[sniffer] Re: Our IP got listed on GBUdb Truncate

2018-11-02 Thread Daniel Bayerdorffer
Hi Pete, Thank you for the information and advice on how to check our own messages for the problem. Since asking about this issue I've discovered another user got hacked. Their account sent out about 45,000 spam emails today. It seems pretty clear that was culprit. I'm now in the process of

[sniffer] Re: Our IP got listed on GBUdb Truncate

2018-11-02 Thread Pete McNeil
On 11/2/18 11:52, Daniel Bayerdorffer wrote: > > Is there anyway for us to see what the offending email was that got us > on the list? Or some other data point to help us clean up our system? SNF doesn't leak message info -- With the exception of auto-sampling of spam (truncated messages, and

[sniffer] O365

2018-02-06 Thread Spam-Filter (Support)
This is not SNF specific, just a commentary: I've noticed an uptick in "user stolen" passwords from domains hosted at O365. At first I thought these O365 users were simply infected with botNet malware and spewing out spam to their contact lists, but I've become suspicious after working with

[sniffer] Re: Happy Holidays!

2017-12-31 Thread Michael Murdoch
God Bless! Sent from AppRiver > On Dec 23, 2017, at 9:13 AM, Pete McNeil wrote: > > This is just a quick note to let you all know that we're thinking of you. > > On behalf of the whole team: > > We wish you a Merry Christmas and a happy, prosperous New

[sniffer] Happy Holidays!

2017-12-23 Thread Pete McNeil
This is just a quick note to let you all know that we're thinking of you. On behalf of the whole team:     We wish you a Merry Christmas and a happy, prosperous New Year. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] Message size alert

2017-11-06 Thread Spam-Filter (Support)
Pete - and all, Just a general observation. We've noticed a large amount of spam messages over the past week that exceed 2MB in size (several thousand messages). Our filtering engines were set to skip messages over 2MB since we all knew that spammers would rarely waste their resources

[sniffer] Rulebase refactoring

2017-09-07 Thread Pete McNeil
Hi Message Sniffer folks, Over the past few days we've refactored the databases we use to manage our rulebase. As of about 1600e you should notice that all of the rule IDs in your system are significantly smaller and completely different. Unfortunately, during the transition there were

[sniffer] Re: gbudb source new

2017-07-28 Thread John Tolmachoff
Thanks Linda. I guess I should not have dismissed the "that would be too easy" thought next time. -Original Message- From: "Linda Pagillo" Sent: Wednesday, July 26, 2017 12:50pm To: "Message Sniffer Community" Subject: [sniffer] Re: gbudb

[sniffer] Re: gbudb source new

2017-07-26 Thread Linda Pagillo
HI John. The best way to do this would be to create a filter in Declude with the following line and score it how you like by changing the 0 to a value: HEADERS 0 PCRE (?im:X-GBUdb-Analysis.+New) Thanks! On Tue, Jul 25, 2017 at 2:01 PM, John Tolmachoff < johnl...@eservicesforyou.com> wrote: >

[sniffer] gbudb source new

2017-07-25 Thread John Tolmachoff
Using Message Sniffer as part of Declude on a SmarterMail install, I want to add weight to a source new when gbudb indicates such. What is the best way to do that? John T eServices For You # This message is sent to you because you

[sniffer] Reminder - the Rule Panic feature

2017-06-01 Thread Pete McNeil
Hello Sniffer Folks, In light of today's bad rule event I've discovered that many of you are not aware of the rule-panic feature. The rule panic feature has been built in to the Message Sniffer engine for many years now, and I suppose is used so rarely that folks have forgotten about it.

[sniffer] Bad Rule Alert 2654821

2017-06-01 Thread Pete McNeil
Hello Message Sniffer folks, This morning a dormant rule from 2009 was reactivated when new messages reached our spamtraps this morning matching the rule. Unfortunately rule 2654821 causes a high rate of false positives in our current year that it apparently did not cause back in 2009.

