[MBF] We are changing our mailing list software
Hi everyone. I just wanted to send a quick note to let you know that this evening we are changing our mailing list software to a different platform. Everyone on this list will receive an email with an invite/link to re-subscribe. Just wanted to give everyone a heads up to let you know that the invite and link are legitimate and not a phishing attempt. Thanks and Happy Holidays! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: Export or Print Report of ALL Users
You're welcome J Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, April 29, 2016 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Export or Print Report of ALL Users WOW And Thanks! It would seem SM itself should have such a capability From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, April 29, 2016 9:08 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Export or Print Report of ALL Users Hi Martin. This utility can do what you're needing: http://josh.com/tsma/tsmadump/ Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, April 29, 2016 7:53 AM To: community@mailsbestfriend.com Subject: [MBF] Export or Print Report of ALL Users Is there no way to simply export or print a list of all email addresses (users) on a SmarterMail Server? Ideally, I would like to export all email addresses and aliases for open in an Excel Workbook. MDM ad...@kodot.com
[MBF] Re: Filter flub?
Hee hee! David is a funny guy as you all can see :P I agree. this is indeed some kind of strange glitch. Tina, your global looks just fine. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best Friend | 1-866-919-2075 Sent: Thursday, April 21, 2016 4:00 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Filter flub? Ah it was an HP Support ticket.. (You didn't mention that). the answer is obviously then a very very very VERY..bad spam message ;) From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline Sent: Thursday, April 21, 2016 3:45 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Filter flub? I sent Linda a copy of my Global.cfg just in case, but I will chalk it up as wonky. The email in question was from HP support and they love to put the case# in the subject which reads as spammy as well as different languages in the body, so it is bound to fail some filters, but not like this. I have never seen it before and hopefully not again.at least to "legit" email. Thanks for being here! Tina Cline 270net Technologies IT Support Specialist Phone: 301.663.6000 x200 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best Friend | 1-866-919-2075 Sent: Thursday, April 21, 2016 4:32 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Filter flub? HI Tina, In 12 years I have only seen this once before. This was a very very very VERY..bad spam message or under very specific and unknown circumstances this mathematical anomaly occurs. Sorry can't be more helpful but it is exactly that. A glitch in the matrix. David From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline Sent: Thursday, April 21, 2016 3:13 PM To: community@mailsbestfriend.com Subject: [MBF] Filter flub? We had an email get deleted because declude gave the score of: 1,601,332,592 How does that happen?? It looks like it gave the score for FROMNOMATCH which we have set up as: FROMNOMATCH FROMNOMATCH X X 2 0 How does that happen? I have not found it doing this before and there have been no recent changes to the global.cfg. 04/19/2016 13:05:37.749 165748725 Tests failed [weight=1601332592]: CATCHALLMAILS=IGNORE[0] IPNOTINMX=IGNORE[0] SPFPASS=IGNORE[0] SUBCHARS-55=IGNORE[1] SUBCHARS-60=IGNORE[1] SUBCHARS-65=IGNORE[1] FROMNOMATCH=IGNORE[1601332583] FILTER-SPAM=IGNORE[1] FILTER-SUBJECT=IGNORE[4] PRE-TESTED=IGNORE[1] WEIGHT10=WARN[10] WEIGHT14=WARN[14] WEIGHT20=WARN[20] WEIGHT30=DELETE[30] Tina Cline 270net Technologies - IT Support Specialist Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government"
[MBF] Re: Filter flub?
Tina, can you send me a copy of your global.cfg? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline Sent: Thursday, April 21, 2016 3:13 PM To: community@mailsbestfriend.com Subject: [MBF] Filter flub? We had an email get deleted because declude gave the score of: 1,601,332,592 How does that happen?? It looks like it gave the score for FROMNOMATCH which we have set up as: FROMNOMATCH FROMNOMATCH X X 2 0 How does that happen? I have not found it doing this before and there have been no recent changes to the global.cfg. 04/19/2016 13:05:37.749 165748725 Tests failed [weight=1601332592]: CATCHALLMAILS=IGNORE[0] IPNOTINMX=IGNORE[0] SPFPASS=IGNORE[0] SUBCHARS-55=IGNORE[1] SUBCHARS-60=IGNORE[1] SUBCHARS-65=IGNORE[1] FROMNOMATCH=IGNORE[1601332583] FILTER-SPAM=IGNORE[1] FILTER-SUBJECT=IGNORE[4] PRE-TESTED=IGNORE[1] WEIGHT10=WARN[10] WEIGHT14=WARN[14] WEIGHT20=WARN[20] WEIGHT30=DELETE[30] Tina Cline 270net Technologies - IT Support Specialist Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government"
[MBF] Re: My Filters
Thank you so much Martin! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best Friend | 1-866-919-2075 Sent: Thursday, February 18, 2016 9:48 PM To: community@mailsbestfriend.com Subject: [MBF] Re: My Filters Wow! Martin, so kind of you to do this we appreciate your willingness to share your work. David From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Schaible Sent: Thursday, February 18, 2016 6:50 PM To: community@mailsbestfriend.com Subject: [MBF] My Filters Hello I contribute my new filters to the community. I hope, that you can use i it as a complete set or at least some filters. Maybe it gives also some inspiration J This is the link: https://gitlab.com/martin.schaible/declude-signatures Freundliche Grüsse -- netfusion GmbH | Martin Schaible Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland Tel.: +41 44 585 22 54 E-Mail: <mailto:mar...@netfusion.ch> mar...@netfusion.ch Internet: <http://www.netfusion.ch/> www.netfusion.ch Helpdesk und Community: <http://portal.netfusion.ch/> portal.netfusion.ch Wir sind auch auf Facebook präsent: <http://www.facebook.com/NetfusionGmbH> www.facebook.com/NetfusionGmbH -- nfqrcode150x150
[MBF] A few helpful things that you may not be aware of
Hi everyone. I'm not sure if you are aware, but we have a Facebook page, a Twitter account, a YouTube channel and a pretty sweet knowledgebase. Here are the links if you would like to check out any of these things: Facebook: https://www.facebook.com/mailsbestfriend (Give us a Like?) Twitter: https://twitter.com/MailsBestFriend (@MailsBestFriend) (Follow us! We love being followed!) YouTube: https://www.youtube.com/channel/UCqCv4wtoZkwxB9QZQ5F1frQ (instructional vids and our cool, new TV commercial!) MBF Knowledgebase : http://know.mailsbestfriend.com/ (Let us know if there is an article that you would like us to write!) Enjoy! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Message Sniffer New Version -- SNFMulti 3.2.0 -- Strangers
HI everyone! A new version of Message Sniffer is available. The most exciting new feature for this version is: Strangers. The "Strangers" algorithm replaces the previous White-Guard algorithm. Strangers prevents high-intensity pre-tested spam from poisoning IP reputations in GBUdb and enhances SNF's sensitivity to these kinds of attacks. Once pattern rules begin to match the pre-tested attack the IP reputations quickly climb into the black enhancing all of SNF's learning systems. Normal, but new, IP sources are held to low-confidence reputations for several hours, but after that are allowed to develop normally. Short summary: Strangers lets SNF close the door more quickly on pre-tested spam while enhancing SNF's learning sensitivity to those events and without interfering with normal IP reputation processing. Here are some links: Packages from the LabRats... http://www.armresearch.com/message-sniffer/download/packages/ SNFMilter tarball... http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.2.0 .tar.gz SNFServer tarball... http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.2.0 .tar.gz SNFServer 32bit Windows exe... http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox32-3.2.0.exe Not better, but if you _really_ want it ... SNFServer 64bit Windows exe... http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox64-3.2.0.exe Thanks and Happy Holidays! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: Update on strange Message Sniffer issue
Yes, I believe this can be seamless if you do it the way that you are talking about doing it. Also, yes, if I were you, I would add the additional MX to your DNS. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Saturday, December 05, 2015 7:49 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Do you think this could be seamlessly completed meaning the existing server continues to operate until time to switch MX Records? Could | Should one set higher (MX30 | MX40) records for the new server while the old server is running on MX10 | MX20? From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Saturday, December 05, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Hi Martin. Smartermail actually has a migration tool built into their software that will help you migrate very easily. Please check out our KB article here for the details: http://know.mailsbestfriend.com/how_to_migrate_to_smartermail_from_different _email_platforms--806665523.shtml Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 10:17 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: I will take care of the update with thanks for the input. Now, a question: Is there a reasonably simple and organized way to migrate from a Microsoft Hosted Exchange Server to my SmarterMail server? I am aware of an account with approximately 40 email accounts I would like to propose putting on my server. It is a pretty active commercial printer and there will be a lot of decent sized attachments flowing. The domain was once run in house on a SmarterMail server that died. At the time, a decision was made to move email off site and a Microsoft Hosted Exchange provider was chosen. If I were to take over the account on my server, a DELL 1950 III, 8GB RAM and currently or available storage space of at least 100GB operating in a professional Co-Lo center with a Windows 2008 r2 OpSys. It is the same machine you helped get operational over a year ago. It is the same machine which uses MBFs services. What I would desire is to run the email in parallel, if possible in order that I could get system setup and working before terminating the Microsoft Hosted Exchange services. I would need have all the email that resides on the MHEX available on the SmarterMail server. I would want a seamless cutover (The eternal but elusive wish for all IT related projects. Care to make any comments? Thanks Martin From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Hi Martin. Your rulebase will update automatically, but the Sniffer Engine will not. You will have to upgrade that using one of the links that I have provided. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 7:31 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: Should I perform this process on the komailpro.com server or will ARM eventually update itself? Your last statement implies the update will naturally occur over a course of time. Dan Martin Margheim Independent PC Consultant ad...@kodot.com 727-365-3372 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:05 AM To: community@mailsbestfriend.com Subject: [MBF] Update on strange Message Sniffer issue Hi everyone. According to Arm Research's latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. They have not seen any significant events in their detection software since 9pm EST last evening. In the meantime, they have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine will be immune. Plea
