Chuck,
I sent a different message off list, but just in case you don't get
that one - I've received a number of bounce notifications from your
system (transient non-fatal delivery errors).
There's a good chance that your rulebase is out of date if your update
notifications are bouncing.
On Friday, May 5, 2006, 1:08:14 PM, John wrote:
JTL Well, I am at the point that I could care less about geocities false
JTL positives. If GeoCities is going to allow this much spam junk then I could
JTL care less about allowing them.
That's fine.
There are probably a number of systems that
] [mailto:[EMAIL PROTECTED]
On
Behalf Of Pete McNeil
Sent: Friday, May 05, 2006 11:37 AM
To: John T (Lists)
Subject: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer
On Friday, May 5, 2006, 1:08:14 PM, John wrote:
JTL Well, I am at the point that I could care less about geocities
I have responded off list.
Let me know (off list) if you got my response just in case it goes
missing again.
Thanks,
_M
On Tuesday, March 21, 2006, 12:04:29 PM, Darin wrote:
DC Right. 15 from today. Let me know what you find out. The ones from the
DC 10th were replies to FP processing to
On Friday, March 17, 2006, 12:50:40 PM, John wrote:
JTL Pete, while I fully understand all of what you said, allowing any one
JTL registered to edit any page is leaving things wide open for abuse. Isn't
JTL there a way to set permissions on a section basis? Example, I should not
JTL have the
On Monday, March 6, 2006, 7:24:20 PM, Andrew wrote:
snip
CA I would like to state that I don't need Message Sniffer to
CA identify servers that send bogus postmaster notifications. This
CA would be entirely due to false positives such as the three
CA examples above.
CA Given that spammers
]
On Behalf Of Pete McNeil
Sent: Thursday, February 23, 2006 3:11 PM
To: Rick Robeson
Subject: Re[4]: [sniffer] When to go persistent
On Thursday, February 23, 2006, 1:22:53 PM, Rick wrote:
RR I thought you had to run this as a service?
RR Rick Robeson
RR getlocalnews.com
RR [EMAIL PROTECTED
, February 24, 2006 7:31 AM
To: sniffer@SortMonster.com
Subject: RE: Re[4]: [sniffer] When to go persistent
Hi,
I just got my service up and running using Matt's post
http://www.mail-archive.com/sniffer@sortmonster.com/msg00169.html
It was simple especially since I already the resource kit
On Thursday, February 23, 2006, 12:59:24 PM, Goran wrote:
GJ Pete,
To run in persistent mode, simply launch an instance of SNF from the
command line with the word persistent in place of the file to scan.
licenseid.exe authentication persistent
GJ I am calling Sniffer from Declude. Could
On Tuesday, February 21, 2006, 11:16:43 AM, Andy wrote:
snip/
AS The only other suggestion I have is to create a 24 hour 'queue' display on
AS the web site. All you need to show is a column of the sender domain names of
AS the email (not the entire sender email address). If I submit a false
AS
On Wednesday, February 8, 2006, 11:26:46 AM, Darin wrote:
DC There was no error in my comment. I completely understand that some issues
DC will not be foreseeable... I did say mostly, not entirely. The switch to
DC the automated bots caused a rash of false positives in our system.
snip/
.
Darin.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Darin Cox sniffer@SortMonster.com
Sent: Wednesday, February 08, 2006 11:46 AM
Subject: Re[4]: [sniffer] problems
On Wednesday, February 8, 2006, 11:26:46 AM, Darin wrote:
DC There was no error in my comment. I
]
On Behalf Of David Sullivan
Sent: Tuesday, February 07, 2006 7:15 PM
To: Pete McNeil
Subject: Re[4]: [sniffer] Bad Rule - 828931
Hello Pete,
Tuesday, February 7, 2006, 8:11:50 PM, you wrote:
DS Not sure, can anyone think of a way to cross check this? What if I
DS put all the released messages back
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of David Sullivan
Sent: Tuesday, February 07, 2006 7:47 PM
To: Landry, William (MED US)
Subject: Re[4]: [sniffer] Bad Rule - 828931
Hello William,
Tuesday, February 7, 2006, 7:39:05 PM, you wrote:
LWMU grep -c Final
it.
