Re[2]: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools

On Wednesday, January 18, 2006, 9:28:16 AM, Dean wrote: DL> Markus, DL>   DL> You still point to the executable in your global config file, DL> but since sniffer is running in persistant mode, it doesn't DL> automatically launch a new instance. That's almost correct... What happens is that the

Re[2]: [Declude.JunkMail] Sniffer Slow / Declude Problem?

References: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Declude-Spoolname: De65b1fc.SMD On Thursday, February 16, 2006, 3:28:06 PM, Jay wrote: JSHNL> I'll be damned. Apparently Diskeeper believes that "Start Time" really JSH

Re[2]: [Declude.JunkMail] How would you create a filter for this?

I added an abstract for this text pattern to Message Sniffer today. We regularly create similar rules for other variations - these patterns are independent from the URI. _M On Tuesday, April 25, 2006, 11:59:20 AM, Scott wrote: SF> SF> SF> I might suggest something to target the links of th

Re: [Declude.JunkMail] Spam

On Friday, May 19, 2006, 1:33:06 PM, Kevin wrote: KB> Has anyone else seen an increase of spam since Blue Security wet offline?? KB> We have seen an increase and we did not even use the software/service. We've noted a few bursts today but nothing completely out of the ordinary. _M --- This E-m

Re[2]: [Declude.JunkMail] Spam

One thing that we noticed a few hours ago was a new image spam that has quite a bit of bandwidth behind it and all new zombies - perhaps that's a piece of it. _M On Friday, May 19, 2006, 3:30:33 PM, Rick wrote: RB> Same here RB> Rick RB> -Original Message- RB> From: [EMAIL PROTECTED] R

Re: [Declude.JunkMail] How to get support from sniffer....

Chuck, I stepped away for a while (started work today at midnight). I've found your FPs and I will address them immediately. I note you did not leave a message on the support line (that I can see). I'll take the rest of this off list. Thanks, _M On Wednesday, May 24, 2006, 2:12:39 PM, Chuck

Re: [Declude.JunkMail] Ping

Polo On Friday, August 11, 2006, 11:30:36 AM, David wrote: DB> Ping DB> --- DB> This E-mail came from the Declude.JunkMail mailing list. To DB> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DB> type "unsubscribe Declude.JunkMail". The archives can be found DB> at http://www.mail

Re[2]: [Declude.JunkMail] Flooded with spam

If this year goes like last year then much worse is yet to come. See the bottom of this chart: http://reports.messagesniffer.com/Performance/FlowRatesByDay.jsp _M On Wednesday, August 30, 2006, 9:24:34 PM, gbirdsall wrote: gsc> I've seen a 100-130% increase since Sunday. An average day used to

Re: [Declude.JunkMail] How Accurate is Sniffer?

On Thursday, November 30, 2006, 10:25:25 PM, David wrote: DD> I'm doing my 30 day trial of Message Sniffer .. at the moment it is 5 DD> points out of 10 needed to mark something as spam. DD> How accurate is Sniffer?Something that I can raise my weight on? These days many folks are setting SN

Re[2]: [Declude.JunkMail] Declude/Sniffer Issues

On Monday, February 19, 2007, 1:39:39 PM, Darrell ([EMAIL PROTECTED]) wrote: If I might add to this...  Declude is topping SNF instances before they have time to work -- This causes job files (.XXX and so forth) to build up and cause other SNF instances to relax their timing - in theory to co

Re[2]: [Declude.JunkMail] Re: PDF spam detection

Use caution. The first part of the PDF file is common to many PDF files and coding for that will lead to false positives. The PDFs we're seeing are essentially boiler plate up to the first 12 lines (or so) of base64 encoded data, then there are some variable segments where the image display si

Re[2]: [Declude.JunkMail] Fidelity Independent Adviser

We are processing the FPs on this right now. The rule has been in place for 866 days without prior FP reports. It's going away now. Thanks, _M On Wednesday, July 18, 2007, 9:15:13 PM, Darin wrote: DC> We had one that was definitely an FP last week. Submitted and received a DC> response that th

Re[2]: [Declude.JunkMail] Spam Increase?