[MBF] Update on strange Message Sniffer issue
Hi everyone. According to Arm Research's latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. They have not seen any significant events in their detection software since 9pm EST last evening. In the meantime, they have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine will be immune. Please update your SNF software to this latest version using the links below. NOTE: The Windows installer is in the process of being redesigned and does not have the latest software. This will take some time. If you are using SNF on Windows and use(d) the installer then use this procedure to update your software: * Stop your SNF service (usually XYNT Service based). * Copy your SNFServer.exe file to SNFServer.old * Download SNFServer-windows-7-prox32-3.1.0.exe (32 bit) or SNFServer-windows-7-prox64-3.1.0.exe (64 bit) and rename it to SNFServer.exe to replace your previous SNFServer.exe. * Start your SNF service. If you were using the 32 bit version (very likely) then replace it with the 32 bit version. There really isn't any difference, but just in case it's simpler to keep things the same. There is no benefit to running the 64 bit version -- It is not faster and is in fact less efficient due to the use of extra-large (64 bit) pointers that aren't necessary ;-) Some folks really want a 64 bit version, so we have one. Here are some links to updated versions: http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox32-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox64-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.1.0 .tar.gz http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.1.1 .tar.gz http://www.armresearch.com/message-sniffer/download/updates/SNFMultiSDK_Wind ows_3.2.zip And for the really adventurous: http://www.armresearch.com/message-sniffer/download/packages/ In the packages link you will find all of the latest snapshots and some old ones from Arm's LabRats. The LabRats compile and test SNF for all of the different platforms. You will find RPM and DEB packages as well as tarballs and even the windows stuff that's posted in the updates links above. Be sure to pick the latest version in all cases. It will take a bit of time before all of the ordinary links on Arm's web site are updated with the latest software, so please use the above links instead if you're going to update right now. Thanks! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Strange Message Sniffer Anomaly Discovered and Fixed
Hi everyone. Earlier this week, we were seeing some intermittent corruption in some Message Sniffer rulebase updates. The problem has been resolved, but we wanted to explain the issue. Since Arm Research has made no changes to precipitate this and since it's only been reported by a few systems intermittently, it was a bit of a challenge to nail down. However, it has been Arm Research's top priority since it was discovered. Here is a list of what we know about the issue: * The problem appears to have started around Nov 29. * It is highly intermittent and random. * It causes some false positives. * You can identify a short-match event by looking at the index and endex of a rule match. If the difference is less than 5 then you have a short rule match. * You can mitigate the problem by temporarily putting the associated rule ID in your rule-panic list in your SNF configuration. (Visit the following link to learn how to create a rule-panic: http://know.mailsbestfriend.com/how_to_add_a_panic_rule_to_message_sniffer-8 28470693.shtml) * Normally the problem goes away on the next rulebase update. * Sometimes it doesn't go away but changes the associated rule ID. After much research and experimentation, Arm determined that some time on Nov 28th a corrupted rule entered the rulebase and caused the intermittent short-match problem. They have removed a group of rules surrounding that timeframe and have observed a 3 sigma drop in the rate of short-match events. This indicates that the problem is solved and not likely to return. Now that Arm knows this kind of event is possible (it's not supposed to be mathematically) they will be building a detection and mitigation strategy into the engine... just in case it does happen again. Once in two decades makes that seem unlikely. Arm will also be continuing their research on the sequestered rules to identify the one(s) that caused the problem and identify a way to prevent that recurring. In the meantime the detection mechanisms they used to monitor their experiments will remain in place so that if they do see any future events they we will be able to identify them much more quickly. If you have any questions about this issue, please let us know and we will be happy to help. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Smartertools has modified the way SM 14x handles IMAP mailboxes
Good morning everyone. Smartertools has made a change in the way SM 14x handles IMAP mailboxes due to their added support for Outlook 2016. Please check out our KB article at the following link for details and possible changes that need to be made if applicable: http://know.mailsbestfriend.com/changes_in_the_way_smartermail_14x_handles_i map_accounts_due_to_support_for_outlook_2016-136363833.shtml If you have any questions, please feel free to contact us and we can help. Thanks! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: SNFserver crashing
Hi Carl. Please email directly with the RDP info for that server. I will hop on and take a look. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, November 04, 2015 11:32 AM To: community@mailsbestfriend.com Subject: [MBF] SNFserver crashing I had a server inadvertently power down and now that I reboot it, the SNFserver is crashing continuously. I had to shut it down. Any suggestions? J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 2:49 PM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Yes. You should always send them an email with any FP. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 1:47 PM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer this worked. if I did this SNFclient.exe -drop do I also have to send them an email as per your first message? J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 10:37 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Carl, I wanted to add to this. Since your IP is on your local Sniffer truncate list, you will need to drop it from your list in order to clear your IP off of the list. Here is an article which explains how to do that: http://know.mailsbestfriend.com/how_to_drop_an_ip_from_the_gbudbtruncate_lis t--1143817730.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] Re: snifer catching emails from my domain
Hi Daniel. Are you saying that all email that gets sent to the domain is being tagged by Sniffer or is all email being sent from the domain being tagged? Either way, there is a way to stop this immediately until you can figure out the cause. Please see the following KB article: http://know.mailsbestfriend.com/how_to_add_a_panic_rule_to_message_sniffer-8 28470693.shtml The article will show you how to put a panic rule in place to stop Sniffer from tagging the messages as spam. Once you do that, see this article: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml That will show you what you need to do to submit an urgent false-positive report to Arm Research so they can assess the issue. If you have any other questions about this, please ask and I will do my best to help you. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Daniel Ivey Sent: Tuesday, November 03, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] snifer catching emails from my domain Greetings, I have an Imail 8.22 server that is running the latest Declude with the integrated Message Sniffer. The single domain that is on this server is having all of its emails picked up as SPAM by Message Sniffer. Can someone tell me what the fix is for this? I have another identical mail server with a separate domain that is not having this issue. Thanks, Daniel # This message is sent to you because you are subscribed to the mailing list <community@mailsbestfriend.com>. To unsubscribe, E-mail to: <community-...@mailsbestfriend.com> To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com> To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com> Send administrative queries to <community-requ...@mailsbestfriend.com> # This message is sent to you because you are subscribed to the mailing list <community@mailsbestfriend.com>. To unsubscribe, E-mail to: <community-...@mailsbestfriend.com> To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com> To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com> Send administrative queries to <community-requ...@mailsbestfriend.com>
[MBF] Re: whitelist for sniffer
Carl, I wanted to add to this. Since your IP is on your local Sniffer truncate list, you will need to drop it from your list in order to clear your IP off of the list. Here is an article which explains how to do that: http://know.mailsbestfriend.com/how_to_drop_an_ip_from_the_gbudbtruncate_lis t--1143817730.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] Re: whitelist for sniffer
Yes. You should always send them an email with any FP. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 1:47 PM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer this worked. if I did this SNFclient.exe -drop do I also have to send them an email as per your first message? J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 10:37 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Carl, I wanted to add to this. Since your IP is on your local Sniffer truncate list, you will need to drop it from your list in order to clear your IP off of the list. Here is an article which explains how to do that: http://know.mailsbestfriend.com/how_to_drop_an_ip_from_the_gbudbtruncate_lis t--1143817730.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] Re: whitelist for sniffer
Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] What new features would you like to see in Declude?
