RE: [Declude.JunkMail] Increased Spam?

2003-07-08 Thread Pete McNeil
Sorry to interject but this might help: Our flow rates analysis does show a change in the last week or so. Where the spam/ham ratio was generally 75%, it is now consistently 78% or more. This is very recent. http://www.sortmonster.com/MessageSniffer/Performance/FlowRates.jsp This _may_ be

RE: [Declude.JunkMail] Using regular expressions

2003-07-11 Thread Pete McNeil
Declude users who add Message Sniffer can add custom rules to their rule base with pattern matching that approaches regex capability - and the engine is extremely efficient. _M -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday,

RE: [Declude.JunkMail] URL's in Body as IP4r type..

2003-07-11 Thread Pete McNeil
d domain would be statistically weighted to the ham corpus on a wide group... I hope this info is helpful, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

Re: [Declude.JunkMail] Feature Request: Per-Domain HoldDirectories

2003-07-12 Thread Pete McNeil
At 02:34 PM 7/12/2003 -0400, you wrote: Hello, All, I don't know if this has been discussed on the list before or not. But one feature I'd like to have added to the feature request list is the ability to have the HOLD directory be customizable on a per domain basis. If DJM Pro had this feature

Re: [Declude.JunkMail] Feature Request

2003-07-12 Thread Pete McNeil
At 12:05 PM 7/12/2003 -0700, you wrote: Since we are on feature requests, I too would like to request a new DJM feature. I'm wondering if it would be feasable for Declude to pass on decoded messages to the third-party apps (Sniffer, Alligate, SpamChk) instead of the original mail files, that way

Re: [Declude.JunkMail] Feature Request

2003-07-12 Thread Pete McNeil
At 04:00 PM 7/12/2003 -0400, you wrote: Since we are on feature requests, I too would like to request a new DJM feature. I'm wondering if it would be feasable for Declude to pass on decoded messages to the third-party apps (Sniffer, Alligate, SpamChk) instead of the original mail files, that way

RE: [Declude.JunkMail] Regarding Obfuscation

2003-07-16 Thread Pete McNeil
|On the first step it checks the entire body in ist raw format. |Before the second step any html-tags (real or invented) are removed. | |This allows to identify a lot of obfusticated keywords. | |I assume other external content-tests like Spammanager and |Sortmonster are also able to do this.

RE: [Declude.JunkMail] AVG emails bouncing?

2003-08-14 Thread Pete McNeil
We had a bad rule, it was removed yesterday. Sheldon, I hope you got my response by now. If not please let me know, also any others. Sorry for any confusion. _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Sheldon Koehler |Sent: Monday, August

Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?

2003-08-20 Thread Pete McNeil
questions please feel free to contact me off list at [EMAIL PROTECTED] Hope this helps, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief Sortmonster (www.sortmonster.com) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E

Re: [Declude.JunkMail] Another obfuscation technique

2003-08-28 Thread Pete McNeil
It really does get kind of silly after a while. The more they try to obfuscate the messages, the easier they are to pick out with filters. _M At 05:44 PM 8/27/2003 -0700, you wrote: Similar to one noted earlier (by Bill?), slightly updated: `OPFd

Re: [Declude.JunkMail] Feature request: no displayable text in body body

2003-09-05 Thread Pete McNeil
At 08:04 PM 9/5/2003 -0400, you wrote: Maybe you're not seeing everything that I sent to the list, in which case, let me reprint the body of the message and modify the links so I don't set off the filters: htmlbody center!--kpz4j815n29--a

RE: [Declude.JunkMail] Message Delay. Was: Feature request: no displayable text in body no displayable text in body

2003-09-06 Thread Pete McNeil
They would be delayed only on the first day. Ever after they would be passed normally because they would be in the list. Often delays such as this are introduced randomly in email systems due simply to system loads or perhaps the chance that the poor sap on the receiving end was buried in

Re[2]: [Declude.JunkMail] Feature request: no displayable text in body body in body body

2003-09-06 Thread Pete McNeil
At 04:00 PM 9/6/2003 -0400, you wrote: ...since a delay is mostly harmless... Pete, you're an awesome programmer, and I stand in awe of Sniffer's sophistication and penetration. Thanks. However, I think your idea is strikingly out-of-touch with the way SMTP is used in 2003. We can

RE: Re[3]: [Declude.JunkMail] Feature request: no displayable text in body body in body body