Spam has significantly increased in the past 7 days due to new bot nets (from old friends) and a number of new tactics for generating pdf and related spam and their mutations. I've attached a new-spam/leakage analysis from our primary spamtraps- you can see that new traffic quite literally more th

Re: [Declude.JunkMail] Vacationing Spammers

On Friday, November 26, 2004, 1:05:37 PM, Michael wrote: MJ> Anyone notice a drop in the amount of spam??? Sort of speaks MJ> most of the spammers are in the US or at least taking part in a MJ> US holdiay perhaps. I saw a huge peak at first, and now it seems about normal, maybe sub-normal. _M

Re: [Declude.JunkMail] Vacationing Spammers

On Friday, November 26, 2004, 1:05:37 PM, Michael wrote: MJ> Anyone notice a drop in the amount of spam??? Sort of speaks MJ> most of the spammers are in the US or at least taking part in a MJ> US holdiay perhaps. This data from

Re[2]: [Declude.JunkMail] Vacationing Spammers

On Friday, November 26, 2004, 1:43:06 PM, Glenn wrote: GZ> I've seen an increase in spam for the last few days slipping GZ> through with low weights or without failing any tests. I'm seeing a number of new styles of obfuscation lately, + a couple new campaigns just launched. Be sure you're up on

Re[4]: [Declude.JunkMail] Vacationing Spammers

On Friday, November 26, 2004, 4:50:10 PM, Andrew wrote: CA> One "new" obfuscation behaviour I'm seeing in a non-Declude-protected CA> account is that the bad guys are typing the URL as h t t p : \ \ instead CA> of http:// (I've added spaces to evade anybody else's filter) and a CA> second one wher

Re[4]: [Declude.JunkMail] Vacationing Spammers

On Saturday, November 27, 2004, 5:41:43 AM, Markus wrote: MG> Pete McNeil wrote: >> Be sure you're up on the >> latest version of Sniffer if you use it (2.3.2) since this >> one has a number of new de-obfuscation mechanisms in the >> filter chain. MG> J

Re: [Declude.JunkMail] Spamhaus

On Tuesday, November 30, 2004, 3:11:42 PM, Doug wrote: DA> Anyone use the xbl db from spamhaus? Good, bad, otherwise? Good. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,

Re[2]: [Declude.JunkMail] ENDing surbl filter file

On Monday, December 6, 2004, 10:50:19 AM, Andrew wrote: CA> So... I don't know how antispam software in general is adapting to those CA> anti-SURBL (or just anti-filtering) techniques, but the short of is that CA> your optimization is a good idea to save mail processing time, but not CA> agains

Re[2]: [Declude.JunkMail] Upgraded Declude Thurs night -- since then getting false positives on MessageSniffer

On Monday, December 13, 2004, 5:42:08 PM, Bill wrote: BL> - Original Message - BL> From: "William Stillwell" <[EMAIL PROTECTED]> >> Umm, Wouldn't the 0 9 setting put a Positive weight on a good clean email? >> >> shouldn't it be like >> >> SNIFFER external nonzero "c:\sniffer\win32\lice

Re[2]: [Declude.JunkMail] Question on SortMonster/MessageSniffer - using Alias for update command?

On Tuesday, December 14, 2004, 6:23:58 PM, Chris wrote: CU> Thanks all for the info. Went ahead, bought it, seems to be working well CU> and is helping to catch a lot of what is out there. CU> I've updated the script (AutoSNF.cmd) which is used to fetch the latest CU> definitions. I've got it s

Re[2]: [Declude.JunkMail] OT: How to define "spam" and "ham"

On Tuesday, December 21, 2004, 4:49:33 AM, Markus wrote: MG> First of all spam is anything MG> comming from nonexistant, or forged senders MG> having "hidden" content MG> But what you're asking for is the difference between our MG> human brain and stupid computers (Pete, your comment

Re[2]: [Declude.JunkMail] OT: How to define "spam" and "ham"

ce for anyone but myself, and hence the query to the list for M> feedback. I also think that the discussion could be fruitful in many M> other regards...if people would be willing to share their opinions. Absolutely. _M M> Pete McNeil wrote: >>On Tuesday, December 21, 2004, 4:

Re[2]: [Declude.JunkMail] tools/weights

On Thursday, December 23, 2004, 7:36:15 PM, Bennie wrote: B> OK... I have downloaded the trail of sniffer and installed per the B> instructions... added the lines to my Declude.cfg and $default$.junkmail. B> Now I am getting no warnings in the headers... how can I look to see if the B> test is r

Re[2]: [Declude.JunkMail] URI Blacklist External Program Beta Now Posted For Download

Since URI are a subset of the SNF rulebase it's not unlikely that there would be quite a bit of overlap. The key differences would be that SNF does not use any network resources to look up the URI and SNF does not waste any time examining URI that are not known to be seen in spam -- One of the cou

Re[4]: [Declude.JunkMail] SURBL vs. Sniffer?

