Matt, Thursday, May 17, 2007, 2:22:56 PM, you wrote: Appriver, who is somehow involved with Sniffer, is having a ridicolous problem with sending messages over and over again (once every few seconds). They pulled their contact information from their site but didn't take down their servers. I suspect this is putting strain on them and if Sniffer uses their bandwidth for downloads, that could explain things. I'm not sure what the actual issue is (I will get that data later), however I've just been informed that it should be resolved in the next 20 minutes or so. Our rulebase server is on the same network so it is effected. BTW - they did not take down their contact information. It is right where it always has been. _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Best renewal price and service on Sniffer?
Dear Steve, I have replied to you off-list regarding our discounted renewal services for Mesage Sniffer. Thank you, Michael Stein Computer House 609 652-5100 [EMAIL PROTECTED] - Original Message - From: Steve Guluk To: Message Sniffer Community Sent: Friday, May 18, 2007 10:26 AM Subject: [sniffer] Best renewal price and service on Sniffer? Hello, I was informed some time back that I needed to renew my subscription to Sniffer soon. I sent an email to [EMAIL PROTECTED] on May 3rd and never got a response back. Today is the last day on my subscription. Does anyone have any suggestions on where to renew, at the best price? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: SPAM Storm?
Is it me, or is there an unbelievable spam storm going on this afternoon?? # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: DNSBL
Dear Alberto, Have you run your task manager to see what service is using the CPU? Michael Stein Computer House - Original Message - From: Alberto Santoni [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Wednesday, February 28, 2007 1:19 PM Subject: [sniffer] DNSBL Hello does someone have heavy problems with the DNSBLs? I have Imail server 2006.1 + mxguard + messagesniffer and it is since about a week that my server has almost always the CPU at 100%. I have stopped the check for all DNSBL but nothing has changed! Any idea? Alberto # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Blocking emails with Cyrillic characters
Here Here! I second the motion. It would be great to be able to block these. We use the Declude Country Filter which does a good job, but these Russian or Arabic E-mails don't always originate in the subject country. Thanks Steve for the good suggestion. Michael Stein Computer House - Original Message - From: Steve Guluk To: Message Sniffer Community Sent: Wednesday, December 13, 2006 3:42 PM Subject: [sniffer] Blocking emails with Cyrillic characters Hello Comrades, Could we get a rule that looks for various common Russian words (or Cyrillic characters) and then gives them a spam value? Do you sell much Sniffer Product to Russia? If not, rules that focus on common russian words would be great for blocking much of the spam that makes it's way past Sniffer. You could always create a way for people that want Russian emails to exclude this rule. No? Not that I know all the details of how you guys create your rules but a rule looking for common Cyrillic characters could catch all spam formatted in Russian as well as other languages that use similar characters. Otherwise you should hire some coders that understand these languages as I get a heap of spam that passes Sniffer by using what looks like Russian or Cyrillic characters. I run iMail 8.22 so if anyone has any other ideas that could block these please post your suggestions, I guess we could create a phrase list from some of the Cyrillic spams..? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Declude header not modified correctly
David Waller wrote: they don't respond to support emails from this registered user... Dear David, I am curious to know if you have an active Service Agreement with Declude? Among the hundreds of vendors that I deal with, I found their support to be one of the best. I seldom wait more than an hour for a response. Michael Stein Computer House # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Declude header not modified correctly
Dear Sniffer Folks, As I mentioned in a previous post, we have been very happy with the response from Declude Tech Support. Feel free to use this E-mail address if you need help: [EMAIL PROTECTED] Linda has been very good at responding, and she has given permission for me to post her address here. Michael SteinComputer House - Original Message - From: Herb Guenther To: Message Sniffer Community Sent: Wednesday, October 25, 2006 10:06 AM Subject: [sniffer] Re: Declude header not modified correctly I have an active SA, I sent in some service requests and got a ticket number by return email, never a follow up. Then called in and a chap named Chris Asaro fixed the settings on our account so that I could download the correct version and was quite helpful with that. However, that does not solve the problem and all emails of examples and requests for status since 10/18/06 have gone unanswered.So, basically their answer was install the latest version, and beyond that nothing, not even a reply or a we are working on it and will have something to try on X. Out users are seeing hundreds of spam messages unmarked in their email boxes a day, and of course want to know why when it is identified as spam they are still getting it. I personally know that this has been an issue for at least a year. If I were a spammer I would sure code my emails to