2003-09-06 Thread Pete McNeil
At 09:35 PM 9/6/2003 -0600, you wrote: FWIW, I agree. Some of my clients are bankers that exchange their documents over encrypted email and expect instant delivery. Of course, with user and domain specific configurations, these could easily be exempted from delayed processing. Indeed. However,

Re[3]: [Declude.JunkMail] Feature request: no displayable text in body body in body body in body body in body body

2003-09-06 Thread Pete McNeil
At 10:53 PM 9/6/2003 -0400, you wrote: Keep in mind that known message sources would not be delayed - only new, unknown sources. This amounts in principle to an automatic management of QOS - giving some preference to traffic that is already established. I understand the idea,

Re: [Declude.JunkMail] OBFUSCATION filter

2003-09-15 Thread Pete McNeil
Matt, It appears that your coding for a combination of http url encoding in urls is redundant since you capture both types individually. It's a small optimization, but worth mentioning. _M At 07:46 PM 9/14/2003 -0400, you wrote: I've posted a newer version of the OBFUSCATION filter on my

Re: [Declude.JunkMail] OBFUSCATION filter

2003-09-15 Thread Pete McNeil
At 05:58 AM 9/15/2003 -0400, you wrote: Matt, It appears that your coding for a combination of http url encoding in urls is redundant since you capture both types individually. It's a small optimization, but worth mentioning. _M ooops.. Sorry, I meant html. --- [This E-mail was scanned for

Re: [Declude.JunkMail] OT: SNIFFER Trial

2003-09-23 Thread Pete McNeil
The authentication code for the demo license (sniffer2) is: xnk05x5vmipeaof7 This is indicated in the examples in the distribution and on the web site. We have also just updated the web site to make this information more prominent. Sorry for the OT. _M At 02:25 PM 9/24/2003 +1000, you wrote:

RE: [Declude.JunkMail] Fw: BLOCK,MISC: MONKEYS.COM: Now retired f rom spam fighting rom spam fighting

2003-09-25 Thread Pete McNeil
| There's the root of the problem: spamming works. | | |Well, for me looks like also spam defense works :) |Calculate it ho you want: Spam defense works! |The question is how good it works without public available |spam blacklists. I think pretty well... (I'm biased). Scott publishes

[Declude.JunkMail] OT - publishing solution Was: Attacks prompt shutdown of antispam lists

2003-09-26 Thread Pete McNeil
At 07:25 PM 9/26/2003 -0400, you wrote: At 06:50 PM 09/26/2003, Pete McNeil wrote: At 02:30 PM 9/26/2003 -0700, you wrote: I've said it before, I'll say it again. It's time to leverage the power of the network agianst abuse on that same network. Pete, You are preaching to the choir ;) When

RE: [Declude.JunkMail] new methods of subjects?

2003-09-30 Thread Pete McNeil
We've been watching this. Indications are that it will be a short lived phenomena that's probably not worth filtering - since filtering would be difficult and easy to overcome. Indications from this source are that they've already begun to abandon this - if they haven't already abandoned it. If

RE: [Declude.JunkMail] URL? What does it mean?

2003-10-07 Thread Pete McNeil
Title: Message They are, theoretically, an account reference. However they are often used as parameters for spammers who track connections and they are sometimes only added as obfuscation (useless but in place to cause you confusion). The truth is that since URLs are very flexible, if you

RE: [Declude.JunkMail] COMMENTS

2003-10-13 Thread Pete McNeil
Sniffer has mechanisms like this coming up in V3, but they are strictly feature extractors that will be used by the AI to characterize the messages. It's not really practical to set simple limits/thresholds on the number or itteration of HTML elements used in the text... however there are some

[Declude.JunkMail] Watch out for your white lists...

2003-10-17 Thread Pete McNeil
, and be prepared to alter/refine your white rule strategies to compensate. If you have some legitimate messages around from ebay, amazon, and paypal then you should consider altering your white-list strategies ahead of time. Hope this helps, _M Pete McNeil (Madscientist) President, MicroNeil Research

RE: [Declude.JunkMail] Sniffer Declude logs

2003-10-23 Thread Pete McNeil
The current version of Message Sniffer has no feature to turn off logging. I recommend that you schedule a task to delete/archive the log periodically. An interim release is in the works that will implement new logging features. It will be a few weeks before this is available though. Hope this

