[sniffer] Re: Direct SmarterMail integration -- Some Testers ?

2010-06-10 Thread David Moore

I just sent my request to them!!

Regards David Moore
moo...@romtech.com.au

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +61(0)424 987 789
Skype Phone: ADSLDIRECT

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains 
information that may be confidential, legally privileged and/or copyright. If 
you are not the intended recipient please notify the sender by reply email and 
immediately delete this email. Use, disclosure or reproduction of this email, 
or taking any action in reliance on its contents by anyone other than the 
intended recipient(s) is strictly prohibited. No representation is made that 
this email or any attachments are free of viruses. Virus scanning is 
recommended and is the responsibility of the recipient.
-


On 10/06/10 9:40 PM, e...@insight.rr.com wrote:

SmarterTools to include a true
integration of MessageSniffer into smartermail



#
This message is sent to you because you are subscribed to
 the mailing list sniffer@sortmonster.com.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com



[sniffer] Australian Bank Phishing emails always seem to get through

2009-06-02 Thread David Moore
We are continually seeing Australian bank phishing emails such as the 
one below (I personally have about 10 a day) that always seem to get 
through I guess it is because we are in Australia and it is only 
targeted at .au domains and nobody has bothered to tell sort monster 
there is a problem. However is there anything we can do to sortmonster 
such as list all emails from the major Australian banks as suspect.




 Original Message 
Subject:Urgent Notification!
Date:   02 Jun 2009 01:54:34 -0500
From:   Commonwealth Bank secur...@onlineupdate.com
To: webmas...@adsldirect.com.au



We recorded a payment request from HostGator -www.hostgator.com- 
Reseller Web Hosting

to enable the charge of $74.95 on your account.

Because the order was made from an African internet address, we put an 
Exception Payment on

transaction id #POS PAYM7284 motivated by our Geographical Tracking System.

*THE PAYMENT IS PENDING FOR THE MOMENT.*

If you made this transaction or if you just authorize this payment, 
please ignore or remove this email
message. The transaction will be shown on your monthly statement as 
HostGator - Reseller Web Hosting.


If you didn't make this payment and would like to decline the $74.95 
billing to your card, please follow

the link below to cancel the payment :

Cancel this payment (transaction id #POS PAYM7284) 
http://mbl-109-47-183.dsl.net.pk/.security/


*NOTE:* Because email is not a secure form of communication, please do 
not reply to this email.



© Commonwealth Bank of Australia 2009 ABN 48 123 123 124

--
Regards David Moore
moo...@romtech.com.au

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains 
information that may be confidential, legally privileged and/or copyright. If 
you are not the intended recipient please notify the sender by reply email and 
immediately delete this email. Use, disclosure or reproduction of this email, 
or taking any action in reliance on its contents by anyone other than the 
intended recipient(s) is strictly prohibited. No representation is made that 
this email or any attachments are free of viruses. Virus scanning is 
recommended and is the responsibility of the recipient.
- 



[sniffer] Re: Australian Bank Phishing emails always seem to get through

2009-06-02 Thread David Moore
Thanks for the response I will setup and UserTrap mail box. and ask our 
customers to forward to that mailbox.


Regards David Moore
moo...@romtech.com.au

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains 
information that may be confidential, legally privileged and/or copyright. If 
you are not the intended recipient please notify the sender by reply email and 
immediately delete this email. Use, disclosure or reproduction of this email, 
or taking any action in reliance on its contents by anyone other than the 
intended recipient(s) is strictly prohibited. No representation is made that 
this email or any attachments are free of viruses. Virus scanning is 
recommended and is the responsibility of the recipient.
- 




Pete McNeil wrote:

David Moore wrote:
We are continually seeing Australian bank phishing emails such as the 
one below (I personally have about 10 a day) that always seem to get 
through I guess it is because we are in Australia and it is only 
targeted at .au domains and nobody has bothered to tell sort monster 
there is a problem. However is there anything we can do to 
sortmonster such as list all emails from the major Australian banks 
as suspect.

I have created a number of rules from the sample.

