Title: Release 4.10.42
On 5/5/2010 4:05 PM, Andy Schmidt wrote:
snip/
The
golden rule for external tests and for RBLs is if
you have multiple lines using the SAME command
(e.g., the 18 SNF lines), or referring to the same external
program (e.g., 5 invURIBL lines), or
On 7/23/2010 2:29 PM, Matt wrote:
This spammer accounts for about 7% of all E-mail that makes it to my
deep scanning layer. Sniffer seems to miss a good deal of their spam,
so there isn't much protection from it otherwise.
Matt -- Is it possible for you to zip up some samples from this guy
On 7/23/2010 6:37 PM, Matt wrote:
Pete,
Will do. I call this spammer Whitestone,
Much appreciated. I'll take a closer look with the team to see what we
can do to close these guys down better.
Thanks!
_M
--
President
MicroNeil Research Corporation
www.microneil.com
---
[This E-mail
On 7/23/2010 9:19 PM, Matt wrote:
I guess my point here is that they are both very high volume spammers,
and they both randomize sufficiently so that blocking them requires
blocking their domains and having the samples available, but putting
in proactive rules will only last a short time.
On 7/27/2010 2:10 PM, Colbeck, Andrew wrote:
Flavour of the day:
Relevant bits of the header:
Received: from payoff.all-debt-forever.com [173.192.161.27]
Subject: Stay on top of your credit report
Thanks -- coded some rules, will be looking for abstract opportunities.
Also coded several
On 7/28/2010 2:29 PM, Imail Admin wrote:
lately (last couple of
weeks) I've noticed more spam getting through. A lot more.
Check your SNF installation. I looked up your license ID and checked for
your telemetry and did not find it.
This usually means that SNF is not currently running on
On 8/1/2010 1:36 PM, Imail Admin wrote:
Hi Pete,
By SNF I assume you mean Sniffer? How do I tell for sure which
version is running and whether it is getting the latest downloads? I
know it's running at least partially because the report lists it. I
checked the cfg file and it says
On 8/1/2010 3:03 PM, Imail Admin wrote:
Hi Pete,
OK, I did the upgrade. One thing that was slightly different from the
instructions was that even though I directed it to install into the
same folder as the prior Sniffer installation (d:\imail\sniffer), it
only offered me a choice of a new
/node/gbudb/training/source-header.jsp
If you configure this training mechanism for GBUdb in your Message
Sniffer engine then GBUdb will become much more accurate for messages
coming through that source.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
the black
range and be scored accordingly. Other IPs sending messages through that
system will be scored on their own merits.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
[This E-mail was scanned by Declude]
---
This E-mail came from
batch we see.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---[This E-mail was scanned by Declude]
---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to imail
address. Please also let us know if we can
improve our documentation.
Thanks!
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---[This E-mail was scanned by Declude]
---This E-mail came from the Declude.JunkMail
On 2/11/2011 2:49 PM, IMail Admin wrote:
But keeping the spam down is a bigger issue right now.
You might try adding truncate to your RBLs.
http://www.gbudb.com/truncate/index.jsp
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
is tmpfs with a ton of extra RAM.
Analogous to a RAM drive on Win* I suppose -but tmpfs will automatically
extend itself to physical drives if the size explodes so that's
something to watch for.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
.
http://www.gbudb.com/truncate/index.jsp
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe
he mystery heap.
This search might help you find what you're looking for in previous
discussions.
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declud
rchive.com/search?q=0xC142l=declude.junkmail%40declude.com
There is also a link buried in the KB article that leads here:
http://www.declude.com/Articles.asp?ID=130
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail
).
You only need a larger number of threads when sending mail out
because each thread may need to wait a significant amount of time
for the outbound process to start and finish.
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
://www.armresearch.com/support/articles/software/snfServer/logFiles/
http://www.armresearch.com/support/articles/software/snfServer/config/node/logs/scan/xml.jsp
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
it other than expense and the relatively small size of SSDs -- even
that shouldn't be a problem these days if you watch it closely. My
experiment was many years ago.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from
, or Declude.
On the surface I would suggest that RAM is your big problem. If you have
2G and you're using 5-10G then you are spending a lot of time swapping
through IO. RAM is pretty cheap these days, so I would probably boost
that first (not knowing more about it).
_M
--
Pete McNeil, President
was
We're digging into this one a bit right now -- Could you zip up a
bunch of samples and send them to me please? We have several
structural and content vectors to explore and I'm looking for
exploitable commonalities.
Thanks,
_M
--
Pete McNeil
getting here - I'll
keep an eye out.
Thanks,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com
. At
least 3 new structural abstracts are in play also.
If you're not already using the truncate BL that might also help add
some weight (I see you're using a lot of tests):
http://gbudb.com/truncate/index.jsp
Thanks,
_M
--
Pete McNeil, President
MicroNeil
anything about that? If Declude just evaporates without
saying another word that would be a good thing to have.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail came from the Declude.JunkMail mailing list
as spam and possibly take a
sample.
http://www.armresearch.com/support/articles/software/snfServer/core.jsp
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail
Declude\SNF\SNFClient.exe"
10 0
Woops!! That's backward.
It SHOULD be:
SNIFFER-CAUTION external 040 etc...
SNIFFER-TRUNCATE external 020 etc...
Best,
_M
--
Pete McNeil, President
?
Yes.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubs
didn't match any patterns I know, but
I'll bet that it's just a bot I haven't seen before that's been lit up
to send a new spam campaign.
That reasoning is usually correct, but it's not as solid as the other
result codes because it's guessing
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil
because it will know about
IPs that you may not have seen yet at your system.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail came from the Declude.JunkMail mailing list
201 - 231 of 231 matches
Mail list logo