[sniffer] Re: .pdf Attachments
I'm getting a bunch of these as well the last few days. Sniffer is only catching about 50% of them. -Joe - Original Message - From: "Greg Coffey" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 9:20 AM Subject: [sniffer] .pdf Attachments What is with all the .pdf attachments in spam? I haven't noticed this trend previously. Are they infected or what is the scheme? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: ordb.org
I have good results with the following: AHBL CBL MXRATE NJABL SORBS SPAMCOP Remove ORDB as soon as possible! Good luck. -Joe - Original Message - From: <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Wednesday, May 23, 2007 7:02 PM Subject: [sniffer] ordb.org I've noticed quite a few false positives and started some research. Many show hits from ORDB. Apparently ordb.org shut down late in 2006 but it's still in my mxguard config. How can it be coming up with hits when there is no server to check against? What blacklists do you recommend that we use? Thanks, Greg CoffeyNet/AllureTech v 307-473-2323 1546 E. Burlington cell 307-259-7962 Casper, WY 82601 fax 307-237-3709 # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Declude header not modified correctly
David, Thanks for the info! I've never heard of ORF, but it sounds interesting. I really like the interface and reporting... a huge improvement over Imail. I know Microsoft SMTP is pretty fast. Is there a decent POP3 / IMAP client available. I just don't know much about the service. What features will your new system be missing when compared to Imail? Very interested. -Joe - Original Message - From: "David Waller" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Wednesday, October 25, 2006 4:54 AM Subject: [sniffer] Re: Declude header not modified correctly You can run Sniffer under Vamsoft ORF running under IIS SMTP this is good for your incoming. Vamsoft can run other agents such as anti-virus, invURIBL & SpamAssassin. We're moving away from Imail and Declude, Imail because it's expensive and Declude because it's expensive and they don't respond to support emails from this registered user. I am disillusioned with Declude, they started with a very good service but since they've gone all corporate things have gone down hill ever since. David -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: 25 October 2006 00:17 To: Message Sniffer Community Subject: [sniffer] Re: Declude header not modified correctly I have this problem as well, but I'm running an older version of Declude. As far as I know there's no way to fix the problem other than supposedly the newest version fixes the issue. I'm not going to spend another penny on Declude so I'm stuck with the problem unless I switch mail servers. Declude went down hill when the new owners took over. They have a group of worshopers on their list that attacks anyone critical of management which makes it impossible to give critical information on the product. I love Sniffer. I wish all products worked as good as Sniffer does. I just wish it didn't run underneath a third party plug in (Declude) to run on Imail or Smartermail. Does anyone know of a different mail server that's EASY to use that offers the features of Imail and doesn't require Declude to run Sniffer? Thanks, -Joe - Original Message - From: Herb Guenther <mailto:[EMAIL PROTECTED]> To: Message Sniffer Community <mailto:sniffer@sortmonster.com> Sent: Tuesday, October 24, 2006 6:11 PM Subject: [sniffer] Re: Declude header not modified correctly Just as a follow up, I have not had any email returned from Declude in the last 4 business days. So, they are just ignoring the problem even tho the tools are all doing their part to identify the messages are spam, the header mod is useless so it goes right thru the filters. So their answer was to have me update to the latest version, which did not solve the problem, and then I did not hear back from them after any email and a call. Herb Kami Razvan wrote: We see that a lot too.. we run 2.14 Kami From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, October 16, 2006 5:44 PM To: Message Sniffer Community Subject: [sniffer] Re: Significant increase in false positives We see this occasionally with Declude 1.82. What version are you running? Darin. - Original Message - From: Herb Guenther <mailto:[EMAIL PROTECTED]> To: Message Sniffer Community <mailto:sniffer@sortmonster.com> Sent: Monday, October 16, 2006 5:35 PM Subject: [sniffer] Re: Significant increase in false positives Hi Darin; Not seeing a lot of false pos messages, but there are lots of spam messages sneaking through our system because declude is not modifying the header correctly. It is adding a header stub to the bottom of the message so that users mail client filters which look for the modified subject line is not working. Anyone else having that issue? Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to t