I think it would be a mistake to tag all messages from major 
Australian banks -- surely there would be false positives and we can 
do much better than that. In fact the majority of rules I've just 
created from this sample are independent of the bank involved so they 
will work on many bank phishing messages.


You are correct that we don't get many submissions from our .au 
customers -- more .au customers making more spam submissions would 
help quite a bit. If you could submit these messages to us then we 
will be able to build rules to combat them.


http://www.armresearch.com/support/articles/procedures/spamSubmissions.jsp 



If you are getting 10 of these per day that number should drop 
significantly very quickly -- and so would the number for our other 
.au customers.


If you find that there are any other spam that continue to get through 
even after repeated submissions to us then please treat them as 
Chronic Spam (see the link above) and they will get special attention.


We're anxious to solve this problem for you. Our target is no false 
positives, and no spam leakage. Every little bit helps us get closer.


Best,

_M


#
This message is sent to you because you are subscribed to
 the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com






#
This message is sent to you because you are subscribed to
 the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: sniffer-...@sortmonster.com
To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com
To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com
Send administrative queries to  sniffer-requ...@sortmonster.com



[sniffer] Re: DST update problem - server changes

2009-03-10 Thread David Moore
I to have the same problem I have reverted back to the old script. (We
are windows based)

Regards David Moore
moo...@romtech.com.au
 
J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales
 
Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT
 
POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.
 
-
 
This email message is only intended for the addressee(s) and contains 
information that may be confidential, legally privileged and/or copyright. If 
you are not the intended recipient please notify the sender by reply email and 
immediately delete this email. Use, disclosure or reproduction of this email, 
or taking any action in reliance on its contents by anyone other than the 
intended recipient(s) is strictly prohibited. No representation is made that 
this email or any attachments are free of viruses. Virus scanning is 
recommended and is the responsibility of the recipient.
- 



Shawn wrote:
 Pete,

 I upgraded to the latest getRulebase file and followed the
 instructions, but now all I see on my windows system (DST) is the
 following:   (I replaced my license ID # with )


 snf2check: .new ERROR_RULE_FILE!
 1 file(s) copied.R:2349772 [0/12 - 0] W:0 C:0 B:0 T:0 S:0
 snf2check: .new ERROR_RULE_FILE!
 1 file(s) copied.R:2349772 [0/12 - 0] W:0 C:0 B:0 T:0 S:0


 over and over again for pages and pages in my console window.


 Everything worked great until I updated to the latest getRulebase.  My
 license ID and everything are all the same and I re-verified them
 after I copied the info from the other getRulebase script.

 What is causing this?

 Thanks,
 Shawn

 On Mon, Mar 9, 2009 at 2:44 PM, Pete McNeil
 madscient...@armresearch.com mailto:madscient...@armresearch.com
 wrote:

 Hello Sniffer Folks,

 DST Update Problem: A bug in the old getRulebase.cmd script caused
 Win* systems to discard the server's timestamp on rulebase files
 and substitute the local timestamp. As a result any system that
 change to DST (daylight savings time) after our rulebase delivery
 servers would continuously show a newer rulebase file on our
 servers. As a result these systems would repeatedly download the
 rulebase file as quickly as they could.

 Solutions:

 1. Everyone should upgrade their getRulebase.cmd script to the
 latest version:
 http://www.armresearch.com/message-sniffer/download/CURL-getRulebase.zip

 ** Note that most *NIX systems do not have the same problem with
 wget, but everyone should check.
 *** Note that going forward a CURL based update script is
 preferred. Since CURL is available on most *NIX systems by default
 we do not expect this to be a problem.

 2. If not upgrading to the latest version then they should modify
 their wget based scripts to ensure that the server's timestamp on
 the rulebase file is preserved.

 3. Since many systems will not be upgraded in the short term, we
 are also taking action on the delivery server to prevent problems
 with ruelbase updates: From now on a new rulebase will show it's
 new timestamp for 5 minutes after it is posted. Then the timestamp
 will be pushed back one hour to limit the amount of time systems
 with later DST transitions will see the files as new.

