Re: [sniffer]Concerned about amount of spam going through
I only see Sniffer catching about 30% of SPAM and that's the highest it's ever been. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Michiel Prins Sent: 06 June 2006 08:11 To: Message Sniffer Community Subject: [sniffer]Concerned about amount of spam going through Crew, I'm a bit concerned about the amount of spam that Sniffer's not getting. It used to be a near 99% catch rate, but now it looks like it's down to 70%...? I opened my own mailbox this morning and saw 5 false negatives, while 11 others were caught by Sniffer. Haven't checked with my clients yet, but I think it will be the same. Is there an explanation, besides another spam storm? Groet, Michiel # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
Re: [sniffer]AW: [sniffer]AW: [sniffer]Concerned about amount of spam going through
We just use a single test, we don't categorise. If SNIFFER returns a result we weight it. However, SNIFFER oftens returns a zero result when the email is obviously junk i.e. SNIFFER returns a positive result (spam) in about 30% of all identified junk mail. SNIFFER external nonzero \declude\sniffer\sniffer.exe 23 0 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: 06 June 2006 11:17 To: Message Sniffer Community Subject: [sniffer]AW: [sniffer]AW: [sniffer]Concerned about amount of spam going through Hi There mus be something wrong with your configuration of the sniffer test(s) Here are my numbers from yesterday based on 24462 processed messages DateTestSS SH HH HS IMP 0605SNIFFER-TRAVEL 12 0 0 23 2 0605SNIFFER-INSUR 4 0 0 0 0 0605SNIFFER-AV 0 0 0 0 0 0605SNIFFER-MEDIA 13450 0 0 8 0605SNIFFER-SWARE 73 0 0 0 0 0605SNIFFER-SNAKE 83860 0 0 9 0605SNIFFER-SCAMS 138 0 0 2 3 0605SNIFFER-PORN908 0 0 1 3 0605SNIFFER-MALWARE 12 0 0 2 3 0605SNIFFER-INK 2 0 0 0 0 0605SNIFFER-RICH28650 0 2 219 0605SNIFFER-CREDIT 363 0 0 0 1 0605SNIFFER-CASINO 300 0 0 0 0 0605SNIFFER-GENERAL 28810 0 41 41 0605SNIFFER-EXP-A 450 0 0 36 7 0605SNIFFER-OBFUSC 4 0 0 5 0 0605SNIFFER-EXP-IP 28 0 0 8 5 SS Sniffer says spam, final result too SH Sniffer says spam, final result not HH Sniffer says ham, final result too HS Sniffer says ham, final result not IMP Sniffer says spam and final result is slight above the hold weight. (This column is a part of the SS-column: 100-150% of hold) So a.) it's an important test because it's able to bring the spam above the hold weight and without this test it wasn't hold as spam. or b.) it's a risky test because it brings legit messages above the hold weight What result codes are you using in your test configuration? (please not publish your sniffer-id!) Markus -Ursprüngliche Nachricht- Von: Message Sniffer Community [mailto:[EMAIL PROTECTED] Im Auftrag von David Waller Gesendet: Dienstag, 6. Juni 2006 11:51 An: Message Sniffer Community Betreff: Re: [sniffer]AW: [sniffer]Concerned about amount of spam going through Of all SPAM identified SNIFFER is finding about 30%. We see an awful lot of junk email not being caught by SNIFFER, it's being processed by Declude and failing some technical tests but not by SNIFFER. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: 06 June 2006 09:41 To: Message Sniffer Community Subject: [sniffer]AW: [sniffer]Concerned about amount of spam going through I only see Sniffer catching about 30% of SPAM and that's the highest it's ever been. 30% of spam or 30% of all processed messages? Sniffer is still one of the best tests in my arsenal. Markus # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail
[sniffer] Re: SPAM Problems
Filippo, We had a similar problem. Due to the huge volumes of spam we found our mail server becoming less able to deal with email. Imail/Declude/Sniffer is expensive in processor terms when processing email and we found the best was to pre-process mail filtering using Greylisting (we used Vamsoft in IIS SMTP but others exist). This has dramatically reduced the load on our server and seems to stop the bulk of spammers and mail harvesters Hope this helps. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Filippo Palmili Sent: 23 October 2006 10:18 To: Message Sniffer Community Subject: [sniffer] SPAM Problems Hello Pete, since friday our mail server is overwhelmed by a very lot of spam messages. Because of this the spool of my IMail Server gets full and it actually get stuck. Do you have any hint that can help me to fix this problem? Filippo Palmili # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SPAM Problems
