[sniffer] Re: After Updating MXGUARD
Hi I have Win2003 iMail Server 2006.2 MxGuard 3.1 The last version of Message Sniffer Regard Alberto Santoni --- ASPita Sprl Grande rue au Bois, 196 - 1030 - Brussels +32(0)2 217 85 28 office +32(0)2 735 78 65 fax +32(0)476 53 88 34 mobile Skype: Aspita.be --- > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Greg Coffey > Sent: 28 June 2007 22:04 > To: Message Sniffer Community > Subject: [sniffer] Re: After Updating MXGUARD > > What platform is the server running? I had problems running Win2003 and > the latest sniffer, had to back up one ver to make it work. > > -- Original Message -- > From: "Alberto Santoni" <[EMAIL PROTECTED]> > Reply-To: "Message Sniffer Community" > Date: Thu, 28 Jun 2007 20:42:08 +0200 > > >Pete, > > > >after a day the SNF doesn't work yet ... what else can I try? > >I have checked all that possible > > > >With my best regards > >Alberto Santoni > >--- > >ASPita Sprl > >Grande rue au Bois, 196 - 1030 - Brussels > >+32(0)2 217 85 28 office > >+32(0)2 735 78 65 fax > >+32(0)476 53 88 34 mobile > >Skype: Aspita.be > >--- > > > > > >> -Original Message- > >> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On > >Behalf > >> Of Pete McNeil > >> Sent: 27 June 2007 23:44 > >> To: Message Sniffer Community > >> Subject: [sniffer] Re: After Updating MXGUARD > >> > >> Hello Alberto, > >> > >> Wednesday, June 27, 2007, 5:15:58 PM, you wrote: > >> > >> > Hello > >> > >> > After an update of MxGuard 1.7 -> 3.1 the Sniffer doesn't work any > >more > >> > > >> > I have the Sniffer in persistent mode and loaded with Srvany > >> > I found many files I never seen in the Sniffer dir .SRV .FIN .XXX > >> > >> > Which tests can I do to understand the problem ? > >> > >> It turns out that those files have always been there - but most of > >> them (not the SRV) went away very quickly. > >> > >> Most likely during your transition your SNF workspace got clogged with > >> a lot of these and that is causing some problems. > >> > >> First thing to do is to shut down SMTP & SNF (your persistent > >> instance) and clear out all of those job files. Each file represents a > >> sing scan job - the extension represents the status. With everything > >> shut down there should be none of these files so it's safe to delete > >> them. > >> > >> Once that is done you can start things up again and everything should > >> work normally. > >> > >> If not then the normal testing procedures should help you discover the > >> problem quickly. > >> > >> Hope this helps, > >> > >> _M > >> > >> > >> -- > >> Pete McNeil > >> Chief Scientist, > >> Arm Research Labs, LLC. > >> > >> > >> # > >> This message is sent to you because you are subscribed to > >> the mailing list . > >> To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > >> To switch to the DIGEST mode, E-mail to > ><[EMAIL PROTECTED]> > >> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > >> Send administrative queries to <[EMAIL PROTECTED]> > > > > > > > ># > >This message is sent to you because you are subscribed to > > the mailing list . > >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > >Send administrative queries to <[EMAIL PROTECTED]> > > > > > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: After Updating MXGUARD
What platform is the server running? I had problems running Win2003 and the latest sniffer, had to back up one ver to make it work. -- Original Message -- From: "Alberto Santoni" <[EMAIL PROTECTED]> Reply-To: "Message Sniffer Community" Date: Thu, 28 Jun 2007 20:42:08 +0200 >Pete, > >after a day the SNF doesn't work yet ... what else can I try? >I have checked all that possible > >With my best regards >Alberto Santoni >--- >ASPita Sprl >Grande rue au Bois, 196 - 1030 - Brussels >+32(0)2 217 85 28 office >+32(0)2 735 78 65 fax >+32(0)476 53 88 34 mobile >Skype: Aspita.be >--- > > >> -Original Message- >> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On >Behalf >> Of Pete McNeil >> Sent: 27 June 2007 23:44 >> To: Message Sniffer Community >> Subject: [sniffer] Re: After Updating MXGUARD >> >> Hello Alberto, >> >> Wednesday, June 27, 2007, 5:15:58 PM, you wrote: >> >> > Hello >> >> > After an update of MxGuard 1.7 -> 3.1 the Sniffer doesn't work any >more >> > >> > I have the Sniffer in persistent mode and loaded with Srvany >> > I found many files I never seen in the Sniffer dir .SRV .FIN .XXX >> >> > Which tests can I do to understand the problem ? >> >> It turns out that those files have always been there - but most of >> them (not the SRV) went away very quickly. >> >> Most likely during your transition your SNF workspace got clogged with >> a lot of these and that is causing some problems. >> >> First thing to do is to shut down SMTP & SNF (your persistent >> instance) and clear out all of those job files. Each file represents a >> sing scan job - the extension