 The results of this change will be:

 * Systems that have upgraded to the new getRulebase.cmd script or
 are using an otherwise correct update script will see no
 difference. By default, SNFSync events occur about once per minute
 and since the new rulebase file will be shown with it's current
 timestamp for 5 minutes each correctly configured SNF node will
 see and download the fresh rulebase file as soon as it is available.

 * Some systems that have not upgraded may attempt to download a
 new rulebase file twice, or possibly three times depending upon
 timing. However after that time (based on a 180 second guard time)
 these systems should cease to see the rulebase files as new and
 will stop trying to download the files. Once these systems move to
 DST they will operate normally. Of course we hope that all systems
 will upgrade their update scripting before this!

 * Systems that are using a scheduled task to update their rulebase
 may sometimes see the newer time stamp and may sometimes see the
 delayed (one hour old) timestamp. This will cause update lag to
 shift in time with an average of 30 minutes.

 At this time this seems to be the best compromise for everyone.

 We apologize for any inconvenience.

 Thanks,

 _M




 #
 This message is sent to you

[sniffer] Australian Bank Junk Emails

2008-03-08 Thread David Moore
We consistently get Australian banks phising junk emails that sortmonster
doesn't seem to pickup can you add the following banks to your rules as
banks very rarely send out emails.

 

ANZ Bank

WestPac

St George

National Australia Bank

Bank of Queensland

 

Full list here http://www.afsd.com.au/banks1.html

 

 

Regards David Moore

[EMAIL PROTECTED]

 

J.P. MCP, MCSE, MCSE + INTERNET, CNE.

www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

 

Office Phone: (+612) 9453 1990

Fax Phone: (+612) 9453 1880

Mobile Phone: +614 18 282 648

Skype Phone: ADSLDIRECT

 

POSTAL ADDRESS:

PO BOX 190

BELROSE NSW 2085

AUSTRALIA.

 

-

 

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.

-

 



[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade

2008-01-12 Thread David Moore
I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is
my server ip) as well as 127.0.0.1 and do I also put my public IP address in
this file. 

Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.
-


-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Sunday, 13 January 2008 4:25 AM
To: Message Sniffer Community
Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade

Hello Harry,

You can run the SNF program from the command line with no parameters.
It will complain and then tell you about itself.

_M

Saturday, January 12, 2008, 12:10:35 PM, you wrote:

 I do not recall upgrading

 How can I tell the version that I am running?

 thanks

 Harry Vanderzand
 Intown Internet
 11 Belmont Ave. W.
 Kitchener, ON, N2M 1L2
 519-741-1222


 -Original Message-
 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
 Of Pete McNeil
 Sent: Saturday, January 12, 2008 12:09 PM
 To: Message Sniffer Community
 Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade

 Hello David,

 When using snfupd with the new version you can skip the line that
 tells SNF to reload.

 REM %LicenseID%.exe reload

 Most likely the error you received is because there is no executable
 named for your license ID. This is ok with the new version. The
 snfupd.cmd script was originally written to work with version 2 which
 does require branding the SNF executable.

 The new version of SNF does not require branding. Also, the new
 version will very quickly recognize that there is a new rulebase file
 and will load it automatically so there is no reason (nor facility) to
 notify it about the update.

 Hope this helps,

 _M

 Saturday, January 12, 2008, 11:21:37 AM, you wrote:

 Ok I have most off this working with Imail 8.22

 So far this is what I have done

 Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and
setup
 task schedule.

 Which generates an from the snfupd.cmd 

C:\SNFsnfupd.cmd
 'mylicencekeynotshownhere.exe' is not recognized as an internal or
 external
 command,
 operable program or batch file.

 REM Load new rulebase file.
 %LicenseID%.exe reload

 So how do I get the SNFserver to update with the latest .snf file.



