On Tuesday, January 4, 2005, 6:13:24 PM, Matt wrote:
M I've noted that dictionary attack type spam is generally of this
M variety, and while you are probably blocking a great deal of this, the
M sheer volume makes it look like you aren't doing that well against it.
M I've also noted that the
On Wednesday, January 5, 2005, 12:41:34 AM, Computer wrote:
CHS Correction, make that 23 meg!
Thanks for the heads up --- something is wrong, I'll figure it out.
You compiled with 231000 rules!
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
Yep, just checked mine rulebase too, went from 17mb to just under 25mb.
Things still appear to be functioning okay.
Bill
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 04, 2005 9:49 PM
To: Computer House Support
Subject: Re[2]: [sniffer] RuleBase
On Monday, January 3, 2005, 5:34:40 PM, Jeff wrote:
JW Hello:
JW Was there a consensus reached on the script for automatic/triggered rule
JW base for windows boxes? If so, would someone be kind enough to send it my
JW way.
JW Any help would be greatly appreicated as I am new to sniffer.
I
On Monday, January 3, 2005, 5:34:40 PM, Jeff wrote:
JW Hello:
JW Was there a consensus reached on the script for automatic/triggered rule
JW base for windows boxes? If so, would someone be kind enough to send it my
JW way.
JW Any help would be greatly appreicated as I am new to sniffer.
I've
On Wednesday, December 29, 2004, 2:31:18 AM, Landry wrote:
snip/
LW 2) I personally find it to be a bit messy to have everything
LW running from within my Sniffer directory. After all of the
LW other CMD files, old rulebases, service related files, logs,
LW etc., it's not obvious what
On Wednesday, December 29, 2004, 3:45:43 PM, Landry wrote:
LW Documenting and troubleshooting rule creation/configuration I think would
LW only add to the complexity. Also, many admins do not host their corporate
LW domains on IMail. For example, SortMonster was sending my update
LW
On Tuesday, December 28, 2004, 12:49:21 PM, Jim wrote:
JM I agree that something needs to be done about the update scripts that are
JM inadvertently downloading the full rulebase all the time. I didn't even
JM know it but we were doing this until I went through our update script again
JM this
[EMAIL PROTECTED]
To: Jim Matuska sniffer@SortMonster.com
Sent: Tuesday, December 28, 2004 11:12 AM
Subject: Re[2]: [sniffer] Downloads are slow...
On Tuesday, December 28, 2004, 12:49:21 PM, Jim wrote:
JM I agree that something needs to be done about the update scripts that
are
JM inadvertently
sniffer@SortMonster.com
Sent: Tuesday, December 28, 2004 11:12 AM
Subject: Re[2]: [sniffer] Downloads are slow...
On Tuesday, December 28, 2004, 12:49:21 PM, Jim wrote:
JM I agree that something needs to be done about the update scripts that
are
JM inadvertently downloading the full rulebase all
- Original Message -
From: Jim Matuska [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Tuesday, December 28, 2004 7:26 PM
Subject: Re: Re[2]: [sniffer] Downloads are slow...
So far it seems to be working, at least it doesn't seem to be downloading
the rulebase yet, I'll have to see if it does
On Monday, December 27, 2004, 12:46:19 PM, Landry wrote:
LW Are folks taking advantage of the wget compression option before
LW downloading their rulebase updates? If the slow download speeds are a
LW bandwidth saturation issue on the Sniffer end, this would certainly cut down
LW on the
Title: Re: Re[2]: [sniffer] Sniffer Updates
Automate harassment reminders to those of us not using it. :)
I think I'll go enable gzip tonight
-Original Message-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: Landry William sniffer@SortMonster.com
Sent: Mon Dec 27 12:36:06 2004
Title: Re: Re[2]: [sniffer] Sniffer Updates
Does anyone have any good instructions on how to
modify your update scripts to use gzip?
Jim Matuska Jr.Computer Tech2, CCNANez
Perce TribeInformation Systems[EMAIL PROTECTED]
- Original Message -
From:
Tom Baker |
Netsmith Inc
Title: Re: Re[2]: [sniffer] Sniffer Updates
See http://www.sortmonster.com/MessageSniffer/Help/AutomatingUpdatesHelp.htmlfor
some sample scripts.