exploit this.Anyway, have used Declude for about 5 years as I recall and getting kind of to the end of the line.I also spent some time yet again on their web site, and do not see a discussion board or anything to discuss this issue there vs here.HerbDarin Cox wrote: I have an active SA. I've sent support requests twice in the past few months to support@ and have gotten no response. Darin. - Original Message - From: "Computer House Support" [EMAIL PROTECTED] To: "Message Sniffer Community" sniffer@sortmonster.com Sent: Wednesday, October 25, 2006 9:11 AM Subject: [sniffer] Re: Declude header not modified correctly David Waller wrote: they don't respond to support emails from this registered user... Dear David, I am curious to know if you have an active Service Agreement with Declude? Among the hundreds of vendors that I deal with, I found their support to be one of the best. I seldom wait more than an hour for a response. Michael Stein Computer House # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Version 2-3.5 Release -- Faster Engine
Thank you Pete, We have successfully upgraded to version 2-3.5 Michael Stein Computer House - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Monday, October 23, 2006 12:25 PM Subject: [sniffer] Version 2-3.5 Release -- Faster Engine Hello SNF Folks, The plan was to hold off until the next major release, however in light of recent increases in spam traffic we are pushing out a new version with our faster engine included. All other upgrades are will wait for the major release ;-) The scanning engine upgrade results in a 2x speed increase that hopefully will help with the higher volumes we are seeing now. Version 2-3.5 also rolls up 2-3.2i1 which included the timing and file locking upgrades. You can find version 2-3.5 here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Distributions Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: yahoo mail problems
Matrosity Hosting wrote: anyone getting mailthrough yet? It was suggested that we try this command: telenet mx1.mail.yahoo.com 25 I have found that this fails about 4 out of 5 times. If you keep trying it, it will eventually connect. I would sure like to know what this is. Anyone know? Michael SteinComputer House
[sniffer] Re: yahoo mail problems
oops I spelled Telnet wrong. Sorry - Original Message - From: Computer House Support To: Message Sniffer Community Sent: Wednesday, October 18, 2006 7:50 PM Subject: [sniffer] Re: yahoo mail problems Matrosity Hosting wrote: anyone getting mailthrough yet? It was suggested that we try this command: telenet mx1.mail.yahoo.com 25 I have found that this fails about 4 out of 5 times. If you keep trying it, it will eventually connect. I would sure like to know what this is. Anyone know? Michael SteinComputer House
[sniffer] Re: yahoo mail problems
I would recommend checking your mail server logs for a more detailed description of the bounce error. You may find that it is a DNS or spam blacklist issue. www.dnsstuff.com is a good resource. Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 10:50 AM Subject: [sniffer] yahoo mail problems Im sorry to post this here but we are desperately looking for opinions quickly as this has becoming a real issue to us and I could not think of any better place to find truly technical mail server folks J We seem to be having multiple mail servers on multiple networks having issues sending to yahoo servers for going on 36 hours nowthese are a variety of server types on a variety of networks telnet on port 25 is usually getting this 451 Message temporarily deferred - 4.16.50keep in mind that some of our servers are having no issues sending mail any one else having this issue
[sniffer] Re: yahoo mail problems
Now that I've looked into it further,yes! Our E-mails to Yahoo have also been bouncing back as undeliverable with the same error. I have sent out a few test messages and will report back when I have some more info. Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 11:52 AM Subject: [sniffer] Re: yahoo mail problems Thanks, but were not blacklisted and there are no entries other than message has been deferred L From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 11:54 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems I would recommend checking your mail server logs for a more detailed description of the bounce error. You may find that it is a DNS or spam blacklist issue. www.dnsstuff.com is a good resource. Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 10:50 AM Subject: [sniffer] yahoo mail problems Im sorry to post this here but we are desperately looking for opinions quickly as this has becoming a real issue to us and I could not think of any better place to find truly technical mail server folks J We seem to be having multiple mail servers on multiple networks having issues sending to yahoo servers for going on 36 hours nowthese are a variety of server types on a variety of networks telnet on port 25 is usually getting this 451 Message temporarily deferred - 4.16.50keep in mind that some of our servers are having no issues sending mail any one else having this issue
[sniffer] Re: yahoo mail problems