 Regards David Moore
 [EMAIL PROTECTED]

 J.P. MCP, MCSE, MCSE + INTERNET, CNE.
 www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC
 sales

 Office Phone: (+612) 9453 1990
 Fax Phone: (+612) 9453 1880
 Mobile Phone: +614 18 282 648
 Skype Phone: ADSLDIRECT

 POSTAL ADDRESS:
 PO BOX 190
 BELROSE NSW 2085
 AUSTRALIA.

 -

 This email message is only intended for the addressee(s) and contains
 information that may be confidential, legally privileged and/or
copyright.
 If you are not the intended recipient please notify the sender by reply
 email and immediately delete this email. Use, disclosure or reproduction
 of
 this email, or taking any action in reliance on its contents by anyone
 other
 than the intended recipient(s) is strictly prohibited. No representation
 is
 made that this email or any attachments are free of viruses. Virus
 scanning
 is recommended and is the responsibility of the recipient.
 -

 -Original Message-
 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf
 Of Pete McNeil
 Sent: Thursday, 18 October 2007 9:58 AM
 To: Message Sniffer Community
 Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade

 Hello Sniffer folks,

 Please find the latest SNF V2-9 distribution files here:



http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis
 tributions#NEW_SNF_V2-9_Wide_Beta

 If you are running a previous version of SNF V2-9, please upgrade as
 soon as possible.

 The newest version includes some bug fixes. From the change log:

 20071017 - SNF2-9b1.5.exe

 Added a missing #include directive

[sniffer] Re: Excessive amounts of spam

2007-12-20 Thread David Moore
How stable is the beta version?

 

Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au http://www.adsldirect.com.au/  for ADSL and Internet
www.romtech.com.au http://www.romtech.com.au/  for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.

-

 

From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Friday, 21 December 2007 8:10 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Excessive amounts of spam

 

Hello David,

 

Thursday, December 20, 2007, 3:25:45 PM, you wrote:

 


 

Ø  If you are not yet running the latest beta then that might help quite a
bit since the GBUdb (IP reputation system) does a good job capturing new
spam from old bots even before rules are coded.

Please clarify are you saying it would help if we had the beta installed?

 

Yes. 

 

The new GBUdb engine reduces leakage quite a bit. As more systems adopt the
new version this will improve even more. Most new spam campaigns are started
with some large fraction of existing bots. Messages from bots that have
already been identified will be blocked even before new content rules can be
generated (if needed). 

 

_M

 

 

 

 

-- 

Pete McNeil

Chief Scientist,

Arm Research Labs, LLC.

#
 
This message is sent to you because you are subscribed to
 
  the mailing list sniffer@sortmonster.com.
 
To unsubscribe, E-mail to: [EMAIL PROTECTED]
 
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
 
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
 
Send administrative queries to  [EMAIL PROTECTED]
 
 


[sniffer] Re: Excessive amounts of spam

2007-12-20 Thread David Moore
We are using MxGuard, Sniffer, InvURIBL combo on Imail will the beta sniffer
still fit with this combination with out issues?

Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.
-

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of E. H. (Eric) Fletcher
Sent: Friday, 21 December 2007 8:35 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Excessive amounts of spam

Frank:

Thanks for your input.  There are definitely things leaking though that 
wouldn't have leaked through before.  We've held off hoping for a production

release but it may not be practical much longer.  On that note, for anyone 
else in the same position, we tested adding InvURIBL from Invariant Systems.

It's not a sniffer replacement but definitely caught a lot of what sniffer 
currently lets through for the very valid reasons Pete has covered.  The 
only thing missing seemed to be a white list so that you could white list 
legitimate publications that might contain links to 'offensive' sites.  That

can probably be tuned out thru weighting however we'd hoped not to be 
re-inventing the wheel for a short term solution.

Eric

- Original Message - 
From: Pi-Web - Frank Jensen [EMAIL PROTECTED]
To: Message Sniffer Community sniffer@sortmonster.com
Sent: Thursday, December 20, 2007 1:17 PM
Subject: [sniffer] Re: Excessive amounts of spam



 We have been running it for - I guess - 2 month now without any trouble.


 How stable is the beta version?