RE: [Declude.JunkMail] Sniffer Declude logs

2003-10-24 Thread Pete McNeil
a constant over 100 smtp |connections we now have less than 20 most of the time. Mail is |now being delivered again instantly. | |I think I might test it with Postfix. | |Craig. | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil |Sent: Thursday

RE: [Declude.JunkMail] Test suggestion

2003-10-27 Thread Pete McNeil
You might also have a companion test(s). Count of IMG links that are for attached images. Count of IMG links that are for linked images. -- these turn out to be valuable features for our AI when combining metrics w/ HTML/TEXT ratios etc. They may be good weighted tests to try. _M

RE: [Declude.JunkMail] Body filters

2003-11-03 Thread Pete McNeil
Sniffer is, in part, a body filter. It is currently matching more than 15000 heuristics in under 90ms typ (300ms load time) on our p2-450 NT test bed. You can include your own rulebase if you wish. Hope this helps, _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL

RE: [Declude.JunkMail] Body filters

2003-11-03 Thread Pete McNeil
PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, November 03, 2003 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Body filters Sniffer is, in part, a body filter. It is currently matching more than 15000 heuristics in under 90ms typ

RE: [Declude.JunkMail] Non-alpha-numeric subject filter

2003-11-06 Thread Pete McNeil
Title: Message Scott, A good add-on test might be a count of punctuation characters in the subject. That would be very close to this suggestion but might be easier to use and require less processing. In particular the drug "member augmentation" folks are on a tear lately obfuscating

RE: [Declude.JunkMail] OT: Do you use ColdFusion? - Java?

2003-11-06 Thread Pete McNeil
Title: Message OT - sort of. We do most of our heavy web work in Java/JSP.We've tossed around the idea of building a Java app that would accept HTTP connections (perhaps on an alternate port) and provide an interface to Declude other spam management tools for users admins. Our

Re: [Declude.JunkMail] OT: Do you use ColdFusion? - Java?

2003-11-06 Thread Pete McNeil
impressed with your architecture after three days of trialing your product. Matt Pete McNeil wrote: OT - sort of. We do most of our heavy web work in Java/JSP. We've tossed around the idea of building a Java app that would accept HTTP connections (perhaps on an alternate port) and provide an interface

Re: [Declude.JunkMail] OT: Do you use ColdFusion? - Java?

2003-11-06 Thread Pete McNeil
At 07:16 PM 11/6/2003, you wrote: As a dedicated Java app it would be cross-platform compatible (in theory), relatively secure, lightweight, and could be configured to run along side any web services that might be present (such as KWM). In an IMail environment we could even present a

[Declude.JunkMail] Announce: Message Sniffer Peer-Server Wide Beta

2003-11-28 Thread Pete McNeil
, Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster, www.SortMonster.com VOX: 703-406-2016 FAX: 703-406-2017 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list

RE: [Declude.JunkMail] Subject Starts with

2003-12-02 Thread Pete McNeil
I recommend a simple scheme of simple characters and escape sequences. Borrowing from our Message Sniffer rule coding, how about _ as a space, and if you really need the _ character itself then you use \_. Then you also have to use \\ when you want the \, but that's a small price to pay and it's

RE: [Declude.JunkMail] Subject Starts with

2003-12-02 Thread Pete McNeil
Ha ha ha! plop... (laughs his head off) |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry |Sent: Monday, December 01, 2003 6:22 PM |To: [EMAIL PROTECTED] |Subject: Re: [Declude.JunkMail] Subject Starts with | | |Oh, yes, now it get it...

Re: [Declude.JunkMail] sniffer

2003-12-03 Thread Pete McNeil
Brad, That's right. :-) Heuristics for patterns are grouped by the spam that prompts us to generate them, or by how we created them. Most of the time they are at least close to classifying the type of spam. Each system that uses Message Sniffer is encouraged to specify adjustable weights for

Re: [Declude.JunkMail] Multiple Actions/ExternalPlus/Sniffer

2003-12-05 Thread Pete McNeil
I'm not sure I'm following you... but I think what you might need is an additional license. Suppose you create one rulebase that will contain only your white rules. Then leave the normal sniffer rulebase alone. The small rulebase with the white rules will be so small as to require nearly no

Re: [Declude.JunkMail] Web-o-Trust

2003-12-10 Thread Pete McNeil
At 06:27 PM 12/10/2003, you wrote: I'm with Todd here. I see very little value here. I don't have a problem with blocking E-mail from snip I'm not against the idea of having some form of a registry, however the root of the problem is in differentiating among the gray stuff and not among the

RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust

2003-12-10 Thread Pete McNeil
At 08:53 PM 12/10/2003, you wrote: Still trying to digest all the info. begin with. Maybe it might be useful to have a conversation about alternative uses for such a program? I'm definitely interested in sharing some whitelists and blacklists based on the above stated criteria, but only if

RE: [Declude.JunkMail] Web-o-Trust

2003-12-10 Thread Pete McNeil
At 09:33 PM 12/10/2003, you wrote: Hi Pete: Very informative. As much as I like and will support the concept, I couldn't help but cringe that someone comes up with a new web-based system - and then defines their proprietary formatting for their config file instead of trying to reuse existing

RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust

2003-12-11 Thread Pete McNeil
| Any solution that requires secrecy will be some combination |of: little | benefit, difficult to impossible to deploy, and/or easy to |compromise | once discovered. | |Well, Williams post of his file is a good example. Any (not if |I am sure) spammer that may read this list now sees that

RE: [Declude.JunkMail] Discussing of Anti-Spam filters. Was Web-o-Trust

2003-12-11 Thread Pete McNeil
|What I am proposing is to set up a website that would require |a username and password. Each user would have their own |directory to place files they wish to allow others to view and |use. They would be the only one that could modify those files. |Everyone who was a member could view all the

RE: [Declude.JunkMail] AOL and Reverse DNS

2003-12-16 Thread Pete McNeil
Isn't the IETF supposed to be this body? _M At 09:14 PM 12/16/2003, you wrote: I would agree with this type of governing body. One that sets standards like RDNS entries and what they mean. pessimistic rant But it is still up to each mail admin(s) to implement an anti-spam policy. And the

RE: [Declude.JunkMail] AOL and Reverse DNS

2003-12-17 Thread Pete McNeil
se DNS Probably, but if so, they're not doing their job. We need an organization that is less ivory tower and more proactive in enforcing standards and best practices. Darin. - Original Message - From: Pete McNeil To: [EMAIL PROTECTED] Sent: Tuesday, Dece

RE: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts

2003-12-19 Thread Pete McNeil
Hm No sir, I don't like it! In the end where this is headed is that if you belong to their group then they will legitimize any messages that you send... then they will use their combined resources to loby and otherwise make it a bad thing for you to do any kind of filtering to their messages.

RE: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts

2003-12-19 Thread Pete McNeil
|Pete McNeil wrote: | |A tip-off is that the counter to this argument is up-front in their |proposal. Specifically that they will create and manage a mechanism |that tracks the end-user's subscrbe/unsubscribe requests... I think |this is a lot like putting the foxes in charge of the hen house

RE: [Declude.JunkMail] coded subject line

2004-01-07 Thread Pete McNeil
We've had a number of customers try filters like this for subjects. Sometimes it works great, many times there are huge volumes of false positives. It is definitely specific to each system. $0.02 _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of

RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of SPAMC32

2004-01-09 Thread Pete McNeil
Wow _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of nick |Sent: Friday, January 09, 2004 9:49 AM |To: [EMAIL PROTECTED] |Subject: Re: Re[2]: [Declude.JunkMail] ANN: Declude RegEx |support in next release of SPAMC32 | | |Bill, | |I might give it a

RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of SPAMC32

2004-01-09 Thread Pete McNeil
12:35 PM |To: '[EMAIL PROTECTED]' |Subject: RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx |support in next release of SPAMC32 | | |Gee, Pete. Are you commenting on the sheer number of tests or |which test had the most hits? | |Andrew ;) | |-Original Message- |From: Pete McNeil [mailto

RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of SPAMC32

2004-01-09 Thread Pete McNeil
|Bill, Pete - | snip |accuracy. eg: false positives. Sniffer is a very good tool |however it scores - at least with the demo rulebase on my |system - false positives. I score it with 3 points. SA on the |other hand has *very* few false positives so it gets an 8. No |question if I had the

RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of SPAMC32

2004-01-09 Thread Pete McNeil
|One thing you should definitely do with sniffer is to weight group 60 |lower than the others. Group 60 is the gray hosting group which will snip |I would if I knew how..; actually I do not know what Group 60 snip |-Nick Hayer Easy with Declude. (Scott, correct me if I get this wrong) You

RE: Re[2]: [Declude.JunkMail] ANN: Declude RegEx support in next release of SPAMC32

2004-01-09 Thread Pete McNeil
|Pete, correct me if I am wrong, but I thought that with the |free version you could only track two response codes, 55 |(malware) 63 (general)? Since about October last year we also isolated the gray hosting rule group (60) so that people could more readily evaluate sniffer with fewer false

Re: [Declude.JunkMail] Whitelist strategy needed

2004-01-17 Thread Pete McNeil
We (SortMonster) can easily create custom white rules for this specific message as part of our normal subscription policy. Please let us know if that's what you'd like to do. Another thing also is that you could code such a rule to an alternate symbol (such as 10 for example) and have Declude

RE: [Declude.JunkMail] Underscore in domain..