On Tuesday, December 28, 2004, 11:06:59 AM, Andy wrote: AS> Hi Pete, AS> Is Sniffer performing URI checks as part of certain "return codes" only - AS> e.g., if I were to use SURBL to augment Sniffer, are there certain Sniffer AS> Return Codes that are likely to overlap with SURBL lookups - or hav

Re[4]: [Declude.JunkMail] SURBL vs. Sniffer?

On Tuesday, December 28, 2004, 11:06:59 AM, Andy wrote: AS> Hi Pete, AS> Is Sniffer performing URI checks as part of certain "return codes" only - Sorry to respond twice but I want to clear up some potential confusion - SNF includes URI as part of it's pattern matrix. It does not do any specific

Re: [Declude.JunkMail] FW: [sniffer] Sniffer Notifications now failing declude spamheaders test

On Monday, January 3, 2005, 11:30:22 AM, Marc wrote: MC> I don't mean to be a nag but this was just posted to the MC> sniffer forum and is exactly what I was talking about. It is MC> almost 48 hours after the first post discussing this bug and MC> there is still no e-mail from Declude that I am

Re: [Declude.JunkMail] High smtp traffic

On Monday, January 10, 2005, 12:10:32 PM, Markus wrote: MG> Anyone else can see an abnormal high smtp traffic this minutes? MG> I haven't identified completely but something strnage is going one here. Lot MG> of NDR's We have been seeing what I would classify as a severe spam storm today starti

[Declude.JunkMail] ping

Hello declude, ping Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To

Re: [Declude.JunkMail] DNSSTUFF.COM Web Site Down?

On Friday, January 28, 2005, 7:32:39 AM, Kim wrote: KP> It's 4:30A PST, and I cannot access the 'dnsstuff.com' web KP> site. Is anyone else having the same problem? Works fine from here. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail ca

Re[2]: [Declude.JunkMail] OT - Outsourcing email

On Friday, February 4, 2005, 7:06:04 PM, Matt wrote: M> John Tolmachoff (Lists) wrote: >>Yeah, but a little birdie told me that the president can get a little hot >>some times. >> >> M> Where's that birdie located? I'll shoot it if it has been saying bad M> things about me :) You have to kee

Re[2]: [Declude.JunkMail] OT - Outsourcing email

There are a bunch in this list I think... http://www.sortmonster.com/MessageSniffer/Referrals.html _M On Friday, February 4, 2005, 6:27:07 PM, Danny wrote: D> Looking for a email provider that includes email services, D> spam, virus detection, all in one package that has an excellent up D> tim

Re[2]: [Declude.JunkMail] inserting Sniffer log info into header

On Monday, February 7, 2005, 7:14:03 PM, Andy wrote: AS> Interesting sounds like someone would have to write an AS> External Filter.  Unless Declude is willing to "integrate" this AS> in their Sniffer support. AS>   AS> When you turn this one - where do this XHDR files appear?  AS> In the r

Re[2]: [Declude.JunkMail] Spam tests by months

On Wednesday, February 9, 2005, 5:55:48 AM, Markus wrote: MG> Hi Scott, MG>   MG> great stat's ! MG>   MG> A question about SNIFFER MG> It seems you have a much longer list of different SNIFFER return codes then I MG> Is there somewhere a complete list? MG>   MG> Markus Is this what you are loo

Re[2]: [Declude.JunkMail] domain name a name

On Friday, February 11, 2005, 8:51:46 AM, Darin wrote: DC> Most of what slips through our filters is exactly this. Unfortunately I DC> know of no way to block this short of reacting to the first one seen and DC> adding a body filter for the URL...the same thing Message Sniffer or any DC> SURBL li

Re[4]: [Declude.JunkMail] domain name a name

On Friday, February 11, 2005, 9:28:28 AM, Darin wrote: DC> Hi Pete, DC> Right... but the first few typically slip through before they're added to DC> your filters (like they would for anyone)...so we add them on the first DC> report to us as well. I'll raise the feature request again --- as soon

Re[2]: [Declude.JunkMail] Anyone with an updated Global.cfg?