  Regards David Moore
 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]

 J.P. MCP, MCSE, MCSE + INTERNET, CNE.
 www.adsldirect.com.au http://www.adsldirect.com.au/ for ADSL and 
 Internet www.romtech.com.au http://www.romtech.com.au/ for PC sales

 Office Phone: (+612) 9453 1990
 Fax Phone: (+612) 9453 1880
 Mobile Phone: +614 18 282 648
 Skype Phone: ADSLDIRECT

 POSTAL ADDRESS:
 PO BOX 190
 BELROSE NSW 2085
 AUSTRALIA.

 -

 This email message is only intended for the addressee(s) and contains 
 information that may be confidential, legally privileged and/or 
 copyright. If you are not the intended recipient please notify the sender

 by reply email and immediately delete this email. Use, disclosure or 
 reproduction of this email, or taking any action in reliance on its 
 contents by anyone other than the intended recipient(s) is strictly 
 prohibited. No representation is made that this email or any attachments 
 are free of viruses. Virus scanning is recommended and is the 
 responsibility of the recipient.

 -

  *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On 
 Behalf Of *Pete McNeil
 *Sent:* Friday, 21 December 2007 8:10 AM
 *To:* Message Sniffer Community
 *Subject:* [sniffer] Re: Excessive amounts of spam

  Hello David,

  Thursday, December 20, 2007, 3:25:45 PM, you wrote:






 Ø  If you are not yet running the latest beta then that might help quite 
 a bit since the GBUdb (IP reputation system) does a good job capturing 
 new spam from old bots even before rules are coded.

 Please clarify are you saying it would help if we had the beta installed?

  Yes. The new GBUdb engine reduces leakage quite a bit. As more systems 
 adopt the new version this will improve even more. Most new spam 
 campaigns are started with some large fraction of existing bots. Messages

 from bots that have already been identified will be blocked even before 
 new content rules can be generated (if needed). _M

  -- 

 Pete McNeil

 Chief Scientist,

 Arm Research Labs, LLC.

 #

  This message is sent to you because you are subscribed to

  the mailing list sniffer@sortmonster.com.

  To unsubscribe, E-mail to: [EMAIL PROTECTED]

  To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]

  To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]

  Send administrative

[sniffer] Re: Spam

2007-05-29 Thread David Moore
Well done Andy, cant wait for some spam to try it out on. 


Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.


-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Andy Schmidt
Sent: Wednesday, 30 May 2007 7:39 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Spam

I recommend SpamSource, if you are an Outlook user. It's a little toolbar
applet that you can configure any recipient of the forwarded spam and it
will include all the original mail headers - just the way Sniffer, Spamcop
etc. like it.  All you do is press the button on the toolbar and the message
will be forwarded, deleted from your inbox and not even appear in your
sent folder (all configurable).

Best Regards,
Andy

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of David Moore
Sent: Tuesday, May 29, 2007 4:54 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Spam

Long time in getting back to you about this but:

preferably to a spam collection pop3 box on your system

I am happy to send it to a box called [EMAIL PROTECTED] password
sort!231#6eh will you arange for your bot to collect ?

When I send spam to [EMAIL PROTECTED] in the past I have been laborusly
opening the header, coping header content, forwarding email, past header
content to beginning of email and sending is there a quicker way.

If I send spam to  [EMAIL PROTECTED] how would I stop our system
from re tagging the email as spam from me.


Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.


-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Pete McNeil
Sent: Monday, 14 May 2007 9:27 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Spam

Hello David,

Monday, May 14, 2007, 2:59:16 AM, you wrote:

Do not send spam to the sniffer@ list.

Submit un-captured spam to [EMAIL PROTECTED], or preferably to a spam
collection pop3 box on your system that can be picked up by our bots.

Thanks!

_M



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the
DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the
INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative
queries to  [EMAIL PROTECTED]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the
DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the
INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative
queries to  [EMAIL PROTECTED]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the
DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the
INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative
queries to  [EMAIL PROTECTED

[sniffer] Re: Appriver issue

2007-05-18 Thread David Moore
I think what Peter is try to say is that Sort monster is hosted at Appriver
and Appriver had an issue and therefore so did Sort monster.

http://www.dnsstuff.com/tools/dnsreport.ch?domain=sortmonster.com
 


Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.


-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Kevin Rogers
Sent: Saturday, 19 May 2007 11:59 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Appriver issue

Thanks for the explanation, and I wasn't trying to blame you - just wanted
more info is all.

We use Sniffer, but not Appriver.  You said that if we don't use Appriver,
we shouldn't have been affected, but you also seemed to say that if one of
the recipient's of my user's email uses Appriver that might've caused a
problem.  And also that *some* of Sniffer users might have experienced the
problem as well. 

It sounds like things are still being worked out.  I just wanted some kind
of verification that they were aware of the problem, were working on it,
that they were in some way sorry about what happened...you know - the usual
stuff.  And I know that you are not an official rep of Appriver or anything,
but presently you're all we have in that role ;)

Thanks

Kevin




Pete McNeil wrote:
 Hello Kevin,

 Friday, May 18, 2007, 8:52:47 PM, you wrote:

   
 Pete - Thanks for the reply, but I guess I don't understand what 
 you're saying.  Some packet loss and rulebase downloads to slow 
 down for a time don't reflect what happened to me yesterday and 
 apparently not what happened to one of the other posters either when 
 he said that Appriver was having a problem with sending messages 
 over and over again.  I received over (at last count) 35,000 
 messages (almost all of which were bounced replies, from one email 
 from one of our users who sent an email to about 70 people) yesterday.
 

   
 And I had already gone to http://www.armresearch.com/  yesterday and 
 there was nothing there.  There is nothing there today that I can see.
 

   
 What happened?  I lost an entire day's worth of email because of 
 bounced messages.  I didn't sleep last night.  I don't even use 
 Appriver.  I would hope someone could explain it a little better than
that.  Thanks.
 

 I was answering the question - how is AppRiver related to Message 
 Sniffer.

 I don't have specifics on the problem at AppRiver yet - they are still 
 picking up the pieces, though operations are back to normal afaik. I 
 do know (preliminarily) that the problem occurred when a new piece of 
 software caused some messages with multiple recipients to loop and as 
 a result to be replicated and resent repeatedly.

 If you are not a user of AppRiver then you shouldn't have been 
 effected. Perhaps if you sent a message to someone who is a user of 
 AppRiver then that might have gotten your messages involved.

 The only direct effect I'm aware of for SNF users was that for a time 
 rulebase downloads were slowed due to packet loss.

 Since we use AppRiver for filtering (they, after all are using SNF) 
 some messages that get sent to us apparently did loop to some lists.
 Also, some email to our accounts was delayed.

 I would need to know a lot more about your system and the email you 
 lost before I could make any guesses as to what happened there -- but 
 if you're not using AppRiver then you shouldn't have been effected.

 Hope this helps,

 _M

   

#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the
DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the
INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative
queries to  [EMAIL PROTECTED]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch

[sniffer] Re: Integration with Mailenable

2007-03-15 Thread David Moore
I to would like to pursue this option I have in the past purchased Mail
Enable Enterprise 2 but could no handle the amount of spam it let in and
reverted back to Imail 8.22 and unwilling to upgrade to 2006.2.

Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Phillip Cohen
Sent: Friday, 16 March 2007 5:22 AM
To: Message Sniffer Community
Subject: [sniffer] Integration with Mailenable

We are finally going to replace our old Vopmail server. Looking at 
Mailenable Enterprise. Will Sortmonster work with that program? Is 
anyone using Mailenable? If so how is it and if it works with 
Sortmonster how did you use them together.

THanks,

Phil


#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



[sniffer] Re: Lots of stock spam getting through

2007-02-05 Thread David Moore
Dito.

Regards David Moore
[EMAIL PROTECTED]

J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

-

This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or copyright.
If you are not the intended recipient please notify the sender by reply
email and immediately delete this email. Use, disclosure or reproduction of
this email, or taking any action in reliance on its contents by anyone other
than the intended recipient(s) is strictly prohibited. No representation is
made that this email or any attachments are free of viruses. Virus scanning
is recommended and is the responsibility of the recipient.

