Is there any documentation on what I need to do.
There is a lot just going over my head. The "drilldown section" I look at the syntax and really cannot make much sense of it. What is the line of code I would put in? Two IP's for the mail server are 216.16.233.12 and 216.16.233.22 Thank you Please note our new Address Harry Vanderzand Intown Internet 740 Erbsville Road Waterloo, On, N2J 3Z4 519-741-1222 DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying,or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Thank you. From: [email protected] [mailto:[email protected]] On Behalf Of Pete McNeil Sent: December-13-10 3:50 PM To: [email protected] Subject: Re: [Declude.JunkMail] sniffer question On 12/13/2010 1:09 PM, Harry Vanderzand wrote: For reliable service on Message Sniffer questions, please send your questions to [email protected]; or join the sniffer@ list and ask our community of Message Sniffer users. (I try to keep an eye on this list, but not always ;-) http://www.armresearch.com/support/index.jsp Just checking my sniffer logs. The following is an excerpt that I have a question o0n: <s u='20101211142509' m='q559a0000524ab283.smd' s='0' r='0'> <p s='12' t='15' l='2054' d='69'/> <g o='0' i='216.16.233.12' t='u' c='0.968559' p='-0.73764' r='Normal'/> I='216.16.233.12" is my mail server. This mail came from 94.190.11.38 originally and also has an AOL ip in the headers What is the I= supposed to represent? i = the IP that gbudb believes is the source of the message. See: http://www.armresearch.com/support/articles/software/snfServer/logFiles/acti vityLogs.jsp If SNF identified your mail server as the source then you should check your configuration. Given the _VERY_ high confidence figure I suspect your mail server's IP is regularly identified as the message source and so your mail server's IP should be in your ignore list. SNF uses the Received headers present in the message it scans to determine the source IP for the message. I'm not sure how your mail servers's IP would get in there -- but in any case, you should review the structure of the Received headers in the messages on your system and make the appropriate adjustments to your SNF configuration -- especially your ignore list. You may also want to add some additional training entries such as <drilldown> etc. More on that here: http://www.armresearch.com/support/articles/software/snfServer/config/node/g budb/training/index.jsp Best, _M -- Pete McNeil, President MicroNeil Research Corporation www.microneil.com 703.779.4909 x7010 --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