Just adding to the end of the thread here... The demo of SNF is meant more to help you get things working on your system than to prove it can capture spam. The demo rulebase is behind the registered version quite a bit -- Folks have already told you that though :-) For a look at BLs to try and we

Re[4]: [Declude.JunkMail] Anyone with an updated Global.cfg?

On Wednesday, February 23, 2005, 3:06:03 PM, Scott wrote: SF> -Mad, SF> Will there be an MDLP page explaining some of the columns? SF> SQ= Spam Test Quality? SF> SI = Spam Test Result Important Count? SF> avgSD = Average Spam Test Dominance? Yes. Once I get a few minutes to rub together I'll mak

Re: [Declude.JunkMail] casino spam

On Friday, February 25, 2005, 5:40:10 PM, Kyle wrote: KF> Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Yup. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declu

Re[2]: [Declude.JunkMail] casino spam

On Friday, February 25, 2005, 5:50:45 PM, Glenn wrote: GW> I've seen several kinds of spam increase in the last day. We're seeing a new porn campaign, a new kiddie porn campaign, a ramp-up of the current M$ software rip-off (media-theft) spam. We've seen a bit of a pick-up in the casino stuff to

Re[2]: [Declude.JunkMail] casino spam

On Friday, February 25, 2005, 6:11:58 PM, David wrote: DB> Which can under certain circumstances be correct. If you had DB> signed up with the website then declude is correct in identifying DB> them as legitimate email. It is possible we could set up some DB> additional filters to help with a s

Re[2]: [Declude.JunkMail] Log Corruption

On Tuesday, March 1, 2005, 5:38:54 PM, Darrell wrote: Dsic> I though Pete had some locking mechanism built in to prevent overlapping. Dsic> Pete? Yes. This is it. (quite a lot of locking actually) This is a pet peeve of mine so I'm going to go just slightly off topic - it might help someon

Re[2]: [Declude.JunkMail] Log Corruption

On Tuesday, March 1, 2005, 5:48:17 PM, Andrew wrote: CA> (Pete isn't here much) :-( I do usually lurk though... I'll try to post more often... ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing

Re[2]: [Declude.JunkMail] Log Corruption

On Tuesday, March 1, 2005, 7:14:31 PM, Darin wrote: DC> I disagree with the struggling server logic. We saw the log corruption in a DC> test environment a year ago that had minimal traffic, say a couple thousand DC> messages a day. It was a dual 1.4GHz processor with 1 GB RAM and 10k RPM DC> SCS

Re[2]: [Declude.JunkMail] Hard time with Drugs SPAM

On Monday, March 14, 2005, 4:40:26 PM, Darin wrote: DC> Yep...It does seem to be getting worse. Sniffer is catching a lot, but a DC> lot is still slipping through, due mostly to constantly changing domain DC> names of various ages. DC> We're just supplementing Sniffer and blacklists with interna

Re[2]: [Declude.JunkMail] Automated requeuing

On Monday, March 14, 2005, 5:59:15 PM, Markus wrote: MG> 2.) Log file processing with MDLP (Modular Declude Logfile MG> Processor) written by Pete McNeil This tool does extremely fast MG> parsing of declude jm logfiles. Pete's primary intention was to MG> write a tool that&

Re[4]: [Declude.JunkMail] Automated requeuing

On Tuesday, March 15, 2005, 2:01:34 PM, Chuck wrote: CS> Pete: CS> Are you distributing this tool? [MDLP] If so I would be interested CS> in testing it out. Officially it's still in beta. I am looking for a few folks who would be willing to try out the AI and report back. Thoughts? Once we've g

Re[6]: [Declude.JunkMail] Automated requeuing

On Tuesday, March 15, 2005, 3:33:36 PM, Darin wrote: DC> I'll gladly try it and pass whatever data back for study. Thanks. I will contact you later off list. Best, _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Ju