[sniffer] Re: DEB Packages

2017-03-27 Thread Daniel Bayerdorffer
Hi Everyone, Just wanted to give a status update. The DEB packages work just fine on Ubuntu 16.04 Server. I used Ansible to download, install, and add the proper configuration files. It couldn't have gone more smoothly. Highly recommended! Regards, Daniel - Original Message - From:

[sniffer] Here is the fix for a known issue with Smartermail 15.5.6222 and external Message Sniffer command line scanning

2017-02-22 Thread Linda Pagillo
Hi everyone. I wanted to share something that one of our customers discovered while using the external Message Sniffer as a command line scanner in Smartermail 15.5.6222. Prior to upgrading to 15.5.6222, my customer was running SM 15.3.6109 and the external Message Sniffer command line scanning

[sniffer] Re: rule panic not working

2016-12-29 Thread Pete McNeil
On 12/29/2016 08:55 AM, Daniel Ivey wrote: Thanks, but it appears that my server is failing multiple 54- rules.  For example from Google, it is failing 54-8064853-304-318-m and 54-8064853-0-2423-f while from Yahoo it is

[sniffer] Re: rule panic not working

2016-12-29 Thread Linda Pagillo
Daniel, the "54" rules are probably related in some form or fashion. The only thing you can really do is follow the procedure of adding the panics for each rule and then reporting the urgent FPs to Arm so they can diagnose and resolve. You may want to use Baregrep on your SNF logs to find the list

[sniffer] Re: rule panic not working

2016-12-29 Thread Daniel Ivey
Yes, I am positive. If I turn off my SNIFFER test then everything works properly. -Original Message- From: Linda Pagillo [mailto:lpad...@gmail.com] Sent: Thursday, December 29, 2016 9:16 AM To: Message Sniffer Community Subject: [sniffer] Re: rule panic not working I don't think

[sniffer] Re: rule panic not working

2016-12-29 Thread Linda Pagillo
I don't think there is a way to block an entire set of rules with one entry. Someone from Arm may need to chime in here and answer that question. Are you positive that every single message coming in and leaving your server is triggering Sniffer? On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey

[sniffer] Re: rule panic not working

2016-12-29 Thread Daniel Ivey
Thanks, but it appears that my server is failing multiple 54- rules. For example from Google, it is failing 54-8064853-304-318-m and 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m and 54-8064853-0-3703-f. Is there a way block all 54- rules temporary? Also, do you

[sniffer] Re: rule panic not working

2016-12-29 Thread Linda Pagillo
Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this for example... 54-8064853-304-318-m On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey wrote: > It appears that the server is failing SNIFFER Rule 54 for some reason, > causing issues. I have added the

[sniffer] rule panic not working

2016-12-29 Thread Daniel Ivey
It appears that the server is failing SNIFFER Rule 54 for some reason, causing issues. I have added the following line in my snf_engine.xml file for a rule panic but it doesn't appear to be working. Can someone help me with what I have wrong? Daniel

[sniffer] Re: Error Code 69

2016-12-15 Thread Pete McNeil
On 12/15/2016 07:04 AM, Don Winsauer wrote: I have had 419 occurrences of this error since the 1st of the month. I don't even run a virus scanner on this Windows mail server. We are running IMail, Declude with Sniffer. This could be an indication of a file system problem? The only reason

[sniffer] Re: Error Code 69

2016-12-15 Thread Don Winsauer
Hi Pete, I have had 419 occurrences of this error since the 1st of the month. I don't even run a virus scanner on this Windows mail server. We are running IMail, Declude with Sniffer. Don -- Original Message -- From: Pete McNeil

[sniffer] Re: Error Code 69

2016-12-14 Thread Pete McNeil
On 12/14/2016 06:12 PM, John Tolmachoff wrote: When SNF is configured to inject headers it does so safely--- First, it reads the entire original message into a buffer, then scans it,... Then it writes a new copy of the message to a .tmp file with the headers injected. When that completes

[sniffer] Error Code 69

2016-12-14 Thread John Tolmachoff
I am seeing the following in the log with the Sniffer header not being added to the email. John T eServices For You # This message is sent to you because you are subscribed to the mailing list

[sniffer] Re: DEB Packages

2016-12-02 Thread Daniel Bayerdorffer
Hi Pete, Thanks for the info. I'll be sure to report my results back here. Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Thursday, December 1, 2016 6:21:11 PM Subject: [sniffer] Re: DEB

