On Saturday, January 8, 2005, 7:47:14 AM, Kirk wrote:
KM I'm still getting a ton of spam that, theoretically, I shouldn't be
KM seeing. Stuff such as Tadalafil Soft Tabs ads that are identical to
KM samples I've forwarded to [EMAIL PROTECTED] multiple times in the last
KM week, yet are still
On Saturday, January 8, 2005, 12:45:50 PM, Kirk wrote:
KM I've gone through some and haven't found any commonality by sender, etc,
KM but it seems that some are getting through that I'd have expected to get
KM triggered on the subject line alone. For example:
KM Tadalafil Soft Tabs - Great
On Saturday, January 8, 2005, 1:20:02 PM, Kirk wrote:
KM At 01:04 PM 1/8/2005 -0500, Pete McNeil wrote:
On Saturday, January 8, 2005, 12:47:21 PM, Kirk wrote:
KM Is there any tool available with which to analyze sniffer logs to
KM get any
KM kind of count on the number of hits, etc?
Here's
On Monday, January 10, 2005, 11:34:44 AM, Matt wrote:
M I just wanted to add some stats that I thought might be of
M some use here. I gathered info on my block rates over the past
M three days and compared my Sniffer hits to them. There has been no
M measurable change to my system with an
On Monday, January 10, 2005, 3:05:18 PM, Phillip wrote:
PC How do you use both Sniffer and SURBL together? What else is required.
On most platforms SNF is integrated through, or in front of other
anti-spam / anti-virus software. For example, SNF is frequently placed
in front of SpamAssassin, or
On Monday, January 10, 2005, 7:17:29 PM, Andrew wrote:
CA Pete, I thought that you had said at one point that SortMonster fetches
CA one or more SURBL zones and incorporates those as spam data for Message
CA Sniffer?
CA It seems like a great idea to me. But then, from my distance, a lot of
CA
On Wednesday, January 19, 2005, 9:02:02 PM, Pete wrote:
PM On Wednesday, January 19, 2005, 8:00:41 PM, Chuck wrote:
CS It appears that emails from statefarm.com are all being failed by
CS SNIFFER-OBFUSCATION code 61. It appears from multiple senders and to
CS multiple recipient domains. Any
On Wednesday, January 19, 2005, 8:00:41 PM, Chuck wrote:
CS It appears that emails from statefarm.com are all being failed by
CS SNIFFER-OBFUSCATION code 61. It appears from multiple senders and to
CS multiple recipient domains. Any thoughts??
Update.
I've just removed a rule that matches
On Thursday, January 20, 2005, 10:15:23 AM, Chuck wrote:
CS Pete:
CS Thanks for looking. It was very strange because it was such varied messages
CS from general correspondence, quotes. and personal correspondence. I put a
CS little negative weight in for statefarm.com which should keep it from
On Monday, January 24, 2005, 4:35:29 AM, Bonno wrote:
BB Hi,
BB
BB When I started using sniffer, April 2004, uploading the log
BB took about 20 seconds. Then on June 19th 2004 it suddenly took
BB over 13 minutes. After that it has consistently taken arround 13
BB minutes to upload the small
it in such
numbers before. Something interesting is definitely going on.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http
in a spam-noc
mode for at least the next several hours. This may delay other
support requests for a bit.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information
That is odd... I didn't believe it at first, but I looked in my
deleted box and sure enough I don't see any new mail from there in a
while.
I don't think anything's going on... though it is an odd silence.
Maybe just the weekend + the show/ice.
_M
On Monday, January 24, 2005, 12:31:33 PM,
On Friday, January 28, 2005, 7:42:54 PM, Goran wrote:
GJ OK I will ask. What is MDLP?
Slowly but surely, the cat is peeking out of the bag.
MDLP = Modular Declude Log Processing.
