[sniffer] Re: I got a strong attack today

2008-01-04 Thread John T (lists)
3) then be able to create a temporary rule to help block messages - must be viable until SNF has an updated ruleset to start clearing out the attack - I don't think declude (what I use w/SNF) has rule expirations (but would be a nice feature) What I do when I create a temp rule is

[sniffer] Re: Excessive amounts of spam

2007-12-20 Thread John T (lists)
I have not noticed any increase on FPs on the one server that is running it. John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, December 20, 2007 1:29 PM To: Message Sniffer Community Subject: [sniffer] Re:

[sniffer] Re: Imail Upgrade

2007-11-04 Thread John T (lists)
Yes, there is a difference. Webmail is different. Additional features in the SMTP service. Vulnerabilities fixed. Bugs fixed. There is indeed a patch for version 8, it is called 8.22 + HF2. John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf

[sniffer] Reporting False Positives

2007-10-26 Thread John T (lists)
To clarify something that came up in another post a couple of weeks ago, is it necessary to send false positive reports from the specified email address, or any address as long as it includes the proper information such as the license in the subject line? John T

[sniffer] Re: Beta

2007-10-17 Thread John T (lists)
Thanks as always Pete for a great explination. John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, October 17, 2007 5:35 AM To: Message Sniffer Community Subject: [sniffer] Re: Beta Hello John,

[sniffer] Re: Beta

2007-10-16 Thread John T (lists)
Our SYNC server software rejects connections by default. If an SNF node follows the expected connection protocols and authenticates properly and consistently then it will be allowed to communicate with the system. If it fails to do any of these things or looks suspicious in any way then it

[sniffer] Re: New Server/Client configuration

2007-10-11 Thread John T (lists)
3) The logs are rotating according to UTC time. How can that be configured to rotate in local time? John T From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Thursday, October 11, 2007 11:05 AM To: Message Sniffer Community Subject: [sniffer] New

[sniffer] New Server/Client configuration

2007-10-11 Thread John T (lists)
A couple of notes I have noticed: 1)When SNFServer starts and creates the file id_snf_engine_cfg.log, would it be a good idea to list the version of the SNFServer? 2)In your announcement about the version 1.4 beta, you said to upgrade the snf_engine.xml as well. Why? Since there are

[sniffer] Re: Updates to log rotation scripts

2007-10-10 Thread John T (lists)
I think he was asking about the log rotate script that also FTPs a copy up to sniffer. Do we still need to FTP a log to Sniffer? John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 9:28 PM To:

[sniffer] Re: All about GBUdb

2007-10-09 Thread John T (lists)
OK, a couple of questions. If an IP is found to be BAD, the website states a non-zero code will be returned. Well, I know that those of us using Declude and using listed return codes other than non-zero will have a problem with this. Can this be set to a specific return code that we can then use

[sniffer] Re: Address

2007-09-24 Thread John T (lists)
Some of the spammers are apparently using my email address as the sender. Any way to defeat that or capitalize on it? I get several bounces a week from all over the world. Ah, the American spirit at work. If you can't stop it, make money on it. ;-) (And yes, I know that is not what you

[sniffer] Category idea

2007-09-21 Thread John T (lists)
I have been asked by a client to help find a way to catch headhunters and such that attempt to recruit currant employees. I have yet to spend time on this as it seems creating a filter in Declude for this while maintaining low/no false positives would be some what difficult. While this is outside

[sniffer] Re: Appriver issue

2007-05-19 Thread John T (lists)
Inserting my 2 cents here since that is all that it is worth. In backing up what Matt said, let me relate a similar example of a problem that occurred a year and a half ago to a major IT security products vendor: At about 6:15 AM PT on a week day in the middle of a normal busy week, their

[sniffer] Re: Sniffer as passthrough filter

2007-03-08 Thread John T (lists)
Yes, it is called email gateway service and many of us do that and it is fairly straightforward to setup but there are a number of steps. John T -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of K Mitchell Sent: Thursday, March 08, 2007 6:16 PM

[sniffer] Re: Blocking emails with Cyrillic characters

2006-12-13 Thread John T (Lists)
As some one who speaks Russian, it would be more productive for you to forward those spams to sniffer for processing rather than create a rule based on normal common language characters. Besides, that is not what I expect from Sniffer. My understand of the premise of Message Sniffer is to create

