RE: [sniffer] Lot of Drugs Spam getting through sniffer....
I have been getting them here also and have forwarded some to [EMAIL PROTECTED] I guess to get past the filters the spammers misspell key words throughout the email with new web links. It is misspelled so badly that I cannot really make sense of it. Are there actual people out there that would buy this stuff from a spam email like that? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bayerdorffer Sent: Friday, May 05, 2006 9:38 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Lot of Drugs Spam getting through sniffer Here too. -- Daniel Bayerdorffer [EMAIL PROTECTED] Numberall Stamp & Tool Co., Inc. PO Box 187 Sangerville, ME 04479 USA TEL 207-876-3541 FAX 207-876-3566 www.numberall.com > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick > Sent: Friday, May 05, 2006 10:34 AM > To: sniffer@sortmonster.com > Subject: [sniffer] Lot of Drugs Spam getting through sniffer > > The last few days tons on Drus spam is coming in and sniffer is > catching none of it. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Joe Jobs...
That brings a question up...why do some/many/most postmasters feel that it is so important to notify senders of a virus to a "spoofed" email address? Also, I have yet to see a legitimate email that contained a virus..so why not turn the notification off all together? Just curious... Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, December 15, 2005 11:30 AM To: sniffer@sortmonster.com Subject: [sniffer] Joe Jobs... Hello Sniffer Folks, Please be aware that there are several spam and possibly virus (other malware?) campaigns being transmitted with my madscientist address and possibly other addresses from our company in the From: headers and SMTP envelope. Though this has happened in the past at low levels, I have noted recently a very high level of bounces and warnings returning to me (erroneously) from systems that claim they have received viruses and spam from my address. I suspect that this might have been triggered by recent press activity, - especially a Washington Post article which included my email address without modification. If you receive any of these messages, please treat them as the spam/malware that they are and ignore the source. I have verified that we are not sending any such messages ( unintentionally) from any of our systems. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message I am also getting slammed with spam passing sniffer today also. Have not had a chance to send them yet Kevin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SchickSent: Wednesday, November 02, 2005 3:48 PMTo: sniffer@SortMonster.comSubject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
[sniffer] Sniffer Updates
Our updates seem to be taking a very long time. I am 85% updated and the ETA shows 07:00. Is it me? Kevin This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Problem sending logs
Can someone explain to me why it is necessary to put so many X-Notes in the headersit make it rather difficult to read the postings when you have to scroll down to get them. Kevin From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "'SnifferSupport'" <[EMAIL PROTECTED]> Date: Wed, 23 Jun 2004 07:55:54 -0700 Organization: eServices For You X-Mailer: Microsoft Outlook, Build 10.0.6626 X-Note: ### X-Note: This message scanned by eServices For You for viruses and X-Note: ## junkmail at 07:55:57 on 06/23/2004. ## X-Note: ### X-RBL-Warning: Total weight of message as a result of tests: 0 X-RBL-Warning: TESTS FAILED: Whitelisted X-Note: Sender is [EMAIL PROTECTED] and spool file is D99f93f27002663d3.SMD. X-Note: This E-mail was received from RevDNS: [(Private IP)] X-Note: This E-mail was received from IP: [192.168.16.11] X-Note: Receipients are [EMAIL PROTECTED], [EMAIL PROTECTED] X-Note: ### X-Note: End eServices For You headers at 07:55:57 on 06/23/2004. # X-Note: To report any issues, please contact [EMAIL PROTECTED] # X-Note: ### X-Declude-Spoolname: D99f30a0.SMD Subject: RE: [sniffer] Problem sending logs Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Note: This E-mail was sent from (Private IP) ([10.100.1.17]). X-RCPT-TO: <[EMAIL PROTECTED]> Still occurring. Attached are the files used. I am using these same scripts on my server and it is working fine. John Tolmachoff Engineer/Consultant/Owner eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of John Tolmachoff (Lists) > Sent: Wednesday, June 23, 2004 1:31 AM > To: [EMAIL PROTECTED] > Subject: [sniffer] Problem sending logs > > Trying to set up a new client. > > Testing the logrotate script. > > Starting at about 01:10 AM to test, can not upload logs. I kept getting not > connected messages. > > Any one else experiencing this? My log upload went fine at 11:45 PM. > __ > ftp> Connected to www.sortmonster.net. > > ftp> open ftp.sortmonster.net > Not connected. > > ftp> user snifferlog ki11sp8m > Not connected. > > ftp> binary > Not connected. > > ftp> put C:\Logs\Sniffer\clientid.log > quit > ___ > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Spam storm?