2004-01-20 Thread Pete McNeil
I don't think Mailfrom can do it because parsing is limited. In Message Sniffer I can code @$+\_$+\.com ...which means any underscore bounded by any number of letters between an @ and a dotcom. I want to research a bit more before pulling the trigger on this but it looks like a good rule. I will

Re: [Declude.JunkMail] OT: Domain Registrar recommendation

2004-01-31 Thread Pete McNeil
We have been very happy with DirectNic. _M At 01:05 AM 1/31/2004, you wrote: Anyone using a registrar that they like? I want to get some of my clients accounts off of NetSol. I have some registered at www.dotearth.com but I would like a registrar that I can maintain multiple domains from a

Re: [Declude.JunkMail] Blocking the attached message

2004-02-03 Thread Pete McNeil
These folks pop up every few days with a dozen pair of new domains to use. They begin broadcasting all of these at once and we usually nail them in a single pass. They are very consistent about the way they do this. AFAIKT once we've nailed them they're not getting through... We're waiting for

Re: AW: [Declude.JunkMail] Blocking the attached message

2004-02-03 Thread Pete McNeil
The image files tend to change just slightly less often than the domains. The image files appear to change once per campaign so far - but that's likely to change in the near future I think. The IP source is broadly distributed through the internet - these folks are using zombies. HTH, _M At

Re: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Pete McNeil
In terms of scale, I would expect to see a server handle not much more than 500,000 messages in a full Declude/IMail environment, and with an average of more than 10 pieces of spam per address per day, a solution of this sort would need to effectively resolve against 50,000 or so E-mail

Re[2]: [Declude.JunkMail] OT: IMAIL - AD

2004-02-10 Thread Pete McNeil
Sorry about that - I seem to have stepped into a bit of a tiff. I was skimming and saw a Sniffer reference and jumped in - I shouldn't do that (I should get more sleep). At any rate, the pattern matching engine can run at any point... Sniffer as it is packaged now runs after submission, but the

RE: [Declude.JunkMail] test

2004-03-02 Thread Pete McNeil
Thanks, apologies. Please no more pongs. I needed to bounce email off-world to debug a problem after moving our data center today. It seems ok now. _M At 10:12 PM 3/2/2004, you wrote: Pong... Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original

Re: [Declude.JunkMail] Server Recommendation

2004-03-12 Thread Pete McNeil
I will leave hardware recommendations to others for now. However spam/ham ratios I can provide. Currently we are seeing typical spam/ham numbers above 77%. Often this number flirts with 80+. This is based on logs from approximately 100 systems. Live data updated several times per day:

Re: [Declude.JunkMail] OT: Windows 2000 Performance Monitor

2004-03-18 Thread Pete McNeil
At 05:18 PM 3/18/2004, you wrote: Regarding your suggestion about a RAMDISK, Pete is actually working on a persistent instance of Sniffer with all sorts of fancy words to describe how it works :) My Matt, I'm pretty happy with the beta - so far no glitches or gotchas on my test server nor

RE: [Declude.JunkMail] Detecting disguised url's in headers

2004-03-19 Thread Pete McNeil
Watch out for this rule. There will be false positives. We've tried it long ago in sniffer. It turns out that there are quite a few legit messages sent with numbered links in them... so now we only code rules for specific numbered links (or stubs of them anyway). You might try rules for

Re: [Declude.JunkMail] Forwarding SPAM automatically for Message Sniffer

2004-03-26 Thread Pete McNeil
I just stumbled onto this thread and I can't stay (work to do with sprint)... For the record, I agree with everything Matt said here, though I might make the point a little more softly. Automated spam submissions would probably be ok as long as we knew it was coming and how it was being sourced

Re: [Declude.JunkMail] Nameserver issues and Spam fighting

2004-04-22 Thread Pete McNeil
At 12:16 PM 4/22/2004, you wrote: With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more