Goran Jovanovic
Omega Network Solutions
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Goran Jovanovic
Sent: Tuesday, February 07, 2006 8:39 PM
To: sniffer@SortMonster.com
Subject: RE: Re[4]: [sniffer] Bad Rule - 828931
I just ran
On Thursday, February 2, 2006, 11:46:05 AM, Goran wrote:
GJ This is going to get harder and harder to identify and fight. Is
GJ it worthwhile to put something like this in a new category which
GJ we are very confident about and so if it fails on the new combined
GJ image/text thing we can delete
On Wednesday, January 18, 2006, 2:14:34 PM, Darin wrote:
DC Are you just blanket responding to every message to the list with this? If
DC so, you might be wasting your time. I've been following the list, so I know
DC things are back to normal after yesterday's snafu.
Sorry about that... It
Yes.
_M
On Wednesday, December 28, 2005, 8:03:01 PM, Thomas wrote:
FT
FT
FT Are they a valid reseller, sniffer-folks??
FT
FT
FT
FT From: [EMAIL PROTECTED]
FT [mailto:[EMAIL PROTECTED] On Behalf Of Kevin
FT Sent: Wednesday, December 28, 2005 8:00 PM
FT To:
I've done a quick review of this. The price quoted there is too low.
I'm sure it's an honest mistake. I'll address it with them ;-)
_M
On Wednesday, December 28, 2005, 8:45:30 PM, John wrote:
JTL
JTL
JTL
JTL Absolutely not. In fact, if you read my post after this, I am
JTL
The biggest concern I have about this is that the price is too low -
that is a violation. I'm sure it was unintentional, and if not, then
the contract will be pulled.
If you read closely, John T isn't on the wrong side here - he's asking
the right questions.
The price at ComputerHouse is out of
Louisville Trivia Challenge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Wednesday, December 28, 2005 9:16 PM
To: Peer-to-Peer (Support)
Subject: Re[4]: [sniffer] Last chance to renew at the old price!
The biggest concern I have about
On Monday, December 5, 2005, 6:02:02 PM, John wrote:
What is the best way to get a spam trap going. I have an old "abandoned" email account that I just use for testing. It gets some spam now, but a low volume. However, 100% of the mail is spam. It would be very easy to filter and keep
On Monday, December 5, 2005, 6:02:02 PM, John wrote:
What is the best way to get a spam trap going.
I forgot to mention another way to set up spamtraps that I definitely "don't recommend". It is, of course, highly theoretical and possibly dangerous ;-)
If a new pc (actually a very
Pete,
How about just creating some accounts that are commonly targeted by
dictionary attacks, but that were never actually valid accounts on our
server? I could redirect all of them to a common mailbox. There are also a
few other common (non-role) addresses that we do not use, which always get
On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote:
PtPS _M,
PtPS _M said will create a default installation that emits headers and
puts
PtPS a .cf file in place for SA to interpret them.
PtPS Not sure if this is relevant to your thought process, but we feel that SA
PtPS
PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Thursday, November 10, 2005 9:36 AM
To: Peer-to-Peer (Support)
Subject: Re[4]: [sniffer]
On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote:
PtPS _M,
PtPS _M said will create a default installation that emits headers
Darin Cox
Sent: Tuesday, November 08, 2005 3:03
PM
Subject: Re[4]: [sniffer] Rash of false
positives
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
Hi Pete,
There was a consistent stream of false positives
, November 09, 2005
11:38 AM
To: sniffer@SortMonster.com
Subject: Re: Re[4]: [sniffer] Rash
of false positives
This morning my server quit sending mail and my tech said the Dr.
Watson error on the server was my Sniffer file...I rebooted and thought it was
OK but quit again..I had a lot of mail
Message -
From: John Moore
To: sniffer@SortMonster.com
Sent: Wednesday, November 09, 2005 12:42 PM
Subject: RE: Re[4]: [sniffer] Rash of false positives
We had this same thing
happen.
It has been happening
more frequently recently and we are looking into disabling sniffer as it seems
is less than 10,000 emails per day.
J
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Darin Cox
Sent: Wednesday, November 09, 2005
1:47 PM
To: sniffer@SortMonster.com
Subject: Re: Re[4]: [sniffer] Rash
of false positives
Arecorrupted
rulebase files the culprit? How
On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote:
Hi Pete,
There was a consistent stream of false positives over the mentioned time period, not just a blast at a particular time. They suddenly started at 5pm (shortly after a 4:30pm rulesbase update), and were fairly evenly spread
On Saturday, October 15, 2005, 12:33:47 PM, Rick wrote:
RH My only concern is that all of this was being caught by Sniffer before and
RH all of a sudden very little of it is being caught. We are told that they are
RH working on it to get it fixed but we are getting slammed by customers
RH telling
On Friday, October 14, 2005, 9:39:33 AM, Rick wrote:
RH What is going on with the sniffer not catching any of the spam that is now
RH coming through? We are getting slammed with medication, mortgage and other
RH junk email?