Hi everyone. I just wanted to ping the community to ask what kind of features you would want to see within Declude that we don't already have? Looking forward to hearing what all of you have to say. Linda Pagillo Mail's Best Friend Email: mailto:linda.pagi...@mailsbestfriend.com linda.pagi...@mailsbestfriend.com Web: http://www.mailsbestfriend.com/ www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: Declude Log levels
Hi Marcus. I will speak with our team today to see what we can do for you. Thanks for your inquiry! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Markus Gufler | Limitis Sent: Friday, August 07, 2015 4:43 AM To: community@mailsbestfriend.com Subject: [MBF] Declude Log levels Linda I've placed this request already in the past 2 years (see attached conversion with David Barker) but will try it once again. Could you please consider re-introducing the old MID-Loglevel? Of course also as an additional MID+ if the change in the logdatails for MID made 2-3 years ago shouldn't be touched again. Up to now we're still on an very old version and would be happy to follow evolution, new functionality and also community feedback. Greetings from Italy Markus Gufler # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF] Re: VIPRE AV
Play nice boys. Let's keep to the topic at hand... while this is an open forum, let's reserve ad hominems for places like reddit ;) Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Thursday, August 06, 2015 11:22 AM To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Very mature, intelligent, responsible and beneficial response. Of course, your credibility is established as the absolute, all knowing resource. Please, do not insult a meaningful community purpose with such commentary -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Tuesday, August 04, 2015 2:39 PM To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV ACK, Sunbelt, yuck patoooy help I need mouthwash now. Egotistical knowitall godsgifttosecurity. Quick, some one send me some mouthwash. No wait, make the PeptoBismal. I think I am going to throw up. -Original Message- From: Martin Margheim ad...@kodot.com Sent: Tuesday, August 4, 2015 11:34am To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Probably better you call ThreatTrackSecurity and verify it has all that you want. VIPRE was created by Sunbelt Software who then sold to GFI who then released it back to a private company still located in ClearWater, Florida -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Tuesday, August 04, 2015 2:14 PM To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Is there a command line option? -Original Message- From: Martin Margheim ad...@kodot.com Sent: Tuesday, August 4, 2015 10:14am To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Yes Has always been AV of choice -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Tuesday, August 04, 2015 12:32 PM To: community@mailsbestfriend.com Subject: [MBF] VIPRE AV Anybody using VIPRE AV? John T eServices For You # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative
[MBF] Re: Gauntlet not moving files back into spool
Nice workaround! I'm hoping to have a perm fix for you soon. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Thursday, August 06, 2015 2:24 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool What I am doing in the mean time is a simple little script. Runs every hour, moves anything in the Gauntlet folder to Gauntlet\OneHour folder then the next run moves anything in the OneHour folder into the Spool folder for reprocessing. May not be best, but functional. Delays to email will be between 1:59:59 to 59:59. -Original Message- From: Linda Pagillo linda.pagi...@mailsbestfriend.com Sent: Thursday, July 30, 2015 2:40pm To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi everyone. I wanted to update you all on the answer to John's issue. After review, we found that the problem is happening because currently, Gauntlet does not recognize the Alligate file extensions (.dta and .ctl). I have spoken with our team and we will be including recognition of those extensions in our next release of Gauntlet which will resolve the issue for people using Alligate. I apologize, but I do not have an ETA as to when it will be available, but we will announce it here when it is released. Thanks for your patience. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Wednesday, July 29, 2015 1:55 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: John Tolmachoff johnl...@eservicesforyou.com Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' C:\Interceptor\Alligate\declude\DRGOutflow.exe i=C:\Interceptor\Alligate\Spool\Gauntlet o=C:\Interceptor\Alligate\spool\proc d=60 ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because
[MBF] Re: Gauntlet not moving files back into spool
Hi everyone. I wanted to update you all on the answer to John's issue. After review, we found that the problem is happening because currently, Gauntlet does not recognize the Alligate file extensions (.dta and .ctl). I have spoken with our team and we will be including recognition of those extensions in our next release of Gauntlet which will resolve the issue for people using Alligate. I apologize, but I do not have an ETA as to when it will be available, but we will announce it here when it is released. Thanks for your patience. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Wednesday, July 29, 2015 1:55 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: John Tolmachoff johnl...@eservicesforyou.com Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' C:\Interceptor\Alligate\declude\DRGOutflow.exe i=C:\Interceptor\Alligate\Spool\Gauntlet o=C:\Interceptor\Alligate\spool\proc d=60 ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF] Re: ISP-Yahoo and ISP-Hotmail
Hi Carl. Can you please post a full header from one of these messages? Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, July 29, 2015 2:35 PM To: community@mailsbestfriend.com Subject: [MBF] ISP-Yahoo and ISP-Hotmail Hi. My filters for outbound senders/users do not seem to be working right and seem to be triggering ISP-Yahoo and ISP-Hotmail. Are these done by IP range? doesn't look that way. My system is triggering those filters even though the user is just connecting from a regular ISP (bell Canada fiber network). 142.167.200.21 Name:mctnnbsa51w-142167200021.pppoe-dynamic.high-speed.nb.bellaliant.net Address: 142.167.200.21 I think it must be some other unique phase in his email. I will likely just add him to the $default$.sender Thanks. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Wednesday, July 29, 2015 2:55 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: John Tolmachoff johnl...@eservicesforyou.com Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' C:\Interceptor\Alligate\declude\DRGOutflow.exe i=C:\Interceptor\Alligate\Spool\Gauntlet o=C:\Interceptor\Alligate\spool\proc d=60 ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF] Re: Gauntlet not moving files back into spool
Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: John Tolmachoff johnl...@eservicesforyou.com Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' C:\Interceptor\Alligate\declude\DRGOutflow.exe i=C:\Interceptor\Alligate\Spool\Gauntlet o=C:\Interceptor\Alligate\spool\proc d=60 ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF] Incorrect DKIM Hash Issue Resolved