Weird. I found that only certain domains on our server are having the problem. One domain can successfully send mail to [EMAIL PROTECTED]but when I try mail to this addressfrom my domain, it fails. The other error we are seeing is: rl-recv: connection reset Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:18 PM Subject: [sniffer] Re: yahoo mail problems This issue is occurring for us with the following platforms Windows with Imail, smartermail Mail enable Linux about ½ our cpanel servers Exchange servers at least 1/3 of them From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 12:27 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Are those of us having this problem all running an Imail server? Michael SteinComputer House - Original Message - From: Matrosity Hosting To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:08 PM Subject: [sniffer] Re: yahoo mail problems same here Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Tech SupportSent: Tuesday, October 17, 2006 11:52 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Thanks, but were not blacklisted and there are no entries other than message has been deferred L From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 11:54 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems I would recommend checking your mail server logs for a more detailed description of the bounce error. You may find that it is a DNS or spam blacklist issue. www.dnsstuff.com is a good resource. Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 10:50 AM Subject: [sniffer] yahoo mail problems Im sorry to post this here but we are desperately looking for opinions quickly as this has becoming a real issue to us and I could not think of any better place to find truly technical mail server folks J We seem to be having multiple mail servers on multiple networks having issues sending to yahoo servers for going on 36 hours nowthese are a variety of server types on a variety of networks telnet on port 25 is usually getting this 451 Message temporarily deferred - 4.16.50keep in mind that some of our servers are having no issues sending mail any one else having this issue
[sniffer] Re: yahoo mail problems
Thanks for the suggestion. I did the Telnet test to MX1 and it fails from the mail server, but connects ok from my web server. Any ideas? Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:34 PM Subject: [sniffer] Re: yahoo mail problems Telnet to mx1.mail.yahoo.com on port 25 likewise try mx2 3 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 12:44 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Weird. I found that only certain domains on our server are having the problem. One domain can successfully send mail to [EMAIL PROTECTED]but when I try mail to this addressfrom my domain, it fails. The other error we are seeing is: rl-recv: connection reset Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:18 PM Subject: [sniffer] Re: yahoo mail problems This issue is occurring for us with the following platforms Windows with Imail, smartermail Mail enable Linux about ½ our cpanel servers Exchange servers at least 1/3 of them From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 12:27 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Are those of us having this problem all running an Imail server? Michael SteinComputer House - Original Message - From: Matrosity Hosting To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:08 PM Subject: [sniffer] Re: yahoo mail problems same here Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Tech SupportSent: Tuesday, October 17, 2006 11:52 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Thanks, but were not blacklisted and there are no entries other than message has been deferred L From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 11:54 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems I would recommend checking your mail server logs for a more detailed description of the bounce error. You may find that it is a DNS or spam blacklist issue. www.dnsstuff.com is a good resource. Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 10:50 AM Subject: [sniffer] yahoo mail problems Im sorry to post this here but we are desperately looking for opinions quickly as this has becoming a real issue to us and I could not think of any better place to find truly technical mail server folks J We seem to be having multiple mail servers on multiple networks having issues sending to yahoo servers for going on 36 hours nowthese are a variety of server types on a variety of networks telnet on port 25 is usually getting this 451 Message temporarily deferred - 4.16.50keep in mind that some of our servers are having no issues sending mail any one else having this issue
[sniffer] Re: yahoo mail problems
Here is the error we are getting now on any mail to Yahoo: Unexpected connection response from server: Out of curiosity, I ran "yahoo.com" through DNSREPORT.COM and it said: ERROR: I could not complete a connection to any of your mailservers! So I guess I'll stop worrying about it and wait for them to fix their problem. Agree? Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 1:47 PM Subject: [sniffer] Re: yahoo mail problems Its a variety actually MS DNS SimpleDNS And bind on linux I believe From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska Jr.Sent: Tuesday, October 17, 2006 1:49 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Would you happen to be running Microsoft DNS server? I ran into something similar a while back with certain dns queries were corrupted for domains that used certain extended dns queries. It turned out in our case that our firewalls were removing the ends of the extended dns packets because they were over limit. Have you made any firewall changes recently? Jim Matuska Jr.Computer Tech2, CCNANez Perce TribeInformation Systems[EMAIL PROTECTED] From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 9:44 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Weird. I