[sniffer] Re: DEB Packages

2016-12-01 Thread Pete McNeil
On 12/01/2016 02:07 PM, Daniel Bayerdorffer wrote: I see that the DEB packages for Message Sniffer are for Ubuntu 14.04. Will these work with 16.04? They should -- there haven't been any significant changes in SNF nor in the parts of Ubuntu that SNF cares about. Still, the packages are

[sniffer] DEB Packages

2016-12-01 Thread Daniel Bayerdorffer
Hello, I'm in the process of upgrading our email server. I see that the DEB packages for Message Sniffer are for Ubuntu 14.04. Will these work with 16.04? Thanks, Daniel -- Daniel Bayerdorffer, VP dani...@numberall.com Numberall Stamp & Tool Co., Inc. www.numberall.com PO BOX 187,

[sniffer] Re: .smd.tmp files being left in proc\work folders

2016-08-09 Thread Pete McNeil
On 08/09/2016 05:11 PM, Don Winsauer wrote: These file are being left and not being delivered. They are usually over 20mg. Something is preventing SNF from renaming the file. Find out what it is and then prevent it from blocking SNF. Perhaps a virus scanner has the file open when SNF comes

[sniffer] .smd.tmp files being left in proc\work folders

2016-08-09 Thread Don Winsauer
These file are being left and not being delivered. They are usually over 20mg. Some log entries: i:\imail\declude\snf\utgi97vy.20160808.log.xml: i:\imail\declude\snf\utgi97vy.20160808.log.xml: What can I do to stop this? Is there anything else you need from me? Thanks, Don

[sniffer] .smd.tmp files being left in proc\work folders

2016-08-09 Thread Don Winsauer
i:\imail\declude\snf\utgi97vy.20160808.log.xml: i:\imail\declude\snf\utgi97vy.20160808.log.xml: Sent via the WebMail system at net1media.com #

[sniffer] SNF Engine Update to 3.2.1 / Short Buffer Bug Fix

2016-04-19 Thread Pete McNeil
Hi Sniffer folks, Today we have released a new SNF engine with a minor bug fix. Please update your SNF installation at your convenience. Chances are that you've not seen any problems from this bug. If you have experienced problems they most likely presented as very

[sniffer] Alligate and Sniffer again

2016-01-18 Thread Bonno Bloksma
Hi, I need to setup a spam filter server again so once again I will probably go with Alligate plus sniffer. Is that still a viable combination? I have not been following the new these past 3-4 years when we had another solution in place. On the Alligate site I still see Windows 2008 server as

[sniffer] Re: [Alligate]Alligate and Sniffer again (NL)

2016-01-18 Thread Bonno Bloksma
Hi, Ok, downloaded Alligate trial, installed in on a 2012 R2 server. Made a local dns "server" (resolver) on the machine but I am not sure if I need it now that we can use the Google dns server by default. How do I hook up Sniffer? I used to have Declude (and IMail) and had Sniffer connected

[sniffer] Re: [Alligate]Alligate and Sniffer again (NL)

2016-01-18 Thread Pete McNeil
On 01/18/2016 07:26 AM, Bonno Bloksma wrote: Hi,   Ok, downloaded Alligate trial, installed in on a 2012 R2 server. Made a local dns “server” (resolver) on the machine but I am not sure

[sniffer] Re: New Version -- SNFMulti 3.2.0 -- Strangers

2016-01-04 Thread Daniel Bayerdorffer
Hi Pete, Thanks for clearing that up. I believe I'll take your initial advice and skip the make-install. However it's good to know I could do it that way for future updates. Thanks, Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer

[sniffer] Re: New Version -- SNFMulti 3.2.0 -- Strangers

2016-01-04 Thread Pete McNeil
On 2016-01-04 11:44, Daniel Bayerdorffer wrote: > Are there any other gotcha's I should be aware of? I took a quick look through the tarball and was reminded -- all of the configuration elements are provided as samples after make-install. The instructions say to copy the samples to their correct

