[sniffer] Re: Volume spike Mon 9AM EST
That is the case here as well. I should have clarified that in my earlier post. Sniffer is doing its job. Unfortunately I am running through two levels of spam filtering systems and a ton is getting through still. DustyC -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Peer-to-Peer (Support) Sent: Monday, May 10, 2010 11:12 AM To: Message Sniffer Community Subject: [sniffer] Re: Volume spike Mon 9AM EST Just for clarification: Sniffer is working extremely well. No issues there. We're simply seeing a high volume of incoming connections / messages (from botNets) and wanted to verify that we weren't alone. :) --Paul R. -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com]on Behalf Of Peer-to-Peer (Support) Sent: Monday, May 10, 2010 9:21 AM To: Message Sniffer Community Subject: [sniffer] Volume spike Mon 9AM EST Just checking to see if anyone else is seeing a massive spike in volume. Something started occurring around 9AM EST. Not yet sure what's happening. Wondering if this is global attack or simply local on our system? Anyone seeing unusual activity - high volume? --Paul R. # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Volume spike Mon 9AM EST
I am getting a lot of complaints from my customers concerning the huge spikes too. DustyC -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Darin Cox Sent: Monday, May 10, 2010 9:51 AM To: Message Sniffer Community Subject: [sniffer] Re: Volume spike Mon 9AM EST I'm seeing it, too. Darin. - Original Message - From: "Peer-to-Peer (Support)" To: "Message Sniffer Community" Sent: Monday, May 10, 2010 9:21 AM Subject: [sniffer] Volume spike Mon 9AM EST Just checking to see if anyone else is seeing a massive spike in volume. Something started occurring around 9AM EST. Not yet sure what's happening. Wondering if this is global attack or simply local on our system? Anyone seeing unusual activity - high volume? --Paul R. # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Bad Matrix!
I had the same thing this morning. About 3400 before the new update fixed it. Dusty -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Saturday, July 18, 2009 08:54 To: Message Sniffer Community Subject: [sniffer] Re: Bad Matrix! Bad Matrix errors are almost unheard-of. I see a report of one every 18 months or longer and they are usually sporadic. It looks like your rulebase file was somehow corrupted. When the next rulebase file loaded it was clean. _M # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Rules hosed?
No errors on the download. I haven't upgraded yet due to needing to put a new server in with enough resources to run the updated version. I downloaded the rules manually and put them on the server. Same errors. Thanks! -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Wednesday, June 03, 2009 9:32 AM To: Message Sniffer Community Subject: [sniffer] Re: Rules hosed? NetEase Operations Manager wrote: > Any ideas what happened to the rules this morning? I ran the update > manually just a few minutes ago and my log shows ERROR_RULE_FILE67 > > Apparently this started for me about 3 AM as there was a ton of spam go > through from that time. > I have just downloaded your rulebase successfully. The delivery server looks normal. A spot check of other systems appear normal. I could not check your telemetry-- that most likely indicates you have not upgraded to the latest version of SNF. I highly recommend that you do that. Try downloading your rulebase via your web browser and note if there are any errors. Check that connectivity is good between you and the server (ping and traceroute). Thanks, _M # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Rules hosed?
Any ideas what happened to the rules this morning? I ran the update manually just a few minutes ago and my log shows ERROR_RULE_FILE67 Apparently this started for me about 3 AM as there was a ton of spam go through from that time. Thanks! DustyC # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
RE: [sniffer] Message sniffer in FreeBSD & Postfix
I am not running Declude. I am just using the filters in Imail to push it in their junk mail. Depends on ones requirements. We were spending 6-8 man hours per day dealing with spam. Now we just let the users decide. Dusty -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry, William (MED US) Sent: Wednesday, February 08, 2006 1:02 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix Yep, but for someone not running IMail/Declude, the integration with spamassassin and amavisd-new works great. Bill This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
It was actually simple. And I have the update process automated too. We did have a little issue where we had to run sniffer under bash shell on our FreeBSD box but that was resolved quickly. I am running one box with sniffer on it. All the external gateways send their inbound mail to this box before it hits the Imail server. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Support Sent: Wednesday, February 08, 2006 10:56 AM To: sniffer@SortMonster.com Subject: Re: [sniffer] Message sniffer in FreeBSD & Postfix Hi Dusty: Was it much problems setting up sniffer on your postfix box? This sounds like the way for us to go as well. Thanks Phil NetEase Operations Manager wrote: >I am using sniffer on a postfix box. I let sniffer tag it there and then on >the Imail box I am filtering anything with that tag into a users suspect >spam box. That offloads the spam handling to the user and the techs do not >have to deal with it. > >False positives do not bother me much because I can simply tell the user to >check their web mail and move it to their inbox if they want. The Imail >server deletes anything in the suspect spam that is 7 days old so it >maintains its own cleaning cycle too. > >DustyC > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >On Behalf Of Jacques Brouwers >Sent: Wednesday, February 08, 2006 9:33 AM >To: sniffer@sortmonster.com >Subject: [sniffer] Message sniffer in FreeBSD & Postfix > >Hi, > >Is there anyone else who would like to see Message Sniffer incorporated >into Amavis-new? This would be a great addition to my IMGate - Postfix >mail gateway. Currently I use message sniffer on my Imail box but would >like to offload that server and do the "sniffing" before the mail hits >Imail. > >Thanks, > >Jacques Brouwers > > >This E-Mail came from the Message Sniffer mailing list. For information and >(un)subscription instructions go to >http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > >This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
I do not have too much problem with their mailbox filling up. I run a batch every night that purges out anything in their junk mail box older than 7 days. On our system that amounts to about 25,000 messages deleted per day. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacques Brouwers Sent: Wednesday, February 08, 2006 11:25 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix Correct, the weighted system that amavis uses would be better in my situation. Having said that I am going to try DustyC's method put the spam in the users junk folder (still using the weighted system). Do you have the problem of the user's junk mail using up their mail box quota? Jacques -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal Sent: Wednesday, February 08, 2006 9:49 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix > > Does not require spamassassin or amavis. You can do it just with > postfix. > > DustyC > True, but he wanted it to work with amavisd-new. Less risk of a false positive if its part of a weighted system. Craig This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