represents the status. With everything >> shut down there should be none of these files so it's safe to delete >> them. >> >> Once that is done you can start things up again and everything should >> work normally. >> >> If not then the normal testing procedures should help you discover the >> problem quickly. >> >> Hope this helps, >> >> _M >> >> >> -- >> Pete McNeil >> Chief Scientist, >> Arm Research Labs, LLC. >> >> >> # >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >> To switch to the DIGEST mode, E-mail to ><[EMAIL PROTECTED]> >> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >> Send administrative queries to <[EMAIL PROTECTED]> > > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: After Updating MXGUARD
Thank you Eric I checked my mxguard.ini I have SpamFilterTypes=Native,Sniffer :( May be SNF work now but unfortunately no SPAM is arriving this evening on my server :-) Alberto # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Mdaemon Plug-in Update
Hi Pete, Thanks for the info. I will keep my eyes peeled for the beta release. Thanks, Daniel > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Wednesday, June 27, 2007 10:05 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Mdaemon Plug-in Update > > Hello Daniel, > > Wednesday, June 27, 2007, 9:06:14 PM, you wrote: > > > Hi Pete and everyone, > > > Has there been any more progress on the MDaemon Plug-In? > > Yes. We have an alpha version of the plugin running on several systems > (both large and small) with very good results. We are working to > complete the feature set and fine tune the default parameters. Once we > have a functionally complete feature set -- that is, enough features > that the vast majority of installations have everything they need from > SNF -- then we will convert the project to beta status and begin wider > testing and refinement. > > The next step, during the wide beta test period, will be to build and > refine documentation and installation utilities and to ultimately > release a production ready product. > > As we go through these stages of development we will post information > about it here on this list inviting more folks to participate and > comment. > > The command line version is also in late alpha testing on a similar > variety of systems and both projects will continue to be developed in > parallel. > > Hope this helps, > > Thanks! > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: After Updating MXGUARD
Alberto: I haven't finished looking but one note I did make was that the syntax in MxGuard.INI had changed slightly to include a comma. [GLOBAL] Our working file under v1.7: SpamFilterType=NATIVE SNIFFER Our working file under v3.1: SpamFilterType=NATIVE, SNIFFER I will continue to look at this for you. Eric - Original Message - From: "Alberto Santoni" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 11:42 AM Subject: [sniffer] Re: After Updating MXGUARD Pete, after a day the SNF doesn't work yet ... what else can I try? I have checked all that possible With my best regards Alberto Santoni --- ASPita Sprl Grande rue au Bois, 196 - 1030 - Brussels +32(0)2 217 85 28 office +32(0)2 735 78 65 fax +32(0)476 53 88 34 mobile Skype: Aspita.be --- -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: 27 June 2007 23:44 To: Message Sniffer Community Subject: [sniffer] Re: After Updating MXGUARD Hello Alberto, Wednesday, June 27, 2007, 5:15:58 PM, you wrote: > Hello > After an update of MxGuard 1.7 -> 3.1 the Sniffer doesn't work any more > > I have the Sniffer in persistent mode and loaded with Srvany > I found many files I never seen in the Sniffer dir .SRV .FIN .XXX > Which tests can I do to understand the problem ? It turns out that those files have always been there - but most of them (not the SRV) went away very quickly. Most likely during your transition your SNF workspace got clogged with a lot of these and that is causing some problems. First thing to do is to shut down SMTP & SNF (your persistent instance) and clear out all of those job files. Each file represents a sing scan job - the extension represents the status. With everything shut down there should be none of these files so it's safe to delete them. Once that is done you can start things up again and everything should work normally. If not then the normal testing procedures should help you discover the problem quickly. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: After Updating MXGUARD