[sniffer] Re: New Version -- SNFMulti 3.2.0 -- Strangers

2016-01-04 Thread Daniel Bayerdorffer
Hi Pete, I have a couple of questions about upgrading. We will be upgrading SNF4SA running on Ubuntu 14.04 with Zimbra email server. I previously compiled the source code to install SNF4SA. Can I compile the latest version and run the make-install to overwrite the existing version? If so, do

[sniffer] Re: New Version -- SNFMulti 3.2.0 -- Strangers

2016-01-04 Thread Pete McNeil
On 2016-01-04 11:44, Daniel Bayerdorffer wrote: > Hi Pete, > > I have a couple of questions about upgrading. We will be upgrading SNF4SA > running on Ubuntu 14.04 with Zimbra email server. > > I previously compiled the source code to install SNF4SA. Can I compile the > latest version and run the

[sniffer] Re: [BULKMAILER] [sniffer] Windows SDK with SNFMulti 3.2.0 -- coming soon.

2015-12-29 Thread Pete McNeil
On 2015-12-28 11:28, Michael Murdoch wrote: > I AM. The latest Windows SDK is posted. It's exactly like the previous one except we changed the version number and the DLLs have been updated. They should be a drop-in replacement for the previous DLLs.

[sniffer] Re: [BULKMAILER] [sniffer] Windows SDK with SNFMulti 3.2.0 -- coming soon.

2015-12-28 Thread Michael Murdoch
I AM. -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Thursday, December 24, 2015 3:19 PM To: Message Sniffer Community Subject: [BULKMAILER] [sniffer] Windows SDK with SNFMulti 3.2.0 -- coming

[sniffer] Windows SDK with SNFMulti 3.2.0 -- coming soon.

2015-12-24 Thread Pete McNeil
Hi Sniffer Foiks, If you're curious about the Windows SDK (DLLs) ... they should be posted in the next few days, but not yet. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller

[sniffer] New Version -- SNFMulti 3.2.0 -- Strangers

2015-12-24 Thread Pete McNeil
Hello Sniffer Folks, A new version of Message Sniffer is available. The most exciting new feature for this version is: Strangers. The "Strangers" algorithm replaces the previous White-Guard algorithm. Strangers prevents high-intensity pre-tested spam from poisoning IP reputations in GBUdb and

[sniffer] ShortMatch Resolved - Update your SNF software to remain immune.

2015-12-03 Thread Pete McNeil
Hi Sniffer Folks, According to our latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. We have not seen any significant events in our detection software since 2100e last evening. In the mean time we have updated the SNF software to check for short-match

[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

2015-12-03 Thread Daniel Bayerdorffer
Hi Pete, Thanks for the update on this situation. Just so I understand correctly, can we use the packages to install over a current installation that was compiled from source? Thanks, Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer

[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

2015-12-03 Thread Pete McNeil
On 2015-12-03 21:24, Daniel Bayerdorffer wrote: > Just so I understand correctly, can we use the packages to install over a > current installation that was compiled from source? Probably not -- the deployment might not be exactly the same. If you originally compiled from source then your

[sniffer] Re: ShortMatch Resolved - Update your SNF software to remain immune.

2015-12-03 Thread Daniel Bayerdorffer
Got it! I'll compile from source. Thanks for the detailed description. - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Thursday, December 3, 2015 9:47:57 PM Subject: [sniffer] Re: ShortMatch Resolved -

[sniffer] Re: Short Match FPs.

2015-12-01 Thread Pete McNeil
On 2015-12-01 18:12, Darin Cox wrote: > Thanks for the info, Pete. Appreciate your proactiveness on this. > > Hope you had a good Thanksgiving! Thanks! I did. I'd also like to report that some of our experiments might be showing results. It is possible that the trouble has been mitigated

[sniffer] Re: Short Match FPs.

2015-12-01 Thread Pete McNeil
Hi folks, Good News! After much research and experimentation we have determined that some time on Nov 28 a corrupted rule entered the rulebase and caused the intermittend short-match problem. We have removed a group of rules surrounding that timeframe and have observed a 3 sigma drop in the rate

[sniffer] Re: Short Match FPs.