Your license has expired.
Please send a note to [EMAIL PROTECTED] to
On Friday, October 14, 2005, 11:18:18 AM, Daniel wrote:
DB Hello Pete,
DB Are you going to implement something similar for false positives?
No.
The false positive process is very interactive, so each case is
handled individually until it is resolved. This works best as it is
currently
PROTECTED]
Sent: Friday, October 14, 2005 11:03 AM
Subject: Re[4]: [sniffer] POP Approach
On Friday, October 14, 2005, 9:39:33 AM, Rick wrote:
RH What is going on with the sniffer not catching any of the spam that is
now
RH coming through? We are getting slammed with medication, mortgage and
other
RH
Perhaps your system is blocking these messages? Please check. I've
left the FP response out of this message -- I suspect that something
in the response is causing the message to be blocked.
Let me know if you get this one - you should get it twice - once
directly and once through the list.
I'm not sure how this solution is any less complex. . .
You don't think having a 'Spam' subfolder is less complex than a
totally separate account? Doubt a webmail user would agree with that.
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf
I'm afraid I'm not that up on my email standards.
They're not standards in the RFC sense, just IMail features.
What exactly does forwarding by main.fwd do and how does one
implement that type of solution?
Create mailboxname.fwd using the same format as forward.ima and the
forwarding
]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sanford Whiteman
Sent: Friday, September 02, 2005 12:19 PM
To: Rick Robeson
Subject: Re[4]: [sniffer] can auto-forward be disabled when spam is
detected?
I'm afraid I'm not that up on my email standards.
They're
Well, it's not going to hurt your performance at all (a 2 second delay
on each email is not going to be noticed in most cases - email is not
IM after all). That said, the persistent mode is not necessary either
though It will help if you get a burst of high activity.
_M
On Tuesday, August 2,
We're not making a big deal of it just yet, but anyone who would like
to switch please do let us know. The bot we have doing this job is
very simplistic. We need:
Email Address (Account Name),
Server name,
Password
Our bot connects to Server name and logs in with Email Address
using Password.
One rule (369660) will code to 53 (scams).
Another (369650) will code to 53 (scams).
Another (369634) also codes to 53 (scams).
The rules got the scam tag because it presents like a phishing scam.
I'll be watching for evidence of additional polymorphism and we will
adapt. Now that we know this
New rule - 369676 under Malware.
New experimental rule on message structure: 369677
_M
On Monday, June 6, 2005, 6:13:23 PM, Dave wrote:
DM New target ip: 205.138.199.146
DM -Original Message-
DM From: [EMAIL PROTECTED]
DM [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska
DM Sent:
On Tuesday, May 17, 2005, 2:57:44 PM, Jim wrote:
JM Thanks Pete, would you be able to provide the current false positive rates
JM for the return codes?
This is not something that we are formally capturing at present,
however anecdotally I can't recall the last time we had an FP
submitted for the
on sniffer's 'results' as there will be no results if the file is
never scanned ;)
Paul R
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil
Sent: Wednesday, April 20, 2005 3:30 PM
To: Jim Matuska
Subject: Re[4]: [sniffer] Message Sniffer Plugin
On Wednesday, April 20, 2005, 4:19:48 PM, Jim wrote:
JM Do you configure rules similar to in the previous versions, or by using this
JM as a plug in is there a GUI for configuration.
We configure the rulebase the same way we have in the past. Using the
plugin is not different from using the
To: sniffer@SortMonster.com
Subject: (DUMP)Re: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon
Wide Beta Promo
I meant do I configure actions based on the headers that sniffer returns
like in the non plug in version, or does the plugin do this automatically,
the documentation for the plug
?
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Peer-to-Peer (Support) [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Wednesday, April 20, 2005 2:17 PM
Subject: RE:Re: Re[4]: [sniffer] Message Sniffer Plugin
On Wednesday, April 20, 2005, 3:36:14 PM, Dave wrote:
DK Pete, I've been using this plugin for the last couple of months and can say
DK it's been rock solid. Nice work!