[Declude.JunkMail] Announce Message Sniffer V2-3 Official Release

2004-05-09 Thread Pete McNeil
2004-05-08 - Message Sniffer Version 2-3 Official Release! We are proud to release the newest version of Message Sniffer. This version includes important performance and system integrity improvements including full rulebase integrity checking to protect against corrupted or failed rulebase

Re[2]: [Declude.JunkMail] Detect Test NOT Failed

2004-05-31 Thread Pete McNeil
I'm just curious... Wouldn't the following work for the intended purpose (in this case)... NOTSNIFFED external 0 . ... Specifically - an external test that fails on a zero result should work right Scott? _M On Monday, May 31, 2004, 7:01:50 PM, Matt wrote: M I believe that MINWEIGHT 15

Re: [Declude.JunkMail] OT what a con

2004-06-03 Thread Pete McNeil
On Thursday, June 3, 2004, 10:52:56 AM, Lyndon wrote: LE Thought you all might like to have a laugh at this: LE www.unsubscribenow.org LE Bit of a con really... I added a rule for them last night when they arrived in spam (their own and others) through at least 4 separate spamtraps. Very sad,

Re: [Declude.JunkMail] Phishing attempt- site is live

2004-06-08 Thread Pete McNeil
We've had this one in Sniffer for a while. They were originally going after Sun Trust: Rule ID - 99546 Created - 2004-03-22 From Source - http://200.97.91. Rule Type - Numbered Link Origin - Spam Trap Original Rule Name - suntrust phishing Current Strength - 2.68760205 _M On Tuesday, June 8,

Re: [Declude.JunkMail] OT: A reasonable substitute for Declude Junkmail at home

2004-06-10 Thread Pete McNeil
trouble. Another option that we've used here is to provide an account for your sun on your system and then have their existing account forward their messages there. A few tweaks on the client side and the outside world would not know the difference. $0.25 _M Pete McNeil (Madscientist) President

Re[2]: [Declude.JunkMail] Content Rules plus/vs. Sniffer?

2004-06-17 Thread Pete McNeil
On Thursday, June 17, 2004, 4:23:10 PM, Matt wrote: snip/ M I recommend that everyone buy Sniffer, and it's not just because I think M Pete is a swell guy :) The check is in the mail ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail

Re: CBL:RE: Re[2]: [Declude.JunkMail] Content Rules plus/vs. Sniffer?

2004-06-18 Thread Pete McNeil
On Friday, June 18, 2004, 5:13:27 AM, Markus wrote: MG Maybe Pete can provide some tips what would be good combinations. MG Like IP4R + SNIFFER = good because SNIFFER make's no DNS lookups MG But not FILTERX + SNIFFER because SNIFFER checks for this already. That's a tough one. SNIFFER is

Re: [Declude.JunkMail] Sniffer and Declude

2004-06-22 Thread Pete McNeil
On Tuesday, June 22, 2004, 8:59:00 AM, Bonno wrote: BB Hi, BB I want to score sniffer higher in my Declude points but I BB don't want to score all sniffer results equal. There is an BB experimental group as well as a grey group which I would like to BB score at the level I have it now, where I

Re[2]: [Declude.JunkMail] [Declude.Virus] OT- Anyone know about this latest attack reported by CNN?

2004-06-25 Thread Pete McNeil
Gosh, Mozilla won't open it either... Guess I'll be left out again. _M On Friday, June 25, 2004, 2:50:49 PM, Jeff wrote: JM Oh darn.. The page didn't open in Opera 7.51 and Norton Antivirus 2004 JM caught the download.ject worm.. :) JM -Original Message- JM From: [EMAIL PROTECTED] JM

Re: [Declude.JunkMail] XML? Just Say NO !

2004-07-12 Thread Pete McNeil
I have to disagree with this. XML, when done properly, can be good both for people and for machines. I've seen it done this way, and worked with this kind of configuration for quite a while. It can be done well, and it can be done badly. When done well, a few simple conventions can make the XML

Re[2]: [Declude.JunkMail] GUI - End-User is the priority!

2004-07-12 Thread Pete McNeil
On Monday, July 12, 2004, 3:50:39 PM, R. wrote: Something getting lost here in the discussion of the installation GUI is the request from time-to-time for an end-user GUI. RSP This is something that we would love to do -- and would have been done RSP *years* ago if Ipswitch allowed third-party

Re[2]: [Declude.JunkMail] XML? Just Say NO !