2015-12-01 Thread Peer-to-Peer (Spam-Filter.com)
Thank you Pete for your dedication !! -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Tuesday, December 01, 2015 10:22 PM To: Message Sniffer Community Subject: [sniffer] Re: Short Match FPs. Hi folks, Good News!

[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-08 Thread P Pruett
Interesting, yes, the spamassassin SNF4SA does seem to be able to use snf-milter instead of snf-server. On freebsd 9.3 with Sendmail, I did add the milter and restarted sendmail and its seems to be playing okay. Now I turned it on, I am not sure what the snf milter is doing. Can you point me

[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-08 Thread Pete McNeil
On 2015-09-08 04:04, P Pruett wrote: > > Interesting, yes, the spamassassin SNF4SA does seem to be able to use > snf-milter instead of snf-server. That's probably not a good way to go. This will cause each message to be scanned twice. Once by the milter and again by the engine via SNF4SA. If you

[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-06 Thread Pete McNeil
On 2015-09-06 13:11, P Pruett wrote: > So what "gotchas" do you know that I need to be aware of if I already > have snf-server > setup and I am going to try snf-milter? The two are not designed to work together. It turns out that SNFMilter has the full SNF engine in it so if you have SNFMilter

[sniffer] Question, changing from SNF4SA to Milter, using freebsd

2015-09-06 Thread P Pruett
I have to admin I missed reading INSTALL t he first time around... But I have SNF4SA working on Freebsd 9.3 and it helped when I realized I needed to setup snf-server. Later I thought to try out snf-milter, so I did read perhaps to quickly /usr/local/share/doc/snf-milter/INSTALL The steps

[sniffer] Bad Rule Alert: 6948148

2015-02-23 Thread Pete McNeil
Rule 6948148 was coded as an abstraction to a fake header and was rapidly removed by QC checks. Most systems are automatically removing this rule. The rule coding has been added to our problematic group so that it cannot be reinvented. Due to our auto-panic feature it is likely this rule will not

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-10 Thread Pete McNeil
On 2015-02-10 01:20, Daniel Bayerdorffer wrote: But there are no headers in the messages showing snf's results. I can see that the snf4sa.cf has it set to add them though. # Header line containing the results from SNFServer. add_header all SNF-Result _SNFRESULTTAG_ add_header all

[sniffer] Re: milter and smtp auth

2015-02-10 Thread Pete McNeil
On 2015-02-10 11:23, Thomas Klaube wrote: Sometimes we see false positives from some of the users although they have been authenticated correctly. Is there a way to tell SNFMilter to whitelist authenticated users? There is no such mechanism in Message Sniffer at this time. I might also point

[sniffer] milter and smtp auth

2015-02-10 Thread Thomas Klaube
Hi all, We are using SNFMilter for some time now. Many (most) of our users are working from outside our LAN. They connect to Port 25 of our server for mailrelay after a successful SMTP AUTH. Sometimes we see false positives from some of the users although they have been authenticated correctly.

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-10 Thread Daniel Bayerdorffer
Hi Pete, I implemented the identifier option. Thanks for the advice. I've also finally seen an email where spamassassin is acknowledging some input from SNF. X-Spam-Status: Yes, score=14.214 tagged_above=-10 required=6.6 tests=[BAYES_95=3, KB_DATE_CONTAINS_TAB=2.751,

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-10 Thread Daniel Bayerdorffer
Hi Linda (and the Sniffer community), I just wanted to let everyone know what I ended up doing to work with Zimbra. I copied the snf4sa.pm and snf4sa.cf files to the /opt/zimbra/data/spamassassin/localrules directory per this Zimbra wiki article

[sniffer] Re: milter and smtp auth

2015-02-10 Thread Pete McNeil
On 2015-02-10 14:53, Thomas Klaube wrote: I might also point out that white-listing mechanisms generally lead to abuse. I tend to agree that white-listing is usually not the best solution But please consider this case: one of our users tries to relay mail through our servers and is

[sniffer] Re: milter and smtp auth

2015-02-10 Thread Thomas Klaube
Ursprüngliche Mail - Von: Pete McNeil madscient...@armresearch.com An: Message Sniffer Community sniffer@sortmonster.com Gesendet: Dienstag, 10. Februar 2015 17:40:02 Betreff: [sniffer] Re: milter and smtp auth There is no such mechanism in Message Sniffer at this time. I might