[sniffer] Re: Declude header not modified correctly
I have this problem as well, but I'm running an older version of Declude. As far as I know there's no way to fix the problem other than supposedly the newest version fixes the issue. I'm not going to spend another penny on Declude so I'm stuck with the problem unless I switch mail servers. Declude went down hill when the new owners took over. They have a group of worshopers on their list that attacks anyone critical of management which makes it impossible to give critical information on the product. I love Sniffer. I wish all products worked as good as Sniffer does. I just wish it didn't run underneath a third party plug in (Declude) to run on Imail or Smartermail. Does anyone know of a different mail server that's EASY to use that offers the features of Imail and doesn't require Declude to run Sniffer? Thanks, -Joe - Original Message - From: Herb Guenther To: Message Sniffer Community Sent: Tuesday, October 24, 2006 6:11 PM Subject: [sniffer] Re: Declude header not modified correctly Just as a follow up, I have not had any email returned from Declude in the last 4 business days. So, they are just ignoring the problem even tho the tools are all doing their part to identify the messages are spam, the header mod is useless so it goes right thru the filters. So their answer was to have me update to the latest version, which did not solve the problem, and then I did not hear back from them after any email and a call.HerbKami Razvan wrote: We see that a lot too.. we run 2.14 Kami From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Darin CoxSent: Monday, October 16, 2006 5:44 PMTo: Message Sniffer CommunitySubject: [sniffer] Re: Significant increase in false positives We see this occasionally with Declude 1.82. What version are you running? Darin. - Original Message - From: Herb Guenther To: Message Sniffer Community Sent: Monday, October 16, 2006 5:35 PM Subject: [sniffer] Re: Significant increase in false positives Hi Darin;Not seeing a lot of false pos messages, but there are lots of spam messages sneaking through our system because declude is not modifying the header correctly. It is adding a header stub to the bottom of the message so that users mail client filters which look for the modified subject line is not working. Anyone else having that issue?Herb-- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
Re: [sniffer] Sniffer, MDLP, and invURIBL?
I would actually prefer that MDLP autotune the weight for invURIBL, but since the weights are managed by invURIBL and not Declude I don't know how this will work. -Joe - Original Message - From: Colbeck, Andrew To: sniffer@SortMonster.com Sent: Saturday, February 25, 2006 12:35 PM Subject: RE: [sniffer] Sniffer, MDLP, and invURIBL? Joe, Are you using MDLP to autotune your weights in Declude? If so, you can exclude invURIBL and other tests which you don't want to change, whether because you think the weight is perfect, or because their randomness doesn't fit MDLP's idea of a weighting system. Check out this snippet from The McNeil on this list at some point in the past: "Use the #MDLP:MANUAL feature to lock these tests at the values you set. In your GLOBAL.CFG file create a line that lists the tests you want to adjust manually. #MDLP:MANUAL TEST1 TEST2 TEST3 You can also use more than one line if you wish... #MDLP:MANUAL TEST1 ... #MDLP:MANUAL TEST2 ... #MDLP:MANUAL TEST3 ... The #MDLP:MANUAL directive appears to be a comment to Declude so it will be otherwise ignored. If you have an #MDLP directive you want to comment out then you can add an additional # as in: ##MDLP:... This will cause MDLP to ignore it as well." Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe WolfSent: Saturday, February 25, 2006 9:05 AMTo: sniffer@SortMonster.comSubject: [sniffer] Sniffer, MDLP, and invURIBL? I'm currently running Sniffer via Declude and use MDLP. Great! Since all the talk about invURIBL on the Imail list I thought I'd give it a try. The only problem I have is that it doesn't seem to be compatible with MDLP. invURIBL assigns its own weight to each message. The global.cfg line is as follows: INV-URIBL external weight "X:\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%" 0 0 I'm not an expert but the %WEIGHT% must pass the weight determined by invURIBL to Declude. I don't know what the variables of the weighting system are. I'm worried that I may start getting a bunch of false positives since MDLP can't manage the weighting of invURIBL. Would appreciate any advice from anyone that knows more about this than I do! Thanks, Joe
[sniffer] Sniffer, MDLP, and invURIBL?