[sniffer] Re: Yahoo! Is Retarded

2006-10-26 Thread John T (Lists)
PROTECTED] On Behalf Of John T (Lists) Sent: Thursday, October 26, 2006 8:13 AM To: Message Sniffer Community Subject: [sniffer] Re: Yahoo! Is Retarded Youre preaching to the choir. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo

[sniffer] Re: Declude header not modified correctly

2006-10-24 Thread John T (Lists)
Declude is not ignoring the problem. David Barker is aware of it and has responded discussion concerning this problem on the Declude Junkmail list. John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL

[sniffer] Re: Declude header not modified correctly

2006-10-24 Thread John T (Lists)
http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Integration John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: Tuesday, October 24, 2006

[sniffer] Re: FW: Retest (KMM38446283V14479L0KM)

2006-10-18 Thread John T (Lists)
HA HA HO HO ROFLOL Do you really think Yahoo and the other big ego head companies care about us? It would take a mass amount of paid Yahoo users to make some thing happen. John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community

[sniffer] Re: email

2006-10-17 Thread John T (Lists)
I have seen reports that Network Non-Solutions is having DNS Server issues today. John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 17, 2006 2:29 PM To:

[sniffer] Thanks Sniffer

2006-10-10 Thread John T (Lists)
I have noticed in the last couple of weeks a greatly improved response time in reports of false positives. Just want to say thanks. John T eServices For You Seek, and ye shall find! # This message is sent to you because you are

[sniffer] Re: Experimental Abstract

2006-10-09 Thread John T (Lists)
I concur Pete in that I have been thinking about upping the weight for the EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30 and delete at 35. SNIFFER-TRAVEL 47 20 SNIFFER-INSURANCE 48 20 SNIFFER-AV-PUSH 49 20 SNIFFER-WAREZ

[sniffer] Re: [Fwd: keep up with the jones']

2006-10-03 Thread John T (Lists)
???/ John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Kim W. Premuda Sent: Tuesday, October 03, 2006 6:00 PM To: Message Sniffer Community Subject:

[sniffer] Re: Sharon Daniels is out of the office.

2006-08-07 Thread John T (Lists)
Bleeping wonderful. We have to put up with this for a week? I guess a nice little Outlook rule is called for. John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent:

[sniffer] Re: Fwd: Re: ------------------------------------------------

2006-08-03 Thread John T (Lists)
As Pete has said before, do not send spam reports to the list. There is a separate appropriate email address for that. John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of

[sniffer] Re: Help

2006-07-27 Thread John T (Lists)
Stop using the silly WHITELIST TODOMAIN for one thing. What is the IP address they are coming from? Could be a compromised client? John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On

[sniffer] Re: My rulebase download and log upload script

2006-07-10 Thread John T (Lists)
Reading through the updated script, I notice you are uploading the log file whenever the script runs. I currently upload the log file once per day. Pete, what is the preferred timing for uploading the log file? John T eServices For You Seek, and ye shall find! -Original Message-

Re: [sniffer]Sniffer updates down?

2006-06-02 Thread John T (Lists)
from Toronto Goran Jovanovic Omega Network Solutions -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, June 02, 2006 5:23 PM To: Message Sniffer Community Subject: [sniffer]Sniffer updates down? I am getting

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
. Therefore, PayPal is deliberately allowing that reverse IP in someone else's netblock. That, or both the netblock and PayPal's DNS have been p0wned. Andrew 8) -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
that reverse IP in someone else's netblock. That, or both the netblock and PayPal's DNS have been p0wned. Andrew 8) -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Wednesday, May 24, 2006 9:31 AM To: Message

Re: [sniffer]Possible Paypal Phishing

2006-05-24 Thread John T (Lists)
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Wednesday, May 24, 2006 9:31 AM To: Message Sniffer Community Subject: [sniffer]Possible Paypal Phishing Attached are the headers to an e-mail I am suspecting as a clever phising that has me worried. It looks like a legit

RE: [sniffer] Test

2006-05-16 Thread John T (Lists)
Pong John T eServices For You Seek, and ye shall find! -Original Message- From: sniffer@sortmonster.com [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, May 15, 2006 10:12 PM To: sniffer@sortmonster.com Subject: Test Hello sniffer, Just testing. --

RE: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer....