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-09 Thread Daniel Bayerdorffer
Hi Pete, Thanks for the help, that worked perfectly. I have snf running and the snf4sa installed as well. I can see that snf is scanning messages from it's license.20150210.log.xml file s u='20150210060732' m='/tmp/snf4sa/u4EHALz_Is' s='60' r='4609060' m s='60' r='4609060' i='1045'

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-09 Thread Daniel Bayerdorffer
Hello Pete, I've run into a snag on installing Message Sniffer. We are installing on Ubuntu 14.04.1 LTS Server. I'm running the config script and it says I don't have the libpthread library installed. I've done a search on Ubuntu's package website, and I've installed every libpthread package

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-09 Thread Pete McNeil
On 2015-02-09 16:23, Daniel Bayerdorffer wrote: libpthread package they have listed for 14.04. But the config script still can't find that library. Can you offer any advice? apt-get install build-essential seems to be the equivalent of CentOS yum groupinstall Development Tools which usually

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-04 Thread Daniel Bayerdorffer
Hi Linda, Thank you for the useful advice! I will be working on this next week, and I'll let you know how it turns out. I also found some useful information on Zimbra's Wiki. https://wiki.zimbra.com/wiki/SpamAssassin_Customizations I'm looking forward to the reduction in spam! Thanks,

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-03 Thread Pete McNeil
On 2015-02-02 19:53, Daniel Bayerdorffer wrote: Does anyone have any advice or tips for adding Message Sniffer to Zimbra 8.6? Specifically with Zimbra's implementation of spam assassin? The SNF4SA plugin included with the Linux source code distribution should do the trick. SNF4SA looks to

[sniffer] Re: Adding Message Sniffer to Zimbra

2015-02-03 Thread Daniel Bayerdorffer
Hi Pete, That is my expectation too. I just wasn't sure if Zimbra might try to overwrite any spam assassin conf files and such. Zimbra maintains all it's settings in ldap attributes, so it can maintain consistency across servers. So I was curious if anyone had already run into that issue.

[sniffer] Adding Message Sniffer to Zimbra

2015-02-02 Thread Daniel Bayerdorffer
Hello Everyone, Does anyone have any advice or tips for adding Message Sniffer to Zimbra 8.6? Specifically with Zimbra's implementation of spam assassin? Thanks, Daniel -- Daniel Bayerdorffer, VP dani...@numberall.com Numberall Stamp Tool Co., Inc. www.numberall.com PO BOX 187,

[sniffer] Report one off spams

2014-12-16 Thread John Tolmachoff
When sending occasional one off spam not caught to spam@ would it help to attach the original headers and source of the body as text files to the forwarded email? John T eServices For You # This message is sent to you because you are

[sniffer] Re: Report one off spams

2014-12-16 Thread Pete McNeil
On 2014-12-16 13:59, John Tolmachoff wrote: When sending occasional one off spam not caught to spam@ would it help to attach the original headers and source of the body as text files to the forwarded email? Not usually -- that would complicate things. If we can get the original message in

[sniffer] AOL tightens DMARC policy - Imail needs to use Remailing/Sender-Rewriting

2014-05-19 Thread Andy Schmidt
If your users forward their Imail to AOL (or other DMARC enabled providers) - it will now fail if the SENDER is AOL: http://postmaster-blog.aol.com/ Ideally add your me too to the Imail Forum to get this long-known issue resolved: http://forums.ipswitch.com/Topic76009-10-1.aspx

[sniffer] Bad rule report 6237276

2014-03-19 Thread Pete McNeil
Hi Sniffer Folks, A short time ago Rule 6237276 was detected on our conflict instruments and removed from the core rulebase. The rule was in place from approximately 1130 to approximately 1400. We recommend that if you have the ability to release messages matching this rule from your

[sniffer] Re: Saccades anyone?