Bill
-Original Message-From: Jim Matuska
[mailto:[EMAIL PROTECTED]Sent: Monday, December 27, 2004 10:51
AMTo: sniffer
Title: Re: Re[2]: [sniffer] Sniffer Updates
I made this one, which is probably also somewhere on the
sniffer site. Change directories and keys for your use:
d:
cd\Batch Files\Sniffer
wget http://sniffer:[EMAIL PROTECTED]/Sniffer/Updates/key.snf -O key.snf.gz --timestamping
--header=Accept
On Wednesday, December 22, 2004, 12:06:17 PM, Matt wrote:
M Scott Fosseen wrote:
snip/
M So my understanding is that IMail will still be updated for existing users.
M ...sure, for a 40% increase in cost for your support contract,
M and absolutely no guarantee that they won't again
On Tuesday, December 21, 2004, 12:51:19 PM, Andrew wrote:
CA It sounds good to me, Pete.
CA May I humbly suggest that this be a new result code, e.g. 046? Until
CA now, Message Sniffer has been very parsimonious with the new categories,
CA but this looks like one that will be here for a long
On Tuesday, December 21, 2004, 1:13:15 PM, Matt wrote:
M Given that the precision is difficult to assign under the single result
M framework, I don't doubt the choice. Might I suggest creating a
M sub-group for the three main types of backscatter so that individuals
M can turn them off as a
On Monday, December 20, 2004, 8:49:50 AM, Russ wrote:
snip/
Avoiding that time period and following the staggered schedule we have
suggested will help quite a bit. Even better if updates can be
triggered by our update notifications since this allows our system to
pace downloads and use the
]
On Behalf Of Pete McNeil
Sent: Wednesday, December 15, 2004 7:00 PM
To: Greg Wanner
Subject: Re[2]: [sniffer] Download server is really slow..
According to the logs there was a run on the server at this time...
apparently quite a few servers downloading at the top of the hour - all
competing.
If you use
According to the logs there was a run on the server at this time...
apparently quite a few servers downloading at the top of the hour -
all competing.
If you use a scheduled task for getting your rulebase files, please
stagger your download schedule according to the chart here:
]
On
Behalf Of ~ ROB @ ZELLEM ~
Sent: Wednesday, December 15, 2004 1:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Re[2]: [sniffer] Few questions
hey guys..
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com
Pete,
FWIW, it appears that I just had a bad download. I re-downloaded it, and
it's running w/o errors. Thx.
---
Marc
MH I downloaded the sniffer demo a couple of days ago and finally installed
it
MH to run as an external test w/Declude today. I ran it all morning w/o any
MH problems. This
On Friday, December 10, 2004, 1:11:48 PM, Rick wrote:
RR it's the 'definition' of what is my rulebase that is unclear here.
RR Specifically, if I add a domain name in the file 'whitelist.sender' in my
RR mxguard directory (under my imail directory), will this be recognized
RR without restarting
On Monday, December 6, 2004, 4:12:19 PM, Keith wrote:
KJ Pete,
KJ I saw one last week upon updating at:
KJ http://www.sortmonster.com/MessageSniffer/Installation/HowTo.html
KJ Under the heading:
KJ Where to start (with the demo!):
KJ I hope this helps.
All fixed. Thanks!
_M
On Friday, December 3, 2004, 8:53:26 AM, Joe wrote:
JW OK, I'm confused. First I admit I don't spend much time on Sniffer or
JW Declude settings, and I haven't learned the programs very well.
JW I used the default Sniffer config files. If I changed as indicated below
JW will it catch more
On Thursday, December 2, 2004, 4:15:43 PM, Jim wrote:
JM Pete,
JM We have rules setup in declude based upon sniffer return codes 60 and 62 to
JM mark all messages with those tests as spam, however we do not have any 61 or
JM 62 return codes setup. Can you briefly explain what each of these
On Tuesday, November 30, 2004, 12:25:58 PM, Scott wrote:
SF I've noticed the trickle is a little larger as of late.
SF I attribute it to a potential surge in SPAM trying to get people to buy
SF before Christmas.