It is an analysis tool and AutoTune AI for Declude that I've been
working on for some time --- there are a number
On Sunday, January 30, 2005, 1:46:49 AM, Chuck wrote:
CS Unable to connect to sortmonster for updates. Please let me know if it is
CS us or is something wrong.
We had a pair of switches go down. It's been fixed now and should be
ok. I just got back from the fix.
Best,
_M
This E-Mail
On Sunday, January 30, 2005, 1:52:34 AM, Chuck wrote:
CS Just tried routing through 2 other backbones. The updates are not
CS responding.
Sorry for the trouble.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
On Saturday, January 29, 2005, 9:15:23 PM, Glenn wrote:
GR This is question is a little off subject, but do you have any
GR recommendations for Imail queue manager settings? We are running Sniffer
GR with declude 1.82 under Imail 8.15 and the server seems to bog down
GR sometimes.
It is likely
On Monday, January 31, 2005, 12:28:00 PM, Landry wrote:
LW Well, after a second look (reviewing the headers), it looks like the message
LW got hung-up in the convoluted mess of internal mail gateways that Siemens
LW maintains (which I have no control over). Sorry for the noise...!
Whew!
On Wednesday, February 2, 2005, 3:09:27 PM, Chuck wrote:
CS Anyone else seeing this?
Be sure to submit them.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
goes well some critical pieces may move
this weekend... so keep this in mind if you see something weird.
Apologies in advance for any unavoidable confusion or interruptions.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com
On Thursday, February 3, 2005, 10:24:31 PM, William wrote:
WVH Pete,
WVH Do you have a list of IP addresses or networks that I can whitelist in my
WVH anti-spam filters for any messages that may originate from you or the
WVH mailing list regarding Sniffer/SortMonster?
You should be safe by
On Tuesday, February 8, 2005, 3:20:25 PM, Bill wrote:
BGdS I have started seeing this line repeated in the persistent sniffer command
BGdS window.
BGdS ERROR_LOGFILE: Bad Lock During Logging
BGdS c:\imail\declude\sniffer\mycode.log
BGdS It looks like the error has been happening once a day for
On Thursday, February 10, 2005, 12:35:24 PM, Marc wrote:
MC Is it just me or are all the lists (Imail, Declude V and JM and this one
MC offline??)
It's just you :-)
It's just quiet.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
in the face of any
kind of temporary interruption. At most you might see a slight
increase in spam leakage if/when rulebase updates are delayed.
---
Thanks to all of you for your support and patience.
See you on the other side ;-)
Thanks,
_M
Pete McNeil (Madscientist)
President
Hello sniffer,
Will anyone who is not still alive please raise your hand
anyone?
All joking aside: We are finished with all of the heavy parts of our
move now and as far as I can tell everything important is working as
it should.
Please let us know how we did.
Thanks,
_M
Pete
On Friday, February 18, 2005, 12:43:14 PM, Computer wrote:
CHS Hi Sniffer Folks,
CHS
CHS Here's an interesting article:
CHS http://www.technewsworld.com/story/39578.html
I think this is a rehash of a story that showed up a few weeks ago.
One of the advantages of SNF is that it doesn't use
On Saturday, February 19, 2005, 4:38:41 AM, Pete wrote:
PM On Saturday, February 19, 2005, 1:20:39 AM, ron wrote:
rdc Hi folks,
rdc I think I have ended up on some sort of private email list. Can you please
rdc remove [EMAIL PROTECTED] and [EMAIL PROTECTED] from your mail list.
PM I found and
On Saturday, February 19, 2005, 11:19:32 AM, Keith wrote:
KJ Is there a easy way to determine the Sniffer version you are
KJ running (i.e. command line or the like)? Thanks for the aid.