2004-07-12 Thread Pete McNeil
On Monday, July 12, 2004, 4:54:31 PM, Kevin wrote: KB XML will definitly slow down the loading of Declude and I know scott will KB not do that. XML will be a greate feature for the gateway version though. KB Hint, Hint. I respectfully submit that this is not necessarily true. There is no clear

Re: REC: [Declude.JunkMail] XML? Just Say NO !

2004-07-12 Thread Pete McNeil
On Monday, July 12, 2004, 4:59:27 PM, decjunkmail wrote: d I guess I wasn't clear enough -- Maybe I should be blunt: d Editing XML files in notepad sucks! I should be able to d quickly edit configuration files in notepad like we can do today d with .txt or .ini files. d Sure a simple XML file

Re: [Declude.JunkMail] Increase in porn?

2004-07-21 Thread Pete McNeil
On Wednesday, July 21, 2004, 11:27:33 AM, Woody wrote: WGF Are any of you seeing an increase in explicit porn getting past Declude and WGF Sniffer in the past few days. WGF We are seeing a disturbing increase that will only fail some minor weighted WGF test such as bad routing and often fail no

Re[2]: [Declude.JunkMail] Increase in porn?

2004-07-21 Thread Pete McNeil
On Wednesday, July 21, 2004, 11:39:43 AM, Grant wrote: GGDJ We are also seeing these very heavy the past few weeks. I forward them to GGDJ the spam@ for sniffer on a regular basis, but they still seem to get thru on GGDJ a regular basis. No solutions here... I've checked both of your accounts.

Re[2]: [Declude.JunkMail] Increase in porn?

2004-07-21 Thread Pete McNeil
On Wednesday, July 21, 2004, 12:27:00 PM, Grant wrote: GGDJ Yep, usually has to do something with video type stuff. The good news is that in the last two rounds of updates I've done I saw no more of this guys trash - so I think we've put a hurtin' on him. The bad news is that he is probably the

Re: [Declude.JunkMail] Copy To

2004-07-22 Thread Pete McNeil
On Thursday, July 22, 2004, 2:29:39 PM, Jeff wrote: JK I would like to monitor both incoming and outgoing mail from 1 particular JK e-mail address on my domain. What would be the easiest/simplest way of doing JK it without the persons knowledge. Use the 'copy mail to' feature in IMail and then

Re[2]: [Declude.JunkMail] What to do about spam getting through?

2004-07-26 Thread Pete McNeil
got that one down to a trickle now - even though they keep pumping out new domains and using new zombies. _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief Sortmonster, www.sortmonster.com On Monday, July 26, 2004, 8:36:13 PM, Kevin wrote: KB Looks like you have a good

[Declude.JunkMail] Error 2

2004-07-30 Thread Pete McNeil
Hello declude, Am I correct that Error 2 starting external program usually means the directory or file name is not correct? Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) --- [This E-mail was scanned for viruses

Re: [Declude.JunkMail] usefull graphs end explanation for end users

2004-08-02 Thread Pete McNeil
On Monday, August 2, 2004, 10:31:52 AM, Markus wrote: MG Anyone has created websites to explain in a simple manner MG what happens on the Mailserver, Spam- and Virusfilter? MG   MG Maybe an animated GIF, or Flash-Animation shreddering some MG messages that I can use on our website. We are

Re[2]: [Declude.JunkMail] usefull graphs end explanation for end users

2004-08-02 Thread Pete McNeil
Oh you want marketing stuff, not science stuff :-) I'll pass this on to Gonzo and see what he can do with it. _M On Monday, August 2, 2004, 12:43:08 PM, Markus wrote: We are working on this - it will be a few days (maybe more). Any thoughts that you would like to see? MG Hmm... A group

Re[2]: [Declude.JunkMail] usefull graphs end explanation for end users

2004-08-02 Thread Pete McNeil
On Monday, August 2, 2004, 12:43:08 PM, Markus wrote: We are working on this - it will be a few days (maybe more). Any thoughts that you would like to see? MG Hmm... A group of messages (envelopes) some white, some colored with XXX, MG $$$ and some nasty spots flying trough a magic box. Only

Re: [Declude.JunkMail] OT: Attachment sizes

2004-08-04 Thread Pete McNeil
On Wednesday, August 4, 2004, 11:52:09 AM, David wrote: DF We have never set message size limits on our servers. Now it is DF becoming an issue. DF Is there any sort of standard for maximum message sizes? This is for DF hosted customers and I'd like to be reasonable, but I don't think DF

Re[2]: [Declude.JunkMail] Useful external test?