DK One little feature request though would be to add an option to auto prune
DK the sniffer log file to so many days, or X
On Saturday, April 9, 2005, 1:58:45 PM, Rick wrote:
RH Yes but that really seems strange when I was getting 4 to 10 messages every
RH day. Now I did not get any since the 3rd of March right after you announced
RH that there would be the outage? You may want to check into this closer.
I'm very
On Friday, April 1, 2005, 11:44:07 AM, Keith wrote:
KJ Pete,
KJ Thanks for the reply.
KJ Running on an IBM Xseries 225 Dual Xeon 2.4Ghz w/ 1GB RAM -
KJ running IBM's ServerRAID 5i in IBM's RAID 10 config (4 73GB 10K drives)
KJ - O/S is Windows 2000 Standard Server SP4
KJ
of results I get and post them
here. It could be as you say, I am on the far side :)
Thanks again,
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Friday, April 01, 2005 2:16 PM
To: Keith Johnson
Subject: Re[4]: [sniffer
On Wednesday, March 16, 2005, 2:05:00 PM, Goran wrote:
GJ OK that is for hardware level RAID. I had thought that you would offset
GJ the extra processing time by being able to write less to each drive.
GJ Now does anyone know how much overhead Windows 2000/2003 software RAID 1
GJ on dynamic
On Wednesday, March 9, 2005, 2:59:24 PM, Jonathan wrote:
JS I currently forward all spam from my email account can I add
JS a second address that will be able to forward spam as well?
JS
Yes. You can forward spam from any account you wish. Spam submissions
are considered anonymous and suspect
On Thursday, January 20, 2005, 10:15:23 AM, Chuck wrote:
CS Pete:
CS Thanks for looking. It was very strange because it was such varied messages
CS from general correspondence, quotes. and personal correspondence. I put a
CS little negative weight in for statefarm.com which should keep it from
On Saturday, January 8, 2005, 1:20:02 PM, Kirk wrote:
KM At 01:04 PM 1/8/2005 -0500, Pete McNeil wrote:
On Saturday, January 8, 2005, 12:47:21 PM, Kirk wrote:
KM Is there any tool available with which to analyze sniffer logs to
KM get any
KM kind of count on the number of hits, etc?
Here's
On Wednesday, January 5, 2005, 4:03:28 PM, Rick wrote:
RR 100's of spams a problem, LOL!
RR Before sniffer I was facing around 10 thousand spams a day. But then I'm
RR coordinating 1000's of domains, so on a per domain basis, it's actually very
RR small.
RR I think what I'll do is route a
On Monday, December 27, 2004, 1:51:11 PM, Jim wrote:
JM Does anyone have any good instructions on how to modify your update
scripts to use gzip?
This is a good place to start:
http://www.sortmonster.com/MessageSniffer/Help/gzip.html
_M
This E-Mail came from the Message Sniffer mailing
On Monday, December 20, 2004, 1:13:52 AM, Chuck wrote:
CS Pete:
CS It is Sunday night at 10 minutes after the hour and the download server is
CS still very slow - so I am not too sure there is just a run on the server.
I will check the logs to verify.
_M
This E-Mail came from the Message
Pete,
I'm downloading right now and its very slow.
George
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Monday, December 20, 2004 6:39 AM
To: Chuck Schick
Subject: Re[4]: [sniffer] Download server is really slow..
On Monday
Hello,
I'm trying at the moment, Wget says 50-90 K/s (started at 40, went quick up
to 90 and now going down to 50K/s)
Alex
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
Pete,
PM One other quick note/reminder. Use the snf2check utility on your
PM downloaded rulebase files before putting them in service. This will
PM ensure that you have a complete file that is not corrupted.
Yeap..that is exactly what I did when I went back and looked at the files
included in
On Wednesday, December 15, 2004, 6:54:01 PM, Marc wrote:
MH Pete,
MH FWIW, it appears that I just had a bad download. I re-downloaded it, and
MH it's running w/o errors. Thx.
One other quick note/reminder. Use the snf2check utility on your
downloaded rulebase files before putting them in
On Wednesday, December 15, 2004, 6:54:01 PM, Marc wrote:
MH Pete,
MH FWIW, it appears that I just had a bad download. I re-downloaded it, and
MH it's running w/o errors. Thx.