Dodd, From what I can tell it's a propriety format although I've not done any research to validate this. Greylisting expiration is user controlled. Rejection time for unknown senders is specified in seconds and recordlife time in hours. Both appear to be unlimited. See www.vamsoft.com for further info. Hope this helps. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Technical Support Sent: 23 October 2006 13:10 To: Message Sniffer Community Subject: [sniffer] Re: SPAM Problems David, What sort of database does OFR use adn do you know if the expiration of address's can be edited? thanks dodd - Original Message - From: David Waller [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Monday, October 23, 2006 6:14 AM Subject: [sniffer] Re: SPAM Problems Filippo, We had a similar problem. Due to the huge volumes of spam we found our mail server becoming less able to deal with email. Imail/Declude/Sniffer is expensive in processor terms when processing email and we found the best was to pre-process mail filtering using Greylisting (we used Vamsoft in IIS SMTP but others exist). This has dramatically reduced the load on our server and seems to stop the bulk of spammers and mail harvesters Hope this helps. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Filippo Palmili Sent: 23 October 2006 10:18 To: Message Sniffer Community Subject: [sniffer] SPAM Problems Hello Pete, since friday our mail server is overwhelmed by a very lot of spam messages. Because of this the spool of my IMail Server gets full and it actually get stuck. Do you have any hint that can help me to fix this problem? Filippo Palmili # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Declude header not modified correctly
Joe, We use SmarterMail as our POP3/Web mail interface. It doesn't have all the features of IMail but they do appear to be more responsive - for now. In essence our new configuration (still under review and testing) is MX primary record points to IIS SMTP with ORF (Vamsoft) dealing with first stage SMTP spam filtering then second level with POP3 and web mail handled by SmarterMail on a separate server. This works for us so far, we're processing around 200,000 emails a day now most (98.6%) of which are blocked at first delivery attempt using ORF (constant checking on logs at the moment to check for false positives etc.) the 20-30k that get through the first level are handled by the POP3 mail server. The one problem we've found with greylisting is the difficult in providing redundant MX records, we've not yet found a solution to this except to have standby server ORF server configured but it's not ideal. You do have to be aware that greylisting introduces a delay and not all legitimate MTA's respond to greylisting very well. http://en.wikipedia.org/wiki/Greylisting. We still use Imail/Declude with Sniffer for now as well and the CPU load on that server has gone from 90%+ to around 25% (dual Xenon). CPU loading on IIS SMTP server is neglible around 2-5% (Single DuoCore). We plan to move Declude to run under SmarterMail with Sniffer and then fully migrate from Imail once we are happy that this configuration is stable and responsive. So far so good. We're still evaluating whether or not we drop Declude altogether and run Sniffer as an agent under ORF. We don't like to block but the volume of SPAM is making it more difficult to choose not to, Declude makes it easy to weight but they (Declude) are not so responsive these days and are getting expensive to run. You can do very much the same with *nix solutions as well although we have no practical experience of this although I'm sure others on the list would be willing to advise. Hope this helps. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: 25 October 2006 12:16 To: Message Sniffer Community Subject: [sniffer] Re: Declude header not modified correctly David, Thanks for the info! I've never heard of ORF, but it sounds interesting. I really like the interface and reporting... a huge improvement over Imail. I know Microsoft SMTP is pretty fast. Is there a decent POP3 / IMAP client available. I just don't know much about the service. What features will your new system be missing when compared to Imail? Very interested. -Joe - Original Message - From: David Waller [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Wednesday, October 25, 2006 4:54 AM Subject: [sniffer] Re: Declude header not modified correctly You can run Sniffer under Vamsoft ORF running under IIS SMTP this is good for your incoming. Vamsoft can run other agents such as anti-virus, invURIBL SpamAssassin. We're moving away from Imail and Declude, Imail because it's expensive and Declude because it's expensive and they don't respond to support emails from this registered user. I am disillusioned with Declude, they started with a very good service but since they've gone all corporate things have gone down hill ever since. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: 25 October 2006 00:17 To: Message Sniffer Community Subject: [sniffer] Re: Declude header not modified correctly I have this problem as well, but I'm running an older version of Declude. As far as I know there's no way to fix the problem other than supposedly the newest version fixes the issue. I'm not going to spend another penny on Declude so I'm stuck with the problem unless I switch mail servers. Declude went down hill when the new owners took over. They have a group of worshopers on their list that attacks anyone critical of management which makes it impossible to give critical information on the product. I love Sniffer. I wish all products worked as good as Sniffer does. I just wish it didn't run underneath a third party plug in (Declude) to run on Imail or Smartermail. Does anyone know of a different mail server that's EASY to use that offers the features of Imail and doesn't require Declude to run Sniffer? Thanks, -Joe - Original Message - From: Herb Guenther mailto:[EMAIL PROTECTED] To: Message Sniffer Community mailto:sniffer@sortmonster.com Sent: Tuesday, October 24, 2006 6:11 PM Subject: [sniffer] Re: Declude header not modified correctly Just as a follow up, I have not had any email returned from Declude in the last 4 business days. So, they are just ignoring the problem even tho the tools are all doing their part to identify the messages are spam, the header mod is useless so it goes right thru the filters. So their answer was to have me update
[sniffer] Re: Declude header not modified correctly
Yes, we do it expires June 2007. Still waiting for a response for a support email sent on the 4/10/2006 with a kick-up-the-bum reminder sent on the 16/10 - only the initial automated response received so far. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House Support Sent: 25 October 2006 14:11 To: Message Sniffer Community Subject: [sniffer] Re: Declude header not modified correctly David Waller wrote: they don't respond to support emails from this registered user... Dear David, I am curious to know if you have an active Service Agreement with Declude? Among the hundreds of vendors that I deal with, I found their support to be one of the best. I seldom wait more than an hour for a response. Michael Stein Computer House # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Yahoo! Is Retarded
With the caveat Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. That's the way to do it - Punch and Judy David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Hickman Sent: 26 October 2006 15:24 To: Message Sniffer Community Subject: [sniffer] Yahoo! Is Retarded Now, my word choice of 'Retarded' is merely to illuminate the slowness of Yahoo! in regards to this issue and the severity of their decision and not to indicate that they are mentally handicapped which is an accusation for which I have no basis. However, as evidence of this, please review the following URLs: http://ca.answers.yahoo.com/question/index?qid=20061024160658AAAh0QY http://answers.yahoo.com/question/index?qid=20061024080547AAf54ah Jonathan Hickman # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Stock spam
On the sub topic of increased spam rates we're seen a 10x increase from 30-40k per day to 250-450k per day in over the last 3 months, none of this due to increased customer count :( -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: 12 December 2006 17:43 To: Message Sniffer Community Subject: [sniffer] Re: Stock spam # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: New reference settings for GBUdb ranges.
Hi, I think I must have missing something or been asleep. I've had a look at the Sniffer site and to be honest I don't fully understand what GBUdb is. I've read the technical details page but I don't see how it fits into the whole scheme of things, if it's useful to me, and if it is, how to implement it. I understand what it's trying to acheive but I can't see beyond that. David # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