2014-02-20 Thread Daniel Bayerdorffer
Thanks, I'll take a look! On 2014-02-18 17:02, Daniel Bayerdorffer wrote: Any plans to modify the milter code to this in the future? Yes. All platforms will be updated shortly. In fact, if you wish, you can download the snfmulti source from our SVN server and then recompile your milter with

[sniffer] Re: Saccades anyone?

2014-02-18 Thread Daniel Bayerdorffer
Hi Pete, Any plans to modify the milter code to this in the future? Thanks, Daniel -- Daniel Bayerdorffer, VP dani...@numberall.com Numberall Stamp Tool Co., Inc. www.numberall.com PO Box 187, Sangerville, ME 04479 USA TEL: 207-876-3541 FAX: 207-876-3566 -Original Message- From:

[sniffer] Re: Saccades anyone?

2014-02-18 Thread Pete McNeil
On 2014-02-18 17:02, Daniel Bayerdorffer wrote: Any plans to modify the milter code to this in the future? Yes. All platforms will be updated shortly. In fact, if you wish, you can download the snfmulti source from our SVN server and then recompile your milter with the new code. Here is a

[sniffer] Saccades anyone?

2014-02-13 Thread Pete McNeil
Hello Sniffer Folks, We are preparing to release a new version of the Message Sniffer engine that includes an exciting new technology. The saccades engine allows SNF to intelligently skip large portions of most messages without missing any important content. The engine borrows from

[sniffer] increase in missed spam

2014-02-05 Thread Herb Guenther
For the last week or 10 days I have seen an increase in missed spam in Sniffer, Declude seems to be picking it up but I require more than a single hit to filter. Anyone else seeing this? Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)789-0966x200 (off hours or

[sniffer] Re: increase in missed spam

2014-02-05 Thread Pete McNeil
On 2014-02-05 13:56, Herb Guenther wrote: For the last week or 10 days I have seen an increase in missed spam in Sniffer, Declude seems to be picking it up but I require more than a single hit to filter. Anyone else seeing this? This is what we

[sniffer] large log.xml files

2014-01-22 Thread Daniel Ivey
I was checking out our Imail servers this morning and noticed that under the imail\declude\SNF folder I have a lot of .log.xml files from Sniffer. Is there a way to turn off these files in Sniffer or at least to have it only store about 3 days worth? I also noticed that the size of these files

[sniffer] Re: large log.xml files

2014-01-22 Thread Pete McNeil
On 2014-01-22 10:33, Daniel Ivey wrote: I was checking out our Imail servers this morning and noticed that under the imail\declude\SNF folder I have a lot of .log.xml files from Sniffer. Is there a way to turn off these files in Sniffer or at least to have it only store about 3 days worth? If

[sniffer] Bulk / Noisy Rule Group

2014-01-03 Thread Pete McNeil
Hi Sniffer Folks, Some of you have been experimenting with our Bulk / Noisy rule group which is currently tagged with code 65. This above band rule group matches anything that might be bulk mail, list mail, etc... similar to a popular feature of Postini in the past. As an above band rule

[sniffer] Re: What is your oldest production CPU?

2014-01-01 Thread Gurdeep Singh
Intel Xeon 3.2Ghz Processor with Hyperthreading Processor(s): 4 Processor(s) Installed. [01]: x86 Family 15 Model 4 Stepping 3 GenuineIntel ~3192 Mhz [02]: x86 Family 15 Model 4 Stepping 3 GenuineIntel ~3192 Mhz

[sniffer] Happy New Year!!

2013-12-31 Thread Pete McNeil
Happy New Year!! _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list

[sniffer] Re: What is your oldest production CPU?

2013-12-30 Thread Andy Schmidt
Actually - this one is older: Dell PE 1600SC (x86) Intel XEON Family F (15) Model 2 Stepping 9 -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject:

[sniffer] Re: What is your oldest production CPU?

2013-12-30 Thread Larry Rhea Sr.
Quad core Xeon 5400 -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject: [sniffer] What is your oldest production CPU? Hello Sniffer Folks, We would

[sniffer] Re: What is your oldest production CPU?