There is definitely that - and there have been a few odd surges
lately, where the
On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote:
CS Yes,
CS I have seen three pieces of spam over and over again - two for drugs and one
CS porn. I am running the latest version, rules are up to date, no on the log
CS files, I am forwarding the emails to [EMAIL PROTECTED]
CS I was
)
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 30, 2004 9:56 AM
To: Chuck Schick
Subject: Re[2]: [sniffer] Recent SPAM
On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote:
CS Yes,
CS I have seen three pieces of spam over and over again - two
To: Chuck Schick
Subject: Re[2]: [sniffer] Recent SPAM
On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote:
CS Yes,
CS I have seen three pieces of spam over and over again - two for drugs
and one
CS porn. I am running the latest version, rules are up to date, no on
the log
CS
be counted. - Albert Einstein
_
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Scott Fosseen [EMAIL PROTECTED]
Sent: Sunday, November 28, 2004 7:42 PM
Subject: Re[2]: [sniffer] Not Getting Updates
On Sunday
On Tuesday, November 23, 2004, 6:08:34 AM, Bonno wrote:
BB Hi,
BB Just to let you know. We had a problem after updating to 2.3.2 this morning
BB where suddenly a lot of our internal mail got caught as spam by sniffer. Ive
BB allready sent a report to the support address. For whatever reason I
On Tuesday, November 23, 2004, 6:33:13 AM, System wrote:
SA on 11/23/04 6:08 AM, Bonno Bloksma wrote:
Just to let you know. We had a problem after updating to 2.3.2 this morning
snip/
All I did was replace the 2.3.1 exe with the 2.3.2 exe (of course with the
correct id name).
SA Bonno,
SA
on 11/23/04 12:22 PM, Landry William wrote:
No problems experienced here on either of our servers
I installed it. No problems so far.
Greg
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
Hi,
BB Just to let you know. We had a problem after updating to 2.3.2 this
morning
BB where suddenly a lot of our internal mail got caught as spam by
sniffer. Ive
BB allready sent a report to the support address. For whatever reason I
could
BB net send to the false@ address.
BB All I did
Pete,
We plan to, working on the SrvAny service in beta right now.
Thanks again for the aid and time.
Keith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Tuesday, November 23, 2004 5:07 PM
To: Keith Johnson
Subject: Re[2
On Thursday, November 18, 2004, 10:56:55 AM, Jerry wrote:
JF www.sortmonster.com is very very slow,
I'm not seeing any issues at the moment. I will check into it.
Thanks!
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
Inman's Louisville Trivia Challenge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Thursday, November 18, 2004 12:37 PM
To: Jerry Freund
Subject: Re[2]: [sniffer] Update! Version 2-3.1i2 is now avaliable, Also
MDaemon Plugin v0.53b is now
Parsers.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Jerry Freund [EMAIL PROTECTED]
Sent: Thursday, November 18, 2004 12:36 PM
Subject: Re[2]: [sniffer] Update! Version 2-3.1i2 is now avaliable, Also
MDaemon Plugin v0.53b is now available!
On Thursday, November 18
The current default is 1.0, but I've been thinking of changing that to
0.8 based on recent changes in spammer behavior. Perhaps we can try
that and then make further adjustments later.
Send a note to support@ if you want to do this.
Thanks!
_M
On Sunday, November 7, 2004, 7:50:24 PM, Brian
On Thursday, November 4, 2004, 10:41:59 AM, Jorge wrote:
That would explain the extra spam.
JA This probably has to do with the error I sent you earlier...
I tracked down a message from you in the spam corpus - the top of the
message asks why the message got through. I'm guessing it got
On Thursday, November 4, 2004, 10:56:04 AM, Jorge wrote:
I tracked down a message from you in the spam corpus - the top of the
message asks why the message got through. I'm guessing it got captured
on this end due to the filter that _should_ have captured it on your
end. Does that make sense?
] On Behalf Of Pete McNeil
Sent: Monday, November 01, 2004 1:30 AM
To: Andy Schmidt
Subject: Re[2]: [sniffer] Persistent Server setup with SrvAny
Resource Kit tool
On Monday, November 1, 2004, 1:22:51 AM, Andy wrote:
AS Hi,
AS I had set up the previous version of Sniffer in persistent mode
On Sunday, October 31, 2004, 9:45:19 PM, Andrew wrote:
CA For what it's worth, another two lessons I learned:
CA If you start a persistent instance, then delete or rename your rulebase,
CA when you issue a reload, you get this in your log:
CA snfrv2r3 20041031022545 -INITIALIZING- 0 0
On Sunday, October 31, 2004, 11:33:49 PM, Andy wrote:
AS 1. on 10:28 5:46PM I downloaded and installed the new Sniffer version.