I don't fool with the weight. I just put it in their junk mail box and let them deal with it. I have only had about 4 false positives reported since I have been running it that way. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal Sent: Wednesday, February 08, 2006 10:49 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix > > Does not require spamassassin or amavis. You can do it just > with postfix. > > DustyC > True, but he wanted it to work with amavisd-new. Less risk of a false positive if its part of a weighted system. Craig This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
Does not require spamassassin or amavis. You can do it just with postfix. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal Sent: Wednesday, February 08, 2006 10:41 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix > Is there anyone else who would like to see Message Sniffer > incorporated into Amavis-new? This would be a great addition > to my IMGate - Postfix mail gateway. Currently I use message > sniffer on my Imail box but would like to offload that server > and do the "sniffing" before the mail hits Imail. > This is already available by using Sniffer with Spamassassin. Craig This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
I am using sniffer on a postfix box. I let sniffer tag it there and then on the Imail box I am filtering anything with that tag into a users suspect spam box. That offloads the spam handling to the user and the techs do not have to deal with it. False positives do not bother me much because I can simply tell the user to check their web mail and move it to their inbox if they want. The Imail server deletes anything in the suspect spam that is 7 days old so it maintains its own cleaning cycle too. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacques Brouwers Sent: Wednesday, February 08, 2006 9:33 AM To: sniffer@sortmonster.com Subject: [sniffer] Message sniffer in FreeBSD & Postfix Hi, Is there anyone else who would like to see Message Sniffer incorporated into Amavis-new? This would be a great addition to my IMGate - Postfix mail gateway. Currently I use message sniffer on my Imail box but would like to offload that server and do the "sniffing" before the mail hits Imail. Thanks, Jacques Brouwers This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Last chance to renew at the old price!
No complaints from here. We have only been using sniffer a couple of months and it has already cut my tech workload about 8-10 hours per day in dealing with spam. DustyC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Koontz Sent: Tuesday, December 27, 2005 1:42 PM To: sniffer@SortMonster.com Cc: 'Pete McNeil' Subject: RE: [sniffer] Last chance to renew at the old price! Thanks for the explaination. While this is all fine and good, the reality is that many IT shops are on fixed budgets outside of their control. I can justify a 10-15% increase to our CFO, but over 50% will get shot down immediately. The fact that you haven't raised prices in years is noble, but if you need additional revenue, you should phase the increases in over a period of time, or a modest increase each year. Some customers simply can not turn up the cash buckets into over-drive whenever you deem you need a substantial cash influx. You've got a great product, and I would really hate to lose it as a tool. What will the Educational Institution pricing look like? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Murdoch Sent: Tuesday, December 27, 2005 2:14 PM To: sniffer@SortMonster.com Cc: Pete McNeil Subject: RE: [sniffer] Last chance to renew at the old price! Importance: High Hi Folks, Actually, here is some more detail as to the reasons for the price increase. In addition, please bear in mind that that prices haven't been raised in approximately 2 years and even with this increase we are priced very competitively. The new feature/benefits and more to come are as follows: * In the past 6 months we have more than doubled the number of updates per day and we will continue to increase our bandwidth and the speed of our updates. * We have more than tripled our staff to improve our monitoring, support, and rule generation capabilities. Come January, we are again doubling this staff as the black-hats have gotten much more sophisticated and this has become a 24x7 battle. Even Pete needs to sleep sometimes. :-) * We are adding new R&D programs for AFF/419 spam and Malware mitigation (many of the results from these projects have already been implemented). * During this next year as part of our continuous improvement policy we will continue to roll out new features and enhancements such as fully automated reporting, in-band real-time updates, an optimized message processing pipeline, image and file attachment tagging, advanced header structure analysis, enhanced adaptive heuristics, improved machine learning systems, real-time wave-front threat detection, and many more... It's important to recognize that many of our improvements don't require new software to be installed on the client side since they are delivered through rulebase enhancements. Though this often causes our work to go unnoticed, it is actually a design feature since it means that your installation requires very little maintenance. This translates to lowered administration costs and higher reliability. As a result of this "reliability-first" design strategy, it may not always be obvious that our service is constantly being improved and enhanced - we never stand still ;-) We'd hate to see any of you go, but please do compare us with other services. I'm sure that you'll find we're well worth the money, but it's always good to keep your options open. In fact, best practice these days for spam filtering is to use a blended approach that leverages many services. We personally encourage that for best results. Please let me know if you have any questions. Thank you for your feedback and business! Sincerely Michael Murdoch The Sniffer Team ARM Research Labs, LLC Tel. 850-932-5338 x303 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fox, Thomas Sent: Tuesday, December 27, 2005 1:03 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] Last chance to renew at the old price! I said the same thing, and the response was, basically, "We haven't raised the price in a long time, we need the money, like it or lump it." > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave Koontz > Sent: Tuesday, December 27, 2005 1:57 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Last chance to renew at the old price! > > Pete, why over a 50% increase? That seems rather drastic > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Pete McNeil > Sent: Tuesday, December 27, 2005 12:42 PM > To: sniffer@sortmonster.com > Subject: [sniffer] Last chance to renew at the old price! > > Hello Sniffer folks, > > This is just a friendly reminder that prices will be going up > January 1. > > You can add a year to your SNF subscription at the current price if > you renew before January 1. > > Details are here: > https://www.ar