I'm currently running Sniffer via Declude and use MDLP. Great! Since all the talk about invURIBL on the Imail list I thought I'd give it a try. The only problem I have is that it doesn't seem to be compatible with MDLP. invURIBL assigns its own weight to each message. The global.cfg line is as follows: INV-URIBL external weight "X:\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%" 0 0 I'm not an expert but the %WEIGHT% must pass the weight determined by invURIBL to Declude. I don't know what the variables of the weighting system are. I'm worried that I may start getting a bunch of false positives since MDLP can't manage the weighting of invURIBL. Would appreciate any advice from anyone that knows more about this than I do! Thanks, Joe
Re: Re[2]: [sniffer] Last chance to renew at the old price!
FYI, a reseller agreement may include a MAP (Minimum Advertised Price) but it is illegal in the United States for the agreement to determine a minimum selling price. Any such stipulation in an agreement would put both of you in violation of federal price-fixing laws. -Joe - Original Message - From: John T (Lists) To: sniffer@SortMonster.com Sent: Wednesday, December 28, 2005 7:29 PM Subject: RE: Re[2]: [sniffer] Last chance to renew at the old price! According to the Reseller agreement I signed when I became a reseller of Message Sniffer, I can not charge that low of a price. As such, Pete or some one at Sniffer would need to notify me that I had permission to sell at such a low price. What I mean is, be careful. John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of KevinSent: Wednesday, December 28, 2005 5:00 PMTo: sniffer@SortMonster.comSubject: Re: Re[2]: [sniffer] Last chance to renew at the old price! After posting this, another reseller pm me their renewal rate of $269. I didn't know Sniffer had another reseller besides Declude.Anyways, for those who are interested and want to save money, it's https://www.computerhouse.com/ccsecure.html At 01:21 PM 12/28/2005, you wrote: Can we renew at declude.com since their pricing is $292.50? I assume their prices will increase on Jan 1, 2006 too.This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] New virus...
If you are running your mail server only for yourself feel free to ban .exe's and .zip's. If you are providing mail services to others I STRONGLY suggest you consult an attorney that specializes in Internet related matters. There have been a couple of recent cases where ISP's have been held responsible for non-delivery of messages. I asked two for an opinion on the matter and was told that we should not block or hold any messages unless we believe them to be a specific threat to our systems. After the smoke cleared we came to the conclusion that it's OK to block known viruses and threats, but they had to be "known". We no longer hold or delete any known SPAM. We let the users or domain admins determine via rules what they want to block. I also checked with our errors and omissions insurance provider and was told that we would not be covered for non-delivery issues if it was a "deliberate act" on our part to block them. This has become a hot issue that few want to discuss. It's nearly impossible to find an attorney well versed in the field. As more become aware of the issue I suspect it will become a popular point to litigate (has your ISP caused you damage by failing to deliver important information?, etc.). The bottom line is that if you block items like all .exe's or all .zip's you are taking the responsibility for non-delivery. In the two cases I found one had a disclaimer, and the other a written TOS. It didn't help either in court. Just be very careful. -Joe - Original Message - From: "John T (Lists)" <[EMAIL PROTECTED]> To: Sent: Thursday, October 06, 2005 2:01 AM Subject: RE: [sniffer] New virus... No need to block zips, with Declude just add "BANZIPEXTS ON" to your virus.cfg file since the payload is an exe within the zip and since we are all already banning executable files, correct? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, October 05, 2005 8:41 PM To: sniffer@sortmonster.com Subject: [sniffer] New virus... Importance: High Hello sniffer, Hello folks... watch out for a new virus email with an attachment named "pword _ change . zip" - extra spaces added to skip filters ;-) We're adding some SNF rules to catch it. No word about it on virus lists or scanner services yet (that I can see). You may want to temporarily block .zip files - or at least this particular zip file until the new rules can be pushed out and the virus scanners catch up. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Sniffer Resources