If you run the SNF executable on the command line by itself it will
tell you the version and build
On Saturday, February 19, 2005, 1:28:14 PM, Dave wrote:
DK I am all in favor of a SUPPORT list to announce timely
DK notifications of problems. solutions and/or changes to your
DK product or services. However, the threads Ive been seeing here
DK lately are 'iMail' specific or involve theoretical
On Saturday, February 19, 2005, 2:05:09 PM, Matt wrote:
M Pete,
M Being guilty of being 'chatty' myself, I still second this idea. I
M would much prefer to pick through an occasional message dealling with
M global announcements regarding the service than picking through both
M discussions as
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
our web site,
uploading logs or downloading rulebases if this happens during one
of these short outages.
We apologize in advance for any inconvenience.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail
On Monday, March 7, 2005, 3:13:40 PM, Phillip wrote:
PC I have been running the demo version of sniffer for about a month or so to
PC try it out before we buy it and have a few questions.
PC 1. Right now all of the spam is going into a directory called spam, since I
PC am getting about 12,000
On Monday, March 7, 2005, 6:40:52 PM, Frederick wrote:
FS I am seeing a large amount of SPAM Pass Sniffer today.
FS Am I alone.
I didn't see this. According to MDLP the first half of the day (at
least) was right in the normal range - about 98.5% of spam captured.
On Monday, March 7, 2005, 7:00:40 PM, Frederick wrote:
FS No errors. Just SPAM showing as clean.
Be sure to forward / redirect them to the spam@ address if you haven't
already. I'll be making another run in an hour or so - I'll look
closely at anything that doesn't get tagged on the way to me.
On Wednesday, March 9, 2005, 2:59:24 PM, Jonathan wrote:
JS I currently forward all spam from my email account can I add
JS a second address that will be able to forward spam as well?
JS
Yes. You can forward spam from any account you wish. Spam submissions
are considered anonymous and suspect
On Thursday, March 10, 2005, 9:45:11 AM, Mike wrote:
MW When I send messages to the [EMAIL PROTECTED] Can I send these as
attachments. I
MW use outlook and SpamSource http://www.daesoft.com to send to both spamcop
MW and sortmonster. I think you said at one time they had to be individual
MW
On Monday, March 14, 2005, 12:47:33 PM, Nick wrote:
NM Hi there
NM We've just undergone a migration of a 1,000 domain iMail server to
NM SmarterMail (for obvious reasons!), and using Declude and Sniffer on the new
NM system.
NM However, occasionally we see Sniffer jumping out of its perpetual
On Tuesday, March 15, 2005, 1:36:31 PM, Rick wrote:
RH All of a sudden today Sniffer has started taking emails sent between users
RH within a single domain and putting them in our hold system. Any ideas why
RH this might happen and also how I can add a rule so that does not become a
RH problem on
On Wednesday, March 16, 2005, 9:01:34 AM, Nick wrote:
NM Pete
NM OK, I now have much more information on this problem with
NM Declude/Sniffer/SmarterMail.
NM It seems the current version of Declude does not have an Overflow Directory
NM for SmarterMail, which therefore allows unlimited Declude
On Wednesday, March 16, 2005, 2:05:00 PM, Goran wrote:
GJ OK that is for hardware level RAID. I had thought that you would offset
GJ the extra processing time by being able to write less to each drive.
GJ Now does anyone know how much overhead Windows 2000/2003 software RAID 1
GJ on dynamic
On Tuesday, March 22, 2005, 8:31:07 PM, Andrew wrote:
snip/
CA How many times have we all been frustrated that a piece of spam ending
CA up in *OUR* mailbox that was s close in content to spam we whacked
CA yesterday?
CA I thought the top n obfuscations might be interesting to look at, and
On Wednesday, March 23, 2005, 6:04:10 PM, Darrell wrote:
Dsic Pete,
Dsic Doesnt Sniffer have a certain level of support for regex's? I know we
have
Dsic had good luck with regex's like this which catch obfuscation techniques
with
Dsic viagra with Declude. We found it easier to use regex's
On Thursday, March 24, 2005, 11:00:56 AM, Scott wrote:
SF A question:
SF
SF If I have the same spam sent to multiple recipients, should
SF I be submitting more than one copy to [EMAIL PROTECTED]
If you mean there are multiple recipients in the SMTP envelope then we
only need one copy.