Re: [Declude.JunkMail] Declude performance question

On Monday, March 21, 2005, 11:00:49 AM, Chase wrote: CS>   Looking at our test list (posted bellow), we likely have WAY too CS> many dns blacklists. That will be the first thing I look at. Any CS> other suggestions? I have had luck running a DNS server (resolver - bind) locally on the IMail box

Re: [Declude.JunkMail] Declude performance question

On Monday, March 21, 2005, 11:00:49 AM, Chase wrote: CS> I need some help tuning Declude for performance. Up until One other thought (pushed send too fast). You may have a test or two in there that is not responding --- causing things to time out and slow things down. If you can find it and drop

Re[2]: [Declude.JunkMail] Declude performance question

On Monday, March 21, 2005, 11:29:09 AM, Chase wrote: CS> I don' have UCEPROTECRDO, XBL-DYNA, BLKLST-SURBL CS> and HELOISIP. Can you post your definitions for those? Can I get CS> them off the declude website somehow (I couldn't find them)? UCEPROTECRDOip4rdnsbl-1.uceprotect.net 1

Re: [Declude.JunkMail] Huge reduction in hold queue

On Wednesday, March 30, 2005, 10:35:52 PM, Darin wrote: DC> Pete, DC>   DC> Have you make significant changes to the sniffer rulebase in the past couple of days? DC>   DC> I'm seeing a _huge_ reduction in hold queue messages... DC> roughly down 65%... while total message volume is steady.  Onl

Re[2]: [Declude.JunkMail] Huge reduction in hold queue

On Thursday, March 31, 2005, 9:50:05 AM, Darin wrote: DC> That is very significant, and could explain what I'm seeing. I'm going to DC> increase my delete weight a bit for a while to make sure there are no high DC> FPs. DC> I do see the following detection rates from yesterday (3/30) DC> AHBL

Re: [Declude.JunkMail] Running declude from another program

is thin enough, passes everything correctly (including the environment), and calls declude for each pass. I'm sure I'll be corrected if I'm wrong. Why do you want to do this? _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster - www.sortmons

Re: [Declude.JunkMail] Deleting emails based solely on Sniffer?

On Thursday, April 14, 2005, 8:50:12 AM, Joey wrote: JP> Can someone please explain to me why, if an email is flagged as spam by JP> Sniffer, I shouldn't just delete it outright? Are there instances where JP> Sniffer is wrong? Or is this the way you all use it already? JP> Reason I ask is that

Re[2]: [Declude.JunkMail] Sniffer Question

Sorry to but in - can't resist... ;-) The test will run only once, but it will be evaluated for each possible result (Declude is smart that way). You might even have more than one "test" use SNF and add weight.. for example, SNIFFER ... nonzero and SNFSPECIFIC ... . Many folks and the AI system's

Re: [Declude.JunkMail] Sniffer error in Declude log

On Sunday, September 11, 2005, 11:46:12 PM, Kim wrote: KP> Over the weekend, a lot of spam has been getting through. KP> Checking the Declude JunkMail log file shows the following: KP>09/10/2005 00:01:41.906 q84a2205001d48c60 ERROR: External KP> program SNIFFER didn't finish quick enough; ter

Re: [Declude.JunkMail] Sniffer & Invuribl

On Sunday, October 2, 2005, 1:23:21 PM, Serge wrote: S> Hi all, S>   S> I have been using sniffer for a year and recently add INVURIBL. S> i am trying to find the corrolation between the 2 test to set the weight. S> I tag at 10 and delete at 30.. S> I had sniffer at 14. S> now i added invuribl w

RE: [Declude.JunkMail] test

Thanks, apologies. Please no more pongs. I needed to bounce email "off-world" to debug a problem after moving our data center today. It seems ok now. _M At 10:12 PM 3/2/2004, you wrote: Pong... Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message--

Re: [Declude.JunkMail] Server Recommendation

I will leave hardware recommendations to others for now. However spam/ham ratios I can provide. Currently we are seeing typical spam/ham numbers above 77%. Often this number flirts with 80+. This is based on logs from approximately 100 systems. Live data updated several times per day: http://w

Re: [Declude.JunkMail] OT: Windows 2000 Performance Monitor

At 05:18 PM 3/18/2004, you wrote: Regarding your suggestion about a RAMDISK, Pete is actually working on a persistent instance of Sniffer with all sorts of fancy words to describe how it works :) My Matt, I'm pretty happy with the beta - so far no glitches or gotchas on my test server nor any