Good day everyone. There was an issue reported to us a while back in reference to using DKIM in Smartermail while using Declude. It appeared that Declude was removing part of the message which caused DKIM signing to fail on the recipient's end, resulting in a body hash did not verify error in the message source/headers. As of this morning, we have a new build of the delcudeproc.exe that will resolve this issue. If you are having this issue, please let us know and we will provide you with the new build. Thanks. Linda Pagillo Mail's Best Friend Email: mailto:linda.pagi...@mailsbestfriend.com linda.pagi...@mailsbestfriend.com Web: http://www.mailsbestfriend.com www.mailsbestfriend.com Office: 703.988.3605 x7016 logo-1
[MBF] Re: Sniffer Feedback
Scott, the SNF-FEEDBACK account is there to collect messages to send to Arm Research so they can code rules for things that Sniffer hasn't picked up yet. The mailbox is being popped from this end, so there is nothing that you need to do with the account. You do not need to notify anyone to check it. I will make sure that it starts getting popped today. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Monday, November 03, 2014 10:23 AM To: community@mailsbestfriend.com Subject: [MBF] Sniffer Feedback Linda, When you tuned my system last week I see you added a test for Sniffer-Feedback and set it to forward messages to my mail server. I forgot about that until I got a message that my mailbox is full. Is this mailbox something I need to go through, or is it that I have not notified anyone they should be checking that mailbox?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: FYI - Smartermail CSS issue with latest Chrome version
Hi Markus. If you are having the issue, the webmail login screen will look like the CSS formatting is missing. If you don't see the issue then you probably are not experiencing the problem. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Markus Gufler | Limitis Sent: Monday, October 27, 2014 2:59 AM To: community@mailsbestfriend.com Subject: [MBF] AW: FYI - Smartermail CSS issue with latest Chrome version Hi Thank you for this information. How does it look like? . because I can't see any problems here. Markus Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Linda Pagillo Gesendet: Freitag, 24. Oktober 2014 18:55 An: community@mailsbestfriend.com Betreff: [MBF] FYI - Smartermail CSS issue with latest Chrome version Good afternoon everyone. There seems to be an issue with the newest version of Chrome (38.0.2125.104 m) and the way it displays the CSS in Smartermail Webmail for SSL sites. If you are experiencing this issue, we wanted you to know what we have contacted Smartertools support and reported it. They were able to replicate it. We tested with Chrome 38.0.2125.104 (without the m) and the problem does not occur. The problem also does not occur in Firefox or Internet Explorer. We wanted to give everyone a heads up that Smartertools development will be looking into the problem and releasing a fix. Unfortunately, we do not have an ETA as to when the fix will be available. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] FYI - Smartermail CSS issue with latest Chrome version
Good afternoon everyone. There seems to be an issue with the newest version of Chrome (38.0.2125.104 m) and the way it displays the CSS in Smartermail Webmail for SSL sites. If you are experiencing this issue, we wanted you to know what we have contacted Smartertools support and reported it. They were able to replicate it. We tested with Chrome 38.0.2125.104 (without the m) and the problem does not occur. The problem also does not occur in Firefox or Internet Explorer. We wanted to give everyone a heads up that Smartertools development will be looking into the problem and releasing a fix. Unfortunately, we do not have an ETA as to when the fix will be available. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] Re: FYI - Smartermail CSS issue with latest Chrome version - UPDATE
I just received a call back from Smartertools support. They said that the issue is actually IIS related. To fix it, change the Smartermail Application Pool from Integrated to Classic. That fixed the issue for them and for us here at MBF. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, October 24, 2014 11:55 AM To: community@mailsbestfriend.com Subject: [MBF] FYI - Smartermail CSS issue with latest Chrome version Good afternoon everyone. There seems to be an issue with the newest version of Chrome (38.0.2125.104 m) and the way it displays the CSS in Smartermail Webmail for SSL sites. If you are experiencing this issue, we wanted you to know what we have contacted Smartertools support and reported it. They were able to replicate it. We tested with Chrome 38.0.2125.104 (without the m) and the problem does not occur. The problem also does not occur in Firefox or Internet Explorer. We wanted to give everyone a heads up that Smartertools development will be looking into the problem and releasing a fix. Unfortunately, we do not have an ETA as to when the fix will be available. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] Re: why?
My pleasure. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 11:53 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Thanks, I'll keep an eye on it. . Brian Thomforde http://www.truckdriver.com/ http://www.truckdriver.com Smarter Drivers...Better Jobs Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:36 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Brian, you had a misconfiguration in your Declude global.cfg for the Sniffer tests. I fixed it. I also updated your Declude RBLs while I was in there. You should be all set. Please let me know if you see another message where you can see the Sniffer headers like this: X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f But you are unable to see Sniffer triggered in the Declude headers here: X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:28 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? It looks like Sniffer is triggering, but Declude is possibly not seeing it's score. I will log into your server now and have a look. Stand by. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 10:25 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? I understand my last question but what about this one? The subject line was Comfortable bra helps control underarm and side spillage Email from Russia for a bra gets through? Seems something isn't working to let this through. Date: Fri, 12 Sep 2014 07:01:54 -0700 X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f X-RBL-Warning: WEIGHT10: Weight of 13 reaches or exceeds the limit of 10. X-Declude-Sender: hen...@taffypull.amily.biz [93.158.215.198] X-Declude-Spoolname: 162627465.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 http://www.declude.com/x-note.htm; X-Declude-Scan: Incoming Score [13] at 07:59:28 on 12 Sep 2014 X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] X-Country-Chain: RUSSIAN FEDERATION-destination X-Declude-Code: f X-HELO: amily.biz X-Identity: 93.158.215.198 | ionist.pw | taffypull.amily.biz X-Rcpt-To: br...@truckdriver.com X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None, Declude: 13 X-SmarterMail-TotalSpamWeight: 13 Brian Thomforde http://www.truckdriver.com/ http://www.truckdriver.com Smarter Drivers...Better Jobs Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 7:10 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Good morning everyone. Dave is correct. This message made it through because it was whitelisted. I wanted to mention that Sniffer did not give this message a score of 55. The 55 that you see a Sniffer rule code, not the Sniffer score. Each test within Sniffer has a code. For example, the Sniffer code 55 is the Malware Scumware Greetings code. For a full list of codes and their meanings, please see our KB article at the following link: http://know.mailsbestfriend.com/translation_table_for_sniffer_rule_codes-126 5292287.shtml Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent
[MBF] Re: Smartermail issues with latest Firefox update.