If
On Monday, March 28, 2005, 2:09:52 PM, Heimir wrote:
HE Anyway that sniffer could trigger on this type of stuff?
snip/
Yes. The bad news is that this stuff is highly variable and so more of
it gets through than we would like. The good news is that we are
developing filters to deal with it by
On Wednesday, March 30, 2005, 4:08:35 PM, Keith wrote:
KJ I noticed in the archives about a .cfg file one can configure for use
KJ when running Persistent sniffer. How do you download it or obtain it?
KJ Thanks for the aid.
You can find a sample .cfg file in the latest distribution. If you
On Wednesday, March 30, 2005, 10:50:36 PM, Keith wrote:
KJ Pete,
KJThanks for the follow-up. I was monitoring the
KJ filename.persistent.stat file that yields stats as messages are
KJ processed. Is it normal for it to every now and then flash [File
KJ is Empty], thus no stats at all.
On Friday, April 1, 2005, 8:04:27 AM, Keith wrote:
KJ I have read forum results that this behavior is the reverse of
KJ what should happen, I should get a reduction in CPU. I did this
KJ around 11pm last night, usually during peak times this server
KJ would stay at 65% load. Is there anything I
On Friday, April 1, 2005, 11:44:07 AM, Keith wrote:
KJ Pete,
KJ Thanks for the reply.
KJ Running on an IBM Xseries 225 Dual Xeon 2.4Ghz w/ 1GB RAM -
KJ running IBM's ServerRAID 5i in IBM's RAID 10 config (4 73GB 10K drives)
KJ - O/S is Windows 2000 Standard Server SP4
KJ
On Friday, April 1, 2005, 3:37:33 PM, Keith wrote:
snip/
KJ pegged the CPU as you stated. We have batted around running BIND
KJ for NT/2000 on the local machine, but my fear was overhead of
KJ another major process running. I don't have any good stats on how
KJ much CPU/Memory BIND on an Imail
On Saturday, April 2, 2005, 1:07:56 PM, Andrew wrote:
CA Pete, your metaphors are wonderful.
:-)
snip/
CA If I remember correctly, the MaxPollTime was originally much lower. I
CA now use the full 4 seconds, but I don't know how often that's needed. I
CA easily see Declude processes taking
On Saturday, April 2, 2005, 4:09:31 PM, Jay wrote:
JSHNL Hello -
JSHNL I am reviewing your MDLP report at
JSHNL http://www.sortmonster.com/MDLP/MDLP-Example-Long.html, and find some
JSHNL tests that are seemingly quite effective that I'm not familiar with. If
JSHNL anyone has any informaiton
On Saturday, April 9, 2005, 1:27:51 PM, Rick wrote:
RH I have not had any messages from the list since the 3rd of March. What is
RH happening on the list?
The list has been very quiet.
I got your message twice - once from you directly and once from the
list. This seems correct based on your
On Saturday, April 9, 2005, 1:58:45 PM, Rick wrote:
RH Yes but that really seems strange when I was getting 4 to 10 messages every
RH day. Now I did not get any since the 3rd of March right after you announced
RH that there would be the outage? You may want to check into this closer.
I'm very
On Wednesday, April 13, 2005, 1:16:29 PM, John wrote:
JTL I am seeing a lot of these get through
Can you be specific about these ? Please send me a sipped plaintext
or message file. (to [EMAIL PROTECTED])
Thanks,
_M
This E-Mail came from the Message Sniffer mailing list. For information
powerful!
Thanks for all your help!
Best,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http
On Wednesday, April 20, 2005, 1:15:37 PM, Jim wrote:
JM Pete,
JM Should we change the license info in the plugin.cfg file to match our
JM license info or should we wait to do so until the release version comes out?