RE: [Declude.JunkMail] Detecting disguised url's in headers

Watch out for this rule. There will be false positives. We've tried it long ago in sniffer. It turns out that there are quite a few legit messages sent with numbered links in them... so now we only code rules for specific numbered links (or stubs of them anyway). You might try rules for partial

Re: [Declude.JunkMail] Forwarding SPAM automatically for Message Sniffer

I just stumbled onto this thread and I can't stay (work to do with sprint)... For the record, I agree with everything Matt said here, though I might make the point a little more softly. Automated spam submissions would probably be ok as long as we knew it was coming and how it was being sourced

Re: [Declude.JunkMail] Nameserver issues and Spam fighting

At 12:16 PM 4/22/2004, you wrote: With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that AT&T has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more D

[Declude.JunkMail] Announce Message Sniffer V2-3 Official Release

2004-05-08 - Message Sniffer Version 2-3 Official Release! We are proud to release the newest version of Message Sniffer. This version includes important performance and system integrity improvements including full rulebase integrity checking to protect against corrupted or failed rulebase downloa

Re[2]: [Declude.JunkMail] Detect "Test NOT Failed"

I'm just curious... Wouldn't the following work for the intended purpose (in this case)... NOTSNIFFED external 0 "." ... Specifically - an external test that fails on a zero result should work right Scott? _M On Monday, May 31, 2004, 7:01:50 PM, Matt wrote: M> I believe that MINWEIGHT 15 a

Re[2]: [Declude.JunkMail] Where is ARIN?

No problem getting there from here. multi-homed through Savvis and Sprint on a pair of T1s. _M On Wednesday, June 2, 2004, 1:03:16 PM, Glenn wrote: GW> SBC T3, can't get ARIN. GW> - Original Message - GW> From: "Rick Davidson" <[EMAIL PROTECTED]> GW> To: <[EMAIL PROTECTED]> GW> Sent: W

Re: [Declude.JunkMail] OT what a con

On Thursday, June 3, 2004, 10:52:56 AM, Lyndon wrote: LE> Thought you all might like to have a laugh at this: LE> www.unsubscribenow.org LE> Bit of a con really... I added a rule for them last night when they arrived in spam (their own and others) through at least 4 separate spamtraps. Very sad

Re: [Declude.JunkMail] Phishing attempt- site is live

We've had this one in Sniffer for a while. They were originally going after Sun Trust: Rule ID - 99546 Created - 2004-03-22 From Source - http://200.97.91. Rule Type - Numbered Link Origin - Spam Trap Original Rule Name - suntrust phishing Current Strength - 2.68760205 _M On Tuesday, June 8, 200

Re: [Declude.JunkMail] OT: A reasonable substitute for Declude Junkmail at home

et that up without too much trouble. Another option that we've used here is to provide an account for your sun on your system and then have their existing account forward their messages there. A few tweaks on the client side and the outside world would not know the difference. $0.25 _M

Re[2]: [Declude.JunkMail] Content Rules plus/vs. Sniffer?

On Thursday, June 17, 2004, 4:23:10 PM, Matt wrote: M> I recommend that everyone buy Sniffer, and it's not just because I think M> Pete is a swell guy :) The check is in the mail ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came

Re: CBL:RE: Re[2]: [Declude.JunkMail] Content Rules plus/vs. Sniffer?

On Friday, June 18, 2004, 5:13:27 AM, Markus wrote: MG> Maybe Pete can provide some tips what would be good combinations. MG> Like IP4R + SNIFFER = good because SNIFFER make's no DNS lookups MG> But not FILTERX + SNIFFER because SNIFFER checks for this already. That's a tough one. SNIFFER is int

Re: [Declude.JunkMail] Sniffer and Declude

On Tuesday, June 22, 2004, 8:59:00 AM, Bonno wrote: BB> Hi, BB> I want to score sniffer higher in my Declude points but I BB> don't want to score all sniffer results equal. There is an BB> experimental group as well as a grey group which I would like to BB> score at the level I have it now, where

Re[2]: [Declude.JunkMail] [Declude.Virus] OT- Anyone know about this latest "attack" reported by CNN?

