[sniffer] SPAM Problems
Hello Pete, since friday our mail server is overwhelmed by a very lot of spam messages. Because of this the spool of my IMail Server gets full and it actually get stuck. Do you have any hint that can help me to fix this problem? Filippo Palmili # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: SPAM Problems
Hello Pete, witch file (Global.cfg, Virus.cfg) have the AVAFTERJM option? I'm using Declude 2.06.16 with IMail Server 8.05 Filippo At 14:45 23/10/2006, you wrote: Hello Filippo, Monday, October 23, 2006, 5:18:02 AM, you wrote: Hello Pete, since friday our mail server is overwhelmed by a very lot of spam messages. Because of this the spool of my IMail Server gets full and it actually get stuck. Do you have any hint that can help me to fix this problem? There are a number of tricks to tuning IMail/Declude setups (I'm guessing from other posts that this is what you have). Using the AVAFTERJM option in Declude reduces system loads by only scanning messages for viruses after they have passed all of the spam tests. Since spam can easily be 90% of traffic these days this one option can save quite a bit of CPU for other tests. You will have to be careful to scan anything you release from quarantine for viruses however. Through enlightened experimentation I have determined that low numbers in queue manager provide much better throughput. I have an IMail server that I use to process inbound spam and to test SNF. This single p4/2.4G CPU consistently handles 10 messages per second on average. By pushing this box to the edge (frequently) I have learned a few things about tuning it. My queue manger settings are: Listening Threads: 4 Retry Threads: 5 Delivery Threads: 8 Your mileage may vary!! -- The reason small numbers may be better than large ones is that your CPU(s) can really only process a handfull (about 2 per CPU on average) of threads concurrently. Any additional threads must wait and the OS must schedule them and resolve resource conflicts etc... That amounts to extra work. Keeping the number of threads small reduces overhead and allows the threads that are running to get more done. One of our early boxes (now defunct) used Declude/Imail/SNF on NT4 - it was purposefully underpowered. On that box we discovered that running a local copy of Bind as a resolver and making 127.0.0.1 our primary DNS server improved performance quite a bit. Along these lines, be sure that long-running DNS queries are removed--- that is, if you have a DNS based test that takes a while to return then you're probably better off without it. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Increase spam
What's going on with the Sniffer settings? In last days I'm receiving so many spam mails, it looks like the Sniffer is not working. Please advise Thanks Filippo
[sniffer] Fwd: Newsletter HiTech Insider - n. 317 - 11/10/2006
Please include this on the sniffer rules. Thanks Filippo thread-index: Acbs16ua41RVu3lDTDG9YCuK+hb+nw== Thread-Topic: Newsletter HiTech Insider - n. 317 - 11/10/2006 From: Duke Editore [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Newsletter HiTech Insider - n. 317 - 11/10/2006 Date: Wed, 11 Oct 2006 03:50:46 +0200 X-Mailer: Microsoft CDO for Windows 2000 Priority: normal X-OriginalArrivalTime: 11 Oct 2006 01:50:46.0981 (UTC) FILETIME=[ABB94F50:01C6ECD7] X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 213.215.180.72 with no reverse DNS entry. X-RBL-Warning: FILTER-SUBJECT: Message failed FILTER-SUBJECT test (line 20, weight 2) X-Declude-Sender: [EMAIL PROTECTED] [213.215.180.72] X-Declude-Spoolname: D4E3F0642028A74ED.SMD X-Declude-Scan: Score [8] at 03:52:03 on 11 Oct 2006 X-Declude-Tests: REVDNS, FILTER-SUBJECT X-RCPT-TO: [EMAIL PROTECTED] Newsletter HiTech Insider - n. 317 - 11/10/2006 - Gruppo Editoriale Duke Italia Se ci sono problemi di visualizzazione clicca qui Iscrizione - Cancellazione Newsletter Dalla redazione di Hi Tech Insider - I server high density entrano nel mirino delle normative per i consumi elettrici? - Sviluppo: come nel caso del Web 2.0, contestato il termine SOA 2.0 - DRM (Digital Rights Management) contro DRM (Digital Restrictions Management): chi ha ragione? Per i testi di questa sezione Archivio delle newsletter precedenti - Dossier On Demand - Internet per le imprese Anteprima digitale pdf - 1,5 MB Dalla redazione di Windows .NET Magazine - Perché il patch management è essenziale in una politica di prevenzione attiva - Virtualizzare o non virtualizzare? Ecco i casi in cui non è la soluzione ideale - Microsoft e Intel a rischio antitrust; Google spendacciona nel multimediale Supplemento sulla sicurezza (di Dario Forte): - Nuove patch per Windows, Office e .NET - Fine del supporto di XP SP1 (con scappatoia) Per i testi di questa sezione Archivio delle newsletter precedenti - Copia saggio rivista - Le notizie di Windows .Net Magazine Anteprima digitale pdf - 4,1 MB Dalla redazione di iSeries NEWS - Anticipazioni sulle novità 2007, dal Power6 ai 4/5 GHz e otto core - Nuovi dettagli sulle funzionalità supportate da i5/OS V5R5 - I punti di forza del System i: discussioni sul suo passato, presente e futuro (Java-PHP?) Per i testi di questa sezione Archivio delle newsletter precedenti - Copia saggio rivista - Le notizie di iSeries News Anteprima digitale pdf - 2 MB Dalla redazione di Linux Journal - Ma quale crescita rallentata! Linux cresce rapidamente anche in ambiente desktop - Il pinguino inizia ad accorgersi di Niagara - Anche Mandriva e Slackware si lanciano nelle soluzioni Linux di fascia desktop Per i testi di questa sezione Archivio delle newsletter precedenti - Copia saggio rivista - Le notizie di Linux Journal Elenco dei dossier on demand Dalla redazione di Hi Tech Insider - IT low-cost: alcuni utili consigli sull'arte del taglio dei costi - Ormai lo spamming è un'industria che utilizza gratis come dipendenti i PC zombie - Gli attuali browser bloccano lo sviluppo delle nuove tecnologie in rete? Per i testi di questa sezione - Archivio delle newsletter precedenti - Copia saggio riviste Duke Elenco di tutti i corsi professionali I corsi professionali multimediali di Duke Italia - Le Nuove Minacce: Pharming e Phishing (11 Slide) - Risoluzione dei Problemi in Rete - Parte I (14 Slide) - I nemici dell'utente IT: Phishing, Virus e Worms (16 Slide) Elenco completo dei corsi pubblicati - Dove trovare un corso di saggio Vuoi leggere i numeri precedenti? Ecco l'archivio Questa newsletter e' stata inviata a 80.160 lettori: aiutateci a farla conoscere inviandone una copia a un conoscente che fosse interessato! Riservato esclusivamente ai Responsabili di Sistemi Informativi e specialisti ICT aziendali: se non conoscete le nostre riviste, potete chiederci l'invio gratuito di un numero di saggio Il Gruppo Editoriale Duke Italia garantisce il rigoroso rispetto del Dlgs 196/03 (testo unico privacy) e che la mailing list verra' utilizzata solo per finalità editoriali. Copyright 2006. Proprieta' riservata. Registrazione del Tribunale di Milano n. 40 del 29/01/1996 Direttore responsabile: Enrico Ortensi Hanno collaborato: Andrea Desantis - Luca Losio - Marco Ortisi - Paolo Piacentini Se non desideri ricevere la nostra newsletter, CLICCA QUI!
[sniffer] Help for AutoSNF
Hello Pete, in witch time on day you suggest to schedule the autosnf.cmd task? Please let mw know. Thanks Filippo # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Fwd: Re: Prima esperienza di striptease e poi sesso anale trovi qui
Hello, please include in rules this SPAM. regards Filippo From: Cathryn Jacob [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Prima esperienza di striptease e poi sesso anale trovi qui Date: Thu, 3 Aug 2006 01:50:42 -0700 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: zLXJg6HuDzqMclr4k7Bd0reN24JCB07o9zFJ X-RBL-Warning: MAILPOLICE-PORN: References pornography. See http://rhs.mailpolice.com/lookup/hotbox.com X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-RBL-Warning: SUBJECTCHARS: Subject with at least 50 characters found. X-RBL-Warning: WEIGHT10: Weight of 13 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [213.217.149.74] X-Declude-Spoolname: DB9430B7100F052A1.SMD X-Declude-Scan: Score [13] at 10:52:58 on 03 Aug 2006 X-Declude-Tests: MAILPOLICE-PORN, ROUTING, SUBJECTCHARS, WEIGHT10 X-RCPT-TO: [EMAIL PROTECTED] Yo Minnocen! Video con ragazze timide, che giocano con le mani con sue fighe e godono insieme. http://www.geocities.com/westbrook8390 +++- Prodigiosamente giovane sesso, free movie giovani teens. ... ... Non siete curiosi? __ compel crewcut bonn burdensome coast beauty carthaginian credible brahmaputra ark debbie bookieclove antenna britches brine calumet abetting Thu, 3 Aug 2006 01:50:42 -0700
[sniffer] Re: Help
My mail server have the relay activated only for certain IP address and networks. Filippo At 17:44 27/07/2006, you wrote: *** Do you know anything about these attacks? Is there a way to stop it? Until now I banned the generating ip address and manually delete the queue, but the generating address changes. *** You must select No Mail Relay or Relay Mail for Addresses on the SMTP security tab to prevent this type of attack. Any users that are not local will have to select my server requires authentication in order to be able use your servers. Good luck, Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
Whese: #= WHITELISTS === #WHITELISTHABEAS PREWHITELIST ON WHITELISTAUTH #WHITELISTLOCAL #(PRO version only) enables addresses in the web address book to automatically be white listed. #AUTOWHITELISTON # - Domain Example -WHITELIST FROM @declude.com # - User Example -WHITELIST FROM [EMAIL PROTECTED] # - IP Example - #WHITELISTIP 63.246.13.90 # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain Filippo At 18:06 27/07/2006, you wrote: *** My mail server have the relay activated only for certain IP address and networks. Filippo *** Sorry, I didn't read your message close enough. What whitelist settings do you have in global.cfg? Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
Re: Re[2]: [sniffer] problems!!!!
What is the correct Sniffer string in Declude Global.cfg file. SNIFFER external nonzero d:\imail\declude\sniffer\sniffer.exe code12 0 of SNIFFER external nonzero d:\imail\declude\sniffer\sniffer.exe code10 0 Thanks Filippo
[sniffer] Help
Hello, What's going on with rules? Today for 100 blocked by Sniffer more than 10 where really legitimate. Please advise. Thanks Filippo
[sniffer] Help Help
Hello, What's going on with rules? Today for 100 blocked by Sniffer more than 10 where really legitimate. Please let me know. Thanks Filippo
[sniffer] German SPAM
Hello, In these recent days we receive mails with German text inside and are high level SPAM, but nor Junkmail neither Sniffer can block. Is there a way to? Please advise. Many thanks Filippo Palmili SysAdm Logos S.p.A.