Albert: I remember there was some small trick to this when I did it a year or so ago. If I remember right there was a change to the MxGuard INI file that wasn't obvious. I'll take a look in a bit and see if I can get back to you with something. Eric - Original Message - From: "Alberto Santoni" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 11:42 AM Subject: [sniffer] Re: After Updating MXGUARD Pete, after a day the SNF doesn't work yet ... what else can I try? I have checked all that possible With my best regards Alberto Santoni --- ASPita Sprl Grande rue au Bois, 196 - 1030 - Brussels +32(0)2 217 85 28 office +32(0)2 735 78 65 fax +32(0)476 53 88 34 mobile Skype: Aspita.be --- -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: 27 June 2007 23:44 To: Message Sniffer Community Subject: [sniffer] Re: After Updating MXGUARD Hello Alberto, Wednesday, June 27, 2007, 5:15:58 PM, you wrote: > Hello > After an update of MxGuard 1.7 -> 3.1 the Sniffer doesn't work any more > > I have the Sniffer in persistent mode and loaded with Srvany > I found many files I never seen in the Sniffer dir .SRV .FIN .XXX > Which tests can I do to understand the problem ? It turns out that those files have always been there - but most of them (not the SRV) went away very quickly. Most likely during your transition your SNF workspace got clogged with a lot of these and that is causing some problems. First thing to do is to shut down SMTP & SNF (your persistent instance) and clear out all of those job files. Each file represents a sing scan job - the extension represents the status. With everything shut down there should be none of these files so it's safe to delete them. Once that is done you can start things up again and everything should work normally. If not then the normal testing procedures should help you discover the problem quickly. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: After Updating MXGUARD
Pete, after a day the SNF doesn't work yet ... what else can I try? I have checked all that possible With my best regards Alberto Santoni --- ASPita Sprl Grande rue au Bois, 196 - 1030 - Brussels +32(0)2 217 85 28 office +32(0)2 735 78 65 fax +32(0)476 53 88 34 mobile Skype: Aspita.be --- > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: 27 June 2007 23:44 > To: Message Sniffer Community > Subject: [sniffer] Re: After Updating MXGUARD > > Hello Alberto, > > Wednesday, June 27, 2007, 5:15:58 PM, you wrote: > > > Hello > > > After an update of MxGuard 1.7 -> 3.1 the Sniffer doesn't work any more > > > > I have the Sniffer in persistent mode and loaded with Srvany > > I found many files I never seen in the Sniffer dir .SRV .FIN .XXX > > > Which tests can I do to understand the problem ? > > It turns out that those files have always been there - but most of > them (not the SRV) went away very quickly. > > Most likely during your transition your SNF workspace got clogged with > a lot of these and that is causing some problems. > > First thing to do is to shut down SMTP & SNF (your persistent > instance) and clear out all of those job files. Each file represents a > sing scan job - the extension represents the status. With everything > shut down there should be none of these files so it's safe to delete > them. > > Once that is done you can start things up again and everything should > work normally. > > If not then the normal testing procedures should help you discover the > problem quickly. > > Hope this helps, > > _M > > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: .pdf Attachments
Also getting tons of them in past few days Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: Thursday, June 28, 2007 10:44 AM To: Message Sniffer Community Subject: [sniffer] Re: .pdf Attachments I'm getting a bunch of these as well the last few days. Sniffer is only catching about 50% of them. -Joe - Original Message - From: "Greg Coffey" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 9:20 AM Subject: [sniffer] .pdf Attachments > What is with all the .pdf attachments in spam? I haven't noticed this > trend previously. Are they infected or what is the scheme? > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: .pdf Attachments
I'm getting a bunch of these as well the last few days. Sniffer is only catching about 50% of them. -Joe - Original Message - From: "Greg Coffey" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 9:20 AM Subject: [sniffer] .pdf Attachments What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: .pdf Attachments
Hello Greg, Thursday, June 28, 2007, 10:20:04 AM, you wrote: > What is with all the .pdf attachments in spam? I haven't noticed > this trend previously. Are they infected or what is the scheme? Blackhats are now embedding their randomized image-spam images (pump & dump, for example) into pdfs to make them more difficult to filter. That's it :-) _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: .pdf Attachments
Yes, we're getting tons of these too. Michael Stein Computer House - Original Message - From: "Greg Coffey" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 10:20 AM Subject: [sniffer] .pdf Attachments What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] .pdf Attachments
What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>