How does AVAFTERJM help? Unless you had JunkMail delete the message it would seem that it has to be scanned for viruses either way. I don't know which uses more processor time... Virus or SPAM scanning. If you use a bunch of tests it probably takes more horsepower to scan for SPAM than viruses. If that's the case then it would see like you would want to virus scan FIRST. Any message deleted by the virus scanner don't need to be scanned for SPAM. Maybe I'm way off base? I'm sure not an expert on this! -Joe - Original Message - From: "Richard Farris" <[EMAIL PROTECTED]> To: Sent: Thursday, September 08, 2005 11:48 AM Subject: Re: [sniffer] Sniffer Resources It was suggested that I put AVAFTERJM in my Declude configuration and that has made a huge difference...I have my old server back...I hope this does not cause other problems..we will continue to monitor this.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" - Original Message - From: "Richard Farris" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 06, 2005 10:07 AM Subject: [sniffer] Sniffer Resources When I turn off sniffer my server acts normally on rescources..but when I turn it on it goes to 100% and stays there most of the time...I have tried updating the sniffer and rebooting the server but does not help...it has been doing this for about a month...has anyone else seen this..if not what can I do to resolve it..right now I have sniffer turned off so I can just send mail thru the server.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Andy Schmidt" Sent: Monday, September 05, 2005 9:43 AM Subject: Re: [sniffer] Integration with today's new ORF version: On Monday, September 5, 2005, 9:26:38 AM, Andy wrote: AS> http://www.vamsoft.com/orf/agentdefs.asp AS> AS> It says to contact vendor. Here I am . Yes indeed. How may I help you? _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Arm Research Labs is officially launched!
I'm not sure what this means. Is SortMonster being acquired by ARM Research Labs? Vice versa? Just joint venture? Sure hope that a plugin to SmarterMail is just around the corner! -Joe - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: Sent: Thursday, September 01, 2005 12:41 AM Subject: [sniffer] Arm Research Labs is officially launched! Hello Sniffer Folks, ARM Research Labs (ARM) is a privately funded research and development group created to explore and develop new technologies for the Internet-based computing systems and infrastructures. To start with, ARM will be taking Message Sniffer to the next level by deploying it's core technologies on new platforms, creating new products and partnerships to leverage these technologies, and developing the next generation of technologies, products, and services. Though we have been keeping things quiet up to now we have been hard at work: ARM has already produced a new product for Exchange and IIS/SMTP based systems (See: Assert!) and increased our rulebase update rates by more than 40%. Much more is on it's way soon so stay tuned! Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Sniffer and SmarterMail?
Terry, Will take a look at it... never heard of it before. It may be going too far the other way. I'm not looking for something with fewer features than Imail. I don't think SquirrelMail will allow all the domain management features like Imail does (add, remove, modify users, passwords, lists, etc.) but I may be wrong. Thanks, Joe - Original Message - From: "Smart Business Support" <[EMAIL PROTECTED]> To: "Joe Wolf" Sent: Wednesday, June 01, 2005 8:55 PM Subject: Re: [sniffer] Sniffer and SmarterMail? Joe, Wednesday, June 1, 2005 you wrote: JW> If there's a better option than SmarterMail I'd love to hear it, JW> but I can't compare a $4000+ server to a $600 one. hMailServer is free and open source. Once I finish the script work for calling Sniffer and the work-around for ClamDscan and FPROT I'll post it. Clamdscan is the service (daemon) for ClamAV. No reason that the daemon version of Sniffer couldn't be used as well. The SquirrelMail web interface is not bad although it is PHP 4. The web admin interface is pretty good, too, and can be php 5. --- Terry Fritts This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] Sniffer and SmarterMail?
I currently own and use Declude, but want NOTHING to do with Declude from here on out. Since Scott left I nothing good to say about them. -Joe - Original Message - From: <[EMAIL PROTECTED]> To: "Joe Wolf" Sent: Wednesday, June 01, 2005 7:31 PM Subject: Re[2]: [sniffer] Sniffer and SmarterMail? Hi Joe, Yeah, we had talked about buying the low cost Declude Virus/JM versions and then letting Sniffer hook into those as well as then hooking with SmarterMail... That's an option for you too. -jason - - - - - - - - - - - - - - - - - - > Wednesday, June 1, 2005, 7:02:30 PM, you wrote: JW> Mdaemon may be great, but it's out of my budget. I can't afford $2500 for JW> the mail server and then another $1600 for the anti-virus. Especially when JW> I compare it to SmarterMail at $600. JW> I would love to continue to use Sniffer... I respect it more than Imail and JW> Declude combined! But the fact is that it's time to move on. Ipswitch has JW> completely lost their mind and just doesn't give a damn about their JW> customers, failed to fix major problems, and raised their prices thru the JW> roof. JW> It may be very simple to plug in Sniffer to SmarterMail, but I'm not a JW> developer. I don't really want to run a non-supported implementation. JW> If there's a better option than SmarterMail I'd love to hear it, but I can't JW> compare a $4000+ server to a $600 one. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Sniffer and SmarterMail?
