Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer....

Chuck, I sent a different message off list, but just in case you don't get that one - I've received a number of bounce notifications from your system (transient non-fatal delivery errors). There's a good chance that your rulebase is out of date if your update notifications are bouncing. Indicato

RE: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer....

[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Pete McNeil > Sent: Friday, May 05, 2006 11:37 AM > To: John T (Lists) > Subject: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer > > On Friday, May 5, 2006, 1:08:14 PM, John wrote: > > JTL> Wel

Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer....

On Friday, May 5, 2006, 1:08:14 PM, John wrote: JTL> Well, I am at the point that I could care less about geocities false JTL> positives. If GeoCities is going to allow this much spam junk then I could JTL> care less about allowing them. That's fine. There are probably a number of systems that f

Re[4]: [sniffer] False positive processing

I have responded off list. Let me know (off list) if you got my response just in case it goes missing again. Thanks, _M On Tuesday, March 21, 2006, 12:04:29 PM, Darin wrote: DC> Right. 15 from today. Let me know what you find out. The ones from the DC> 10th were replies to FP processing to

Re[4]: [sniffer] New Web Site!

I have modified the main page of the WIKI to answer the question (Why use a WIKI) and to describe how folks can get an account to help maintain the site. http://kb.armresearch.com/index.php?title=Main_Page Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and

Re[4]: [sniffer] New Web Site!

On Friday, March 17, 2006, 12:50:40 PM, John wrote: JTL> Pete, while I fully understand all of what you said, allowing any one JTL> registered to edit any page is leaving things wide open for abuse. Isn't JTL> there a way to set permissions on a section basis? Example, I should not JTL> have the a

Re[4]: [sniffer] New Rulebot F001

This was answered off list... (parallel comments below) On Wednesday, March 8, 2006, 2:33:20 PM, Support wrote: STI> I also have got a lot of false positives with code 063 which are HOLD now. STI> Ik know it's not very nice to set email on HOLD when failing sniffer but STI> I've got a major prob

Re[4]: [sniffer] New Rulebot F001

On Monday, March 6, 2006, 7:24:20 PM, Andrew wrote: CA> I would like to state that I don't need Message Sniffer to CA> identify servers that send bogus postmaster notifications. This CA> would be entirely due to false positives such as the three CA> examples above. CA> Given that spammers clea

RE: Re[4]: [sniffer] When to go persistent

> Sent: Friday, February 24, 2006 7:31 AM > To: sniffer@SortMonster.com > Subject: RE: Re[4]: [sniffer] When to go persistent > > Hi, > > I just got my service up and running using Matt's post > > http://www.mail-archive.com/sniffer@sortmonster.com/msg00169.html >

RE: Re[4]: [sniffer] When to go persistent

ECTED] > On Behalf Of Pete McNeil > Sent: Thursday, February 23, 2006 3:11 PM > To: Rick Robeson > Subject: Re[4]: [sniffer] When to go persistent > > On Thursday, February 23, 2006, 1:22:53 PM, Rick wrote: > > RR> I thought you had to run this as a service? > >

Re[4]: [sniffer] When to go persistent

On Thursday, February 23, 2006, 1:22:53 PM, Rick wrote: RR> I thought you had to run this as a service? RR> Rick Robeson RR> getlocalnews.com RR> [EMAIL PROTECTED] Strictly speaking you do not have to run it as a service, but it is more convenient to do so. If you run

Re[4]: [sniffer] When to go persistent

On Thursday, February 23, 2006, 12:59:24 PM, Goran wrote: GJ> Pete, >> To run in persistent mode, simply launch an instance of SNF from the >> command line with the word "persistent" in place of the file to scan. >> >> .exe persistent >> GJ> I am calling Sniffer from Declude. Could I just lat

Re[4]: [sniffer] False Positive - no reaction?

On Tuesday, February 21, 2006, 11:16:43 AM, Andy wrote: AS> The only other suggestion I have is to create a 24 hour 'queue' display on AS> the web site. All you need to show is a column of the sender domain names of AS> the email (not the entire sender email address). If I submit a false AS> po

Re: Re[4]: [sniffer] problems!!!!

