[sniffer] Re: Announcing ClamAID - Clam AV installer for windows.
At 12:49 2/2/2009 -0500, you wrote: >Hello Sniffer Folks, > >We've noticed that folks often have trouble getting Clam AV (the free >open source anti-virus scanner) working correctly on their mail >servers, so we've created a free product to help solve that. ClamAID >(Clam AV Assisted Install Device). > >http://www.armresearch.com/tools/arm/clamAID.jsp > >What ClamIAD does is collect all of the bits and pieces that make >ClamAV work, configure them, install them, and get them running with >your email / filtering platform. > >So far ClamAID supports IceWarp, Declude/IMail, and >Declude/SmarterMail. > >We will add support for additional platforms as requested (time >permitting). Is an mxGuard/IMail version in the works? -- Kirk Mitchell-General Managermi...@keyconn.net Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: SPAM Storm?
At 06:19 PM 3/19/2007 -0400, Computer House Support wrote: >Is it me, or is there an unbelievable spam storm going on this >afternoon?? We got a fairly heavy burst this afternoon originating from an APNIC 210.x.x.x block. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Sniffer as passthrough filter
I've been running Message Sniffer here with IMail and mxGuard for a number of the domains we service. I have another customer that runs their own Exchange server, and wishes to continue doing so, but inquired as to the possibility of us doing pass-through filtering for them. Is this possible with the setup I have? Thanks, -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: DNSBL
At 03:19 PM 2/28/2007 -0700, [EMAIL PROTECTED] wrote: >C:\WINDOWS\system32\cmd.exe /c c:\imail\isplcln -n 5 -l 10 > >Above is the command I use in scheduled tasks. Make sure you have >ispcln.exe on your system. I can't remember whether it came with >Imail or I had to download it somewhere. Looking through IPSwitch's support knowledgebase, it appears that isplcln.exe has been part of IMail since 5.x, but I was never aware of it. Thanks. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: DNSBL
At 01:16 PM 2/28/2007 -0700, [EMAIL PROTECTED] wrote: >You definitely want to be running in persistent mode. > >I automated that whole process a while back after upgrading to >Win2003. It deletes the .tmp & .gse files a couple times per >day. It flushes out the spool and spam folder for anything older >than 5 days. In the good ol' days, I used to manually do all that >at least once a day. The old 2000 install had some corrupt files and >I couldn't automate anything, yuck! I'm still on Win2k. I've been able to automate emptying the mx-pid folder periodically, downloading sniffer updates, and uploading/dating sniffer logs nightly. I could also automate dumping the .tmp and .gse files periodically(may give that shot), not sure how I could do the clean out files after 5 days thing though. I'm assuming you're talking about the scattered extra .smd files. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: DNSBL
At 07:19 PM 2/28/2007 +0100, Alberto Santoni wrote: >Hello > >does someone have heavy problems with the DNSBLs? > >I have Imail server 2006.1 + mxguard + messagesniffer and it is since >about a week that my server has almost always the CPU at 100%. > >I have stopped the check for all DNSBL but nothing has changed! - What makes you suspect DSNBL? - Have you seen an increase in the overall number of messages going through? - Are you using the sniffer persistant instance? - Check to see that the imail\spool\mx-pid folder isn't filling up. I'm running IMail 7.06/mxGuard/Message Sniffer and at times when I've had problems the solution has been to empty that mx-pid folder. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Transition to new deliver server completed. Watch Out For The Minor Changes!