found that only certain domains on our server are having the problem. One domain can successfully send mail to [EMAIL PROTECTED]but when I try mail to this addressfrom my domain, it fails. The other error we are seeing is: rl-recv: connection reset Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:18 PM Subject: [sniffer] Re: yahoo mail problems This issue is occurring for us with the following platforms Windows with Imail, smartermail Mail enable Linux about ½ our cpanel servers Exchange servers at least 1/3 of them From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 12:27 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Are those of us having this problem all running an Imail server? Michael SteinComputer House - Original Message - From: Matrosity Hosting To: Message Sniffer Community Sent: Tuesday, October 17, 2006 12:08 PM Subject: [sniffer] Re: yahoo mail problems same here Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Tech SupportSent: Tuesday, October 17, 2006 11:52 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems Thanks, but were not blacklisted and there are no entries other than message has been deferred L From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House SupportSent: Tuesday, October 17, 2006 11:54 AMTo: Message Sniffer CommunitySubject: [sniffer] Re: yahoo mail problems I would recommend checking your mail server logs for a more detailed description of the bounce error. You may find that it is a DNS or spam blacklist issue. www.dnsstuff.com is a good resource. Michael SteinComputer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 10:50 AM Subject: [sniffer] yahoo mail problems Im sorry to post this here but we are desperately looking for opinions quickly as this has becoming a real issue to us and I could not think of any better place to find truly technical mail server folks J We seem to be having multiple mail servers on multiple networks having issues sending to yahoo servers for going on 36 hours
[sniffer] Re: email
Dear Pete, I sent an E-mail to the Sniffer Community over an hour ago, and it has not yet been received by anyone. I noticed that 2pm was the last sniffer mail I got. Are these being held up for some reason? Michael Stein Computer House # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
Re: [sniffer]Numeric spam
I thought that having an SPF record would prevent a spammer from forging your domain name, but our SPF record did not seem to help with these odd numeric E-mails which appear to be coming from our owndomain. Does anyone have any info about SPF records and if they really work to combat this type of junkmail? Michael SteinComputer House - Original Message - From: Colbeck, Andrew To: Message Sniffer Community Sent: Tuesday, June 06, 2006 7:37 PM Subject: Re: [sniffer]Numeric spam Both of which are reasonable, particularly given the recent Blue Security debacle that showed that it was possible for the spammers as well as the spammees to coordinate their information. It might be in a spammer's best interest to pursue either of your suggestions. However, I still think it is more credible to assume that this is a case of the spammer being simple-stupid instead of uber-clever. Andrew 8) From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Tuesday, June 06, 2006 4:26 PMTo: Message Sniffer CommunitySubject: Re: [sniffer]Numeric spam My thought is they are either building a db of valid names or testing delivery techniques. John T eServices For You "Seek, and ye shall find!" -Original Message-From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve GulukSent: Tuesday, June 06, 2006 3:46 PMTo: Message Sniffer CommunitySubject: Re: [sniffer]Numeric spam On Jun 6, 2006, at 7:51 AM, Steve Guluk wrote: We're getting the same and today it started hitting a different account (Domain). What are these things? I thought exploratory, maybe looking for replies to build a DB for a later spam wave? Their not malicious in content and look likesomeone's virus working incorrectly. But, I doubt they are really so benign. Any understand their purpose? On Jun 6, 2006, at 6:32 AM, Goran Jovanovic wrote: I started seeing these messages Monday (yesterday) morning EDT. The from and to are the same (ie you sent it to yourself). I am tagging it but there is not enough stuff to push it into DELETE territory. So no one has any idea what the purpose of these emails are? Random numbers for no apparent reason...? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
Re: [sniffer]Numeric spam
Hi Darin, Thanks for your reply. Sure wish I understood what you're saying Michael SteinComputer House - Original Message - From: Darin Cox To: Message Sniffer Community Sent: Tuesday, June 06, 2006 8:10 PM Subject: Re: [sniffer]Numeric spam They do, but you have to both specify that email for your domains only comes from your mail servers AND use a test in your spam filtering that checks SPF and pushes fails over your hold limit. Darin. - Original Message - From: Computer House Support To: Message Sniffer Community Sent: Tuesday, June 06, 2006 8:07 PM Subject: Re: [sniffer]Numeric spam I thought that having an SPF record would prevent a spammer from forging your domain name, but our SPF record did not seem to help with these odd numeric E-mails which appear to be coming from our owndomain. Does anyone have any info about SPF records and if they really work to combat this type of junkmail? Michael SteinComputer House - Original Message - From: Colbeck, Andrew To: Message Sniffer Community Sent: Tuesday, June 06, 2006 7:37 