Mdaemon may be great, but it's out of my budget. I can't afford $2500 for the mail server and then another $1600 for the anti-virus. Especially when I compare it to SmarterMail at $600. I would love to continue to use Sniffer... I respect it more than Imail and Declude combined! But the fact is that it's time to move on. Ipswitch has completely lost their mind and just doesn't give a damn about their customers, failed to fix major problems, and raised their prices thru the roof. It may be very simple to plug in Sniffer to SmarterMail, but I'm not a developer. I don't really want to run a non-supported implementation. If there's a better option than SmarterMail I'd love to hear it, but I can't compare a $4000+ server to a $600 one. Thanks, Joe - Original Message - From: "Dave Koontz" <[EMAIL PROTECTED]> To: Sent: Wednesday, June 01, 2005 6:30 PM Subject: RE: [sniffer] Sniffer and SmarterMail? For what it's worth, I think Mdaemon is pretty hard to beat in the Windows market. It's at least worth a test IMO. As far as WebMail clients go, they have various themes, some of which rival OWA... But the user always has a choice of many. The company has excellent support. Join their Beta list to see what I mean, you will communicate directly with their CEO and lead programming team, and they not only listen, but work with you to resolve your needs. As far as the product goes, it's stable and very flexible in it's configuration. It is also very reasonably priced. It has great native Spam and AV capabilities (inclduing SpamAssassin, RBL, SPF, DomainKeys), but has the ability to use 3rd party "Plugins" which are much faster than Content Filter "Command Line" scans. Pete has already ported Sniffer to use a plugin for Mdaemon, and you can also find a plugin for ClamAV. You can also see other addons by visitng: http://www.mdaemonplugins.com Just my 2 cents. I am not affiliated in any way, just think it's a great product with great support. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smart Business Support Sent: Wednesday, June 01, 2005 7:03 PM To: sniffer@SortMonster.com Subject: Re: [sniffer] Sniffer and SmarterMail? Looking at migrating to SmarterMail MDaemon as an alternative I like the weighting that SmarterMail offers for spam checking and the web interface is undeniably nice. And there are many other really excellent features including the price which seems reasonable to me. I have not tested this directly but you should be able to use Sniffer with SmarterMail by employing the protocol settings for the command line exe or batch file and pointing to Sniffer. This is also how one would employ custom scripting. There is (at least I've seen a web page) a filter already available on the web for ClamAV and SpamAssassin that uses the hook. It would be pretty easy to use a batch file for Sniffer I think. Another possibility that might work for some is the open source hMailServer in the latest beta which has a scripting provision built in for 3 events: OnClientConnect, OnAcceptMessage, OnDeliverMessage. It is beta but I've been testing it with no apparent problems thus far. It comes with a provision for using ClamWin and an additional virus scanner. You can use Clamdscan with a little trickery. Also has a COM interface. http://www.hmailserver.com/ In order to employ Sniffer you have to use the Scripting provision of the beta and put your call to Sniffer in the OnDeliverMessage area. One drawback thus far is the inability to easily add additional x-headers but you can easily modify standard headers. Not promoting anything - but we've been testing a few things ourselves. --- Terry Fritts This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Sniffer and SmarterMail?
No offense intended toward anyone, but we've just about had it with the Imail/Declude combo. Looking at migrating to SmarterMail... those who have changed seem to love it. I LOVE Message Sniffer and don't want to lose such a great product. I also DO NOT want to have to use Declude with SmarterMail. Couple of questions: #1 Is there currently a way to integrate Message Sniffer with SmarterMail without using Declude? #3 If not are there any plans to work with SmarterMail? Thanks, -Joe
Re: [sniffer] Sniffer updates...