Great!
That makes sense too - unfortunately there's no sure way to separate
the two cases (corrupted file or bad
Hi,
[]
I understand. I have no reasonable explanation for your experience.
There have been no other reported problems and I have been unable to
recreate your conditions.
BB I just once more installed the 2.3.2 exe, we'll see what happens. As
it is
BB close to 9 PM overhere it should not
Well, still no problems so far so I'll write it up to . earth rays,
solar spots, pick whatever you want.
It seems it was a one time thing.
You must be referring to the RAW law.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
This E-Mail came from the Message Sniffer mailing
Hi,
Well, still no problems so far so I'll write it up to . earth rays,
solar spots, pick whatever you want.
It seems it was a one time thing.
You must be referring to the RAW law.
RAW? Random Answer Whatchamacallit?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Well, still no problems so far so I'll write it up to . earth
rays,
solar spots, pick whatever you want.
It seems it was a one time thing.
You must be referring to the RAW law.
RAW? Random Answer Whatchamacallit?
Random
Acts of
Weirdness
The RAW law, Keyboard Virus and the
On Tuesday, November 23, 2004, 2:51:10 PM, Bonno wrote:
snip/
BB Just to let you know. We had a problem after updating to 2.3.2 this
snip/
BB The version is the same as you say. The rulebase was downloaded last night
BB and later that morning once more but not updated because there were no
BB
On Monday, November 1, 2004, 12:02:30 AM, Andy wrote:
AS Pete,
AS - okay, I ran the STOP command - it never ended
AS - the persistent command window never ended
AS - I finally stopped the SERVICE and the stop command ended
AS - I finally CLOSED the command window to flush the persistent task
AS
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Monday, November 01, 2004 12:14 AM
To: Andy Schmidt
Subject: Re[4]: [sniffer] LogRotate no longer
On Thursday, October 28, 2004, 5:20:43 PM, Scott wrote:
SF Does the cfg file need to be renamed with your license id also?
Yes, sorry I missed that step.
The program identifies all of it's important files by the license ID,
so yes, the .cfg file must also be named for the license ID as in
On Tuesday, October 26, 2004, 7:02:53 PM, Nick wrote:
NJ Do we have a timetable for this new release Sorry cant afford
NJ time to beta test!
The current interim version will be republished as the official
release tonight. There will be no changes other than re-tagging the
build info.
NJ I
On Wednesday, October 20, 2004, 12:54:04 PM, Frank wrote:
FO Hello _M
_ Systems with heavier loads _should_ see a reduction in their backlog
FO See a reduction of what in their backlog? Can you give an example of how
FO to see this type of measurement?
Another good question - I will try to get
To: Frank Osako
Subject: Re[4]: [sniffer] Version 2-3.0i8 published.
On Wednesday, October 20, 2004, 12:54:04 PM, Frank wrote:
FO Hello _M
_ Systems with heavier loads _should_ see a reduction in their backlog
FO See a reduction of what in their backlog? Can you give an example
FO of how to see
:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: woensdag 20 oktober 2004 19:50
To: Frank Osako
Subject: Re[4]: [sniffer] Version 2-3.0i8 published.
On Wednesday, October 20, 2004, 12:54:04 PM, Frank wrote:
FO Hello _M
_ Systems with heavier loads _should_ see a reduction in their backlog
FO See
, September 14, 2004 3:28 PM
To: Landry William
Subject: Re[4]: [sniffer] Surprising missed spam
On Tuesday, September 14, 2004, 1:05:29 PM, Landry wrote:
LW Pete, I started running the new code this morning, and so far, so
LW good. I'll let you know if I see anything strange.
Thanks.
_M
On Friday, August 20, 2004, 2:35:35 AM, Michiel wrote:
MP Pete, even your message had a chaset header:
MP Content-Type: text/plain; charset=us-ascii
Yes, a tricky gadget indeed.
MP I think you'll generate more FP's if you do something like that than FN's
MP you might have now. Aren't there
, August 20, 2004 7:04 AM
Subject: Re[4]: [sniffer] Charset
On Friday, August 20, 2004, 2:35:35 AM, Michiel wrote:
MP Pete, even your message had a chaset header:
MP Content-Type: text/plain; charset=us-ascii
Yes, a tricky gadget indeed.
MP I think you'll generate more FP's if you do something
79 matches
Mail list logo