Gosh, Mozilla won't open it either... Guess I'll be left out again. _M On Friday, June 25, 2004, 2:50:49 PM, Jeff wrote: JM> Oh darn.. The page didn't open in Opera 7.51 and Norton Antivirus 2004 JM> caught the download.ject worm.. :) JM> -Original Message- JM> From: [EMAIL PROTECTED] J

Re: [Declude.JunkMail] XML? Just Say "NO" !

I have to disagree with this. XML, when done properly, can be good both for people and for machines. I've seen it done this way, and worked with this kind of configuration for quite a while. It can be done well, and it can be done badly. When done well, a few simple conventions can make the XML fi

Re[2]: [Declude.JunkMail] GUI - End-User is the priority!

On Monday, July 12, 2004, 3:50:39 PM, R. wrote: >>Something getting lost here in the discussion of the installation GUI is >>the request from time-to-time for an end-user GUI. RSP> This is something that we would love to do -- and would have been done RSP> *years* ago if Ipswitch allowed third-pa

Re[2]: [Declude.JunkMail] XML? Just Say "NO" !

On Monday, July 12, 2004, 4:54:31 PM, Kevin wrote: KB> XML will definitly slow down the loading of Declude and I know scott will KB> not do that. XML will be a greate feature for the gateway version though. KB> Hint, Hint. I respectfully submit that this is not necessarily true. There is no clear

Re: REC: [Declude.JunkMail] XML? Just Say "NO" !

On Monday, July 12, 2004, 4:59:27 PM, decjunkmail wrote: d> I guess I wasn't clear enough -- Maybe I should be blunt: d> Editing XML files in notepad sucks! I should be able to d> quickly edit configuration files in notepad like we can do today d> with .txt or .ini files. d> Sure a simple XML f

Re: [Declude.JunkMail] Increase in porn?

On Wednesday, July 21, 2004, 11:27:33 AM, Woody wrote: WGF> Are any of you seeing an increase in explicit porn getting past Declude and WGF> Sniffer in the past few days. WGF> We are seeing a disturbing increase that will only fail some minor weighted WGF> test such as bad routing and often fail

Re[2]: [Declude.JunkMail] Increase in porn?

On Wednesday, July 21, 2004, 11:39:43 AM, Grant wrote: GGDJ> We are also seeing these very heavy the past few weeks. I forward them to GGDJ> the spam@ for sniffer on a regular basis, but they still seem to get thru on GGDJ> a regular basis. No solutions here... I've checked both of your account

Re[2]: [Declude.JunkMail] Increase in porn?

On Wednesday, July 21, 2004, 12:27:00 PM, Grant wrote: GGDJ> Yep, usually has to do something with video type stuff. The good news is that in the last two rounds of updates I've done I saw no more of this guys trash - so I think we've put a hurtin' on him. The bad news is that he is probably the

Re: [Declude.JunkMail] Copy To

On Thursday, July 22, 2004, 2:29:39 PM, Jeff wrote: JK> I would like to monitor both incoming and outgoing mail from 1 particular JK> e-mail address on my domain. What would be the easiest/simplest way of doing JK> it without the persons knowledge. Use the 'copy mail to' feature in IMail and the

Re[2]: [Declude.JunkMail] What to do about spam getting through?

we've got that one down to a trickle now - even though they keep pumping out new domains and using new zombies. _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief Sortmonster, www.sortmonster.com On Monday, July 26, 2004, 8:36:13 PM, Kevin wrote: KB> Looks like yo

[Declude.JunkMail] Error 2

Hello declude, Am I correct that "Error 2 starting external program" usually means the directory or file name is not correct? Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) --- [This E-mail was scanned for

Re: [Declude.JunkMail] usefull graphs end explanation for end users

On Monday, August 2, 2004, 10:31:52 AM, Markus wrote: MG> Anyone has created websites to explain in a simple manner MG> what happens on the Mailserver, Spam- and Virusfilter? MG>   MG> Maybe an animated GIF, or Flash-Animation "shreddering some MG> messages" that I can use on our website. We are

Re[2]: [Declude.JunkMail] usefull graphs end explanation for end users

Oh you want marketing stuff, not science stuff :-) I'll pass this on to Gonzo and see what he can do with it. _M On Monday, August 2, 2004, 12:43:08 PM, Markus wrote: >> We are working on this - it will be a few days (maybe more). >> Any thoughts that you would like to see? MG> Hmm... A gr

