[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
Folks, Having integrated Sniffer into MxScan for SmarterMail, I would like to shared some of my thoughts : 1. From what I can see at the moment neither Commtouch nor Declude has direct hooks into the SMTP sessions. Any integration at SMTP session level would definitely require some changes from SmarterMail's end. 2. The "PROC" folder is basically another way for 3rd party utilities to interface to the MTA, however take note this happens after the SMTP session has been completed and NOT during. 3. The command line option works but as someone pointed out earlier it is also being used by other 3rd party apps/processes for customer jobs. While it would be possible to encapsulate all 3rd party command line applications using a script it would be not be ideal. SM command line also has its own timeout settings. It tends to get message when u have more than 1 command line application in use. Cheers -Matt -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of E. H. (Eric) Fletcher Sent: Thursday, June 10, 2010 10:06 AM To: Message Sniffer Community Subject: [sniffer] Re: Direct SmarterMail integration -- Some Testers ? I'd definitely favor B. Sniffer is so good at what it does that there is some real potential there depending on the degree to which you integrate with the SM anti-spam features like SMTP blocking for example. This would take some real work of course. -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Wednesday, June 09, 2010 6:46 PM To: Message Sniffer Community Subject: [sniffer] Re: Direct SmarterMail integration -- Some Testers ? On 6/9/2010 6:54 PM, E. H. (Eric) Fletcher wrote: > I wonder whether it doesn't become a solution in search of a problem. > We're asked about it frequently, and since the command line option already exists it's worth fleshing out a bit. We've avoided building an interface for the proc hooks because: A. There are already solutions there for that (as you point out). B. We would really like to see a much tighter integration with SM that can take full advantage (during SMTP, not after). If enough folks are interested in a proc hook based implementation of SNF then we will do it, of course. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
I'd definitely favor B. Sniffer is so good at what it does that there is some real potential there depending on the degree to which you integrate with the SM anti-spam features like SMTP blocking for example. This would take some real work of course. -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Wednesday, June 09, 2010 6:46 PM To: Message Sniffer Community Subject: [sniffer] Re: Direct SmarterMail integration -- Some Testers ? On 6/9/2010 6:54 PM, E. H. (Eric) Fletcher wrote: > I wonder whether it doesn't become a solution in search of a problem. > We're asked about it frequently, and since the command line option already exists it's worth fleshing out a bit. We've avoided building an interface for the proc hooks because: A. There are already solutions there for that (as you point out). B. We would really like to see a much tighter integration with SM that can take full advantage (during SMTP, not after). If enough folks are interested in a proc hook based implementation of SNF then we will do it, of course. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
On 6/9/2010 6:54 PM, E. H. (Eric) Fletcher wrote: I wonder whether it doesn't become a solution in search of a problem. We're asked about it frequently, and since the command line option already exists it's worth fleshing out a bit. We've avoided building an interface for the proc hooks because: A. There are already solutions there for that (as you point out). B. We would really like to see a much tighter integration with SM that can take full advantage (during SMTP, not after). If enough folks are interested in a proc hook based implementation of SNF then we will do it, of course. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
Great, I missed that, thanks! -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of e...@insight.rr.com Sent: Wednesday, June 09, 2010 4:08 PM To: Message Sniffer Community Subject: [sniffer] Re: Direct SmarterMail integration -- Some Testers ? SmarterMail - doesn't use an external SpamAssassin any longer. It will now scan emails internally using the SpamAssassin update files or whatever they are called. SmarterTools said they had too many issues with trying to use the windows version and just decided To do some internal integration. # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
SmarterMail - doesn't use an external SpamAssassin any longer. It will now scan emails internally using the SpamAssassin update files or whatever they are called. SmarterTools said they had too many issues with trying to use the windows version and just decided To do some internal integration. # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
I wonder whether it doesn't become a solution in search of a problem. David Gregg over at mxGuard is small to be sure and on the licensing plan he's used in recent years I suppose mxGuard might quite working if he ceased doing business; however, his product is very reasonably priced, very light weight in terms of CPU load and from everything we've seen over 7 years or so, absolutely reliable. When I looked into converting one of our servers over to SmarterMail there seemed to be some thinking that the SpamAssassin that would install automatically might create problems at what seemed to be modest traffic levels so we chose not to enable it. Running a separate SpamAssassin server would be simple enough but if what we gain from it is simply the ability to use Sniffer I'm not sure it's superior to the mxGuard approach. I haven't looked at what would be involved (and have actually found a few things I like about inserting Sniffer in ahead of the rest of the processes) but being able to fully integrate Sniffer into the SmarterMail GUI and reporting might be more interesting than simply finding a free way of shoehorning it in. I say this until I wake up and find mxGuard out of business of course. I think it would be almost trivial to write something to replace mxGuard's ability to integrate Sniffer using the SmarterMail PROC hooks if something did go wrong but have appreciated the work David has done even if we don't use any of the other hooks any more so haven't had any interest in competing and at $100 my time is worth more to me in terms of doing it just for our own use. I understand it's probably a good move for ARM though as long as most SmarterMail sites do use SpamAssassin. -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Wednesday, June 09, 2010 3:29 PM To: Message Sniffer Community Subject: [sniffer] Re: Direct SmarterMail integration -- Some Testers ? On 6/9/2010 6:15 PM, David Moore wrote: > We use MX Guard / Invuribl / Sniffer combo would it be a matter of > removing Sniffer from the MXGuard.ini ? I would still like to use all > 3 options. Theoretically that should work... so that you don't call SNF twice. What SNF is going to do in the SM command line is simply add headers to the message. Then, you can add some rules to SMs SpamAssassin to convert those headers to weights. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
On 6/9/2010 6:15 PM, David Moore wrote: We use MX Guard / Invuribl / Sniffer combo would it be a matter of removing Sniffer from the MXGuard.ini ? I would still like to use all 3 options. Theoretically that should work... so that you don't call SNF twice. What SNF is going to do in the SM command line is simply add headers to the message. Then, you can add some rules to SMs SpamAssassin to convert those headers to weights. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
We use MX Guard / Invuribl / Sniffer combo would it be a matter of removing Sniffer from the MXGuard.ini ? I would still like to use all 3 options. Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +61(0)424 987 789 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - On 10/06/10 7:24 AM, Pete McNeil wrote: On 6/9/2010 4:24 PM, e...@insight.rr.com wrote: Pete, This is great news! Strictly speaking, this is not new... But, somehow, it's been overlooked. We are interested in improving this option as much as possible and looking into other options too. It would also be a better option if you are able to work with smarterTools directly and see about getting sniffer integrated as a built in call when enabled. We would love to do that. Please ask them about it so that they know their customers are interested in this !! We are ready to work with them to develop a tight integration with SNF whenever they are ready to go with it. We will also continue to contact them about this (we have several times already). Your solution will work for some, but we would require it to be built in vs the cmd line option as we use that for other software processing currently. What are the chances the command line option could be multiplexed in your case? Would that solve the problem? _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
On 6/9/2010 4:24 PM, e...@insight.rr.com wrote: Pete, This is great news! Strictly speaking, this is not new... But, somehow, it's been overlooked. We are interested in improving this option as much as possible and looking into other options too. It would also be a better option if you are able to work with smarterTools directly and see about getting sniffer integrated as a built in call when enabled. We would love to do that. Please ask them about it so that they know their customers are interested in this !! We are ready to work with them to develop a tight integration with SNF whenever they are ready to go with it. We will also continue to contact them about this (we have several times already). Your solution will work for some, but we would require it to be built in vs the cmd line option as we use that for other software processing currently. What are the chances the command line option could be multiplexed in your case? Would that solve the problem? _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
On 6/9/2010 4:08 PM, E. H. (Eric) Fletcher wrote: I'd be willing to take a shot at it in the dead of the night (when spam ratio is high) and if we get through that in production during the day. Is there any failsafe in place to remove it from the loop if it detects it is not performing as expected? Nothing special is in place (nothing automatic). SNFClient fails safe (returns 0) after 30 seconds or so if it cannot connect to SNFServer. That almost never happens though. Taking it "out of the loop" should be as easy as unchecking the box. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
Pete, This is great news! It would also be a better option if you are able to work with smarterTools directly and see about getting sniffer integrated as a built in call when enabled. SmarterTools added an option for declude integration a few years back and we have been waiting for a true integration within smarterMail. Your solution will work for some, but we would require it to be built in vs the cmd line option as we use that for other software processing currently. Kyle # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
I'd be willing to take a shot at it in the dead of the night (when spam ratio is high) and if we get through that in production during the day. Is there any failsafe in place to remove it from the loop if it detects it is not performing as expected? -Original Message- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Wednesday, June 09, 2010 12:02 PM To: Message Sniffer Community Subject: [sniffer] Re: Direct SmarterMail integration -- Some Testers ? On 6/9/2010 2:44 PM, Pete McNeil wrote: > Hello Sniffer Folks, > > We are working on testing and improving direct integration options > with Smarter Mail. Shamelessly responding to my own post, I thought I would point out: You do not need to re-install Message Sniffer to test this option. If you already have Message Sniffer installed then you can access it with SNFClient already. There is no need to disturb what you've already got running except perhaps to adjust how you are responding to what SNF finds. Best, _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
On 6/9/2010 2:44 PM, Pete McNeil wrote: Hello Sniffer Folks, We are working on testing and improving direct integration options with Smarter Mail. Shamelessly responding to my own post, I thought I would point out: You do not need to re-install Message Sniffer to test this option. If you already have Message Sniffer installed then you can access it with SNFClient already. There is no need to disturb what you've already got running except perhaps to adjust how you are responding to what SNF finds. Best, _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Direct SmarterMail integration -- Some Testers ?
Hello Sniffer Folks, We are working on testing and improving direct integration options with Smarter Mail. The current option is very simple. We've posted a Q&A about it here: http://www.armresearch.com/support/qa/integration/smarterMail.jsp If you are interested in testing this implementation, providing your insights, and helping us improve then please send us a note at our support@ address. Thanks! _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to