AS 2. I just ran:
AS D:\IMAIL\Sniffer\Win32mylicense.exe myauthcode rotate
-- this had no effect
AS D:\IMAIL\Sniffer\Win32mylicense.exe myauthcode stop
AS
x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Sunday, October 31, 2004 11:48 PM
To: Andy Schmidt
Subject: Re[2]: [sniffer] LogRotate no longer working?
On Sunday, October 31, 2004, 11:33:49 PM
On Monday, November 1, 2004, 1:22:51 AM, Andy wrote:
AS Hi,
AS I had set up the previous version of Sniffer in persistent mode using the
AS Win2k Server Resource Kit tool SrvAny (I don't like to install forth
AS party utilities on my production machines, if Microsoft tools are readily
AS
the executable from the download archive.
I think that covers it. Happy to help!
Andrew 8)
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 31, 2004 8:24 PM
To: Colbeck, Andrew
Subject: Re[2]: [sniffer] LogRotate no longer working?
On Sunday, October 31
file) with each download attempt.
Bill
-Original Message-
From: Darrell ([EMAIL PROTECTED]) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 6:47 PM
To: [EMAIL PROTECTED]
Subject: Re: Re[2]: [sniffer] 2-3.0i9 looks good to me... How about you?
Does anyone have a little
Does the cfg file need to be renamed with your license id also?
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Sent: Thursday, October 28, 2004 4:13 PM
Subject: Re[2]: [sniffer] Version 2-3.1 Official Release
On Thursday, October 28
How does Message Sniffer tie into SmarterMail?
I'd like to publish that info.
We developed a custom .net exe that is ran to scan the emails using message sniffer. I
was simply pointing
out a better mail server other than Imail for anyone to check out.
This E-Mail came from the Message
On Wednesday, October 27, 2004, 10:07:59 AM, Jorge wrote:
This will continue to grow I'm afraid --- though later versions will
deal with the file directly at some point. All of the rules that are
included in the rulebase file are live patterns that have seen recent
activity. The system
On Wednesday, October 27, 2004, 12:08:07 PM, Andrew wrote:
snip/
CA As for me, I prefer to use Declude Sniffer. A weighted system rocks.
CA Andrew 8)
CA p.s. Now, if SpamAssassin has a way to shell out to call Sniffer ... hm
SA 2.x had a patch to call Sniffer.
We haven't seen one for
Message -
From: Landry William [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 26, 2004 7:29 PM
Subject: RE: Re[2]: [sniffer] 2-3.0i9 looks good to me... How about you?
Aren't you using the compression option to gzip your files before
downloading them? This compresses a 14mb
On Tuesday, October 26, 2004, 11:03:45 AM, Glenn wrote:
GB can you send the link to this again
http://www.sortmonster.com/MessageSniffer/Betas/MessageSniffer2-3.0i9-Distribution.zip
There you go,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
PROTECTED] On Behalf Of Pete McNeil
Sent: Tuesday, October 26, 2004 3:29 PM
To: Glenn Brooks
Subject: Re[2]: [sniffer] 2-3.0i9 looks good to me... How about
you?
On Tuesday, October 26, 2004, 11:03:45 AM, Glenn wrote:
GB can you send the link to this again
http://www.sortmonster.com
On Wednesday, October 20, 2004, 12:19:12 PM, Jorge wrote:
I am particularly interested to hear from MDaemon users who should
realize a multi-fold improvement in processing speed by using this
new version of persistent server. This is one of the critical goals
of these modifications and
McNeil
Sent: Wednesday, October 20, 2004 11:44 AM
To: Jorge Asch
Subject: Re[2]: [sniffer] Version 2-3.0i8 published.