Re[2]: [Declude.JunkMail] usefull graphs end explanation for end users

On Monday, August 2, 2004, 12:43:08 PM, Markus wrote: >> We are working on this - it will be a few days (maybe more). >> Any thoughts that you would like to see? MG> Hmm... A group of messages (envelopes) some white, some colored with "XXX", MG> "$$$" and some nasty spots flying trough a magic

Re: [Declude.JunkMail] OT: Attachment sizes

On Wednesday, August 4, 2004, 11:52:09 AM, David wrote: DF> We have never set message size limits on our servers. Now it is DF> becoming an issue. DF> Is there any sort of standard for maximum message sizes? This is for DF> hosted customers and I'd like to be reasonable, but I don't think DF> a

Re[2]: [Declude.JunkMail] Useful external test?

On Monday, August 16, 2004, 1:36:07 PM, Andrew wrote: CA> I rarely get a complaint from my users about this kind of spam; I call it CA> "self-inflicted", where someone signs up for a "joke a day" or "daily CA> horoscope" or "diet advice" but they don't read the fine print. They CA> continue to

Re: [Declude.JunkMail] Wildcard filter

On Monday, August 23, 2004, 11:05:11 AM, Dean wrote: DL> Is it possible to use a wildcard format for a filter? The reason that I ask, DL> is that I am getting a lot of junkmail which all have similar "From" DL> senders, but the maildomain is different. So the sender will be some DL> variation of t

Re: [Declude.JunkMail] MTLDB?

On Friday, August 27, 2004, 3:19:37 AM, Alexander wrote: HA> Hello, HA> how high is your weight for this test? do you have FPs? I recommend referencing this analysis which suggests MTLB is probably not ready yet: This seems to be consistent with comments

Re: [Declude.JunkMail] New IP4R lists available for use

On Friday, August 27, 2004, 1:12:10 PM, Bill wrote: BL> Folks, I would like to announce the availability of a new IP4R database that BL> includes a blacklist, whitelist, suspicious list, and a neutral list (IP BL> address' that have not been classified). Here is the breakdown on the list BL> usag

Re: FW: [Declude.JunkMail] DMLP (Declude Modular Log Processor) XML module testers?

NOTE TO DECLUDE LIST: I was originally going to answer this off-line as it was directed to me, but once I got done writing the response it occurred to me that the same questions and issues might be important to many Declude users. So, finally, I decided to copy the list on this. If I guessed wrong,

Re: [Declude.JunkMail] Hitting the CPU Wall

On Wednesday, September 1, 2004, 11:30:56 AM, Goran wrote: GJ> I have a 1.4 GHz Celeron CPU with 512MB RAM and a RAID 1 hard drive GJ> system. We are pushing the CPU to 100% and close to 100% a lot of the GJ> time during core business hours. Declude log files report that we are GJ> So the que

Re: [Declude.JunkMail] External Tests

On Wednesday, September 1, 2004, 5:53:07 PM, Danny wrote: DS> I see on the spamchk public site that there is an DS> externaltest listed as sniffer-snake. I am assuming that the DS> sniffer portion is themessage sniffer from Sort Monster (if I am DS> wrong let me know), but I don’tknow what the sna

Re: [Declude.JunkMail] Test needed along with sniffer

On Wednesday, September 8, 2004, 11:13:18 AM, Harry wrote: HV> I am testing sniffer right now and wonder if I need to run all the other HV> tests along side it. Well, you can probably get by without the other tests, but since you have Declude it would be MUCH better if you keep the other tests in

Re: [Declude.JunkMail] eBay Phishing- Live

On Thursday, September 30, 2004, 9:25:20 AM, Kami wrote: KR> Hi; KR>   KR> http://202.149.196.236/.aw-cgicgisk/SignIn.php KR>   KR> You may want to filter the above.  Just got a phishing email.. it is active. KR>   KR> Regards, KR> Kami Interesting. We generated an active rule for this back on

Re: [Declude.JunkMail] ContainsIP with RDNS check

On Friday, October 1, 2004, 5:16:26 PM, Kevin wrote: KB> I have been running my ContainsIP external test with a reverse dns check and KB> have found the following. I have not had one report of a false positive in KB> the 5 days I have been running this test. KB> If you are interested it can be fo

  1   2   3   >