[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
I just sent my request to them!! Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +61(0)424 987 789 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - On 10/06/10 9:40 PM, e...@insight.rr.com wrote: SmarterTools to include a true integration of MessageSniffer into smartermail # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Australian Bank Phishing emails always seem to get through
We are continually seeing Australian bank phishing emails such as the one below (I personally have about 10 a day) that always seem to get through I guess it is because we are in Australia and it is only targeted at .au domains and nobody has bothered to tell sort monster there is a problem. However is there anything we can do to sortmonster such as list all emails from the major Australian banks as suspect. Original Message Subject:Urgent Notification! Date: 02 Jun 2009 01:54:34 -0500 From: Commonwealth Bank secur...@onlineupdate.com To: webmas...@adsldirect.com.au We recorded a payment request from HostGator -www.hostgator.com- Reseller Web Hosting to enable the charge of $74.95 on your account. Because the order was made from an African internet address, we put an Exception Payment on transaction id #POS PAYM7284 motivated by our Geographical Tracking System. *THE PAYMENT IS PENDING FOR THE MOMENT.* If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as HostGator - Reseller Web Hosting. If you didn't make this payment and would like to decline the $74.95 billing to your card, please follow the link below to cancel the payment : Cancel this payment (transaction id #POS PAYM7284) http://mbl-109-47-183.dsl.net.pk/.security/ *NOTE:* Because email is not a secure form of communication, please do not reply to this email. © Commonwealth Bank of Australia 2009 ABN 48 123 123 124 -- Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -
[sniffer] Re: Australian Bank Phishing emails always seem to get through
Thanks for the response I will setup and UserTrap mail box. and ask our customers to forward to that mailbox. Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - Pete McNeil wrote: David Moore wrote: We are continually seeing Australian bank phishing emails such as the one below (I personally have about 10 a day) that always seem to get through I guess it is because we are in Australia and it is only targeted at .au domains and nobody has bothered to tell sort monster there is a problem. However is there anything we can do to sortmonster such as list all emails from the major Australian banks as suspect. I have created a number of rules from the sample. I think it would be a mistake to tag all messages from major Australian banks -- surely there would be false positives and we can do much better than that. In fact the majority of rules I've just created from this sample are independent of the bank involved so they will work on many bank phishing messages. You are correct that we don't get many submissions from our .au customers -- more .au customers making more spam submissions would help quite a bit. If you could submit these messages to us then we will be able to build rules to combat them. http://www.armresearch.com/support/articles/procedures/spamSubmissions.jsp If you are getting 10 of these per day that number should drop significantly very quickly -- and so would the number for our other .au customers. If you find that there are any other spam that continue to get through even after repeated submissions to us then please treat them as Chronic Spam (see the link above) and they will get special attention. We're anxious to solve this problem for you. Our target is no false positives, and no spam leakage. Every little bit helps us get closer. Best, _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: DST update problem - server changes
I to have the same problem I have reverted back to the old script. (We are windows based) Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - Shawn wrote: Pete, I upgraded to the latest getRulebase file and followed the instructions, but now all I see on my windows system (DST) is the following: (I replaced my license ID # with ) snf2check: .new ERROR_RULE_FILE! 1 file(s) copied.R:2349772 [0/12 - 0] W:0 C:0 B:0 T:0 S:0 snf2check: .new ERROR_RULE_FILE! 1 file(s) copied.R:2349772 [0/12 - 0] W:0 C:0 B:0 T:0 S:0 over and over again for pages and pages in my console window. Everything worked great until I updated to the latest getRulebase. My license ID and everything are all the same and I re-verified them after I copied the info from the other getRulebase script. What is causing this? Thanks, Shawn On Mon, Mar 9, 2009 at 2:44 PM, Pete McNeil madscient...@armresearch.com mailto:madscient...@armresearch.com wrote: Hello Sniffer Folks, DST Update Problem: A bug in the old getRulebase.cmd script caused Win* systems to discard the server's timestamp on rulebase files and substitute the local timestamp. As a result any system that change to DST (daylight savings time) after our rulebase delivery servers would continuously show a newer rulebase file on our servers. As a result these systems would repeatedly download the rulebase file as quickly as they could. Solutions: 1. Everyone should upgrade their getRulebase.cmd script to the latest version: http://www.armresearch.com/message-sniffer/download/CURL-getRulebase.zip ** Note that most *NIX systems do not have the same problem with wget, but everyone should check. *** Note that going forward a CURL based update script is preferred. Since CURL is available on most *NIX systems by default we do not expect this to be a problem. 2. If not upgrading to the latest version then they should modify their wget based scripts to ensure that the server's timestamp on the rulebase file is preserved. 