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Chuck Schick
Sent: Tuesday, 6 February 2007 8:35 AM
To: Message Sniffer Community
Subject: [sniffer] Lots of stock spam getting through

We are seeing a major increase in stock spam today with the subject think
about it think of it  - Sniffer is not catching these yet.  I checked and
our rulebase is up to date.

Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]




#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



[sniffer] Re: [Fwd: keep up with the jones']

2006-10-04 Thread David Moore
We also sent this to [EMAIL PROTECTED] this morning so it is interesting
to see how this got submitted to the mail list if that is how it got
through. 



Regards David Moore
[EMAIL PROTECTED]
J.P. MCP, MCSE, MCSE + INTERNET, CNE.

www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

DELIVERY ADDRESS:
21 GLEN STREET
BELROSE NSW 2085
AUSTRALIA. 

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Kim W. Premuda
Sent: Wednesday, 4 October 2006 4:06 PM
To: Message Sniffer Community
Subject: [sniffer] Re: [Fwd: keep up with the jones']

Sorry...this was mistakenly sent to the wrong e-mail address. It was
supposed to go to '[EMAIL PROTECTED]', and I was off one line when I
clicked on the item in my address book.

Kim W. Premuda
FastWave Internet Services
San Diego, CA


---
[This E-mail scanned for viruses by Declude Virus]



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the
DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the
INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative
queries to  [EMAIL PROTECTED]




#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



[sniffer] Blank emails

2006-08-23 Thread David Moore








I am seeing a lot of Spam emails with blank bodys is
this because our internet connection is too slow or because the spammers are
failing to complete there transaction





Received: from CIBER2.ctijdq6u.org [201.135.34.108] by
romtech.com.au with ESMTP

 (SMTPD-8.22) id A02D0268; Thu, 24 Aug 2006 08:01:17
+1000

Message-Id:
[EMAIL PROTECTED]

X-mxGuard-Info: Processed by romtech.com.au using mxGuard
v2.4

X-mxGuard-SpoolID: d027016d10c4

X-mxGuard-Sender: [EMAIL PROTECTED]

X-mxGuard-Virus-Info: No viruses detected

X-mxGuard-Spam-Score: 0

X-mxGuard-Spam-Probability: CLEAN

X-Note: This message has been scanned for spam and viruses
by mxGuard for IMail (www.mxguard.com)

Subject: 

From: [EMAIL PROTECTED]

Date: Thu, 24 Aug 2006 08:01:22 +1000

X-RCPT-TO: [EMAIL PROTECTED]

Status: U

X-UIDL: 454950041

X-IMail-ThreadID: d027016d10c4





Regards
David Moore
[EMAIL PROTECTED]
J.P. MCP, MCSE, MCSE + INTERNET, CNE.

www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX
 190
BELROSE NSW 2085
AUSTRALIA.

DELIVERY ADDRESS:
21 GLEN STREET
BELROSE NSW 2085
AUSTRALIA.










[sniffer] Another example of an empty email but looking at the source.

2006-08-23 Thread David Moore








Received: from PC05.4ueleoz.org
[202.215.167.25] by romtech.com.au with ESMTP

 (SMTPD-8.22) id A7AC0224; Thu, 24 Aug
2006 08:33:16 +1000

Message-Id:
[EMAIL PROTECTED]

X-mxGuard-Info: Processed by romtech.com.au
using mxGuard v2.4

X-mxGuard-SpoolID: d7ab017912af

X-mxGuard-Sender: [EMAIL PROTECTED]

X-mxGuard-Virus-Info: No viruses detected

X-mxGuard-Spam-Score: 0

X-mxGuard-Spam-Probability: CLEAN

X-Note: This message has been scanned for
spam and viruses by mxGuard for IMail (www.mxguard.com)

Subject: 

From: [EMAIL PROTECTED]

Date: Thu, 24 Aug 2006 08:33:20 +1000

X-RCPT-TO: [EMAIL PROTECTED]

Status: U

X-UIDL: 454950044

X-IMail-ThreadID: d7ab017912af





Body contents
below



!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0
Transitional//EN

HTMLHEAD

META
http-equiv=Content-Type content=text/html;
charset=iso-8859-1/HEAD

BODY/BODY/HTML



End of email





Is there a rule to filter out empty emails ?



