3) then be able to create a temporary rule to help block messages
- must be viable until SNF has an updated ruleset to start clearing
out
the attack
- I don't think declude (what I use w/SNF) has rule expirations (but
would be a nice feature)
What I do when I create a temp rule is
I have not noticed any increase on FPs on the one server that is running it.
John T
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Darin
Cox
Sent: Thursday, December 20, 2007 1:29 PM
To: Message Sniffer Community
Subject: [sniffer] Re:
Yes, there is a difference. Webmail is different. Additional features in the
SMTP service. Vulnerabilities fixed. Bugs fixed.
There is indeed a patch for version 8, it is called 8.22 + HF2.
John T
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
To clarify something that came up in another post a couple of weeks ago, is
it necessary to send false positive reports from the specified email
address, or any address as long as it includes the proper information such
as the license in the subject line?
John T
Thanks as always Pete for a great explination.
John T
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
Pete McNeil
Sent: Wednesday, October 17, 2007 5:35 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Beta
Hello John,
Our SYNC server software rejects connections by default. If an SNF
node follows the expected connection protocols and authenticates
properly and consistently then it will be allowed to communicate with
the system. If it fails to do any of these things or looks suspicious
in any way then it
3) The logs are rotating according to UTC time. How can that be configured
to rotate in local time?
John T
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of John T (lists)
Sent: Thursday, October 11, 2007 11:05 AM
To: Message Sniffer Community
Subject: [sniffer] New
A couple of notes I have noticed:
1)When SNFServer starts and creates the file id_snf_engine_cfg.log,
would it be a good idea to list the version of the SNFServer?
2)In your announcement about the version 1.4 beta, you said to upgrade
the snf_engine.xml as well. Why? Since there are
I think he was asking about the log rotate script that also FTPs a copy up
to sniffer. Do we still need to FTP a log to Sniffer?
John T
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
Pete McNeil
Sent: Tuesday, October 09, 2007 9:28 PM
To:
OK, a couple of questions.
If an IP is found to be BAD, the website states a non-zero code will be
returned. Well, I know that those of us using Declude and using listed
return codes other than non-zero will have a problem with this. Can this be
set to a specific return code that we can then use
Some of the spammers are apparently using my email address as the sender.
Any
way to defeat that or capitalize on it? I get several bounces a week from
all over the
world.
Ah, the American spirit at work. If you can't stop it, make money on it.
;-)
(And yes, I know that is not what you
I have been asked by a client to help find a way to catch headhunters and
such that attempt to recruit currant employees. I have yet to spend time on
this as it seems creating a filter in Declude for this while maintaining
low/no false positives would be some what difficult.
While this is outside
Inserting my 2 cents here since that is all that it is worth.
In backing up what Matt said, let me relate a similar example of a problem
that occurred a year and a half ago to a major IT security products vendor:
At about 6:15 AM PT on a week day in the middle of a normal busy week, their
Yes, it is called email gateway service and many of us do that and it is
fairly straightforward to setup but there are a number of steps.
John T
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of K Mitchell
Sent: Thursday, March 08, 2007 6:16 PM
As some one who speaks Russian, it would be more productive for you to
forward those spams to sniffer for processing rather than create a rule
based on normal common language characters. Besides, that is not what I
expect from Sniffer. My understand of the premise of Message Sniffer is to
create
PROTECTED] On
Behalf Of John T (Lists)
Sent: Thursday, October 26, 2006 8:13 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Yahoo! Is
Retarded
Youre preaching to the choir.
John T
eServices For You
Life is a succession of
lessons which must be lived to be understood.
Ralph Waldo
Declude is not ignoring the problem. David
Barker is aware of it and has responded discussion concerning this problem on
the Declude Junkmail list.
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL
http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Integration
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of
Joe Wolf
Sent: Tuesday, October 24, 2006
HA HA
HO HO
ROFLOL
Do you really think Yahoo and the other big ego head companies care about
us?
It would take a mass amount of paid Yahoo users to make some thing happen.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: Message Sniffer Community
I have seen reports that Network Non-Solutions is having DNS Server issues
today.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
Pete McNeil
Sent: Tuesday, October 17, 2006 2:29 PM
To:
I have noticed in the last couple of weeks a greatly improved response time
in reports of false positives.
Just want to say thanks.
John T
eServices For You
Seek, and ye shall find!
#
This message is sent to you because you are
I concur Pete in that I have been thinking about upping the weight for the
EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30
and delete at 35.
SNIFFER-TRAVEL 47 20
SNIFFER-INSURANCE 48 20
SNIFFER-AV-PUSH 49 20
SNIFFER-WAREZ
???/
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Kim W. Premuda
Sent: Tuesday, October 03, 2006 6:00 PM
To: Message Sniffer Community
Subject:
Bleeping wonderful.
We have to put up with this for a week?
I guess a nice little Outlook rule is called for.