. Darin. - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Darin Cox" Sent: Wednesday, February 08, 2006 11:46 AM Subject: Re[4]: [sniffer] problems On Wednesday, February 8, 2006, 11:26:46 AM, Darin wrote: DC> There was no error

Re[4]: [sniffer] problems!!!!

On Wednesday, February 8, 2006, 11:33:38 AM, Filippo wrote: FP> FP> What is the correct Sniffer string in Declude Global.cfg file. FP> SNIFFER external nonzero "d:\imail\declude\sniffer\sniffer.exe code"12   0 FP> of FP> SNIFFER external nonzero "d:\imail\declude\sniffer\sniffer.

Re[4]: [sniffer] problems!!!!

On Wednesday, February 8, 2006, 11:26:46 AM, Darin wrote: DC> There was no error in my comment. I completely understand that some issues DC> will not be foreseeable... I did say "mostly", not entirely. The switch to DC> the automated bots caused a rash of false positives in our system. Actual

Re: Re[4]: [sniffer] Bad Rule - 828931

- Groetjes, Bonno Bloksma - Original Message - From: "Goran Jovanovic" <[EMAIL PROTECTED]> To: Sent: Wednesday, February 08, 2006 3:10 AM Subject: RE: Re[4]: [sniffer] Bad Rule - 828931 OK to answer my own question. Run the following commands grep -U "

RE: Re[4]: [sniffer] Bad Rule - 828931

ks. > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]] On Behalf Of Goran Jovanovic> Sent: Tuesday, February 07, 2006 5:39 PM> To: sniffer@SortMonster.com> Subject: RE: Re[4]: [sniffer] Bad Rule - 828931>> I just ran the grep command on my log a

RE: Re[4]: [sniffer] Bad Rule - 828931

lf Of Goran Jovanovic > Sent: Tuesday, February 07, 2006 5:39 PM > To: sniffer@SortMonster.com > Subject: RE: Re[4]: [sniffer] Bad Rule - 828931 > > I just ran the grep command on my log and I got 850 hits. > > Now is there a way to take the output of the grep command and > use i

RE: Re[4]: [sniffer] Bad Rule - 828931

nd figure out what I am going to do about it. Goran Jovanovic Omega Network Solutions > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Goran Jovanovic > Sent: Tuesday, February 07, 2006 8:39 PM > To: sniffer@SortMonster.com > Subj

RE: Re[4]: [sniffer] Bad Rule - 828931

age- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of David Sullivan > Sent: Tuesday, February 07, 2006 7:47 PM > To: Landry, William (MED US) > Subject: Re[4]: [sniffer] Bad Rule - 828931 > > Hello William, > > Tuesday, February 7, 2006, 7:39:05 PM,

RE: Re[4]: [sniffer] Bad Rule - 828931

Behalf Of David Sullivan Sent: Tuesday, February 07, 2006 7:15 PM To: Pete McNeil Subject: Re[4]: [sniffer] Bad Rule - 828931 Hello Pete, Tuesday, February 7, 2006, 8:11:50 PM, you wrote: DS>> Not sure, can anyone think of a way to cross check this? What if I DS>> put all the released m

Re[4]: [sniffer] Bad Rule - 828931

Hello Pete, Tuesday, February 7, 2006, 8:11:50 PM, you wrote: DS>> Not sure, can anyone think of a way to cross check this? What if I put DS>> all the released messages back through sniffer? PM> That would be good -- new rules were added to correctly capture the PM> bad stuff. I almost suggested

Re[4]: [sniffer] Bad Rule - 828931

Hello William, Tuesday, February 7, 2006, 7:39:05 PM, you wrote: LWMU> grep -c "Final.*828931" c:\imail\declude\sniffer\logfile.log That's what I tried. Just figured out I forgot to capitalize the "F". It works. Confirmed - 22,055 I'm writing a program now to parse the sniffer log file, extrac