2006-05-05 Thread John T (Lists)
PROTECTED] On Behalf Of Pete McNeil Sent: Friday, May 05, 2006 9:09 AM To: John T (Lists) Subject: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer We've had that rule before and had to pull it for false positives. _M On Friday, May 5, 2006, 11:41:50 AM, John wrote

RE: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer....

2006-05-05 Thread John T (Lists)
] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, May 05, 2006 11:37 AM To: John T (Lists) Subject: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer On Friday, May 5, 2006, 1:08:14 PM, John wrote: JTL Well, I am at the point that I could care less about geocities

[sniffer] Updates slow

2006-03-20 Thread John T (Lists)
It seems today that updates have been slow to retrieve, the last one being averaging 54 Kbps. Updates are triggered on the e-mail update notice. John T eServices For You Seek, and ye shall find! This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription

RE: [sniffer] New Web Site!

2006-03-17 Thread John T (Lists)
What is the purpose of using a WIKI site? John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, March 17, 2006 8:07 AM To: sniffer@sortmonster.com Subject: [sniffer] New Web

[sniffer] New add compain

2006-03-10 Thread John T (Lists)
I am seeing a log of spam with a subject line of with fw: or re: followed by the username portion of the reciepient. Any way to create a rule for this? John T eServices For You Seek, and ye shall find! This E-Mail came from the Message Sniffer mailing list. For information and

RE: Re[2]: [sniffer] Last chance to renew at the old price!

2005-12-28 Thread John T (Lists)
PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of John T (Lists) Sent: Wednesday, December 28, 2005 8:46 PM To: sniffer@SortMonster.com Subject: RE: Re[2]: [sniffer] Last chance to renew at the old price! Absolutely not. In fact, if you read my post after this, I am questioning whether or not it can

RE: Re[2]: [sniffer] Last chance to renew at the old price!

2005-12-28 Thread John T (Lists)
to determine a minimum selling price. Any such stipulation in an agreement would put both of you in violation of federal price-fixing laws. -Joe - Original Message - From: John T (Lists) To: sniffer@SortMonster.com Sent: Wednesday, December 28, 2005 7:29 PM

RE: Re[2]: [sniffer] Last chance to renew at the old price!

2005-12-27 Thread John T (Lists)
The only problem with that, and one which I do not know how large of a problem it is, is if you have always provided a single product, and suddenly divide it into 2 levels, you end up with twice the amount of critics: Those that pay less but expect more, those that pay more and then expect even

RE: Re[2]: [sniffer] Last chance to renew at the old price!

2005-12-27 Thread John T (Lists)
Pete, I am both a Sniffer reseller and user, and I was blind sided by this announcement. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, December 27, 2005 2:11 PM To: Darin Cox Subject: Re[2]:

RE: [sniffer] Joe Jobs...

2005-12-15 Thread John T (Lists)
Because the vendors are so lame as to have that enabled by default. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Stanford Sent: Thursday, December 15, 2005 10:11 AM To: sniffer@SortMonster.com Subject: RE:

RE: [sniffer] Large amounts of spam still getting through

2005-10-15 Thread John T (Lists)
PROTECTED] On Behalf Of John T (Lists) Sent: Friday, October 14, 2005 12:55 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] Large amounts of spam still getting through There has been a good amount of discussion about temporarily grey listing an e-mail message and there are many

RE: [sniffer] Large amounts of spam still getting through

2005-10-15 Thread John T (Lists)
Network Administrator Vantek Communications, Inc. 555 H Street, Ste. C Eureka, CA 95501 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Saturday, October 15, 2005 12:41 AM To: sniffer@SortMonster.com Subject: RE

RE: Re[2]: [sniffer] Large amounts of spam still getting through

2005-10-15 Thread John T (Lists)
I wonder is that is some kind Outlook vulnerability. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Saturday, October 15, 2005 10:43 AM To: sniffer@SortMonster.com Subject: RE: Re[2]: [sniffer]

RE: [sniffer] New virus...

2005-10-06 Thread John T (Lists)
No need to block zips, with Declude just add BANZIPEXTSON to your virus.cfg file since the payload is an exe within the zip and since we are all already banning executable files, correct? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL