[sniffer] Re: rule panic not working
Yes, I am positive. If I turn off my SNIFFER test then everything works properly. -Original Message- From: Linda Pagillo [mailto:lpad...@gmail.com] Sent: Thursday, December 29, 2016 9:16 AM To: Message Sniffer Community Subject: [sniffer] Re: rule panic not working I don't think there is a way to block an entire set of rules with one entry. Someone from Arm may need to chime in here and answer that question. Are you positive that every single message coming in and leaving your server is triggering Sniffer? On Thu, Dec 29, 2016 at 7:55 AM, Daniel Ivey < d...@gcrcompany.com <mailto:d...@gcrcompany.com> > wrote: Thanks, but it appears that my server is failing multiple 54- rules. For example from Google, it is failing 54-8064853-304-318-m and 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m and 54-8064853-0-3703-f. Is there a way block all 54- rules temporary? Also, do you have any suggestions on what would cause this all of a sudden? Daniel -Original Message- From: Linda Pagillo [mailto: lpad...@gmail.com <mailto:lpad...@gmail.com> ] Sent: Thursday, December 29, 2016 8:51 AM To: Message Sniffer Community Subject: [sniffer] Re: rule panic not working Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this for example... 54-8064853-304-318-m On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey < d...@gcrcompany.com <mailto:d...@gcrcompany.com> > wrote: It appears that the server is failing SNIFFER Rule 54 for some reason, causing issues. I have added the following line in my snf_engine.xml file for a rule panic but it doesn't appear to be working. Can someone help me with what I have wrong? Daniel # This message is sent to you because you are subscribed to the mailing list < sniffer@sortmonster.com <mailto:sniffer@sortmonster.com> >. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com <http://www.armresearch.com> To unsubscribe, E-mail to: < sniffer-...@sortmonster.com <mailto:sniffer-...@sortmonster.com> > To switch to the DIGEST mode, E-mail to < sniffer-dig...@sortmonster.co <mailto:sniffer-dig...@sortmonster.com> m> To switch to the INDEX mode, E-mail to < sniffer-in...@sortmonster.com <mailto:sniffer-in...@sortmonster.com> > Send administrative queries to < sniffer-request@sortmonster.c <mailto:sniffer-requ...@sortmonster.com> om>
[sniffer] Re: rule panic not working
Thanks, but it appears that my server is failing multiple 54- rules. For example from Google, it is failing 54-8064853-304-318-m and 54-8064853-0-2423-f while from Yahoo it is failing 54-8064853-2063-2077-m and 54-8064853-0-3703-f. Is there a way block all 54- rules temporary? Also, do you have any suggestions on what would cause this all of a sudden? Daniel -Original Message- From: Linda Pagillo [mailto:lpad...@gmail.com] Sent: Thursday, December 29, 2016 8:51 AM To: Message Sniffer Community Subject: [sniffer] Re: rule panic not working Hi Daniel. The rule number is not 54. Sniffer rule numbers look like this for example... 54-8064853-304-318-m On Thu, Dec 29, 2016 at 7:48 AM, Daniel Ivey < d...@gcrcompany.com <mailto:d...@gcrcompany.com> > wrote: It appears that the server is failing SNIFFER Rule 54 for some reason, causing issues. I have added the following line in my snf_engine.xml file for a rule panic but it doesn't appear to be working. Can someone help me with what I have wrong? Daniel # This message is sent to you because you are subscribed to the mailing list < sniffer@sortmonster.com <mailto:sniffer@sortmonster.com> >. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com <http://www.armresearch.com> To unsubscribe, E-mail to: < sniffer-...@sortmonster.com <mailto:sniffer-...@sortmonster.com> > To switch to the DIGEST mode, E-mail to < sniffer-digest@sortmonster. <mailto:sniffer-dig...@sortmonster.com> com> To switch to the INDEX mode, E-mail to < sniffer-in...@sortmonster.com <mailto:sniffer-in...@sortmonster.com> > Send administrative queries to < sniffer-request@sortmonster. <mailto:sniffer-requ...@sortmonster.com> com>
[sniffer] rule panic not working
It appears that the server is failing SNIFFER Rule 54 for some reason, causing issues. I have added the following line in my snf_engine.xml file for a rule panic but it doesn't appear to be working. Can someone help me with what I have wrong? Daniel # This message is sent to you because you are subscribed to the mailing list. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] large log.xml files
I was checking out our Imail servers this morning and noticed that under the imail\declude\SNF folder I have a lot of .log.xml files from Sniffer. Is there a way to turn off these files in Sniffer or at least to have it only store about 3 days worth? I also noticed that the size of these files has grown from about 60 megs a day to over 500 megs the past couple of days. Does anyone have any ideas as to why the file sizes would increase so much, I haven't seen an increase in messages. Daniel # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] FW: [sniffer] Re: Message Sniffer DLL now used in Declude
Andy, Did you ever get the new Declude implemented on your mail server, so that Sniffer isn't an external test any longer? If so, was it hard to implement? Pete, With the new Declude with Message Sniffer built into it, would I still need to purchase a Sniffer license each year? Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 d...@gcrcompany.com -Original Message- From: Pete McNeil [mailto:madscient...@armresearch.com] Sent: Tuesday, January 05, 2010 9:51 AM To: Message Sniffer Community Subject: [sniffer] Re: Message Sniffer DLL now used in Declude Andy Schmidt wrote: Hi Pete, I saw their announcement. Dave says they are using THEIR rule base (not the one specific to the Sniffer customer). Yes. They have an OEM license now which allows them to embed Message Sniffer in their products with their own rulebase. This is simpler for OEMs because it removes a lot of variables -- they can control and predict what is in place so there is less guesswork if a problem arises. Also distribution is simpler because they can install the complete system at once... etc. Any hints what I have to do (on the Sniffer side) to move over to their service? Which part of my current stand-alone installation do I have to undo (e.g., the Sniffer service?) Yes. I've looked up your account and at present your rulebase does not contain any custom rules or exclusions. (This is also the case for the vast majority of SNF customers). At the moment they do not provide a way for you to use an alternate rulebase -- it is very likely this is a feature they will add soon. To switch over to Declude's embedded SNF you will need to: * Turn off your current SNFServer - it will conflict with the embedded version. * Remove any external calls to SNF from your global.cfg file. * Configure your Declude installation as recommended by Declude -- Update their snf_engine.xml file for their embedded version as directed. -- Update their getRulebase.cmd script for their embedded version as directed. -- Tune the global.cfg file to use the embedded SNF tests to suit your needs. , what about the update script They use a slightly different update script. You will need to use their version. If you have modified yours to do other tasks (such as notify you or trigger other events) then you will need to make the same modifications to their update script. and the uploading of log files? When running version 3 or above there is no need to upload log files. The SNF engine updates rulebase statistics and exchanges IP reputation data approximately once per minute while checking for rulebase updates. Declude's OEM rulebase is currently identical to the rulebase used by the vast majority of SNF customers. What is different is that with the embedded SNF engine your system will be able to handle messages more efficiently, you will have easier access to the IP reputation system, and your installation will be less complicated. Please let me know if I missed anything. Thanks, _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] OT - exchange 5.5 help
I know this is off topic, but I need a little Exchange 5.5 help. Recently upgraded a client from NT4 with Exchange to Windows 2000 Server SP4 with Exchange 5.5. I am having one problem though. The local server name is server.example.com, which is fine and dandy for the internal network. I need to add a domain suffix for the server for the outside world for sending email. I need the domain suffix to be something like example1.com, where example1.com is a real registered domain. Any help is appreciated and you can email me off list. Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax:434 - 572 - 1981 [EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html