Re[4]: [sniffer] Bad Rule - 828931

Understood and appreciated. _M On Tuesday, February 7, 2006, 4:40:01 PM, george wrote: gk> Pete, gk> Just to reemphasize the need for speed. gk> I had 578 hits on that rule before I disabled it. gk> George >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>

Re[4]: [sniffer] Stock SPAM now HTML

On Thursday, February 2, 2006, 11:46:05 AM, Goran wrote: GJ> This is going to get harder and harder to identify and fight. Is GJ> it worthwhile to put something like this in a new category which GJ> we are very confident about and so if it fails on the new combined GJ> image/text thing we can dele

Re[4]: [sniffer] False Positives

On Wednesday, January 18, 2006, 2:14:34 PM, Darin wrote: DC> Are you just blanket responding to every message to the list with this? If DC> so, you might be wasting your time. I've been following the list, so I know DC> things are back to normal after yesterday's snafu. Sorry about that... It w

RE: Re[4]: [sniffer] Last chance to renew at the old price!

ot; "The Incredible Inman's Louisville Trivia Challenge" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, December 28, 2005 9:16 PM To: Peer-to-Peer (Support) Subject: Re[4]: [sniffer] Last chance to renew at the old

Re[4]: [sniffer] Last chance to renew at the old price!

The biggest concern I have about this is that the price is too low - that is a violation. I'm sure it was unintentional, and if not, then the contract will be pulled. If you read closely, John T isn't on the wrong side here - he's asking the right questions. The price at ComputerHouse is out of l

Re[4]: [sniffer] Last chance to renew at the old price!

I've done a quick review of this. The price quoted there is too low. I'm sure it's an honest mistake. I'll address it with them ;-) _M On Wednesday, December 28, 2005, 8:45:30 PM, John wrote: JTL> JTL> JTL> JTL> Absolutely not. In fact, if you read my post after this, I am JTL> ques

Re[4]: [sniffer] Last chance to renew at the old price!

Yes. _M On Wednesday, December 28, 2005, 8:03:01 PM, Thomas wrote: FT> FT> FT> Are they a valid reseller, sniffer-folks?? FT> FT> FT> FT> From: [EMAIL PROTECTED] FT> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin FT> Sent: Wednesday, December 28, 2005 8:00 PM FT> To: sniffer@S

RE: Re[4]: [sniffer] POP3 Account Question

Pete, How about just creating some accounts that are commonly targeted by dictionary attacks, but that were never actually valid accounts on our server? I could redirect all of them to a common mailbox. There are also a few other "common" (non-role) addresses that we do not use, which always get t

Re[4]: [sniffer] POP3 Account Question

On Monday, December 5, 2005, 6:02:02 PM, John wrote: > What is the best way to get a spam trap going. I forgot to mention another way to set up spamtraps that I definitely "don't recommend". It is, of course, highly theoretical and possibly dangerous ;-) If a new pc (actually a very

Re[4]: [sniffer] POP3 Account Question

On Monday, December 5, 2005, 6:02:02 PM, John wrote: > What is the best way to get a spam trap going.  I have an old "abandoned" email account that I just use for testing. It gets some spam now, but a low volume. However, 100% of the mail is spam. It would be very easy to filter and keep

RE: Re[4]: [sniffer]

PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: 10 November 2005 17:36 To: Peer-to-Peer (Support) Subject: Re[4]: [sniffer] On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote: PtPS> _M, PtPS> <<_M said>> will create a "default" installation that

RE: Re[4]: [sniffer]

, November 10, 2005 12:36 PM To: Peer-to-Peer (Support) Subject: Re[4]: [sniffer] On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote: PtPS> _M, PtPS> <<_M said>> will create a "default" installation that emits PtPS> headers and puts a .cf file in pl

RE: Re[4]: [sniffer]

t: Thursday, November 10, 2005 12:36 PM To: Peer-to-Peer (Support) Subject: Re[4]: [sniffer] On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote: PtPS> _M, PtPS> <<_M said>> will create a "default" installation that emits headers and puts PtPS> a .cf fi

RE: Re[4]: [sniffer]

n01=remove header|"From","" Action02=add header|"From","[EMAIL PROTECTED]" Action03=copy to|"[EMAIL PROTECTED]" Action04=stop processing| HTH, Daniel > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf O

RE: Re[4]: [sniffer]

PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, November 10, 2005 9:36 AM To: Peer-to-Peer (Support) Subject: Re[4]: [sniffer] On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote: PtPS> _M, PtPS> <<_M said>> will create a "default&q

Re[4]: [sniffer]

On Thursday, November 10, 2005, 11:45:48 AM, Peer-to-Peer wrote: PtPS> _M, PtPS> <<_M said>> will create a "default" installation that emits headers and puts PtPS> a .cf file in place for SA to interpret them. PtPS> Not sure if this is relevant to your thought process, but we feel that SA PtPS>

RE: Re[4]: [sniffer] Rash of false positives

email is less than 10,000 emails per day. J   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, November 09, 2005 1:47 PM To: sniffer@SortMonster.com Subject: Re: Re[4]: [sniffer] Rash of false positives   Are corrupted rulebase files the culprit

Re: Re[4]: [sniffer] Rash of false positives

.     - Original Message - From: John Moore To: sniffer@SortMonster.com Sent: Wednesday, November 09, 2005 12:42 PM Subject: RE: Re[4]: [sniffer] Rash of false positives We had this same thing happen. It has been happening more frequently recently and we are looking into disabling sniffer as it seems to

RE: Re[4]: [sniffer] Rash of false positives

, November 09, 2005 11:38 AM To: sniffer@SortMonster.com Subject: Re: Re[4]: [sniffer] Rash of false positives   This morning my server quit sending mail and my tech said the Dr. Watson error on the server was my Sniffer file...I rebooted and thought it was OK but quit again..I had a lot of mail

Re: Re[4]: [sniffer] Rash of false positives

To: Darin Cox Sent: Tuesday, November 08, 2005 3:03 PM Subject: Re[4]: [sniffer] Rash of false positives On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote: > Hi Pete,   There was a consistent stream of false posit

Re: Re[4]: [sniffer] Rash of false positives

ld have already been too late when we saw the problem this morning.   Thanks, Darin.     - Original Message - From: Pete McNeil To: Darin Cox Sent: Tuesday, November 08, 2005 4:03 PM Subject: Re[4]: [sniffer] Rash of false positives On Tuesday, November 8, 2005, 3:25:20

Re[4]: [sniffer] Rash of false positives

On Tuesday, November 8, 2005, 3:25:20 PM, Darin wrote: > Hi Pete,   There was a consistent stream of false positives over the mentioned time period, not just a blast at a particular time.  They suddenly started at 5pm (shortly after a 4:30pm rulesbase update), and were fairly evenly sprea

RE: Re[4]: [sniffer] Large amounts of spam still getting through

ty Or Better Times Ten" "Hot Slot Secrets" "The Incredible Inman's Louisville Trivia Challenge" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, October 15, 2005 2:10 PM To: Rick Hogue Subject: Re[

Re[4]: [sniffer] Large amounts of spam still getting through

On Saturday, October 15, 2005, 12:33:47 PM, Rick wrote: RH> My only concern is that all of this was being caught by Sniffer before and RH> all of a sudden very little of it is being caught. We are told that they are RH> working on it to get it fixed but we are getting slammed by customers RH> tell

Re: Re[4]: [sniffer] POP Approach

" Cc: <[EMAIL PROTECTED]> Sent: Friday, October 14, 2005 11:03 AM Subject: Re[4]: [sniffer] POP Approach On Friday, October 14, 2005, 9:39:33 AM, Rick wrote: RH> What is going on with the sniffer not catching any of the spam that is now RH> coming through? We are getting slammed wi

Re[4]: [sniffer] POP Approach

On Friday, October 14, 2005, 11:18:18 AM, Daniel wrote: DB> Hello Pete, DB> Are you going to implement something similar for false positives? No. The false positive process is very interactive, so each case is handled individually until it is resolved. This works best as it is currently describ

Re[4]: [sniffer] POP Approach

On Friday, October 14, 2005, 9:39:33 AM, Rick wrote: RH> What is going on with the sniffer not catching any of the spam that is now RH> coming through? We are getting slammed with medication, mortgage and other RH> junk email? Your license has expired. Please send a note to [EMAIL PROTECTED] to

Re[4]: [sniffer] YAhoo mails failing sniffer?