Thanks Scott. It worked for me on both SmarterTrack 10.1 and Smartermail 12.1. Smartetools says they will have a true fix tomorrow. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Jibben Sent: Thursday, July 24, 2014 3:12 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Smartermail issues with latest Firefox update. SmarterTools is aware of this problem and will be releasing a fix. Read this forum post to learn how to fix this Firefox v31 issue if you don't want to wait for the patch: http://forums.smartertools.com/threads/firefox-31-issue-with-popup-windows-m ail-and-stats.42522/ I followed the instructions and it works on SM 12.3. sj Scott Jibben http://runspot.net/ RunSpot [email] sc...@runspot.net [web] http://runspot.net http://runspot.net/ [voice] 763.551.2510 [toll free] 866.635.7299 On 7/24/2014 10:49 AM, Linda Pagillo wrote: Hi Scott. I'm seeing the same issue with SmarterTrack this morning. My Firefox updated and the problems started. The scrolling function is also not working correctly. Linda Pagillo Mail's Best Friend Email: mailto:linda.pagi...@mailsbestfriend.com linda.pagi...@mailsbestfriend.com Web: http://www.mailsbestfriend.com www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: mailto:community@mailsbestfriend.com community@mailsbestfriend.com [ mailto:community@mailsbestfriend.com mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, July 24, 2014 10:38 AM To: mailto:community@mailsbestfriend.com community@mailsbestfriend.com Subject: [MBF] Smartermail issues with latest Firefox update. FYI: I am running Smartermail 11.7 and got a call today from one of my users stating that the new message window pop-up can not be resized and is too small to see the body of the message. He confirmed the problem existed on both the Mac and Windows versions of the Firefox browser. I upgraded my copy of Firefox and was able to recreate the problem as well. I am guessing something new in Firefox 31.0
[MBF] Re: Hijack activation
You're welcome. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Darin Cox Sent: Friday, May 30, 2014 6:08 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation Hi Linda, Thanks. I thought I remembered an issue that prevented using the newer versions of Declude on IMail 8.22. We'll try the upgrade and go from there. Much appreciated! Darin. -Original Message- From: Linda Pagillo Sent: Friday, May 30, 2014 7:01 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation HI Darin. You can use the newest version of Declude on any version of Imail. My suggestion would be to upgrade. That way you can get all of the features of Hijack. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Darin Cox Sent: Friday, May 30, 2014 5:10 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation Hi Martin, The problem is we don't have an activation code for it. Also, my understanding is we can't upgrade that server to the latest Declude since that server is running IMail 8.22. So we're back to how to obtain an activation code for Hijack with Declude Pro 1.82/IMail 8.22. Darin. -Original Message- From: Martin Schaible Sent: Friday, May 30, 2014 5:50 PM To: community@mailsbestfriend.com Subject: [MBF] AW: Hijack activation Usualy you have to rename hijack.cfg.off to hijack.cfg. Before you do this, you should think about the configuration of hijack. I have set it to this values: LOGLEVEL HIGH #Send out notification using HijackNotify.eml when HiJack Threshold 2 reached HIJNOTIFY ON # The following options -- RELAYTHRESHOLD1 and RELAYTHRESHOLD2 -- determine the two threshold levels. # RELAYTHRESHOLD1 determines how many E-mails someone can send out before their mail is held temporarily. # RELAYTHRESHOLD2 determines how many E-mails someone can send out before their mail is held permanently (a spammer). # # The first number indicates the time period in MINUTES, and the second number indicates the number of outgoing E-mails # that can be sent out in the time period. For example, RELAYTHRESHOLD1 10 20 would allow the user to send out 20 # E-mails in 10 minutes before his mail was held temporarily. RELAYTHRESHOLD1 10 50 RELAYTHRESHOLD2 30 100 If possible, I would recommend to update Declude to its latest (free) edition. It's done in 5 minutes. Freundliche Grüsse -- netfusion GmbH | Martin Schaible Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland Tel.: +41 44 391 30 00 E-Mail: mar...@netfusion.ch Internet: www.netfusion.ch | wiki.netfusion.ch Helpdesk: helpdesk.netfusion.ch Wird sind auch auf Facebook präsent: www.facebook.com/NetfusionGmbH -- -Ursprüngliche Nachricht- Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Darin Cox Gesendet: Freitag, 30. Mai 2014 23:26 An: community@mailsbestfriend.com Betreff: [MBF] Hijack activation Anyone know what is needed to activate Hijack? We have a server with an older instance of Declude Pro (v1.82) on IMail 8.22 that needs Hijack activated to alleviate a problem with occasional hacked email accounts. We could write a utility to monitor and handle this, but it would be a lot easier if we could just activate Hijack. Appreciate it, Darin. # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com
[MBF]Re: Great number of hijacked accounts last few days
Katie, if you add the following directive to your Hijack.cfg file, you can have Hijack count by authenticated address rather than IP. It's called HIJADDR ON. This will help Hijack to catch the spammers regardless of IP. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Wednesday, February 26, 2014 1:17 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Now NINE. Four different domains. The originating IP's are all foreign - and lots of them. In fact, they are changing spoofed IP's after just a few messages, so Declude hijack isn't working as well as HAMR, since it is IP based, but it has pegged 2 of the 9 while HAMR has done its thing on all nine so far. So, while I'm suggesting that clients run independent scans just as general good practice, I don't suspect infected customer computers. I am certainly advising that that password is compromised and that if it is used for other accounts, those accounts need to be changed as well and urging them to not use the same password for everything, but, as you are all quite well aware, people are very resistant to that idea. They don't get that making it easy for themselves also makes it easy for the bad guys. http://www.centric.net/ centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, February 26, 2014 11:58 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Sometimes the problem is that a user's computer is infected by a virus which then has access to the mail client in which case the password is irrelevant to the conversation. From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, February 26, 2014 1:49 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days We are seeing a 3 to 4 fold increase in spam in the last months and a few hijacked accounts, almost one a day, where they seem to magically know the password. Someone suggested I'ts because they have hacked Linked-in, adobe, target and other database in recent months. People have to use different passwords for every system! Carl J. Carl Wagar EntreNet Communications Inc http://www.entrenet.com www.entrenet.com http://www.thehostingservice.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: mailto:jcwa...@entrenet.com jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Wednesday, February 26, 2014 1:40 PM To: community@mailsbestfriend.com Subject: [MBF]Great number of hijacked accounts last few days We have had EIGHT hijacked accounts in the last two days. For us, that's a great many. Imail HAMR and Declude hijack have been doing their jobs, for which I am very grateful. Is anyone else seeing an increase in hijacked accounts the last couple days, or are they just picking on us? http://www.centric.net/ centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 image002.gifimage003.jpg
[MBF]Re: SmarterMail exploit
Thanks for the heads-up Gary. I just chimed in on the forum thread letting people know that they can get Declude from us for free if they wanted a temp solution until ST can assess and fix the issue if needed. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Gary Steiner Sent: Monday, February 24, 2014 7:16 AM To: community@mailsbestfriend.com Subject: [MBF]SmarterMail exploit SmarterMail admins should be following this thread on the SmarterMail forums: http://forums.smartertools.com/threads/spammers-authenticating-once.41207/ There seems to be a new spamming attack that somehow allows the spammer to bypass authentication and somehow exploit a user account to send spam. The problem is it is very subtle and may not be noticeable to an administrator right away. SmarterTools shuts down over the weekend, so they may not even be aware of the problem yet. Declude seems to be a decent tool for catching this problem, but only if you have your outbound spamchecks configured for it. # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Re: 553 Message refused