Title: Message John, I've always respected your opinions. I've respected Scott at Declude as well, but I don't think he has much to say about what happens there anymore. The powers to be at Declude obviously look at their customers as theives trying to steal their product. I have installed a version of Declude that is not covered under by any current service policy in attempts to solve a problem. When I discovered the old version of Declude was not the problem I reverted back. My attempt was rewarded with a threatening email message. I looked at it quite differently. I have no need or want for the new Declude "features", but if the old version I purchased was defective I am due version that worked as advertised. It was up to me to find that out. I'm perfectly happy with the old version, and I expect it to work as advertised. Their attitude is a spin off of the Ipswitch attitude to move on to new versions without ever fixing the old ones. For example, the new version of Declude (2.0) lists 10 new features. Of those 10, four are listed as "fixes" for older versions. I know I'm in the minority but I believe it is Declude's responsibility to provide a fully functional 1.x verson to those who purchased it. The 2.0 should only include new features, not fixes from previous versions. If I wanted to purcase 2.0 for the new features that would be fine, but to be forced to purchase a new version or service agreement to get fixes for problems in a version you already purcased is just plain wrong. What if that mentality were to be accepted in the automobile business? You buy a new car and the air conditioner doesn't work. You're told that instead of the 2004 model you purchased you should pay to upgrade to a 2005 model because we finally got the air conditioner working for 2005. Doesn't matter that your 2004 was advertised with air conditioning or not. I've had it with that kind of attitude. I want a simple, efficient mail server that does exactly what is advertised. Nothing more, nothing less. As for Sniffer. I've had no complaints with it at all. Seems to do exactly what I was told it would do. Thanks to everyone for their input! -Joe - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Wednesday, December 22, 2004 9:58 AM Subject: RE: [sniffer] Sniffer updates... Joe, I will back up Matts comments. Declude has/is indeed suffering from less than honest/moral individuals/companies and they are correct in taking steps to protect their products and company. Only the method they are using is being questioned. Believe me, those of us heavily involved in Imail/Declude are monitoring this issue and voicing our opinions, both publicly and privately. Lets not throw out the baby with the bath water. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, December 22, 2004 7:23 AMTo: [EMAIL PROTECTED]Subject: Re: [sniffer] Sniffer updates... Joe,In their defense, I don't think that they necessarily knew any better than to have approached it this way. I don't necessarily get that the new ownership has worked from the IT side of the business before and understands security and trust as a corporate administrator would, in fact Barry comes from the marketing side of the business and I'm afraid that this is a bit of trial-by-fire. I expect (hope) that he will get the message and change their ways before this will be released in final format. Scott didn't have the resources to enforce licensing, and as a business, this is critical to their success. I have no qualms with that goal. They didn't intend to violate privacy or functionality, they just overlooked it.The whole IMail debacle is a different story. Most everyone using Declude on that platform will eventually be switching, and Declude has been more than fair by offering free migrations of their license to a different platform, starting with SmarterMail which is very reasonably priced and seemingly quite responsive to their customers.MattJoe Wolf wrote: I'm currently using Sniffer via Imail and Declude. We all know that Ipswitch has lost their mind and is abandoning the small ISP, and now it seems that Declude has lost their way. The new version of Declude is tied to a single MAC address. That counts me out since I run multiple NIC's in the same machine and am multi-homed. Their spyware "phone home" system is a violation of our security policies as well. That leads me to Sniffer. I love the product. Does anyone have a complete list of mail servers that have direct support for Sniffer? The Imail / Declude thing is too much to d
[sniffer] Sniffer updates...