AFF? (Please clarify, I use this acronym to indicate "Advance Fee Fraud" - a type of spam ("AFF" to replace "419")) The goal (and I admit to not reaching it lately) is to respond to all FP requests within 24 hours. There is a "rule-panic" procedure and mechanism in place for urgent FP situations

Re[4]: [sniffer] False positive

Perhaps your system is blocking these messages? Please check. I've left the FP response out of this message -- I suspect that something in the response is causing the message to be blocked. Let me know if you get this one - you should get it twice - once directly and once through the list. (Sorry

RE: Re[4]: [sniffer] can auto-forward be disabled when spam is detected?

s are almost non-existent with Sniffer, they rarely (if ever) check the [EMAIL PROTECTED] account as it is. Craig > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman > Sent: Friday, September 02, 2005 2:17 PM > To: Craig

RE: Re[4]: [sniffer] can auto-forward be disabled when spam is detected?

ROTECTED]> -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sanford Whiteman Sent: Friday, September 02, 2005 12:19 PM To: Rick Robeson Subject: Re[4]: [sniffer] can auto-forward be disabled when spam is detected? > I'm afraid I'm not that

Re[4]: [sniffer] can auto-forward be disabled when spam is detected?

> I'm afraid I'm not that up on my email standards. They're not standards in the RFC sense, just IMail features. > What exactly does forwarding by main.fwd do and how does one > implement that type of solution? Create .fwd using the same format as forward.ima and the forwarding actions

Re[4]: [sniffer] can auto-forward be disabled when spam is detected?

> I'm not sure how this solution is any less complex. . . You don't think having a 'Spam' subfolder is less complex than a totally separate account? Doubt a webmail user would agree with that. --Sandy Sanford Whiteman, Chief Technologist Broadleaf

Re[4]: [sniffer] Sniffer taking a long time?

Well, it's not going to hurt your performance at all (a 2 second delay on each email is not going to be noticed in most cases - email is not IM after all). That said, the persistent mode is not necessary either though It will help if you get a burst of high activity. _M On Tuesday, August 2, 2005

Re[4]: [sniffer] Declude and Sniffer

We're not making a big deal of it just yet, but anyone who would like to switch please do let us know. The bot we have doing this job is very simplistic. We need: Email Address (Account Name), Server name, Password Our bot connects to and logs in with using . Then it pulls and deletes the mes

RE: Re[4]: [sniffer] New Spam/Virus?

Subject: Re[4]: [sniffer] New Spam/Virus? One rule (369660) will code to 53 (scams). Another (369650) will code to 53 (scams). Another (369634) also codes to 53 (scams). The rules got the scam tag because it presents like a phishing scam. I'll be watching for evidence of additional polymor

Re[4]: [sniffer] New Spam/Virus?

New rule - 369676 under Malware. New experimental rule on message structure: 369677 _M On Monday, June 6, 2005, 6:13:23 PM, Dave wrote: DM> New target ip: 205.138.199.146 DM> -Original Message- DM> From: [EMAIL PROTECTED] DM> [mailto:[EMAIL PROTECTED] On Behalf Of Jim Matuska DM> Sent

Re[4]: [sniffer] New Spam/Virus?