What outgoing server are you using in Outlook? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Alejandro de los Rios Sent: Monday, January 13, 2014 8:35 AM To: community@mailsbestfriend.com Subject: [MBF]Re: 553 Message refused Hi Linda, thanks for the info, but the mail is not relaying because was sent to another user in the same domain , the same server and it is happening with outlook 2010. Cordialmente, Alejandro de los Rios Gerente de Tecnologia mailto:alejan...@pandacons.com alejan...@pandacons.com Carrera 49B No. 93 - 94 PBX: (+571) 533 3100 FAX: (+571) 533 3107 Bogotá - Colombia Descripción: Descripción: Descripción: Descripción: cid:image001.png@01CC6991.6B2E69C0 Descripción: Descripción: Descripción: Descripción: cid:image002.png@01CC6991.6B2E69C0 La información contenida en este correo y sus anexos es confidencial y solo puede ser utilizada por la persona o empresa a la cual está dirigida. Si usted no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este correo es prohibida y sancionada por la ley. Si por error recibe este correo, por favor reenviarlo al remitente de PANDA CONSULTING S.A. y/o borrar el correo inmediatamente. Esta información es propiedad de PANDA CONSULTING S.A. toda distribución o copia de este documento sin la autorización expresa de PANDA CONSULTING S.A. es prohibida y sancionada por la ley. Descripción: Descripción: Descripción: Descripción: Descripción: Descripción: http://calijaz.files.wordpress.com/2010/08/iso_9001-2008.jpg From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, January 09, 2014 9:54 PM To: community@mailsbestfriend.com Subject: [MBF]Re: 553 Message refused Hi Alejandro. Check out the following article. It may help you to understand what is happening: http://office.microsoft.com/en-ca/outlook-help/troubleshoot-550-553-and-rel ay-prohibited-errors-HA001112833.aspx http://office.microsoft.com/en-ca/outlook-help/troubleshoot-550-553-and-rela y-prohibited-errors-HA001112833.aspx Linda Pagillo Mail's Best Friend Email: mailto:linda.pagi...@mailsbestfriend.com linda.pagi...@mailsbestfriend.com Web: http://www.mailsbestfriend.com www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: mailto:community@mailsbestfriend.com community@mailsbestfriend.com [ mailto:community@mailsbestfriend.com mailto:community@mailsbestfriend.com] On Behalf Of Alejandro de los Rios Sent: Thursday, January 09, 2014 7:24 PM To: mailto:community@mailsbestfriend.com community@mailsbestfriend.com Subject: [MBF]553 Message refused Hi we are experiencing some problems with calendar appointments sent by Outlook with some customers, the error is the following: Some of the recipients did not receive your message. Asunto: Apalita - cita cirujano cabeza y cuello Enviado el: 09/01/2014 05:51 p.m. Unable to locate the following recipients: 'hugo.sa...@inter-consultant.com' en 09/01/2014 05:51 p.m. 553 Message refused Is an intradomain email. Nothing in logs, only the sent mail in SMTP but nothing in delivery. Server: 2 x Xeon QuadCore 2.2 8 GB RAM 2x80 GB SAS RAID1 for OS, 4x400 RAID10 for Data Windows 2008R2 Smartermail 11.7 Client: Outlook 2010 Cordialmente, Alejandro de los Rios Gerente de Tecnologia mailto:alejan...@pandacons.com alejan...@pandacons.com Carrera 49B No. 93 - 94 PBX: (+571) 533 3100 FAX: (+571) 533 3107 Bogotá - Colombia Descripción: Descripción: Descripción: Descripción: cid:image001.png@01CC6991.6B2E69C0 Descripción: Descripción: Descripción: Descripción: cid:image002.png@01CC6991.6B2E69C0 La información contenida en este correo y sus anexos es confidencial y solo puede ser utilizada por la persona o empresa a la cual está dirigida. Si usted no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este correo es prohibida y sancionada por la ley. Si por error recibe este correo, por favor reenviarlo al remitente de PANDA CONSULTING S.A. y/o borrar el correo inmediatamente. Esta información es propiedad de PANDA CONSULTING S.A. toda distribución o copia de este documento sin la autorización expresa de PANDA CONSULTING S.A. es prohibida y sancionada por la ley. Descripción: Descripción: Descripción: Descripción: Descripción: Descripción: http://calijaz.files.wordpress.com/2010/08/iso_9001-2008.jpg image001.gifimage002.pngimage003.pngimage004.jpg
[MBF]Re: Testing Email system
You can send yourself the Ecair: http://www.eicar.org/86-0-Intended-use.html Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Tuesday, November 12, 2013 11:56 AM To: community@mailsbestfriend.com Subject: [MBF]Testing Email system Declude back in the day had a test to send the ecair virus to test an email server. What is available for us to use today? # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Re: Working on using NOD32 as a scanner for Declude
Hi John. Try ESETNO~1 instead of ESET~1 Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 5:32 PM To: community@mailsbestfriend.com Subject: [MBF]Working on using NOD32 as a scanner for Declude I am working on using NOD32 as an additional scanner for Declude Virus but am running into a problem with spaces in the path. Setting Scan File 2 to C:\Program Files\ESET NOD32 Antivirus\ecls.exe /no-boots /sfx /rtp /adware /unsafe /unwanted /pattern /heur /clean-mode=NONE /no-log-console ERROR: SCANFILE option must not have any spaces in the pathname The problem is \ESET NOD32 Antivirus\ as if I try to use \ESET~1\ it can not find it. Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESET~1\ecls.exe Suggestions? # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Re: Working on using NOD32 as a scanner for Declude
Try uninstalling NOD and reinstalling it in a directory with no spaces. Such as C:\NOD and see if that helps. A little unconventional, I know, but it would be a good test. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 6:29 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude BLANK for that directory mean it does not know what to do. -Original Message- From: Andy Schmidt andy_schm...@hm-software.com Sent: Monday, November 11, 2013 4:19pm To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude John, Rather than guessing, just use the command link DIR command with the /X option. Start at the C: drive and then work your way through the two subfolders. The /X option will tell you the 8.3 MSDOS style name for each folder/file. Best Regards, Andy -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 6:45 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude Did not work. Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESETNO~1\ecls.exe # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Dead Blacklists - Please update your global.cfg
Good morning everyone. The following RBLs should be removed from your Declude global.cfg if you are using them: FIVETEN-DUL DSN NOABUSE NOPOSTMASTER BOGUSMX They have all been verified as dead. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF image001.gif
[MBF]Re: Dead Blacklists - Please update your global.cfg
My pleasure Uwe! I have also updated the paper I wrote for our KB. http://know.mailsbestfriend.com/papers/SmarterMail-Antispam-Settings.shtml. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Info Wind Internethaus GmbH Sent: Friday, November 08, 2013 10:55 AM To: community@mailsbestfriend.com Subject: [MBF]AW: Dead Blacklists - Please update your global.cfg Great. Thank you a lot, that is perfect service! Uwe Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Linda Pagillo Gesendet: Freitag, 8. November 2013 17:24 An: community@mailsbestfriend.com Betreff: [MBF]Dead Blacklists - Please update your global.cfg Good morning everyone. The following RBLs should be removed from your Declude global.cfg if you are using them: FIVETEN-DUL DSN NOABUSE NOPOSTMASTER BOGUSMX They have all been verified as dead. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF image001.gif
[MBF]Re: Update to AVG
Hi Don. At this time there is no way to update Declude's AVG manually. Question for you... are you running Message Sniffer? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Don Winsauer Sent: Friday, November 08, 2013 12:37 PM To: community@mailsbestfriend.com Subject: [MBF]Update to AVG Is there any way to update the AVG files manually? Our customers are getting hit with the Cryptovirus. Thanks, Don Sent via the WebMail system at net1media.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Re: Update to AVG