Please go ahead and make the change. The current code is considered to
be
On Wednesday, April 20, 2005, 4:19:48 PM, Jim wrote:
JM Do you configure rules similar to in the previous versions, or by using this
JM as a plug in is there a GUI for configuration.
We configure the rulebase the same way we have in the past. Using the
plugin is not different from using the
On Wednesday, April 20, 2005, 3:36:14 PM, Dave wrote:
DK Pete, I've been using this plugin for the last couple of months and can say
DK it's been rock solid. Nice work!
DK One little feature request though would be to add an option to auto prune
DK the sniffer log file to so many days, or X
On Sunday, April 24, 2005, 1:52:53 PM, Goran wrote:
GJ Hi,
GJ I think I am having a problem with my Declude log file numbers/stats and
GJ I want to try and figure it out. Last week my Sniffer hit rate went from
GJ SNIFFER6,699...64.78%
GJ To yesterday
GJ
On Tuesday, April 26, 2005, 6:25:38 PM, Frederick wrote:
FS Look what I got.
There has been some trouble with my mail server --- attacks and other
technical issues while I was on the road. I'm back now and I'm working
through it. Things _appear_ to be settling down.
Sorry for any confusion.
_M
On Monday, May 9, 2005, 7:40:00 PM, Chuck wrote:
CS I am all of a sudden having all of the mail from one of our hosted domains
CS fail the sniffer-phishing. The domain is srinternational.com - could you
CS please check on this. All of the emails are different - just from the same
CS domain.
On Tuesday, May 10, 2005, 9:35:59 AM, Frederick wrote:
FS I am finding that most if not all email from Comcast senders are failing
FS Sniffer.
Please submit a false positive report to false@ and include matching
SNF log entries if possible.
Thanks,
_M
This E-Mail came from the Message
On Tuesday, May 10, 2005, 9:37:29 AM, Judy wrote:
JB Pete,
JB Can you send these kinds of emails to Hamed instead of me please.
JB thanks
I have changed your subscription.
Please note you can alter your sniffer@ list subscription at any time.
Information is on our help page:
will not
be effected. However, if you suspect that you do have the bad rule
in your rulebase you can temporarily eliminate the rule by adding
353039 to your Rule-panic entries in your configuration file.
The rule cannot be recreated once removed.
We are very sorry for the confusion.
Thanks,
_M
Pete
On Tuesday, May 10, 2005, 12:31:18 PM, Erik wrote:
E Pete,
E Is this in the beta/free release of Sniffer rules?
It may not be --- it's new enough that it may have been excluded from
the demo rulebase. To make sure you should make a quick scan of your
SNF log file for that rule number. In any
On Tuesday, May 10, 2005, 12:45:53 PM, Computer wrote:
CHS Mail from Comcast is still getting caught, even with the panic rule in
CHS place. Any suggestions?
* be sure you have updated rulbase.cfg
* be sure your entry is in the correct format. You will find examples
at the bottom of your .cfg
On Tuesday, May 10, 2005, 12:41:42 PM, Matt wrote:
M Warning!
M When you add a RulePanic entry and are running Sniffer in persistent
M mode, you have to restart the service for it to take effect.
You can also issue license.exe reload
snip/
M Pete, when you send out these notifications, would
On Friday, May 13, 2005, 9:11:15 AM, Hosting wrote:
HS What's going on over there?
HS
HS Our FTP process has been failing since yesterday afternoon,
HS and when I go to the main website it prompts me for an ID and PW.
I'm not seeing a problem - I'm on the site right now in fact, and the
crew
On Friday, May 13, 2005, 10:31:57 AM, Daniel wrote:
DB Hello,
DB A lot of the email from the Message Sniffer list, gets marked as spam by
DB Message Sniffer! See attached.
That's weird. Can you send me the rule (SNF log snippet) off list at
our support@ address please?