PM Subject: Re: [sniffer]Numeric spam Both of which are reasonable, particularly given the recent Blue Security debacle that showed that it was possible for the spammers as well as the spammees to coordinate their information. It might be in a spammer's best interest to pursue either of your suggestions. However, I still think it is more credible to assume that this is a case of the spammer being simple-stupid instead of uber-clever. Andrew 8) From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Tuesday, June 06, 2006 4:26 PMTo: Message Sniffer CommunitySubject: Re: [sniffer]Numeric spam My thought is they are either building a db of valid names or testing delivery techniques. John T eServices For You "Seek, and ye shall find!" -Original Message-From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve GulukSent: Tuesday, June 06, 2006 3:46 PMTo: Message Sniffer CommunitySubject: Re: [sniffer]Numeric spam On Jun 6, 2006, at 7:51 AM, Steve Guluk wrote: We're getting the same and today it started hitting a different account (Domain). What are these things? I thought exploratory, maybe looking for replies to build a DB for a later spam wave? Their not malicious in content and look likesomeone's virus working incorrectly. But, I doubt they are really so benign. Any understand their purpose? On Jun 6, 2006, at 6:32 AM, Goran Jovanovic wrote: I started seeing these messages Monday (yesterday) morning EDT. The from and to are the same (ie you sent it to yourself). I am tagging it but there is not enough stuff to push it into DELETE territory. So no one has any idea what the purpose of these emails are? Random numbers for no apparent reason...? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
Re: [sniffer]Ebay Phishing Emails getting through
We have not noticed any today. Michael Stein Computer House - Original Message - From: Jim Matuska Jr. [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Wednesday, May 17, 2006 2:46 PM Subject: [sniffer]Ebay Phishing Emails getting through Has anyone else been getting an excess amount of ebay phishing emails making it through sniffer today? I have personally received a couple of them and have multiple users reporting the same. I have forwarded them to the sniffer spam@ address if you can take a look Pete it would be much appreciated. Thank You, Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
Re: [sniffer] False Positives
I second the motion. We have been submitting spam for over a year and I don't know if a single one was received. Thank you Jim, for the suggestion. Michael Stein Computer House www.computerhouse.com - Original Message - From: Jim Matuska Jr. [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Wednesday, February 15, 2006 4:40 PM Subject: RE: [sniffer] False Positives Pete, Is there anyway to get an automatic response similar to the one listed below for the FP address, but for submissions to your spam@ address? It would be nice to get some feedback when submitting spam. Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, February 15, 2006 1:28 PM To: Kevin Rogers Subject: Re: [sniffer] False Positives On Wednesday, February 15, 2006, 3:54:50 PM, Kevin wrote: KR My users have been getting a lot of FPs by Sniffer lately. They send me KR the email with the FULL HEADERS displayed and I forward this email on to KR SortMonster. The program they use to analyze incoming submissions check KR MY email headers, determine that SNIFFER was not at fault and sends me KR back an email saying it didn't find any flags. Just to clarify a bit, here is the standard response you're probably talking about: [FPR:0] The message did not match any active black rules as submitted. The rules may have been modified or removed. If you provide matching log entries from your system then we can research this further. Note that sometimes our false processing system may not identify the rules that matched this message on your system due to changes in the submitted content that might occur during the forwarding process. Please also be sure you are running the latest version, that your rulebase file is up to date, and that you do not have any unresolved errors in your Sniffer log file. Bug fixes in newer versions may resolve false positive issues or reduce the risk of false positives through enhanced features and new technologies. Certain errors in your log file may indicate a corrupted rulebase. --- The software we use to scan false positive submissions is a version of SNF that includes every rule we have in our system. If the messages does not match any of these rules, MOST of the time it means that the rule has been removed already. If that is not the case, then the next step is to provide matching log entries. On some systems this is not necessary because the headers may already contain SNF x-header data that shows the rules involved. This process is not intended to make things difficult, but to save time. The majority of the time, our local scanner will identify the rule or rules in question and we will respond accordingly. When that is not the case we simply need more data to move forward with the investigation. Usually, when a rule is still in the system and it does not match a false positive submission it is because the original message was altered during the forwarding process or that some condition of being attached has prevented the scanner on this end from reproducing the result you had on your system. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Bad Rule - 828931