One rule (369660) will code to 53 (scams). Another (369650) will code to 53 (scams). Another (369634) also codes to 53 (scams). The rules got the scam tag because it presents like a phishing scam. I'll be watching for evidence of additional polymorphism and we will adapt. Now that we know this

Re[4]: [sniffer] New Spam Storm

On Tuesday, May 17, 2005, 2:57:44 PM, Jim wrote: JM> Thanks Pete, would you be able to provide the current false positive rates JM> for the return codes? This is not something that we are formally capturing at present, however anecdotally I can't recall the last time we had an FP submitted for th

Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

On Wednesday, April 20, 2005, 3:36:14 PM, Dave wrote: DK> Pete, I've been using this plugin for the last couple of months and can say DK> it's been rock solid. Nice work! DK> One little feature request though would be to add an option to auto prune DK> the sniffer log file to so many days, or "X

Re: RE:Re: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

? Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] - Original Message - From: "Peer-to-Peer (Support)" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 20, 2005 2:17 PM Subject: RE:Re: Re[4]: [sniffer] Message Sniffer Plugin for MD

RE:Re: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

ehalf Of Jim Matuska Sent: Wednesday, April 20, 2005 5:01 PM To: sniffer@SortMonster.com Subject: (DUMP)Re: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo I meant do I configure actions based on the headers that sniffer returns like in the non plug in version, or does t

Re: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

Information Systems [EMAIL PROTECTED] - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Jim Matuska" Sent: Wednesday, April 20, 2005 1:51 PM Subject: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo On Wednesday, April 20, 2

Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

On Wednesday, April 20, 2005, 4:19:48 PM, Jim wrote: JM> Do you configure rules similar to in the previous versions, or by using this JM> as a plug in is there a GUI for configuration. We configure the rulebase the same way we have in the past. Using the plugin is not different from using the com

RE: Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

struct where to send messages based on sniffer's 'results' as there will be no results if the file is never scanned ;) Paul R -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil Sent: Wednesday, April 20, 2005 3:30 PM To: Jim Matusk

Re[4]: [sniffer] Message Sniffer Plugin for MDaemon Wide Beta & Promo

On Wednesday, April 20, 2005, 2:30:25 PM, Jim wrote: JM> Pete, JM> Is there a difference between the normal .snf files I have been downloading JM> and the one for the plugin? I have setup my script to download the .snf JM> file and noticed it is a couple mb's smaller than the included demo .snf J

Re[4]: [sniffer] Notice: Potential outages tonight...

On Saturday, April 9, 2005, 1:58:45 PM, Rick wrote: RH> Yes but that really seems strange when I was getting 4 to 10 messages every RH> day. Now I did not get any since the 3rd of March right after you announced RH> that there would be the outage? You may want to check into this closer. I'm very

RE: Re[4]: [sniffer] Persistent Sniffer

at type of results I get and post them here. It could be as you say, I am on the far side :) Thanks again, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, April 01, 2005 2:16 PM To: Keith Johnson Subject: Re[4]

Re[4]: [sniffer] Persistent Sniffer

On Friday, April 1, 2005, 11:44:07 AM, Keith wrote: KJ> Pete, KJ> Thanks for the reply. KJ> Running on an IBM Xseries 225 Dual Xeon 2.4Ghz w/ 1GB RAM - KJ> running IBM's ServerRAID 5i in IBM's RAID 10 config (4 73GB 10K drives) KJ> - O/S is Windows 2000 Standard Server SP4 KJ>

Re[4]: [sniffer] Moving Sniffer to Declude/SmarterMail

On Wednesday, March 16, 2005, 2:05:00 PM, Goran wrote: GJ> OK that is for hardware level RAID. I had thought that you would offset GJ> the extra processing time by being able to write less to each drive. GJ> Now does anyone know how much overhead Windows 2000/2003 software RAID 1 GJ> on dynamic d

Re[4]: [sniffer] SPAM

On Wednesday, March 9, 2005, 2:59:24 PM, Jonathan wrote: JS> I currently forward all spam from my email account can I add JS> a second address that will be able to forward spam as well? JS>   Yes. You can forward spam from any account you wish. Spam submissions are considered anonymous and suspe

Re[4]: [sniffer] IIS SMTP Integration

> (a) other work . . . for example, the 80 GB of Exchange data that a client lost today and which I will spend my "weekend" recovering. This is why the rate of publishing our scripts for Declude/IMail has dropped off as well. The hits have kept on coming in 2005. --Sandy ---

Re[4]: [sniffer] Sniffer seems to be causing false positives.

On Thursday, January 20, 2005, 10:15:23 AM, Chuck wrote: CS> Pete: CS> Thanks for looking. It was very strange because it was such varied messages CS> from general correspondence, quotes. and personal correspondence. I put a CS> little negative weight in for statefarm.com which should keep it f

Re[4]: [sniffer] Still having problems

I think they would like that :-) _M On Wednesday, January 12, 2005, 5:04:36 PM, Karen wrote: KP> put this on the logs page? KP> -- Original Message -- KP> From: Pete McNeil <[EMAIL PROTECTED]> KP> Reply-To: sniffer@SortMonster.com KP> Date: Sat, 8 Jan 20

Re[4]: [sniffer] Sniffer and SURBL

On Monday, January 10, 2005, 8:50:37 PM, Andrew wrote: CA> Thanks, Pete. CA> I was thinking that Sniffer's l33t ninja skillz would be well-used for CA> searching a large corpus of URIs, particularly the current bout of CA> spammers you and I mentioned before Xmas (the ones that are specifying CA>

RE: Re[4]: [sniffer] Still having problems

11:20 AM To: sniffer@SortMonster.com Subject: Re: Re[4]: [sniffer] Still having problems At 01:50 PM 1/8/2005 -0500, Pete McNeil wrote: >>>Here's one way >>> >>>http://www.sawmill.net/formats/Message_Sniffer.html > >KM> That's the only one I found in the sear

Re: Re[4]: [sniffer] Still having problems

At 01:50 PM 1/8/2005 -0500, Pete McNeil wrote: >>>Here's one way >>> >>>http://www.sawmill.net/formats/Message_Sniffer.html > >KM> That's the only one I found in the searching I've done. I'll probably >KM> give the trial version a shot but can't see paying $139 for it. I was >KM> hoping maybe som

Re[4]: [sniffer] Still having problems

On Saturday, January 8, 2005, 1:20:02 PM, Kirk wrote: KM> At 01:04 PM 1/8/2005 -0500, Pete McNeil wrote: >>On Saturday, January 8, 2005, 12:47:21 PM, Kirk wrote: >> >>KM> Is there any tool available with which to analyze sniffer logs to KM> get any >>KM> kind of count on the number of hits, etc?

RE: Re[4]: [sniffer] reporting spam in bulk

I use this program to send the messages with. It's setup to use with spamcop but you can also send to [EMAIL PROTECTED] http://www.daesoft.com/SpamSource/ This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com

Re[4]: [sniffer] reporting spam in bulk

On Wednesday, January 5, 2005, 4:03:28 PM, Rick wrote: RR> 100's of spams a problem, LOL! RR> Before sniffer I was facing around 10 thousand spams a day. But then I'm RR> coordinating 1000's of domains, so on a per domain basis, it's actually very RR> small. RR> I think what I'll do is route a c

Re[4]: [sniffer] RuleBase ktk82hrr

On Wednesday, January 5, 2005, 1:22:29 AM, Landry wrote: LW> Yep, just checked mine rulebase too, went from 17mb to just under 25mb. LW> Things still appear to be functioning okay. The effect is as if we tuned the rulebase to allow almost all rules in... like setting the rule strength threshold

Re[4]: [sniffer] Downloads are slow...

On Tuesday, December 28, 2004, 2:26:08 PM, Jim wrote: JM> So far it seems to be working, at least it doesn't seem to be downloading JM> the rulebase yet, I'll have to see if it does later when there is an updated JM> rulebase. My script uses a copy at the end rather than a move. It's listed JM>

Re[4]: [sniffer] Sniffer Updates

On Monday, December 27, 2004, 1:51:11 PM, Jim wrote: JM> Does anyone have any good instructions on how to modify your update scripts to use gzip?  This is a good place to start: http://www.sortmonster.com/MessageSniffer/Help/gzip.html _M This E-Mail came from the Message Sniffer mailing l

RE: Re[4]: [sniffer] Download server is really slow..

Hello, I'm trying at the moment, Wget says 50-90 K/s (started at 40, went quick up to 90 and now going down to 50K/s) Alex This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

RE: Re[4]: [sniffer] Download server is really slow..