Thanks,
_M
This
On Sunday, May 15, 2005, 8:07:30 PM, Computer wrote:
CHS Thanks for the info. That would explain why my questions were not replied
CHS too. Thought no one was checking. I will resume sending spam.
CHS Can you explain what you meant by: This is to prevent any kind of
social
CHS engineering
On Tuesday, May 17, 2005, 1:27:25 PM, Jim wrote:
JM Is anyone else seeing a huge amount of spam increase over
JM the last couple days. Most is being caught by sniffer but the
JM overall number of messages especial foreign language spam messages
JM seems to be very high.
You are probably
On Tuesday, May 17, 2005, 1:44:30 PM, Jim wrote:
JM Pete,
JM Is there a possibility of setting up another return code for
JM situations such as this such as a blacklist rulecode that only has
JM rules for messages such as these that should be blacklisted
JM immediately. I wouldn't mind setting
On Tuesday, May 17, 2005, 2:57:44 PM, Jim wrote:
JM Thanks Pete, would you be able to provide the current false positive rates
JM for the return codes?
This is not something that we are formally capturing at present,
however anecdotally I can't recall the last time we had an FP
submitted for the
On Tuesday, May 17, 2005, 6:37:12 PM, Chuck wrote:
CS Can't seem to get a response on a major problem we are having.
Responded off list.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
On Wednesday, May 25, 2005, 9:11:17 AM, Computer wrote:
CHS Dear Pete,
CHS In the past few days, it seems the amount of spam getting through has
CHS increased quite a bit. I am wondering if it is necessary to upgrade to the
CHS latest version of the Declude software. Do you think this would
On Thursday, May 26, 2005, 3:05:45 PM, Jason wrote:
JP I have not downloaded anything. Do I down load the demo then enter an
JP authorization key?
Yes. Generally you start with the Demo rulebase and the current
distribution. Once you have that up and running you download your
registered
On Monday, June 6, 2005, 5:13:19 PM, Jim wrote:
JM Is anyone else seeing a huge rash of spam/virus messages in
JM the last hour or so? I have multiple users that are getting
JM messages that are forging our own addresses and have a link that
JM appears to go to our website but instead goes
On Monday, June 6, 2005, 5:50:38 PM, Dave wrote:
DK Same exact IP here!
We've got a couple of rules for this now -- making the rounds as new
compiles go out.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
Message -
JM From: Pete McNeil [EMAIL PROTECTED]
JM To: Dave Koontz sniffer@SortMonster.com
JM Sent: Monday, June 06, 2005 3:00 PM
JM Subject: Re[2]: [sniffer] New Spam/Virus?
On Monday, June 6, 2005, 5:50:38 PM, Dave wrote:
DK Same exact IP here!
We've got a couple of rules for this now
-
DM From: Pete McNeil [EMAIL PROTECTED]
DM To: Dave Koontz sniffer@SortMonster.com
DM Sent: Monday, June 06, 2005 3:00 PM
DM Subject: Re[2]: [sniffer] New Spam/Virus?
On Monday, June 6, 2005, 5:50:38 PM, Dave wrote:
DK Same exact IP here!
We've got a couple of rules for this now
there has been a significant
increase in spam volumes, that increase is significantly smaller
than the increase in new types and versions of spam being produced.
Just thought you'd like to know ;-)
Your comments and insights are welcome and encouraged as always!
Thanks,
_M
Pete McNeil
Additional info (justifying the IP block rules just added):
http://www.senderbase.org/search?searchString=200.49.48.0%2F20
I wonder why nobody else is listing these IPs yet. Could we just be
the first? (This exercise has given me some ideas for new research
tasks-- :-) )
Interesting.
_M
On
it with the string shdickow
preceeded by :)
Also, there are a pair of mime segments where the separators are
identical between each copy that I have seen so far.
I am uncertain what the payload may be -- the copies I have seen so
far _may_ be broken.
Good luck!
Thanks,
_M
Pete
and might be
interested in this then please invite them for us ;-)
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go
.