On Wednesday, October 20, 2004, 12:19:12 PM, Jorge wrote:
I am particularly interested to hear from MDaemon users who should
realize a multi-fold improvement in processing speed
: Frank Osako [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 20, 2004 9:54 AM
To: [EMAIL PROTECTED]
Subject: RE: Re[2]: [sniffer] Version 2-3.0i8 published.
Hello _M
_ Systems with heavier loads _should_ see a reduction in their backlog
See a reduction of what in their backlog? Can you give
Whups, I missed out an important NOT in the second-to-last paragraph.
Corrected version is below:
-Original Message-
From: Colbeck, Andrew
Sent: Wednesday, October 20, 2004 10:29 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Re[2]: [sniffer] Version 2-3.0i8 published.
If I might butt
around 800,000 emails per day. we cannot take any chances.
-Ken
Thanks
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Wednesday, October 20, 2004 11:44 AM
To: Jorge Asch
Subject: Re[2]: [sniffer] Version 2-3.0i8 published
On Wednesday, October 20, 2004, 4:03:15 PM, Jorge wrote:
If you fire up Task Manager on a windows machine (or your favourite ps tool
elsewhere), and set the View, Update Speed to High, then sort by the name in
reverse, you will see multiple sniffer.exe and one with a PID that doesn't
change.
No. The improvements are all related to the persistent configuration.
In part, these changes were designed to solve timing problems in
MDaemon systems attempting to use the persistent version. Although
test data is scarce the speed improvement should be significant.
_M
On Monday, October 18,
On Friday, October 15, 2004, 9:15:00 AM, Harry wrote:
HV Let me know when it is safe to run this on a production server
We will announce all production-ready releases on this list.
Thanks,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
On Tuesday, October 12, 2004, 12:16:16 PM, Frederick wrote:
FS Link not working
Please try again, I copied the wrong link initially.
I've corrected the problem at the server.
Thanks,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
On Saturday, September 18, 2004, 11:22:02 PM, Matt wrote:
M Thanks Pete, but let me just stress the largest issue that I see and I
M think you already are aware of it. The new IP classification is the
M most likely to produce false positives and it's result code of 60 places
M precedence of that
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
I've actually been thinking very strongly of reorganizing the rule group IDs
recently. Especially in light of the new changes we've made with robots et
al. The accuracy of the Experimental IP group has gone up considerably -
On Saturday, September 18, 2004, 9:07:55 PM, Matt wrote:
M John,
M If you read this more carefully, I was not suggesting that
M action betaken that would affect everyone's system in such a way
M that it wouldrequire modifications. The 60 result code was
M recently changed fromGray rules to IP
On Wednesday, September 15, 2004, 11:29:19 AM, Jim wrote:
JM Pete,
JM What about the Spam that seems to have been slipping through recently? I
JM have submitted half a dozen or so in the last 24 hours and I am still
JM getting copies. I also loaded the new version of sniffer yesterday but that
On Tuesday, September 14, 2004, 11:41:48 AM, Corby wrote:
AC To which addresss should I send these?
AC Also, I mis-stated the spam. They were not plain text, but
AC html, but clearly have many classic spam attributes. I will
AC send them along, but need to know where.
Please zip them and
On Tuesday, September 14, 2004, 11:48:43 AM, Corby wrote:
AC I suppose everyone's userbases have differenent
AC requirements. An ISP or private enterprise might worry about
AC false postives on horny teenagers and penis enlargement, but
AC for our local government agency, it causes problems.
On Monday, September 13, 2004, 10:20:06 PM, Keith wrote:
KJ Pete,
KJ I take it this can be run without the persistent mode? Thanks for the aid.
Yes. It is no different than the current version except for the patch.
_M
This E-Mail came from the Message Sniffer mailing list. For
On Saturday, September 4, 2004, 4:41:52 PM, Karen wrote:
KP news item?
No, This one is minor and there have been changes since then. For
example, now the basis for the graphs is the highest message rate
normalized for the number of logs collected.
I'm working on some sofware that will be
On Thursday, September 2, 2004, 2:53:08 PM, Darrell wrote:
DL Pete,
DL How does this graph differentiate between Ham and Spam? Can't some Ham be
DL uncaught spam? And some messages identified as SPAM really be Ham?