Dear Pete, In the future, please let us know immediately when you become aware of this. As it is, I will spend the next 3 hours picking out the fales positives from the mailbox and forwarding them to the clients. If I could have put the rulepanic in place an hour ago it would have saved me a lot of work and confused customers. Thank you, Michael Stein Computer House - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Tuesday, February 07, 2006 4:07 PM Subject: [sniffer] Bad Rule - 828931 Hello Sniffer folks, I'm sorry to report that another bad rule got past us today. The rule has been removed (was in from about 1200-1500), but it may be in some of your rulebases. To avoid a problem with this rule you can enter a rule-panic entry in your .cfg file for rule id: 828931 If it is not already, the rule will be gone from your rulebase after your next update. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] Bad Rule - 828931
Dear Pete, Please excuse my previous E-mail if it seemed a bit harsh. I guess I am so used to your great service, that on the rare occasion when this happens, I panic. Thanks for being there to walk me through the procedure. Sincerely, Michael Stein Computer House - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: Computer House Support sniffer@SortMonster.com Sent: Tuesday, February 07, 2006 4:24 PM Subject: Re[2]: [sniffer] Bad Rule - 828931 I do most humbly apologize, It was my intention to do it immediately, however I became embroiled in related support issues and was delayed. I don't expect more of these, but I will make announcing their discovery the next event after removing them from the system. Thanks, _M On Tuesday, February 7, 2006, 4:19:24 PM, Computer wrote: CHS Dear Pete, CHS In the future, please let us know immediately when you become aware of this. CHS As it is, I will spend the next 3 hours picking out the fales positives from CHS the mailbox and forwarding them to the clients. If I could have put the CHS rulepanic in place an hour ago it would have saved me a lot of work and CHS confused customers. CHS Thank you, CHS Michael Stein CHS Computer House CHS - Original Message - CHS From: Pete McNeil [EMAIL PROTECTED] CHS To: sniffer@sortmonster.com CHS Sent: Tuesday, February 07, 2006 4:07 PM CHS Subject: [sniffer] Bad Rule - 828931 CHS Hello Sniffer folks, CHS I'm sorry to report that another bad rule got past us today. The CHS rule has been removed (was in from about 1200-1500), but it may be CHS in some of your rulebases. CHS To avoid a problem with this rule you can enter a rule-panic entry CHS in your .cfg file for rule id: 828931 CHS If it is not already, the rule will be gone from your rulebase after CHS your next update. CHS Thanks, CHS _M CHS Pete McNeil (Madscientist) CHS President, MicroNeil Research Corporation CHS Chief SortMonster (www.sortmonster.com) CHS Chief Scientist (www.armresearch.com) CHS This E-Mail came from the Message Sniffer mailing list. For information and CHS (un)subscription instructions go to CHS http://www.sortmonster.com/MessageSniffer/Help/Help.html CHS This E-Mail came from the Message Sniffer mailing list. For CHS information and (un)subscription instructions go to CHS http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Organized Blackhats Imail Question
Dear Pete, Thank you for the beautifully-written and very informative treatise on how the spammers operate. The time you put into the writing is greatly appreciated. We also appreciate the work and research you are doing to combat the Blackhats! On another subject, this weekend we are planning to upgrade to the new Imail Server 2006 version. (released yesterday) Can you think of any reason why we might run into compatibility issues with Sniffer or Declude? Thank you, Michael Stein Computer House www.computerhouse.com - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Thursday, December 01, 2005 12:18 PM Subject: [sniffer] Organized Blackhats Hello Sniffer Folks, Just before Thanksgiving, I was responding to a question about increased spam leakage and as Murphy would have it, my email client ate my homework. That is, most of the response didn't make it. The information was interesting enough that I have gone back and rewritten the missing pieces. The blackhats have made some substantial changes recently and I'm pretty sure I've spotted a bunch of the important ones. Please follow this link and tell me what you think. http://www.sortmonster.com/MessageSniffer/Help/Papers/OrganizedBlackHats/ Have a great day. Now back to work with me... Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Rash of false positives
Dear Darin, Thanks for the heads up. It's going to take me about 45 minutes to check the 9000 messages that were blocked by Sniffer last night, but I'll let you know if we experienced the same thing. Michael SteinComputer House www.computerhouse.com - Original Message - From: Darin Cox To: sniffer@SortMonster.com Sent: Tuesday, November 08, 2005 8:45 AM Subject: [sniffer] Rash of false positives Hi Pete, What's going on over there? We had somewhere between 5 and 10 times the usual number of Sniffer false positives this morning. They are across the board, so it's not just one rule that's catching them, or a particular set of senders or receivers. Hopefully you can get it under control soon. It would also be extremely helpful if you could speed up the false positive processing. Lately it seems to take 2-4 days for the rules to be adjusted, which usually means more of the same are caught and submitted over that time. I believe speeding up that process would result in fewer to process all around. Thanks, Darin.