At 05:07 PM 1/4/2007 -0500, you wrote: >Hello Message, > > So far the upgrade seems to have gone off with only one minor hitch. My rulebase updates are going fine, but my log uploads are now hanging at; Connecting to... 207.97.242.65:21... failed! -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 12:37 AM 12/9/2006 -0500, K Mitchell wrote: > >wput -nd licenseID_*.log ftp://snifferlog:[EMAIL PROTECTED] Sorry, this line now becomes: wput -nd licenseID.log ftp://snifferlog:[EMAIL PROTECTED] -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 09:35 PM 12/8/2006 -0500, K Mitchell wrote: > > I've just finished putting mine all together. Each of the components have >been tested individually, tonight shortly after midnight will be the first >test of it in it's entirety. In the way of explanation, here's what I'm >doing each night shortly after midnight: > >- moving the current logfile to a subfolder, thus rotating the logfiles >- renaming the file to add the date -this uses the Namedate utility I found >at http://www.informatics-consulting.de/software/namedate.htm >- uploading the file >- moving the file to yet another subfolder -this is because the upload >script uses * to cover the date variable, so it wouldn't be good to have 2 >or more dated files in the same folder >- sending myself an email confirming that the process has completed >successfully This didn't quite work as planned. Apparently wput doesn't recognize variables in the filename, so I had to swap some lines and do the upload before the renaming to add the date. I had been hoping to date it before sending so that, in the odd chance that my prior log hadn't been processed yet, the new file would have a different name and upload with no problems. I'll just have to hope that my logs get processed within 24 hours. Here's the new .cmd file: @echo off c: cd c:\imail\sniffer move c:\imail\sniffer\licenseID.log logs cd c:\imail\sniffer\logs wput -nd licenseID_*.log ftp://snifferlog:[EMAIL PROTECTED] echo Log upload completed! >> sniffupld.txt namedate /UYO-1Z:"ymd" "licenseID.log" echo Log dated! >> sniffupld.txt move c:\imail\sniffer\logs\licenseID_*.log sent echo Log moved to Sent folder! >> sniffupld.txt c:\imail\imail1 -f c:\imail\sniffer\logs\sniffupld.txt -s "Sniffer log upload on %COMPUTERNAME%" -t [EMAIL PROTECTED] -u sniffer -h yourdomain.net echo Confirmation emailed! del c:\imail\sniffer\logs\sniffupld.txt :Done -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 09:35 PM 12/8/2006 -0500, K Mitchell wrote: >At 02:11 AM 12/9/2006 -, Serge wrote: >>Hi Pete & all >> >>after >> 200 PORT command successful. Consider using PASV. >>I am getting >>425 connection failed >> >>Is this another FW issue ? >> >>would you please share the batch & script you use with wput to upload logs >>on pasv mode Forgot to add in my previous post; I used the wputrc file included with wput to make a wput.ini file in which I specified PASV ;connection_mode = pasv -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 02:11 AM 12/9/2006 -, Serge wrote: >Hi Pete & all > >after >> 200 PORT command successful. Consider using PASV. >I am getting >425 connection failed > >Is this another FW issue ? > >would you please share the batch & script you use with wput to upload logs >on pasv mode I've just finished putting mine all together. Each of the components have been tested individually, tonight shortly after midnight will be the first test of it in it's entirety. In the way of explanation, here's what I'm doing each night shortly after midnight: - moving the current logfile to a subfolder, thus rotating the logfiles - renaming the file to add the date -this uses the Namedate utility I found at http://www.informatics-consulting.de/software/namedate.htm - uploading the file - moving the file to yet another subfolder -this is because the upload script uses * to cover the date variable, so it wouldn't be good to have 2 or more dated files in the same folder - sending myself an email confirming that the process has completed successfully ** I'd be happy to hear comments or tips if anyone has any. THE CMD FILE(located in c:\imail\sniffer\logs): @echo off c: cd c:\imail\sniffer move c:\imail\sniffer\licenseID.log logs cd c:\imail\sniffer\logs namedate /UYO-1Z:"ymd" "licenseID.log" echo Log dated! >> sniffupld.txt wput -nd licenseID_*.log ftp://snifferlog:[EMAIL PROTECTED] echo Log upload completed! >> sniffupld.txt move c:\imail\sniffer\logs\licenseID_*.log sent echo Log moved to Sent folder! >> sniffupld.txt c:\imail\imail1 -f c:\imail\sniffer\logs\sniffupld.txt -s "Sniffer log upload on %COMPUTERNAME%" -t [EMAIL PROTECTED] -u sniffer -h yourdomain.net echo Confirmation emailed! del c:\imail\sniffer\logs\sniffupld.txt :Done This is all in a upload.cmd file I'l set to run shortly after midnight via Task Scheduler. *NOTE: The Namedate command includes the variable O-1 which makes the name 1 day before the current date. I did this so the logfile name reflects the actual day the log covers. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 01:51 AM 12/8/2006 -0500, Matt wrote: >Try WPUT > >http://sourceforge.net/projects/wput/ Got that working, thanks. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 11:16 PM 12/7/2006 -0700, Jay Sudowski - Handy Networks LLC wrote: >Give this a try: http://www.ncftp.com/download/ Just did about 5 minutes ago. It won't run without specifying a destination directory, and sortmonster ftp won't allow any directory settings. Thanks though :o) -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 09:36 PM 12/7/2006 -0700, Jay Sudowski - Handy Networks LLC wrote: >You will very likely need to use passive mode then, as TCP Port >filtering works very much the same way as a firewall, at least as it >applies to FTP. Any recommendations on a command line PASV-capable FTP client? -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 10:22 PM 12/7/2006 -0500, Pete McNeil wrote: >Hello K, > >> At this point it just hangs, no transfer occurring. In the event that it >> might be transferring but not displaying the hash marks, I left it sit for >> over 30 minutes(10mb logfile)...nothing. I'm not sure what else to try. > >What you've described usually goes along with a firewall problem. >Firewalls and FTP are always a challenge. What seems to be happening >is that the command channel is working fine, but when it's time to set >up the data channel that fails- and so you don't get any data. There is no firewall. I have TCP port filtering set up on the machine, but both 20 and 21 are open. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Uploading problems
At 06:53 PM 12/3/2006 -0500, Pete McNeil wrote: >Hello K, > >FTP access for log files is restricted for security reasons. The >information your provide below shows you attempting to do a number of >things that are not allowed - for example, directory listings. It is >possible that the system disconnected you for security reasons >(thought I doubt it). > >Uploading log files should be very simple. That's what I thought, but for some reason it no longer works as well as it used to. Up until a couple of months ago, I never had any issues uploading logfiles. Then I started getting periodic transfer failures that increased in frequency until I'm at the point now where nothing seems to work. >Connect, login, put your file. Since my FTP program hasn't seemed to be able to get log files uploaded, I tried uploading via the command prompt on my mail server... ftp> open ftp.sortmonster.net Connected to www.sortmonster.net. 220 Hello. User (www.sortmonster.net:(none)): 331 Please specify the password. 230 Login successful. ftp> ftp> bin 200 Switching to Binary mode. ftp> hash Hash mark printing On ftp: (2048 bytes/hash mark) . ftp> send mylogfile061203.log 200 PORT command successful. Consider using PASV. 150 Ok to send data. At this point it just hangs, no transfer occurring. In the event that it might be transferring but not displaying the hash marks, I left it sit for over 30 minutes(10mb logfile)...nothing. I'm not sure what else to try. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Uploading problems
Still having issues uploading my log files. Sometimes the uploads go smoothly, other times it starts the transfer, then errors out partway through. Here's a log of yet another failed transfer; connecting to 207.97.229.114:21 Connected to 207.97.229.114 port 21 220 Hello. USER snifferlog 331 Please specify the password. PASS (hidden) 230 Login successful. PWD 550 Permission denied. SYST 215 UNIX Type: L8 Host type (S): UNIX (standard) TYPE A 200 Switching to ASCII mode. PORT 63,175,74,17,12,152 200 PORT command successful. Consider using PASV. LIST 550 Permission denied. ! Retrieve of folder listing failed (0) sending logfile01.log as logfile01.log (1 of 2) TYPE I 200 Switching to Binary mode. PORT 63,175,74,17,12,154 200 PORT command successful. Consider using PASV. STOR logfile01.log 150 Ok to send data. ! Send error: connection reset Transmitted 27779584 bytes in 930.4 secs, (292.72 Kbps), transfer failed ! Receive error: Blocking call cancelled -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Increase in spam
I've been seeing a massive increase in spam over the last 2 days getting through with minimal scores. Could this be due to the drawback of the filter involved with false positives, or something else? -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Log uploading issues
In order to keep my log files more orderly, I rotate them at 12:01 each morning with the previous day's log named for that day. Every few days I manually upload them to ftp.sortmonster.net File sizes run 8-11mb on average. Until recently, I've never had any noticible issues doing it this way. Recently, however, I've been getting a large number of stuck uploads and transfer failures. Nothing's changed at my end of the transfer; same FTP client, same settings. Has something changed at your end that I need to take into account. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>