Yes, this is true - but our system is very accurate so the data is
good enough
Small Office Solutions / REJECT
Wannepad 27
1066 HW Amsterdam
tel. 020-4082627
fax. 020-4082628
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: vrijdag 20 augustus 2004 4:58
To: Jorge Asch
Subject: Re[2]: [sniffer] Charset
We don't want any violent Mad Scientists!
[EMAIL PROTECTED] 8/20 11:59a
On Friday, August 20, 2004, 11:20:44 AM, Vivek wrote:
VK On Aug 20, 2004, at 10:36 AM, Jorge Asch wrote:
Well, since 100% of my users speak english/spanish I can safely bet
that NONE of my mail should have strange
On Thursday, August 19, 2004, 10:11:45 AM, Jorge wrote:
JA Michiel Prins wrote:
Can't you use the content filter of your mail server to detect if the
charset is used?
JA I've tried, but it's not 100% effective
I recall the earlier conversations about this. We have not had a lot
of call
I'll chime in on the subject too.
I've finally managed to get the spam in Chinese under control on my system, but for a
while I really wished Message Sniffer has language based filters.
I.e. Result 40 Chinese
Result 41 Cyrillic
Result 42 Spanish
Result 43 Germain
We could then turn on or off
On Thursday, August 19, 2004, 3:54:20 PM, Jorge wrote:
We could then turn on or off the languages we didn't want.
From my foray with dealing with Chinese, it certainly much
easier said than done. Chinese was doable, I've had no luck
stopping my Spanish spam.
Then again, you might be better at it
On Thursday, August 19, 2004, 10:45:37 PM, Jorge wrote:
JA Could a filter be created that will tag as spam any messages that
JA contaning NON-ascii characters? I mean allow only CHRS 1 through 255.
JA I believe this fill filter out all these foreign character sets, and let
JA through regular old
That sounds fine. We'll be here when that happens. If they have a
pattern to their alterations then we might code a broader heuristic
(with some wildcards) to capture when they move. It's all up to you.
Best,
_M
On Monday, August 2, 2004, 8:57:52 PM, Woody wrote:
WF Oops My current filter for
On Saturday, July 31, 2004, 3:32:46 PM, John wrote:
JTL (Moved to list)
JTL Thanks, got it.
JTL This is my current lines, do I need to add others, or are the rules within
JTL these codes? (I hold at 25 and delete at 35)
JTL Is there a full list of codes on the web site?
JTL SNIFFER-TRAVEL
On Thursday, July 29, 2004, 11:48:58 AM, John wrote:
JTL I have also noticed an increase in the amount of spam that got through,
JTL mainly on gatewayed domains. I did forward a bunch in the last 18 hours,
JTL hopefully that will help.
What's interesting is that we're not seeing the increase in
On Thursday, June 24, 2004, 12:23:22 PM, Herb wrote:
HG Yes, I did about a year or so ago as I remember. I don't
HG know, isthere a spot for this on the message sniffer site?
HG Sniffer folks Then it would be available to whoever wanted it.
Sure. Please package it up in a .zip file for us
On Monday, June 14, 2004, 1:56:00 AM, Matt wrote:
M Pete,
M Experimental. If these rules were in a differentcategory, it would
M make me feel a lot better about it. I'm guessingmaybe from my
M standpoint, Spamware would be the most appropriatecategory for
M tagging forged message ID's of this
On Monday, June 14, 2004, 12:33:24 AM, Matt wrote:
M Pete,
M So would the Message-ID produce a hit if it was in the body of a
M message? The reason why I ask is because I'm concerned about the
M possibility of legitimate servers getting tagged with Experimental and
M how that plays into my
ROFL!
you got me.
_M
On Monday, June 7, 2004, 11:54:01 PM, Matt wrote:
M Pete McNeil wrote:
M So where's Waldo :)
When reviewing a message like that we always troll the actual message
for the link that was intended - this helps us discard those that are
in there for fluff.
The porn guys do a
On Friday, June 4, 2004, 7:52:20 PM, Rick wrote:
RR Hey Pete:
RR FYI: Spam filters seem to be working exceptionally well the past 2 days.
RR Almost nothing gets through (I've also got my spam route rule set to
RR level20).
We made a few tweaks to the inbound spam process and our SPHUD feeder
-
201 - 290 of 290 matches
Mail list logo