2004-08-16 Thread Pete McNeil
On Monday, August 16, 2004, 1:36:07 PM, Andrew wrote: snip/ CA I rarely get a complaint from my users about this kind of spam; I call it CA self-inflicted, where someone signs up for a joke a day or daily CA horoscope or diet advice but they don't read the fine print. They CA continue to get

Re: [Declude.JunkMail] Wildcard filter

2004-08-23 Thread Pete McNeil
On Monday, August 23, 2004, 11:05:11 AM, Dean wrote: DL Is it possible to use a wildcard format for a filter? The reason that I ask, DL is that I am getting a lot of junkmail which all have similar From DL senders, but the maildomain is different. So the sender will be some DL variation of the

Re: [Declude.JunkMail] MTLDB?

2004-08-27 Thread Pete McNeil
On Friday, August 27, 2004, 3:19:37 AM, Alexander wrote: HA Hello, HA how high is your weight for this test? do you have FPs? I recommend referencing this analysis which suggests MTLB is probably not ready yet: http://www2.spamchk.com/public.html This seems to be consistent with comments on

Re: [Declude.JunkMail] New IP4R lists available for use

2004-08-27 Thread Pete McNeil
On Friday, August 27, 2004, 1:12:10 PM, Bill wrote: BL Folks, I would like to announce the availability of a new IP4R database that BL includes a blacklist, whitelist, suspicious list, and a neutral list (IP BL address' that have not been classified). Here is the breakdown on the list BL usage:

Re: FW: [Declude.JunkMail] DMLP (Declude Modular Log Processor) XML module testers?

2004-08-31 Thread Pete McNeil
NOTE TO DECLUDE LIST: I was originally going to answer this off-line as it was directed to me, but once I got done writing the response it occurred to me that the same questions and issues might be important to many Declude users. So, finally, I decided to copy the list on this. If I guessed

Re: [Declude.JunkMail] Hitting the CPU Wall

2004-09-01 Thread Pete McNeil
On Wednesday, September 1, 2004, 11:30:56 AM, Goran wrote: snip/ GJ I have a 1.4 GHz Celeron CPU with 512MB RAM and a RAID 1 hard drive GJ system. We are pushing the CPU to 100% and close to 100% a lot of the GJ time during core business hours. Declude log files report that we are snip/ GJ So

Re: [Declude.JunkMail] External Tests

2004-09-01 Thread Pete McNeil
On Wednesday, September 1, 2004, 5:53:07 PM, Danny wrote: DS I see on the spamchk public site that there is an DS externaltest listed as sniffer-snake. I am assuming that the DS sniffer portion is themessage sniffer from Sort Monster (if I am DS wrong let me know), but I don’tknow what the snake

Re: [Declude.JunkMail] Test needed along with sniffer

2004-09-08 Thread Pete McNeil
On Wednesday, September 8, 2004, 11:13:18 AM, Harry wrote: HV I am testing sniffer right now and wonder if I need to run all the other HV tests along side it. Well, you can probably get by without the other tests, but since you have Declude it would be MUCH better if you keep the other tests in

Re: [Declude.JunkMail] eBay Phishing- Live

2004-09-30 Thread Pete McNeil
On Thursday, September 30, 2004, 9:25:20 AM, Kami wrote: KR Hi; KR   KR http://202.149.196.236/.aw-cgicgisk/SignIn.php KR   KR You may want to filter the above.  Just got a phishing email.. it is active. KR   KR Regards, KR Kami Interesting. We generated an active rule for this back on

Re: [Declude.JunkMail] ContainsIP with RDNS check

2004-10-01 Thread Pete McNeil
On Friday, October 1, 2004, 5:16:26 PM, Kevin wrote: KB I have been running my ContainsIP external test with a reverse dns check and KB have found the following. I have not had one report of a false positive in KB the 5 days I have been running this test. KB If you are interested it can be found

Re: [Declude.JunkMail] annoying spammer

2004-10-03 Thread Pete McNeil
On Monday, October 4, 2004, 12:22:30 AM, i360 wrote: iS We have been swamped with spam from United Email Marketing. iS Below is a list of IP addresses and domains used to send the crap. iS Sniffer does not catch them and I can't stop them. ??? I did some checking. We've had rules for most (all

  1   2   3   >