The outage is so that we can move our servers to a new data center.
(Our colo provider is making upgrades :-)
This note is just for information purposes.
You don't need to take any actions.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster
and we thank
you for your patience and understanding.
I will keep you posted on this list.
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list. For information
problems and we should be back up
to full speed some time this weekend.
Thanks again for your patience and support!
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
This E-Mail came from the Message Sniffer mailing list
that to change within the next 48 hours.
The outward results from the outage and the short staffing will be
that updates are slightly behind and that support may take a bit
longer than usual.
Sorry for any inconvenience. I will keep you posted :-)
Thanks,
_M
Pete McNeil (Madscientist
From: Pete McNeil [EMAIL PROTECTED]
RF To: sniffer@sortmonster.com
RF Sent: Monday, July 11, 2005 8:54 AM
RF Subject: [sniffer] Update on outages etc...
Hello Sniffer Folks,
All of the critical equipment is now restored.
We also have some additional equipment we will be bringing online
over
On Tuesday, July 19, 2005, 9:34:58 AM, Jamie wrote:
JM For some reason my definitions are not in my ftp directory.
JM I can manually grab them from the http link.
JM Any help would be appreciated.
JM Jamie.
Thanks for the heads-up.
During the upgrade a step was missed in the FTP configuration.
On Tuesday, July 19, 2005, 3:04:28 PM, Chuck wrote:
CS Pete:
CS Could you post where to send notifications like false positives. I had that
CS info but I seem to have misplaced it.
For off-list support questions send your note to our support@ address.
Submit your false positives to our false@
On Wednesday, July 20, 2005, 12:05:29 PM, John wrote:
JC Thanks, that helps a lot. Didn't understand the replace nonzero with the
JC weight number in the Global file.
Minor correction...
Actually -- you replace nonzero with the result code.
You adjust the weights at the end of the line as
On Thursday, July 21, 2005, 12:01:32 PM, Darin wrote:
DC I thought we were supposed to just forward these as attachments to the spam@
DC address?
We're trying to move away from that :-)
poping the messages is more scalable.
_M
This E-Mail came from the Message Sniffer mailing list. For
On Thursday, July 21, 2005, 1:12:18 PM, Dan wrote:
DH That helps to tune the overall rulebase, but this tunes MY rulebase to
DH the types of spam that we receive. If I send it to the spam@ address it
DH may or may not get added to the rulebase. Done this way, I KNOW it is
DH going to be added
at ;-)
Thanks!
_M
On Thursday, July 21, 2005, 3:04:50 PM, Darin wrote:
DC Hi Pete,
DC Ok. First I'd heard of it. Do you want us to change the process? If so let
DC me know how to proceed.
DC Darin.
DC - Original Message -
DC From: Pete McNeil [EMAIL PROTECTED]
DC To: Darin Cox sniffer
On Friday, July 22, 2005, 7:17:48 PM, Andrew wrote:
Please send me another note with a few of these as attachments
snip/
CA Sure thing, Pete.
CA I think the formatting survived ok, and even took the time to review the
CA submission guideline on your support web page.
CA It looks like Tito's
After following through all of this and looking at the .stat file, I
think I see what's going on.
Now that it is running and producing a .stat file, the flow rate is
very low. According to the stat data, about 6 msgs / minute.
Note the poll and loop times are in the 450 - 550 ms range.
SNF with
(without the details of how sniffer works, I just wanted to be
DH sure).
DH Thanks, Pete.
DH Dan Horne
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Tuesday, August 02, 2005 4:09 PM
To: Dan Horne
Subject: Re[2]: [sniffer
We do respond to all false reports that are made to us if we can
properly identify the sender - and often even if that is not the case.
I will research this further and contact you off list.
Thanks,
_M
On Thursday, August 4, 2005, 7:24:09 PM, Robert wrote:
RM After two attempts to
201 - 300 of 922 matches
Mail list logo
