Hello Sniffer folks,
The first of the new rulebots is coming online.
Rulebot F001 creates IP rules for sources that consistently fail
many tests while also reaching the cleanest of our spamtraps.
The rules will appear in group 63.
The bot is playing catchup a bit (since there have bee
Hello Sniffer Folks,
I have just completed work to upgrade the rulebase compiler bots.
They are now significantly more efficient. As a result you will be
seeing updates more frequently.
Previous lag was between 40-120 minutes.
Current lag (sustained) is < 5 minutes.
More timely upda
There's been at least one FP ;)
--
Rule - 861038
NameF001 for Message 2888327: [216.239.56.131]
Created 2006-03-02
Source 216.239.56.131
Hidden false
Blocked false
Origin Automated-SpamTrap
TypeReceivedIP
Created By [EMAIL PROTECTED]
Owner [EMAIL PROTECTED
We just reviewed this morning's logs and had a few false positives. Not
sure if these are due to the new rulebot, but it's more than we've had for
the entire day for the past month.
Rules
--
873261
866398
856734
284831
865663
Darin.
- Original Message -
From: "Jay Sudowski - H
On Monday, March 6, 2006, 3:13:53 PM, Jay wrote:
JSHNL> There's been at least one FP ;)
JSHNL> --
JSHNL> Rule - 861038
JSHNL> NameF001 for Message 2888327: [216.239.56.131]
JSHNL> Created 2006-03-02
JSHNL> Source 216.239.56.131
JSHNL> Hidden false
JSHNL> Blocked fal
Lowest result code wins with Sniffer, 63 is the highest score currently,
and these rules are going in a place where formerly they were only
IP's,so you shouldn't need to adjust anything. I would imagine that
refinement should improve accuracy in the IP rules, though I don't
believe that it wil
Pete,
Does this mean that you are somehow supporting incremental rule base
updates, or is it that the compiler is just much faster so we will get
the same number of updates, but generally get them 40-120 minutes
earlier in relation to the data that generated them?
Either way, definitely an i
On Monday, March 6, 2006, 3:42:50 PM, Darin wrote:
DC> We just reviewed this morning's logs and had a few false positives. Not
DC> sure if these are due to the new rulebot, but it's more than we've had for
DC> the entire day for the past month.
DC> Rules
DC> --
DC> 873261
DC> 866398
DC>
Pete,
One of these was EarthLink [207.217.120.227], and one of these was
Google Mail [64.233.166.182].
SpamBag lists the EarthLink address as a source of bogus bounces, and I
posit that this would be the source of the mail to the spamtraps that
would trigger the F001 bot.
I would like to state t
Thanks, Pete.
Darin.
- Original Message -
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Darin Cox"
Sent: Monday, March 06, 2006 6:17 PM
Subject: Re[2]: [sniffer] New Rulebot F001
On Monday, March 6, 2006, 3:42:50 PM, Darin wrote:
DC> We just reviewed this morning's logs and had a few
On Monday, March 6, 2006, 6:09:43 PM, Matt wrote:
M> Pete,
M> Does this mean that you are somehow supporting incremental rule base
M> updates, or is it that the compiler is just much faster so we will get
M> the same number of updates, but generally get them 40-120 minutes
M> earlier in relatio
On Monday, March 6, 2006, 7:24:20 PM, Andrew wrote:
CA> I would like to state that I don't need Message Sniffer to
CA> identify servers that send bogus postmaster notifications. This
CA> would be entirely due to false positives such as the three
CA> examples above.
CA> Given that spammers clea
12 matches
Mail list logo