2013-12-30 Thread Alejandro de los Rios
Xeon quad core E5320 1.86Ghz Alex -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Darin Cox Sent: Friday, December 27, 2013 10:04 AM To: Message Sniffer Community Subject: [sniffer] Re: What is your oldest production CPU? Hi Pete, Our

[sniffer] Re: What is your oldest production CPU?

2013-12-28 Thread Colbeck, Andrew
A modern Xeon dual core, also within VMware: PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 37 Stepping 1, GenuineIntel The oldest virtualized CPU is: PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 7, GenuineIntel Both identify as Xeon E5xxx

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread eric
Current here. Sent using SmarterSync Over-The-Air sync for iPad, iPhone, BlackBerry and other SmartPhones. May use speech to text. If something seems odd please don't hesitate to ask for clarification. E.O.E. On Dec 27, 2013, at 6:46 AM, Pete McNeil madscient...@armresearch.com wrote:

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Darin Cox
Hi Pete, Our oldest production servers still have 1.1 - 1.4 GHz P3's in them. However, for mail our oldest are quad core 3Ghz Xeons. Darin. -Original Message- From: Pete McNeil Sent: Friday, December 27, 2013 9:43 AM To: Message Sniffer Community Subject: [sniffer] What is your

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Bonno Bloksma
Hi Pete, Hello Sniffer Folks, We would like to know what your oldest production CPU is. Oldest production (mail) server is a HP Proliant DL380 G6 with a Xeon E5530 quad cpu With kind regards, Bonno Bloksma Senior system engineer tio university of applied sciences julianalaan 9 / 7553 ab  

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Nitin Agarwal
Oldest here: Intel Xeon X3220 (Quad Core) Nitin -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject: [sniffer] What is your oldest production CPU?

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Michael Hoyt
Our email server: 2 x XEON PAXVILLE 80551 @ 2.8 Ghz (circa 2006). -- Michael Hoyt Technology Administrator Communication Arts 110 Constitution Drive Menlo Park, CA 94025 (650) 326-6040 fax:(650) 326-1648 e-mail: michael_h...@commarts.com Web Site: www.commarts.com http://www.commarts.com

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Andy Schmidt
Dell PE 2950 Intel Xeon CPU 5050 Type 0 Family F Model 6 Stepping 4 Revision 2 -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject: [sniffer] What is

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Peer-to-Peer (Spam-Filter.com)
Intel Xeon dual core -Original Message- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Friday, December 27, 2013 9:44 AM To: Message Sniffer Community Subject: [sniffer] What is your oldest production CPU? Hello Sniffer Folks, We would

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Greg Coffey
Oldest here is an Intel i5-2500k -- Original Message -- From: Darin Cox dc...@4cweb.com Reply-To: Message Sniffer Community sniffer@sortmonster.com Date: Fri, 27 Dec 2013 10:04:12 -0500 Hi Pete, Our oldest production servers still have 1.1 - 1.4 GHz P3's

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Matt
Intel 5400 series Xeon here. But don't forget virtualization. I'm not sure what CPU virtualization does to targeting your code. Matt On 12/27/2013 9:43 AM, Pete McNeil wrote: Hello Sniffer Folks, We would like to know what your oldest production CPU is. When building new binaries of

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Pete McNeil
On 2013-12-27 15:45, Matt wrote: Intel 5400 series Xeon here. But don't forget virtualization. I'm not sure what CPU virtualization does to targeting your code. That's a good point The processor should be specified in the VM profile and if I recall correctly it is typically defaulted to

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread eric
Under Hyper-V using 3rd generation and the most recent 4th generation Xeon processors the PROCESSOR_IDENTIFIER environment variable is set to: Intel64 Family 6 Model nn Stepping n, Genuine Intel Sent using SmarterSync Over-The-Air sync for iPad, iPhone, BlackBerry and other SmartPhones.

[sniffer] Re: What is your oldest production CPU?

2013-12-27 Thread Matt
On a VMware ESXi 5.x box with a virtual machine version 8, and physical E5-2689 CPU's I see the following: On a Windows 2003 32-bit host, Device Manager shows that it is x86 family 6 model 45. On a Windows 2008 R2 64-bit host, Device Manager shows that it is Intel64 family 6 model 45.

  1   2   3   4   5   6   7   8   9   10   >