I have notices this week that the download is also slow over here. I am getting around 2.8 to 3 K/s. We also use Wget, and have with no problems,...just slow download speed. Here is my tracert if it helps... U:\>tracert www.sortmonster.net Tracing route to www.sortmonster.net [216.88.37.61] over a maximum of 30 hops: 1 3 ms 2 ms 2 ms 10.100.1.1 2 5 ms 3 ms 2 ms 63.145.109.65 3 7 ms 8 ms 9 ms dal-edge-08.inet.qwest.net [63.145.96.117] 4 8 ms 8 ms 8 ms dal-core-01.inet.qwest.net [205.171.25.117] 517 ms 9 ms 8 ms dal-brdr-02.inet.qwest.net [205.171.25.46] 6 9 ms 8 ms 8 ms POS5-2.BR2.DFW9.ALTER.NET [204.255.168.229] 710 ms 8 ms 8 ms 0.so-1-3-0.xl2.dfw9.alter.net [152.63.99.214] 8 8 ms11 ms11 ms 0.so-0-0-0.tl2.dfw9.alter.net [152.63.2.181] 950 ms51 ms52 ms 0.so-5-0-0.tl2.nyc9.alter.net [152.63.0.110] 1053 ms50 ms51 ms 0.so-3-0-0.xl2.nyc1.alter.net [152.63.29.113] 1151 ms51 ms51 ms 0.so-0-0-0.xr2.nyc1.alter.net [152.63.19.97] 1252 ms51 ms51 ms 508.atm7-0.gw8.nyc1.alter.net [152.63.20.1] 1351 ms50 ms51 ms savvis-ny-gw.customer.ALTER.NET [65.194.72.54] 1450 ms51 ms51 ms so-2-0-0.usnycm2-02.j20c.savvis.net [206.129.9.1 ] 1557 ms56 ms56 ms fe2-3-2.uswash2-01.j20c.savvis.net [209.83.222.7 3] 1673 ms80 ms70 ms microneil-1.uswash.savvis.net [216.88.33.46] 17 *** Request timed out. 18 *** Request timed out. 19 *** Request timed out. 20 *** Request timed out. 21 *** Request timed out. 22 *** Request timed out. 23 *** Request timed out. 24 *** Request timed out. 25 *** Request timed out. 26 *** Request timed out. 27 *** Request timed out. 28 *** Request timed out. 29 *** Request timed out. 30 *** Request timed out. Trace complete. At 08:04 AM 03/26/2004, you wrote: At 08:13 AM 3/26/2004, you wrote: I have a Sprint T as well, and have had no download problems using wget on Win2000 aside from periodic slowdowns. Just ran a download this morning and speed never went over 5K. I also have had no bad_matrix instances. I am consistently getting 45K/sec or better through a 768K DSL. Could you send me a traceroute to www.sortmonster.net off list so I can compare? Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Spam Forwards to spam@sortmonster.com
I always forward the headers...Eudora has a button called "Blah Blah Blah" that if you press it the headers will become part of the email. Great tool! Kevin At 03:51 PM 02/24/2004, you wrote: Ik you forward the spam, you don't forward the headers. Big chance it doesn't get caught by sniffer (I guess) Groet, (regards) -- ing. Michiel Prins bsc [EMAIL PROTECTED] SOS Small Office Solutions / Reject / Wannepad 27 - 1066 HW - Amsterdam t.+31(0)20-4082627 - f.+31-(0)20-4082628 -- Consultancy - Installation - Maintenance Network Security - Internet - E-mail Software Development - Project Management -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Stanford Sent: dinsdag 24 februari 2004 22:50 To: [EMAIL PROTECTED] Subject: Re: [sniffer] Spam Forwards to [EMAIL PROTECTED] Ok...I released some spam, that sniffer caught, that was addressed to me. I then forwarded the spam to [EMAIL PROTECTED] Not one of them was caught by sniffer even though they were already caught once coming in. Is there a setting, that I am missing, to scan outbound email for Spam? Sniffer had been catching outbound spam email up until about 5-7 days ago. My rulebase is current... Kevin At 02:42 PM 02/23/2004, you wrote: It could be a unique batch we hadn't coded yet? Is it possible the rulebase file hadn't been updated on your system? Change rates were up a bit over the weekend preceded by a dip when we had our Primary DB outage Friday evening - perhaps these fell into that gap? Reference: http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp 0 199 1 386 2 359 3 136 4 316 Hope this helps, _M At 02:29 PM 2/23/2004, you wrote: I noticed today, after forwarding 22 spams I received over the weekend, that none of the spams got "caught" in sniffer. Usually I will have at least 50-75% caught because the rule base had been updated since I received the spam. Any ideas? Kevin This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message has been scanned for spam and viruses by Reject This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message has been scanned for spam and viruses by Reject This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Spam Forwards to spam@sortmonster.com
Ok...I released some spam, that sniffer caught, that was addressed to me. I then forwarded the spam to [EMAIL PROTECTED] Not one of them was caught by sniffer even though they were already caught once coming in. Is there a setting, that I am missing, to scan outbound email for Spam? Sniffer had been catching outbound spam email up until about 5-7 days ago. My rulebase is current... Kevin At 02:42 PM 02/23/2004, you wrote: It could be a unique batch we hadn't coded yet? Is it possible the rulebase file hadn't been updated on your system? Change rates were up a bit over the weekend preceded by a dip when we had our Primary DB outage Friday evening - perhaps these fell into that gap? Reference: http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp 0 199 1 386 2 359 3 136 4 316 Hope this helps, _M At 02:29 PM 2/23/2004, you wrote: I noticed today, after forwarding 22 spams I received over the weekend, that none of the spams got "caught" in sniffer. Usually I will have at least 50-75% caught because the rule base had been updated since I received the spam. Any ideas? Kevin This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Spam Forwards to spam@sortmonster.com
I noticed today, after forwarding 22 spams I received over the weekend, that none of the spams got "caught" in sniffer. Usually I will have at least 50-75% caught because the rule base had been updated since I received the spam. Any ideas? Kevin This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] ERROR_RULE_AUTH 73
Just rechecked everything and it is working now...not sure what I did Kevin At 02:35 PM 02/09/2004, Kevin Stanford wrote: I just updated Sniffer to the latest version and I am getting the ERROR_RULE_AUTH 73. I am using the snf2check.exe and get the following: ERROR_RULE_AUTH! Any suggestions on what I did wrong or what to look for? Kevin This E-Mail came from the [EMAIL PROTECTED] mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the [EMAIL PROTECTED] mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] ERROR_RULE_AUTH 73
I just updated Sniffer to the latest version and I am getting the ERROR_RULE_AUTH 73. I am using the snf2check.exe and get the following: ERROR_RULE_AUTH! Any suggestions on what I did wrong or what to look for? Kevin This E-Mail came from the [EMAIL PROTECTED] mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html