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
[EMAIL PROTECTED]
Sent:
As Pete has said before, do not send
spam reports to the list.
There is a separate appropriate email
address for that.
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of
Stop using the silly WHITELIST TODOMAIN
for one thing.
What is the IP address they are coming
from? Could be a compromised client?
John T
eServices For You
Seek, and ye shall
find!
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On
Reading through the updated script, I notice you are uploading the log file
whenever the script runs. I currently upload the log file once per day.
Pete, what is the preferred timing for uploading the log file?
John T
eServices For You
Seek, and ye shall find!
-Original Message-
from Toronto
Goran Jovanovic
Omega Network Solutions
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of John T (Lists)
Sent: Friday, June 02, 2006 5:23 PM
To: Message Sniffer Community
Subject: [sniffer]Sniffer updates down?
I am getting
.
Therefore, PayPal is deliberately allowing that reverse IP in someone
else's netblock.
That, or both the netblock and PayPal's DNS have been p0wned.
Andrew 8)
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent
that reverse IP in someone
else's netblock.
That, or both the netblock and PayPal's DNS have been p0wned.
Andrew 8)
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Wednesday, May 24, 2006 9:31 AM
To: Message
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Wednesday, May 24, 2006 9:31 AM
To: Message Sniffer Community
Subject: [sniffer]Possible Paypal Phishing
Attached are the headers to an e-mail I am suspecting as a
clever phising that has me worried.
It looks like a legit
Pong
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: sniffer@sortmonster.com [mailto:[EMAIL PROTECTED] On Behalf
Of Pete
McNeil
Sent: Monday, May 15, 2006 10:12 PM
To: sniffer@sortmonster.com
Subject: Test
Hello sniffer,
Just testing.
--
PROTECTED]
On
Behalf Of Pete McNeil
Sent: Friday, May 05, 2006 9:09 AM
To: John T (Lists)
Subject: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer
We've had that rule before and had to pull it for false positives.
_M
On Friday, May 5, 2006, 11:41:50 AM, John wrote
] [mailto:[EMAIL PROTECTED]
On
Behalf Of Pete McNeil
Sent: Friday, May 05, 2006 11:37 AM
To: John T (Lists)
Subject: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer
On Friday, May 5, 2006, 1:08:14 PM, John wrote:
JTL Well, I am at the point that I could care less about geocities
It seems today that updates have been slow to retrieve, the last one being
averaging 54 Kbps. Updates are triggered on the e-mail update notice.
John T
eServices For You
Seek, and ye shall find!
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription
What is the purpose of using a WIKI site?
John T
eServices For You
Seek, and ye shall find!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Behalf Of Pete McNeil
Sent: Friday, March 17, 2006 8:07 AM
To: sniffer@sortmonster.com
Subject: [sniffer] New Web
I am seeing a log of spam with a subject line of with fw: or re: followed by
the username portion of the reciepient. Any way to create a rule for this?
John T
eServices For You
Seek, and ye shall find!
This E-Mail came from the Message Sniffer mailing list. For information and
PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of John T (Lists)
Sent: Wednesday,
December 28, 2005 8:46 PM
To: sniffer@SortMonster.com
Subject: RE: Re[2]: [sniffer] Last
chance to renew at the old price!
Absolutely not. In fact, if you read my
post after this, I am questioning whether or not it can
to determine a minimum selling
price. Any such stipulation in an agreement would put both of you in
violation of federal price-fixing laws.
-Joe
- Original Message -
From: John
T (Lists)
To: sniffer@SortMonster.com
Sent: Wednesday,
December 28, 2005 7:29 PM
The only problem with that, and one which I do not know how large of a
problem it is, is if you have always provided a single product, and suddenly
divide it into 2 levels, you end up with twice the amount of critics: Those
that pay less but expect more, those that pay more and then expect even
Pete, I am both a Sniffer reseller and user, and I was blind sided by this
announcement.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Behalf Of Pete McNeil
Sent: Tuesday, December 27, 2005 2:11 PM
To: Darin Cox
Subject: Re[2]:
Because the vendors are so lame as to have that enabled by default.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
Behalf Of Kevin Stanford
Sent: Thursday, December 15, 2005 10:11 AM
To: sniffer@SortMonster.com
Subject: RE:
PROTECTED] On Behalf Of John T (Lists)
Sent: Friday, October 14, 2005 12:55 PM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Large amounts of spam still getting through
There has been a good amount of discussion about temporarily
grey listing an e-mail message and there are many
Network Administrator
Vantek Communications, Inc.
555 H Street, Ste. C
Eureka, CA 95501
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Saturday, October 15, 2005 12:41 AM
To: sniffer@SortMonster.com
Subject: RE
No need to block zips, with Declude just add BANZIPEXTSON to your
virus.cfg file since the payload is an exe within the zip and since we are
all already banning executable files, correct?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
45 matches
Mail list logo