3. Since many systems will not be upgraded in the short term, we are also taking action on the delivery server to prevent problems with ruelbase updates: From now on a new rulebase will show it's new timestamp for 5 minutes after it is posted. Then the timestamp will be pushed back one hour to limit the amount of time systems with later DST transitions will see the files as new. The results of this change will be: * Systems that have upgraded to the new getRulebase.cmd script or are using an otherwise correct update script will see no difference. By default, SNFSync events occur about once per minute and since the new rulebase file will be shown with it's current timestamp for 5 minutes each correctly configured SNF node will see and download the fresh rulebase file as soon as it is available. * Some systems that have not upgraded may attempt to download a new rulebase file twice, or possibly three times depending upon timing. However after that time (based on a 180 second guard time) these systems should cease to see the rulebase files as new and will stop trying to download the files. Once these systems move to DST they will operate normally. Of course we hope that all systems will upgrade their update scripting before this! * Systems that are using a scheduled task to update their rulebase may sometimes see the newer time stamp and may sometimes see the delayed (one hour old) timestamp. This will cause update lag to shift in time with an average of 30 minutes. At this time this seems to be the best compromise for everyone. We apologize for any inconvenience. Thanks, _M # This message is sent to you
[sniffer] Australian Bank Junk Emails
We consistently get Australian banks phising junk emails that sortmonster doesn't seem to pickup can you add the following banks to your rules as banks very rarely send out emails. ANZ Bank WestPac St George National Australia Bank Bank of Queensland Full list here http://www.afsd.com.au/banks1.html Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is my server ip) as well as 127.0.0.1 and do I also put my public IP address in this file. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, 13 January 2008 4:25 AM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Harry, You can run the SNF program from the command line with no parameters. It will complain and then tell you about itself. _M Saturday, January 12, 2008, 12:10:35 PM, you wrote: I do not recall upgrading How can I tell the version that I am running? thanks Harry Vanderzand Intown Internet 11 Belmont Ave. W. Kitchener, ON, N2M 1L2 519-741-1222 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, January 12, 2008 12:09 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello David, When using snfupd with the new version you can skip the line that tells SNF to reload. REM %LicenseID%.exe reload Most likely the error you received is because there is no executable named for your license ID. This is ok with the new version. The snfupd.cmd script was originally written to work with version 2 which does require branding the SNF executable. The new version of SNF does not require branding. Also, the new version will very quickly recognize that there is a new rulebase file and will load it automatically so there is no reason (nor facility) to notify it about the update. Hope this helps, _M Saturday, January 12, 2008, 11:21:37 AM, you wrote: Ok I have most off this working with Imail 8.22 So far this is what I have done Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup task schedule. Which generates an from the snfupd.cmd C:\SNFsnfupd.cmd 'mylicencekeynotshownhere.exe' is not recognized as an internal or external command, operable program or batch file. REM Load new rulebase file. %LicenseID%.exe reload So how do I get the SNFserver to update with the latest .snf file. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, 18 October 2007 9:58 AM To: Message Sniffer Community Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade Hello Sniffer folks, Please find the latest SNF V2-9 distribution files here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis tributions#NEW_SNF_V2-9_Wide_Beta If you are running a previous version of SNF V2-9, please upgrade as soon as possible. The newest version includes some bug fixes. From the change log: 20071017 - SNF2-9b1.5.exe Added a missing #include directive
[sniffer] Re: Excessive amounts of spam
How stable is the beta version? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au http://www.adsldirect.com.au/ for ADSL and Internet www.romtech.com.au http://www.romtech.com.au/ for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, 21 December 2007 8:10 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Excessive amounts of spam
We are using MxGuard, Sniffer, InvURIBL combo on Imail will the beta sniffer still fit with this combination with out issues? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of E. H. (Eric) Fletcher Sent: Friday, 21 December 2007 8:35 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Frank: Thanks for your input. There are definitely things leaking though that wouldn't have leaked through before. We've held off hoping for a production release but it may not be practical much longer. On that note, for anyone else in the same position, we tested adding InvURIBL from Invariant Systems. It's not a sniffer replacement but definitely caught a lot of what sniffer currently lets through for the very valid reasons Pete has covered. The only thing missing seemed to be a white list so that you could white list legitimate publications that might contain links to 'offensive' sites. That can probably be tuned out thru weighting however we'd hoped not to be re-inventing the wheel for a short term solution. Eric - Original Message - From: Pi-Web - Frank Jensen [EMAIL PROTECTED] To: Message Sniffer Community sniffer@sortmonster.com Sent: Thursday, December 20, 2007 1:17 PM Subject: [sniffer] Re: Excessive amounts of spam We have been running it for - I guess - 2 month now without any trouble. How stable is the beta version? Regards David Moore [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au http://www.adsldirect.com.au/ for ADSL and Internet www.romtech.com.au http://www.romtech.com.au/ for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On Behalf Of *Pete McNeil *Sent:* Friday, 21 December 2007 8:10 AM *To:* Message Sniffer Community *Subject:* [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative
[sniffer] Re: Spam
Well done Andy, cant wait for some spam to try it out on. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, 30 May 2007 7:39 AM To: Message Sniffer Community Subject: [sniffer] Re: Spam I recommend SpamSource, if you are an Outlook user. It's a little toolbar applet that you can configure any recipient of the forwarded spam and it will include all the original mail headers - just the way Sniffer, Spamcop etc. like it. All you do is press the button on the toolbar and the message will be forwarded, deleted from your inbox and not even appear in your sent folder (all configurable). Best Regards, Andy -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of David Moore Sent: Tuesday, May 29, 2007 4:54 PM To: Message Sniffer Community Subject: [sniffer] Re: Spam Long time in getting back to you about this but: preferably to a spam collection pop3 box on your system I am happy to send it to a box called [EMAIL PROTECTED] password sort!231#6eh will you arange for your bot to collect ? When I send spam to [EMAIL PROTECTED] in the past I have been laborusly opening the header, coping header content, forwarding email, past header content to beginning of email and sending is there a quicker way. If I send spam to [EMAIL PROTECTED] how would I stop our system from re tagging the email as spam from me. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, 14 May 2007 9:27 PM To: Message Sniffer Community Subject: [sniffer] Re: Spam Hello David, Monday, May 14, 2007, 2:59:16 AM, you wrote: Do not send spam to the sniffer@ list. Submit un-captured spam to [EMAIL PROTECTED], or preferably to a spam collection pop3 box on your system that can be picked up by our bots. Thanks! _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED
[sniffer] Re: Appriver issue
I think what Peter is try to say is that Sort monster is hosted at Appriver and Appriver had an issue and therefore so did Sort monster. http://www.dnsstuff.com/tools/dnsreport.ch?domain=sortmonster.com Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Saturday, 19 May 2007 11:59 AM To: Message Sniffer Community Subject: [sniffer] Re: Appriver issue Thanks for the explanation, and I wasn't trying to blame you - just wanted more info is all. We use Sniffer, but not Appriver. You said that if we don't use Appriver, we shouldn't have been affected, but you also seemed to say that if one of the recipient's of my user's email uses Appriver that might've caused a problem. And also that *some* of Sniffer users might have experienced the problem as well. It sounds like things are still being worked out. I just wanted some kind of verification that they were aware of the problem, were working on it, that they were in some way sorry about what happened...you know - the usual stuff. And I know that you are not an official rep of Appriver or anything, but presently you're all we have in that role ;) Thanks Kevin Pete McNeil wrote: Hello Kevin, Friday, May 18, 2007, 8:52:47 PM, you wrote: Pete - Thanks for the reply, but I guess I don't understand what you're saying. Some packet loss and rulebase downloads to slow down for a time don't reflect what happened to me yesterday and apparently not what happened to one of the other posters either when he said that Appriver was having a problem with sending messages over and over again. I received over (at last count) 35,000 messages (almost all of which were bounced replies, from one email from one of our users who sent an email to about 70 people) yesterday. And I had already gone to http://www.armresearch.com/ yesterday and there was nothing there. There is nothing there today that I can see. What happened? I lost an entire day's worth of email because of bounced messages. I didn't sleep last night. I don't even use Appriver. I would hope someone could explain it a little better than that. Thanks. I was answering the question - how is AppRiver related to Message Sniffer. I don't have specifics on the problem at AppRiver yet - they are still picking up the pieces, though operations are back to normal afaik. I do know (preliminarily) that the problem occurred when a new piece of software caused some messages with multiple recipients to loop and as a result to be replicated and resent repeatedly. If you are not a user of AppRiver then you shouldn't have been effected. Perhaps if you sent a message to someone who is a user of AppRiver then that might have gotten your messages involved. The only direct effect I'm aware of for SNF users was that for a time rulebase downloads were slowed due to packet loss. Since we use AppRiver for filtering (they, after all are using SNF) some messages that get sent to us apparently did loop to some lists. Also, some email to our accounts was delayed. I would need to know a lot more about your system and the email you lost before I could make any guesses as to what happened there -- but if you're not using AppRiver then you shouldn't have been effected. Hope this helps, _M # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch
[sniffer] Re: Integration with Mailenable
I to would like to pursue this option I have in the past purchased Mail Enable Enterprise 2 but could no handle the amount of spam it let in and reverted back to Imail 8.22 and unwilling to upgrade to 2006.2. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Cohen Sent: Friday, 16 March 2007 5:22 AM To: Message Sniffer Community Subject: [sniffer] Integration with Mailenable We are finally going to replace our old Vopmail server. Looking at Mailenable Enterprise. Will Sortmonster work with that program? Is anyone using Mailenable? If so how is it and if it works with Sortmonster how did you use them together. THanks, Phil # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Lots of stock spam getting through
Dito. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, 6 February 2007 8:35 AM To: Message Sniffer Community Subject: [sniffer] Lots of stock spam getting through We are seeing a major increase in stock spam today with the subject think about it think of it - Sniffer is not catching these yet. I checked and our rulebase is up to date. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: [Fwd: keep up with the jones']
We also sent this to [EMAIL PROTECTED] this morning so it is interesting to see how this got submitted to the mail list if that is how it got through. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Kim W. Premuda Sent: Wednesday, 4 October 2006 4:06 PM To: Message Sniffer Community Subject: [sniffer] Re: [Fwd: keep up with the jones'] Sorry...this was mistakenly sent to the wrong e-mail address. It was supposed to go to '[EMAIL PROTECTED]', and I was off one line when I clicked on the item in my address book. Kim W. Premuda FastWave Internet Services San Diego, CA --- [This E-mail scanned for viruses by Declude Virus] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Blank emails
I am seeing a lot of Spam emails with blank bodys is this because our internet connection is too slow or because the spammers are failing to complete there transaction Received: from CIBER2.ctijdq6u.org [201.135.34.108] by romtech.com.au with ESMTP (SMTPD-8.22) id A02D0268; Thu, 24 Aug 2006 08:01:17 +1000 Message-Id: [EMAIL PROTECTED] X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: d027016d10c4 X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) Subject: From: [EMAIL PROTECTED] Date: Thu, 24 Aug 2006 08:01:22 +1000 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 454950041 X-IMail-ThreadID: d027016d10c4 Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA.
[sniffer] Another example of an empty email but looking at the source.
Received: from PC05.4ueleoz.org [202.215.167.25] by romtech.com.au with ESMTP (SMTPD-8.22) id A7AC0224; Thu, 24 Aug 2006 08:33:16 +1000 Message-Id: [EMAIL PROTECTED] X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: d7ab017912af X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) Subject: From: [EMAIL PROTECTED] Date: Thu, 24 Aug 2006 08:33:20 +1000 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 454950044 X-IMail-ThreadID: d7ab017912af Body contents below !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=iso-8859-1/HEAD BODY/BODY/HTML End of email Is there a rule to filter out empty emails ? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA.
[sniffer] Am I submitting to s...@sortmonster.com properly
I just want to know if I am submitting spam emails to [EMAIL PROTECTED] properly being in Australia we see a lot of spam targeting ANZ, National and Commonwealth bank and they seem to be evading the Sniffer program so when I send a spam to [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the header and forward the email to [EMAIL PROTECTED] is this working properly. Please see example below. Regards David Moore Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by romtech.com.au (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 Message-ID: [EMAIL PROTECTED] From: Commonweal Bank of Australia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Commonweal Bank of Australia new security features. Date: Tue, 22 Aug 2006 10:45:09 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_001D_01C6C5D8.0A0008A0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: 082d00a1ecb1 X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 454949852 X-IMail-ThreadID: 082d00a1ecb1 From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] Sent: Tuesday, 22 August 2006 4:45 PM To: [EMAIL PROTECTED] Subject: Commonweal Bank of Australia new security features. It has come to our attention that your account needs to be confirmed due to the recent changes we have made to our NetBank online system. We contacted you for the following reason: Confirm your Information in order to activate new NetBank security features for your account. Be sure to log in securely by following the link below. It's important that you confirm your NetBank account information otherwise you will not be able to access our online services. We encourage you to login in to your Commonwealth Bank account as soon as possible to help avoid this. Click here We appreciate your understanding as we work to ensure account safety. Sincerely, Commonweal Bank of Australia management stuff. Email ID: GFR97DF
[sniffer] Newbie Question about .fin and .srv
I am running mxGuard, invURIBL, Message sniffer and I have just installed the Message Sniffer as a service in persistent mode. I have a few files in the Sniffer directory that are about 24 hour old can they be deleted? (License code removed) -20060812095802xAAF83996-1008.SVR -20060812175037x5315DDED-688.FIN -20060812170345xC4A5F6BC-5852.FIN -20060812100537x6AB29C04-5872.FIN -20060812091354xAAF83996-6124.SVR Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