Pete, I'm downloading right now and its very slow. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, December 20, 2004 6:39 AM To: Chuck Schick Subject: Re[4]: [sniffer] Download server is really slow.. On M

Re[4]: [sniffer] Download server is really slow..

On Monday, December 20, 2004, 1:13:52 AM, Chuck wrote: CS> Pete: CS> It is Sunday night at 10 minutes after the hour and the download server is CS> still very slow - so I am not too sure there is just a run on the server. I will check the logs to verify. _M This E-Mail came from the Message

Re: Re[4]: [sniffer] Few questions

Pete, PM> One other quick note/reminder. Use the snf2check utility on your PM> downloaded rulebase files before putting them in service. This will PM> ensure that you have a complete file that is not corrupted. Yeap..that is exactly what I did when I went back and looked at the files included in

Re[4]: [sniffer] Few questions

On Wednesday, December 15, 2004, 6:54:01 PM, Marc wrote: MH> Pete, MH> FWIW, it appears that I just had a bad download. I re-downloaded it, and MH> it's running w/o errors. Thx. One other quick note/reminder. Use the snf2check utility on your downloaded rulebase files before putting them in serv

Re[4]: [sniffer] Few questions

On Wednesday, December 15, 2004, 6:54:01 PM, Marc wrote: MH> Pete, MH> FWIW, it appears that I just had a bad download. I re-downloaded it, and MH> it's running w/o errors. Thx. Great! That makes sense too - unfortunately there's no sure way to separate the two cases (corrupted file or bad auth

Re[4]: [sniffer] Few questions

On Wednesday, December 15, 2004, 4:24:45 PM, ~ wrote: ~RZ~> hey guys.. ~RZ~> when you talk about getting emails about the file being old.. well i have ~RZ~> the file for a week now and did not get any kind of email about this. ~RZ~> All i did was download the file and put it in my server co

Re[4]: [sniffer] Recent SPAM

At 02:09 PM 11/30/2004, you wrote: As for sharing spamtraps with us in general, we are shifting in a new direction lately. Rather than having systems forward spamtraps to us as we have in the past, we now have our robots go and get spamtrap data from ordinary pop3 accounts. Hi Pete, I'm not quite s

RE: Re[4]: [sniffer] Recent SPAM

-Original Message- From: Pete McNeil [mailto:[EMAIL PROTECTED] On Tuesday, November 30, 2004, 1:36:13 PM, Andrew wrote: CA> Pete, could you recap for us how to set up a "Declude project" to forward CA> non-sniffer-detected spam to a custom spamtrap address at SortMonster? CA> Perhaps two

Re[4]: [sniffer] Recent SPAM

On Tuesday, November 30, 2004, 1:45:02 PM, John wrote: JTL> I forwarded some yesterday to spam@ and then attached them and sent to JTL> [EMAIL PROTECTED] I can't say if they were seen in spam@ because we treat those submissions anonymously. I can say that I don't see them in the support@ box - so

Re[4]: [sniffer] Recent SPAM

On Tuesday, November 30, 2004, 1:36:13 PM, Andrew wrote: CA> Pete, could you recap for us how to set up a "Declude project" to forward CA> non-sniffer-detected spam to a custom spamtrap address at SortMonster? CA> Perhaps two versions, one for normal spamtrap, and one for spam that meets CA> our c

RE: Re[4]: [sniffer] New Version 2-3.2 has been officially released.

> > > Well, still no problems so far so I'll write it up to . > > solar spots, pick whatever you want>. > > > It seems it was a one time thing. > > > > You must be referring to the RAW law. > > RAW? Random Answer Whatchamacallit? Random Acts of Weirdness The RAW law, Keyboard Virus and the

Re: Re[4]: [sniffer] New Version 2-3.2 has been officially released.

Hi, > > Well, still no problems so far so I'll write it up to . > solar spots, pick whatever you want>. > > It seems it was a one time thing. > > You must be referring to the RAW law. RAW? Random Answer Whatchamacallit? > John Tolmachoff > Engineer/Consultant/Owner > eServices For You Met

  1   2   >