Re: Re[2]: [sniffer] Large amounts of spam still getting through
For what it's worth, we have not see a major increase in spam this week either. Things seem pretty normal. We did recently upgrade to the Pro version of Declude Junkmail, and now it is much easier to block mail from certain countries (like .cz .ru etc.) as well as header and subject content, etc. By the way, has anyone seen the spam that gets through that has the header info in the body of the mail message instead of where it's supposed to be? How is that possible? Michael Stein Computer House www.computerhouse.com - Original Message - From: Rick Hogue [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Saturday, October 15, 2005 12:33 PM Subject: RE: Re[2]: [sniffer] Large amounts of spam still getting through My only concern is that all of this was being caught by Sniffer before and all of a sudden very little of it is being caught. We are told that they are working on it to get it fixed but we are getting slammed by customers telling us we are not catching any spam. Any help in a solution other than greylisting would be really appreciated. Or is this a declude problem? Rick Hogue Intent.Net - Web Hosting 3802 Handley Avenue Louisville, KY 40218 1-502-459-3100 1-800-866-2983 Toll Free --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] POP
Hi Pete, I don't believe that I received an answer to my question (below) Thank you. Dear Pete, Are we ready to switch to the POP method of submitting spam, or are we waiting for an official announcement/instructions from you? Mike Stein Computer House www.computerhouse.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Spam Question
Dear Pete, Does anyone look atthe mail that is forwarded to [EMAIL PROTECTED], or is it a 100% automatic process? Thank you, Michael SteinComputer House[EMAIL PROTECTED] www.computerhouse.com
Re: [sniffer] Rule 353039 - .comcast.net
Whew! Just got done forwarding 90 false positives to mail clients. Sure glad you caught it! Michael Stein Computer House - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Tuesday, May 10, 2005 10:27 AM Subject: [sniffer] Rule 353039 - .comcast.net Hello Sniffer Folks, A rule was created today by one of the robots which targets .comcast.net -- This happened when a number of blacklists including SBL listed comcast IPs causing the robot to be convinced that a message in the spamtrap warranted tagging the domain. The rule has been removed and I am pushing out new rulebase compilation as quickly as possible. Please do not rush to download your rulebase file in response to this --- wait for the update notification or else your file is not updated. I believe we've caught this quickly enough that most of you will not be effected. However, if you suspect that you do have the bad rule in your rulebase you can temporarily eliminate the rule by adding 353039 to your Rule-panic entries in your configuration file. The rule cannot be recreated once removed. We are very sorry for the confusion. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Rule 353039 - .comcast.net
Mail from Comcast is still getting caught, even with the panic rule in place. Any suggestions? Mike Stein This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Rule 353039 - .comcast.net
Matt, Restarting the sniffer service seems to have done the trick. Thank you for the suggestion! Michael Stein Computer House [EMAIL PROTECTED] - Original Message - From: Matt [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Tuesday, May 10, 2005 12:46 PM Subject: Re: [sniffer] Rule 353039 - .comcast.net See my message below...restart your Sniffer service and it should work. Matt Computer House Support wrote: Mail from Comcast is still getting caught, even with the panic rule in place. Any suggestions? Mike Stein This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Smartermail
Hi Steve, You wrote: We are going to be moving to another mail package (you know why)... I would very much like to hear your comments about Imail and any difficulties you've encountered and why you feel the need to switch. You can write to me offline if you'd prefer. Thank you, Michael Stein Computer House [EMAIL PROTECTED] www.computerhouse.com This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] RuleBase ktk82hrr
Dear Pete, Our rulebase file grew from 11 meg to 17.5 meg since the last download a few hours ago. Is this right? Michael Stein Computer House [EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] RuleBase ktk82hrr
Correction, make that 23 meg! Mike - Original Message - From: Computer House Support [EMAIL PROTECTED] To: sniffer@SortMonster.com Sent: Wednesday, January 05, 2005 12:33 AM Subject: [sniffer] RuleBase ktk82hrr Dear Pete, Our rulebase file grew from 11 meg to 17.5 meg since the last download a few hours ago. Is this right? Michael Stein Computer House [EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Imail