Title: Message I'm currently using Sniffer via Imail and Declude. We all know that Ipswitch has lost their mind and is abandoning the small ISP, and now it seems that Declude has lost their way. The new version of Declude is tied to a single MAC address. That counts me out since I run multiple NIC's in the same machine and am multi-homed. Their spyware "phone home" system is a violation of our security policies as well. That leads me to Sniffer. I love the product. Does anyone have a complete list of mail servers that have direct support for Sniffer? The Imail / Declude thing is too much to deal with and I'm going to make a change. Thanks, Joe
Re: [sniffer] Test ordering/precedence
OK, I'm confused. First I admit I don't spend much time on Sniffer or Declude settings, and I haven't learned the programs very well. I used the default Sniffer config files. If I changed as indicated below will it catch more SPAM? Sorry if this is a dumb question, just need some advice. Thanks, Joe - Original Message - From: "Landry William" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 02, 2004 10:05 PM Subject: RE: [sniffer] Test ordering/precedence Here's what my Sniffer global.cfg entries for look like: SNIFFER-TRAVEL external 047 "M:\Sniffer\LicenseID.exe AuthCode" 07 0 SNIFFER-INSURANCE external 048 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-AV-PUSH external 049 "M:\Sniffer\LicenseID.exe AuthCode" 10 0 SNIFFER-WAREZ external 050 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SPAMWAREexternal 051 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SNAKEOILexternal 052 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-SCAMS external 053 "M:\Sniffer\LicenseID.exe AuthCode" 17 0 SNIFFER-PORNexternal 054 "M:\Sniffer\LicenseID.exe AuthCode" 17 0 SNIFFER-MALWARE external 055 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-ADVERTISING external 056 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SCHEMES external 057 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-CREDIT external 058 "M:\Sniffer\LicenseID.exe AuthCode" 10 0 SNIFFER-GAMBLINGexternal 059 "M:\Sniffer\LicenseID.exe AuthCode" 10 0 SNIFFER-GENERAL external 060 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 SNIFFER-SPAMexternal 061 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-OBFUSCATION external 062 "M:\Sniffer\LicenseID.exe AuthCode" 15 0 SNIFFER-IP-RULESexternal 063 "M:\Sniffer\LicenseID.exe AuthCode" 12 0 You will need to use your LicenseID and AuthCode, and want to adjust the weights to meet your own needs and requirements. Bill -Original Message- From: Serge [mailto:[EMAIL PROTECTED] Sent: Thursday, December 02, 2004 6:41 PM To: [EMAIL PROTECTED] Subject: Re:[sniffer] Test ordering/precedence Where can i find examples of using "exit codes" to assign different weights depending on groupes, when using sniffer with declude/imail ? TIA - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Jim Matuska" <[EMAIL PROTECTED]> Sent: Thursday, December 02, 2004 9:59 PM Subject: Re[2]: [sniffer] Test ordering/precedence On Thursday, December 2, 2004, 4:15:43 PM, Jim wrote: JM> Pete, JM> We have rules setup in declude based upon sniffer return codes 60 JM> and 62 to JM> mark all messages with those tests as spam, however we do not have JM> any 61 or JM> 62 return codes setup. Can you briefly explain what each of these groups JM> includes and a false positive rate for each. The false positive rates for all of these rule groups have fallen dramatically over the past 8 months and at this point they are all comparable. Different systems see different rates, but all rates are low. Group 63 - Experimental Received [IP] - contains rules that match Receive headers by IP. These are now largely generated by robots which monitor inbound spamtrap and usertrap data and then test those sources. This group used to provide the second largest rate of false positives. The rate now is roughly the same as any other group. Group 62 - Obfuscation - contains rules built to detect obfuscation techniques. Internally this group breaks down into a number of sub-groups which detect unnecessary URL encoding, HEX encoding, and HTML obfuscation patterns. Group 61 - Experimental Abstract - contains rules that are designed to recognize data patterns and structures found in spam. For example errors in headers combined with message structures, misspellings, unusual uses for table and HTML structures or message segments, and other abstract patterns that result from the use of scripting engines to generate polymorphic spam. Note: Group 60 was Gray-Hosting many months ago. That group was retired and then reused. Now it is being renumbered again. Group 60 - General (Ungrouped) - contains many of the same kinds of rules found in other groups, but particularly those which cannot be accurately categorized there. For example, fake diploma spam. These rules are largely text segments, domains, URI/URL segments, and structures (much like those found in group 61). Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained
