[sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Heimir Eidskrem
Anyway to stop this spam. We are getting hundreds of them. I have personally gotten 23. From - Wed Feb 15 07:51:25 2006 X-Account-Key: account3 X-UIDL: 384485764 X-Mozilla-Status: 0001 X-Mozilla-Status2: Received: from DM [206.53.51.56] by deepspace.i360.net (SMTPD-8.22) id A08B07E0;

Re: [sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Pete McNeil
On Wednesday, February 15, 2006, 8:53:27 AM, Heimir wrote: HE Anyway to stop this spam. HE We are getting hundreds of them. HE I have personally gotten 23. It's a challenging one... there is almost no data, and the geocities link is constantly different. I've written another abstract to cover

[sniffer] False Positive - RESEND

2006-02-15 Thread Steve Guluk
Hello, Could you please tell me what would cause an email to fail rule # 831417 This was a good email flagged this morning and deleted. Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription

RE: [sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Markus Gufler
Heimir, It's not a Sniffer-related answer but I personaly use a combination of a text filter file (looking for known geocities-links) and the IP-blacklist SORBS-DUHL (who contains dialup ip-ranges). As all my customers are connecting with SMTP-Auth or from known IP-ranges I can whitelist them. So

Re: [sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Bonno Bloksma
Hi Pete, [] If you wish, it is possible to create a local black rule for any geocities link. On many ISP systems this would cause false positives, but on more private systems it may be a reasonable solution. I think I could use such a black rulw without getting to may FPs, but in which

Re: [sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Heimir Eidskrem
would you share your filters? I assume Declude filters. Cordially, Heimir Eidskrem i360, Inc. 2825 Wilcrest, Suite 675 Houston, TX 77042 Ph: 713-981-4900 Fax: 832-242-6632 [EMAIL PROTECTED] www.i360.net www.i360hosting.com www.realister.com Houston's Leading Internet Consulting Company

Re[2]: [sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Pete McNeil
On Wednesday, February 15, 2006, 11:02:11 AM, Bonno wrote: BB Hi Pete, BB [] If you wish, it is possible to create a local black rule for any geocities link. On many ISP systems this would cause false positives, but on more private systems it may be a reasonable solution. BB I think I

RE: [sniffer] [Fwd: Diann Helms]

2006-02-15 Thread Markus Gufler
would you share your filters? I assume Declude filters. Yes. Attached is the original message from Scott Fisher regarding the geocities-filter file. (I call it GEOCITIESLINKS) I've replaced each weight (100 and 75 points) with 0. So this test will add no weight to the final result. In

[sniffer] 404 on rulebase file downloads: new cleanup code

2006-02-15 Thread Pete McNeil
Hello Sniffer folks, A surprising number of folks have asked about receiving 404 errors when downloading their rulebase files. In all of these cases their license has expired. I recently added some new code to the server that delivers rulebase files. The code removes any rulebase file

Re: [sniffer] False Positive

2006-02-15 Thread Pete McNeil
Answered off-list _M On Tuesday, February 14, 2006, 2:07:48 PM, Steve wrote: SG Hello, SG Could you please tell me what would cause an email to fail rule # 831417 SG This was a good email flagged this morning and deleted. SG Regards, SG Steve Guluk SG SGDesign SG (949) 661-9333 SG ICQ:

[sniffer] False Positives

2006-02-15 Thread Kevin Rogers
My users have been getting a lot of FPs by Sniffer lately. They send me the email with the FULL HEADERS displayed and I forward this email on to SortMonster. The program they use to analyze incoming submissions check MY email headers, determine that SNIFFER was not at fault and sends me back

RE: [sniffer] False Positives

2006-02-15 Thread Jay Sudowski - Handy Networks LLC
Search your sniffer logs and include the log lines for that particular message. -Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Wednesday, February 15, 2006 3:55 PM To: sniffer@SortMonster.com Subject: [sniffer] False Positives

Re: [sniffer] False Positives

2006-02-15 Thread Pete McNeil
On Wednesday, February 15, 2006, 3:54:50 PM, Kevin wrote: KR My users have been getting a lot of FPs by Sniffer lately. They send me KR the email with the FULL HEADERS displayed and I forward this email on to KR SortMonster. The program they use to analyze incoming submissions check KR MY email

RE: [sniffer] False Positives

2006-02-15 Thread Robert Grosshandler
The X-SNF header. Sounds like a good idea. Is there a cheat sheet someplace for making that happen, if possible, in a Declude / Imail environment? Thanks ahead of time, Rob --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For

RE: [sniffer] False Positives

2006-02-15 Thread Jim Matuska Jr.
Pete, Is there anyway to get an automatic response similar to the one listed below for the FP address, but for submissions to your spam@ address? It would be nice to get some feedback when submitting spam. Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL

Re: [sniffer] False Positives

2006-02-15 Thread Computer House Support
I second the motion. We have been submitting spam for over a year and I don't know if a single one was received. Thank you Jim, for the suggestion. Michael Stein Computer House www.computerhouse.com - Original Message - From: Jim Matuska Jr. [EMAIL PROTECTED] To:

Re[2]: [sniffer] False Positives

2006-02-15 Thread Pete McNeil
On Wednesday, February 15, 2006, 4:32:14 PM, Robert wrote: RG The X-SNF header. Sounds like a good idea. Is there a cheat sheet someplace RG for making that happen, if possible, in a Declude / Imail environment? RG Thanks ahead of time, In the distribution the option is described in the .cfg

Re[2]: [sniffer] False Positives

2006-02-15 Thread Pete McNeil
Jim, Not at this time. The two processes are entirely different. The False Positives process is highly interactive. The standardized responses were implemented to allow for some automation on both sides. Spam submissions are always treated as anonymous for security reasons and also because of

Re[2]: [sniffer] False Positives

2006-02-15 Thread Pete McNeil
On Wednesday, February 15, 2006, 4:48:43 PM, Computer wrote: CHS I second the motion. We have been submitting spam for over a year and I CHS don't know if a single one was received. In general, if you've not received an error during delivery, we most certainly got your message... it may have