Hello Sniffer folks, Want to know why I have not renewed my Ipswitch Support Agreement? Here is their response to a serious bug that I reported. (Which has yet to be fixed). Mike, Our Development Team has looked into this issue and has verified it as a defect that was introduced in Imail v8.1. Changes to this functionality would take an extended period of time; this is the reason we do not have any current plans to address this. Best Regards, Daniel J Whitaker Messaging Support Team Ipswitch, Inc. Michael Stein Computer House www.computerhouse.com (609) 652-3222 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Imail
John Tolmachoff wrote: What is the bug? The bug in Imail was that the Control Panel for the Mail-to-Fax feature stopped functioning properly. We are heavy users of Mail-to-Fax, and the loss of the ability to work with the fax spool files has made things difficult for us. Mike Stein This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] spam leakage up
Yes, I would also like to know how you generated that nice spam report. Michael SteinComputer Housewww.computerhouse.com - Original Message - From: Herb Guenther To: [EMAIL PROTECTED] Sent: Thursday, June 24, 2004 11:46 AM Subject: Re: [sniffer] spam leakage up wow, that is even worse than we are seeing, we are at about 80%, but should really be at about 85% if all were tagged. Here is our last weeks stats, we did not see an increase in volume, so much as the amount gettig thru in the last couple days and continuing today.Herb SPAM Report Statistics are based on the last 6,150,612 email messages received. You are viewing Server 1 Stats View Server 2 stats Statistic 06/17 06/18 06/19 06/20 06/21 06/22 06/23 Weekly Total Daily Avg. Delivered Messages 34,291 30,762 22,331 22,484 31,245 33,588 33,582 208,283 25,311 Good Messages 6,493 5,101 1,595 1,721 6,209 6,772 6,170 34,061 5,221 Spam Messages 27,798 25,661 20,736 20,763 25,036 26,816 27,412 174,222 20,090 Spam Percent 81% 83% 92% 92% 80% 79% 81% 84% 79% Mal Formed Headers 3,845 4,277 3,193 3,555 4,094 4,286 4,459 27,709 4,949 Spam Headers 4,544 4,081 3,665 3,367 4,800 5,712 6,129 32,298 3,308 Spam Routing 6,351 5,697 5,200 5,613 5,718 6,072 5,616 40,267 3,375 No Reverse DNS 6,864 7,787 6,529 6,729 7,742 6,783 5,023 47,457 2,446 White Listed 1,157 968 116 162 1,237 1,245 1,229 6,114 785 General Spam 1,021 958 736 851 1,012 1,045 1,122 6,745 1,490 Experimental 1,543 1,190 951 970 1,284 1,342 1,472 8,752 900 Obfuscation 240 183 158 189 196 336 151 1,453 352 Grey Hosts 355 196 29 33 213 343 315 1,484 166 Gambling 272 202 263 261 215 303 161 1,677 124 Refinancing/Loans 2,293 2,216 1,809 1,659 2,167 2,013 1,975 14,132 1,765 Business opportunities 1,989 1,991 1,546 1,547 1,990 2,089 2,163 13,315 1,464 Ink and toner cartridges 159 124 41 91 100 89 63 667 121 Pornography 2,296 1,874 2,189 1,798 2,120 2,224 2,333 14,834 1,731 Send money scams 57 63 66 57 85 84 82 494 65 Online pharmacies 6,792 6,098 5,419 4,907 5,766 5,526 5,767 40,275 5,684 Cable/Satellite descramblers 1,250
Re: [sniffer] Message Sniffer Version 2-3 Official Release!
Are there step-by-step upgrade instructions posted anywhere? Our configuration is Windows 2000 server with Declude. I don't quite understand what needs to be done to enable the Persistent Instance option. Thank you, Michael Stein Computer House www.computerhouse.com 609 652-3222 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Spam storm?
We've found that when we do a manual download, everything works fine. It's the automatic download on the Windows 2000 server that seems to corrupt things. M. Stein Computer House - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 6:05 PM Subject: Re: [sniffer] Spam storm? This helps narrow things down. Specifically we know that the rulebase files are not corrupted on the server but during the download. That explains why I haven't been able to recreate a problem in the lab. I have a suspicion that wget may be failing intermittently. Another customer recently had unexplainable, intermittent issues with wget. They replaced wget with code of their own and have had no further problems. Can we narrow this down to wget under heavy traffic conditions perhaps? _M At 10:08 PM 3/24/2004, you wrote: I've noticed that if I do a manual download of the rule base file, it works well, but if it is downloaded automatically via the Windows Task CMD, then sniffer fails and the log fills up with the BAD_MATRIX errors. Anyone else seeing this? Mike - Original Message - From: Landry William [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 8:43 PM Subject: RE: [sniffer] Spam storm? I see over a 1000 of these ERROR_BAD_MATRIX entries in my Sniffer log file today, as well. Is this due to the ruleset issue from earlier today? Bill -Original Message- From: Sheldon Koehler [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 3:19 PM To: [EMAIL PROTECTED] Subject: Re: [sniffer] Spam storm? Well it may not be a spam storm. Log file shows: nsx4b3eh 20040324200108 De90392330028271a.SMD 421 0 ERROR_BAD_MATRIX 71 0 0 2 5 nsx4b3eh 20040324200117 De90c923a00284b5b.SMD 422 0 ERROR_BAD_MATRIX 71 0 0 What is a Bad Matrix? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- - This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html