HI Mike. To answer your questions... Are there any other ways to protect ourselves from the Cryptovirus? Yes, you can install a command line virus scanner to use with Declude or you can install a virus scanner on your actual mail server box. Will Sniffer filter things like this? I am under the impression that Sniffer also functions as an anti-virus. Is this a false assumption? Yes, Sniffer should be filtering these. If you are running Sniffer and still having viruses come through, I will need a copy of the email with the virus included and the full headers so I can send them to Arm to have a rule built. The only thing I have at my disposal is Clam. AVG has been dysfunctional since Declude folded, due to licensing rights, yes? AVG has been dysfunctional because when Declude closed, the AVG server they had went with them. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Friday, November 08, 2013 12:47 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Update to AVG Is there any way to update the AVG files manually? Our customers are getting hit with the Cryptovirus. Are there any other ways to protect ourselves from the Cryptovirus? Will Sniffer filter things like this? I am under the impression that Sniffer also functions as an anti-virus. Is this a false assumption? The only thing I have at my disposal is Clam. AVG has been dysfunctional since Declude folded, due to licensing rights, yes? - Michael Cummins # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Re: Dead Blacklists - Please update your global.cfg
Yes. You can find our latest global.cfg file here. http://mailsbestfriend.com/downloads. Be advised that I have not yet removed the dead tests from that global. So in other words, it is current, minus the tests I instructed you guys to remove this morning. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Friday, November 08, 2013 2:02 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Dead Blacklists - Please update your global.cfg okay i got rid of these and now only have a few. Is there a current list or global.cfg example you have so i can compare? On Nov 8, 2013, at 11:30 AM, Scott Fosseen - Prairie Lakes AEA sfoss...@aea8.k12.ia.us wrote: Thanks! From: mailto:linda.pagi...@mailsbestfriend.com Linda Pagillo Sent: Friday, November 08, 2013 10:23 AM To: mailto:community@mailsbestfriend.com community@mailsbestfriend.com Subject: [MBF]Dead Blacklists - Please update your global.cfg Good morning everyone. The following RBLs should be removed from your Declude global.cfg if you are using them: FIVETEN-DUL DSN NOABUSE NOPOSTMASTER BOGUSMX They have all been verified as dead. Thanks! Linda Pagillo Mail's Best Friend Email: mailto:linda.pagi...@mailsbestfriend.com linda.pagi...@mailsbestfriend.com Web: http://www.mailsbestfriend.com www.mailsbestfriend.com Office: 703.988.3605 x7016 image001.gif Richard Mazur Director of Sales SurfNet Corporation r...@surfmail.net image001.gif
[MBF]Re: Update to AVG
Thanks Don. Can you send me a header from one of the virus-infected emails that made it through to your customers? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Don Winsauer Sent: Friday, November 08, 2013 1:03 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Update to AVG Yes, I am running Message Sniffer. Don -- Original Message -- From: Linda Pagillo linda.pagi...@mailsbestfriend.com Reply-To: community@mailsbestfriend.com Date: Fri, 8 Nov 2013 13:00:01 -0600 Hi Don. At this time there is no way to update Declude's AVG manually. Question for you... are you running Message Sniffer? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Don Winsauer Sent: Friday, November 08, 2013 12:37 PM To: community@mailsbestfriend.com Subject: [MBF]Update to AVG Is there any way to update the AVG files manually? Our customers are getting hit with the Cryptovirus. Thanks, Don Sent via the WebMail system at net1media.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com Sent via the WebMail system at net1media.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com
[MBF]Re: Smartermail, Delays and non-delivered messages
Scott, I have seen this happen before. The SM delivery log is not deleting the messages. They are never making it to delivery so there is no entry. I have found the culprit to be Smartermail’s SpamAssassin. Disable SpamAssassin then go to your spool via the SM admin interface and force delivery on the messages. They will go out. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Thursday, October 17, 2013 4:55 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Smartermail, Delays and non-delivered messages Is there a spam filter on the user account or domain that is deleting the message ? Users have the ability to setup their own filters in SM which can cause this. David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com http://www.mailsbestfriend.com/ Office: 866.919.2075 cid:image001.png@01CE2B2E.8B3E9EF0 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 17, 2013 5:51 PM To: community@mailsbestfriend.com Subject: [MBF]Smartermail, Delays and non-delivered messages I have several of my customers complaining about messages that are either delayed, or not delivered. When I look in the logs I see no issues with the messages they say are delayed. We did find one message that in the Smartermail Delivery logs said it was deleted due to a filter. I looked at my spam settings for Smartermail, and all I have enabled is Declude. I don’t understand why the Smartermail Delivery log deleted the message. Most of my customers said this started about 1 week and a half ago. image002.gifimage003.png
[MBF]Re: False positive on McAfee
You're welcome Katie J Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Monday, October 07, 2013 2:19 PM To: community@mailsbestfriend.com Subject: [MBF]Re: False positive on McAfee Thanks, Linda. I didn't look at blacklists because the headers showed McAfee. Silly me! The client has found a rootkit on one of the machines in their network. http://www.centric.net/ centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Monday, October 07, 2013 10:58 AM To: community@mailsbestfriend.com Subject: [MBF]Re: False positive on McAfee Hi Katie. I did a lookup on the sender's IP - 209.137.225.54. It seems that IP is on several, major real-time blacklists. b.barracudacentral.org - Barracuda Reputation Block List hostkarma.junkemailfilter.com - Hostkarma all.spamrats.com - SpamRATS! all xbl.spamhaus.org - Spamhaus XBL Exploits Block List zen.spamhaus.org - Spamhaus ZEN Combined Block List cbl.abuseat.org - Composite Blocking List It looks like the admin of that mail server needs to find out what caused the IP to land on all of those lists, fix the issue then request removal. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Monday, October 07, 2013 11:35 AM To: community@mailsbestfriend.com Subject: [MBF]False positive on McAfee Hello, Please cc spamfil...@centric.net on any responses to this thread so they don't get caught in our filter. One of our hosting client's messages are getting caught by the McAfee filter in Declude. It has a few other issues, but McAfee is the biggie. Attached is an example. Here are the headers: Received: from CustomPC [209.137.225.54] by mail.centric.net with ESMTP (SMTPD-12.3.0.100) id 6eb4000972d8def1; Mon, 7 Oct 2013 10:22:32 -0600 From: Jared Barnard jbarn...@missoulaconcrete.com To: spamfil...@centric.net Subject: Mail Date: Mon, 7 Oct 2013 10:22:35 -0600 Message-ID: 003a01cec379$6f023d80$4d06b880$@com MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_003B_01CEC347.2467CD80 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac7DeW50L495rxr9QfykRzOo0EY9VA== Content-Language: en-us X-MessageSniffer-Identifier: C:\IMail\spool\proc\work\D6eb4000972d8def1.smd X-GBUdb-Analysis: 0, 209.137.225.54, Ugly c=0.297854 p=-0.22 Source Normal X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10. X-Declude-Sender: jbarn...@missoulaconcrete.com [209.137.225.54] X-Declude-Spoolname: D6eb4000972d8def1.smd X-Declude-RefID: X-Declude-Note: Scanned by Centric Internet Services using Declude 4.12.01 for spam. http://www.declude.com/x-note.htm; X-Declude-Scan: Incoming Score [12] at 10:22:40 on 07 Oct 2013 X-Declude-Fail: HOSTKARMA-BLACK [5], MCAFEE [10], CMDSPACE [0], HAM-INDICATOR [-2], WEIGHT10 [10] X-Country-Chain: UNITED STATES-destination X-RCPT-TO: spamfil...@centric.net Status: X-UIDL: 681075816 X-IMail-ThreadID: 6eb4000972d8def1 Thanks, http://www.centric.net/ centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 image002.gifimage003.jpg
[MBF]Re: SNIFFER