Regards
David Moore
[EMAIL PROTECTED]
J.P. MCP, MCSE, MCSE + INTERNET, CNE.

www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX
 190
BELROSE NSW 2085
AUSTRALIA.

DELIVERY ADDRESS:
21 GLEN STREET
BELROSE NSW 2085
AUSTRALIA.










[sniffer] Am I submitting to s...@sortmonster.com properly

2006-08-22 Thread David Moore








I just want to know if I am submitting spam emails to [EMAIL PROTECTED] properly being in
Australia we see a lot of spam targeting ANZ, National and Commonwealth bank
and they seem to be evading the Sniffer program so when I send a spam to [EMAIL PROTECTED] (I am using Outlook
2003) I copy and paste the header and forward the email to [EMAIL PROTECTED] is this working
properly. Please see example below.



Regards David Moore





Received: from dialup-82-207-6-125.lv.ukrtel.net
[82.207.6.125] by romtech.com.au

 (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000

Message-ID:
[EMAIL PROTECTED]

From: Commonweal Bank of Australia
[EMAIL PROTECTED]

To: [EMAIL PROTECTED]

Subject: Commonweal Bank of Australia new security features.

Date: Tue, 22 Aug 2006 10:45:09 +0400

MIME-Version: 1.0

Content-Type: multipart/alternative;

 boundary==_NextPart_000_001D_01C6C5D8.0A0008A0

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.2527

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527

X-mxGuard-Info: Processed by romtech.com.au using mxGuard
v2.4

X-mxGuard-SpoolID: 082d00a1ecb1

X-mxGuard-Sender: [EMAIL PROTECTED]

X-mxGuard-Virus-Info: No viruses detected

X-mxGuard-Spam-Score: 0

X-mxGuard-Spam-Probability: CLEAN

X-Note: This message has been scanned for spam and viruses
by mxGuard for IMail (www.mxguard.com)

X-RCPT-TO: [EMAIL PROTECTED]

Status: U

X-UIDL: 454949852

X-IMail-ThreadID: 082d00a1ecb1









From: Commonweal Bank
of Australia
[mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 22 August 2006 4:45
PM
To: [EMAIL PROTECTED]
Subject: Commonweal Bank of Australia new
security features.



It has come to our attention that your account needs to be confirmed
due to the recent changes we have made to our NetBank online system.
We contacted you for the following reason: Confirm your Information in order to
activate new NetBank security features for your account. Be sure to log in
securely by following the link below. It's important that you confirm your
NetBank account information otherwise you will not be able to access our online
services. We encourage you to login in to your Commonwealth Bank account as
soon as possible to help avoid this. 

Click
here

We appreciate your understanding as we work to ensure account safety.

Sincerely,
Commonweal Bank of Australia
management stuff.

Email ID: GFR97DF












[sniffer] Newbie Question about .fin and .srv

2006-08-12 Thread David Moore
I am running mxGuard, invURIBL, Message sniffer and I have just installed
the Message Sniffer as a service in persistent mode. I have a few files in
the Sniffer directory that are about 24 hour old can they be deleted?
(License code removed)

-20060812095802xAAF83996-1008.SVR
-20060812175037x5315DDED-688.FIN
-20060812170345xC4A5F6BC-5852.FIN
-20060812100537x6AB29C04-5872.FIN
-20060812091354xAAF83996-6124.SVR

Regards David Moore
[EMAIL PROTECTED]
J.P. MCP, MCSE, MCSE + INTERNET, CNE.

www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales

Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648

POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.

DELIVERY ADDRESS:
21 GLEN STREET
BELROSE NSW 2085
AUSTRALIA.




#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]