Hi Richard. I received your email about this Friday and replied to you. I apologize if you didn't receive it. Could you please forward to me the actual emails that went along with the headers that you sent? Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Sunday, September 22, 2013 9:10 AM To: community@mailsbestfriend.com Subject: [MBF]SNIFFER Ive suddenly got a lot of mail even stuff that should be whitelisted cause by spam filter declude and put in my 'spam' folder. This al started about a week ago or so and i have not changed any settings. i see mail even coming from google or my own domain (that should be whitelisted) is getting a 20 SCORE and thus marking it with a higher weight and marking it as spam. People who have had friends emailing them for years without a problem all of a sudden are getting caught. I do no know what this SNIFFER filter is or how to tweak it or if it is needed to still properly catch the spam. If any one can help that would be great. here is a few examples of headers that have been caught. X-Declude-Scan: Incoming Score [20] at 13:29:49 on 17 Sep 2013 X-Declude-Tests: SPFPASS [-1], SNIFFER [20], FILTER-SPAM [5] X-Country-Chain: X-Declude-Code: f X-Helo: http://mail-ee0-f51.google.com/ mail-ee0-f51.google.com X-Identity: 74.125.83.51 | mail-ee0- http://f51.google.com/ f51.google.com | http://googlemail.com/ googlemail.com Richard Mazur Director of Accounts SurfNet Corporation http://www.surfnetcorp.com Main Office - 888-704-7773 x1 Direct - 847-483-8788 Fax - 888-704-7773 Email - r...@surfmail.net Skype - rickmaz1106 Follow us on Twitter: www.twitter.com/surfnethosting On Sep 18, 2013, at 9:53 AM, Darin Cox dc...@4cweb.com wrote: That is a fairly high load. You might see about blocking spammy IPs at the firewall or a separate filtering server to reduce the amount processed on your mail server. An additional thing you can check is for a large number of files in log directories. Windows in general doesn't like more than a couple thousand files in a directory. Performance degrades significantly. Darin. -Original Message- From: Daniel Ivey Sent: Wednesday, September 18, 2013 9:19 AM To: community@mailsbestfriend.com Subject: [MBF]high cpu usage I have a virtualized Windows 2000 Server that has all of a sudden starting having high CPU usage (according to Vmware). When I check the CPU usage in Performance in Windows Task Manager, it bounces up to about 98% at times, but quickly backs down and has been as low as 20%. When I go under processes and see what is using most of the CPU, it is either decludeproc.exe (I am running version 4.12.02) or SNFServer.exe constantly. I have tightened my restraints on HiJack to see if someone was coming in under my thresholds, but have not gotten any alerts to that being the problem. The server is keeping up with only around 70 - 100 items in the PROC folder when I check it using DecludeCount.exe. Occasionally, it will get up to 150 in the PROC folder but then comes back down. The server seems to be processing about 300 messages every 15 seconds according to DecludeCount.exe. I was just wondering if anyone had ran into this issue and if so, what the fix was or if anyone had any suggestions for settings to tweak? Any help is greatly appreciated, as I want to nip this in the bud before it becomes a larger problem. Daniel # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com # This message is sent to you because you are subscribed to the mailing list community@mailsbestfriend.com. To unsubscribe, E-mail to: community-...@mailsbestfriend.com To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com Send administrative queries to community-requ...@mailsbestfriend.com image001.gif
[MBF]Re: SNIFFER
Yes, please send me the headers and the actual emails. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Sunday, September 22, 2013 12:14 PM To: community@mailsbestfriend.com Subject: [MBF]Re: SNIFFER i dont have the full emails. do you want me to have client forward me the actual email as well? you need more than just the headers? Richard Mazur Director of Accounts SurfNet Corporation http://www.surfnetcorp.com Main Office - 888-704-7773 x1 Direct - 847-483-8788 Fax - 888-704-7773 Email - r...@surfmail.net Skype - rickmaz1106 Follow us on Twitter: www.twitter.com/surfnethosting On Sep 22, 2013, at 12:10 PM, Linda Pagillo linda.pagi...@mailsbestfriend.com wrote: Hi Richard. I received your email about this Friday and replied to you. I apologize if you didn't receive it. Could you please forward to me the actual emails that went along with the headers that you sent? Thanks. Linda Pagillo Mail's Best Friend Email: mailto:linda.pagi...@mailsbestfriend.com linda.pagi...@mailsbestfriend.com Web: http://www.mailsbestfriend.com www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 image001.gif From: mailto:community@mailsbestfriend.com community@mailsbestfriend.com [mailto:community@ http://mailsbestfriend.com mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Sunday, September 22, 2013 9:10 AM To: mailto:community@mailsbestfriend.com community@mailsbestfriend.com Subject: [MBF]SNIFFER Ive suddenly got a lot of mail even stuff that should be whitelisted cause by spam filter declude and put in my 'spam' folder. This al started about a week ago or so and i have not changed any settings. i see mail even coming from google or my own domain (that should be whitelisted) is getting a 20 SCORE and thus marking it with a higher weight and marking it as spam. People who have had friends emailing them for years without a problem all of a sudden are getting caught. I do no know what this SNIFFER filter is or how to tweak it or if it is needed to still properly catch the spam. If any one can help that would be great. here is a few examples of headers that have been caught. X-Declude-Scan: Incoming Score [20] at 13:29:49 on 17 Sep 2013 X-Declude-Tests: SPFPASS [-1], SNIFFER [20], FILTER-SPAM [5] X-Country-Chain: X-Declude-Code: f X-Helo: http://mail-ee0-f51.google.com/ mail-ee0-f51.google.com X-Identity: 74.125.83.51 | mail-ee0- http://f51.google.com/ f51.google.com | http://googlemail.com/ googlemail.com Richard Mazur Director of Accounts SurfNet Corporation http://www.surfnetcorp.com http://www.surfnetcorp.com Main Office - 888-704-7773 x1 Direct - 847-483-8788 Fax - 888-704-7773 Email - mailto:r...@surfmail.net r...@surfmail.net Skype - rickmaz1106 Follow us on Twitter: http://www.twitter.com/surfnethosting www.twitter.com/surfnethosting On Sep 18, 2013, at 9:53 AM, Darin Cox mailto:dc...@4cweb.com dc...@4cweb.com wrote: That is a fairly high load. You might see about blocking spammy IPs at the firewall or a separate filtering server to reduce the amount processed on your mail server. An additional thing you can check is for a large number of files in log directories. Windows in general doesn't like more than a couple thousand files in a directory. Performance degrades significantly. Darin. -Original Message- From: Daniel Ivey Sent: Wednesday, September 18, 2013 9:19 AM To: mailto:community@mailsbestfriend.com community@mailsbestfriend.com Subject: [MBF]high cpu usage I have a virtualized Windows 2000 Server that has all of a sudden starting having high CPU usage (according to Vmware). When I check the CPU usage in Performance in Windows Task Manager, it bounces up to about 98% at times, but quickly backs down and has been as low as 20%. When I go under processes and see what is using most of the CPU, it is either decludeproc.exe (I am running version 4.12.02) or SNFServer.exe constantly. I have tightened my restraints on HiJack to see if someone was coming in under my thresholds, but have not gotten any alerts to that being the problem. The server is keeping up with only around 70 - 100 items in the PROC folder when I check it using DecludeCount.exe. Occasionally, it will get up to 150 in the PROC folder but then comes back down. The server seems to be processing about 300 messages every 15 seconds according to DecludeCount.exe. I was just wondering if anyone had ran into this issue and if so, what the fix was or if anyone had any suggestions for settings to tweak? Any help is greatly appreciated, as I want to nip this in the bud before it becomes a larger problem. Daniel # This message
[MBF]Re: Filter updates
Hi Scott. Yes, you can find updated filters here.. http://mailsbestfriend.com/downloads . I believe the FILTER-SPAM is updated for the current year. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Wednesday, September 18, 2013 9:07 AM To: community@mailsbestfriend.com Subject: [MBF]Filter updates I probably missed this someplace in an older message. Are the declude filter files still being updated? If so where can I find them, if not I need help with the line in the “SPAM” filter that is looking for the current year in the header. I think I understand how it works, but I am missing the critical part about how to define the current year. image001.gif
[MBF]Help with Perl
Hi everyone. I'm working on a project and I need to speak with someone familiar with Perl. Is anyone out there a Perl developer? Your help would be greatly appreciated. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF image001.gif