[sniffer] Re: Help for AutoSNF
Hello Filippo, The best time to download your rulebase file is when you receive an update notification message. If you want to use a scheduler then you should be sure your script only downloads newer files and then schedule it to run about once per hour. To avoid congestion, you should pick the minute of the hour using this chart: http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.LogFiles.Submit#When_should_I_submit_my_logs.3F Hope this helps, Thanks, _M Tuesday, October 10, 2006, 11:23:13 AM, you wrote: Hello Pete, in witch time on day you suggest to schedule the autosnf.cmd task? Please let mw know. Thanks Filippo # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED] -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
*** Do you know anything about these attacks? Is there a way to stop it? Until now I banned the generating ip address and manually delete the queue, but the generating address changes. *** You must select No Mail Relay or Relay Mail for Addresses on the SMTP security tab to prevent this type of attack. Any users that are not local will have to select my server requires authentication in order to be able use your servers. Good luck, Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
My mail server have the relay activated only for certain IP address and networks. Filippo At 17:44 27/07/2006, you wrote: *** Do you know anything about these attacks? Is there a way to stop it? Until now I banned the generating ip address and manually delete the queue, but the generating address changes. *** You must select No Mail Relay or Relay Mail for Addresses on the SMTP security tab to prevent this type of attack. Any users that are not local will have to select my server requires authentication in order to be able use your servers. Good luck, Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
*** My mail server have the relay activated only for certain IP address and networks. Filippo *** Sorry, I didn't read your message close enough. What whitelist settings do you have in global.cfg? Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
Whese: #= WHITELISTS === #WHITELISTHABEAS PREWHITELIST ON WHITELISTAUTH #WHITELISTLOCAL #(PRO version only) enables addresses in the web address book to automatically be white listed. #AUTOWHITELISTON # - Domain Example -WHITELIST FROM @declude.com # - User Example -WHITELIST FROM [EMAIL PROTECTED] # - IP Example - #WHITELISTIP 63.246.13.90 # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain Filippo At 18:06 27/07/2006, you wrote: *** My mail server have the relay activated only for certain IP address and networks. Filippo *** Sorry, I didn't read your message close enough. What whitelist settings do you have in global.cfg? Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
Don't you have your mail server set to require login to send mail? This is not a sniffer/declude issue but a mail server setup issue. Herb Filippo Palmili wrote: Hello Pete, my Ipswitch IMail Server is under attack since yesterday. It relays emails coming from an external host. The sender of these mails is a random name @ the ip address of my mail server (for example [EMAIL PROTECTED]) and is automatically whitelisted by the declude server. Do you know anything about these attacks? Is there a way to stop it? Until now I banned the generating ip address and manually delete the queue, but the generating address changes. Ad example of mail: Received: from ameillpu-7jat6i [200.127.81.225] by odino.logos.it with ESMTP (SMTPD32-8.05) id AB60DC5500D0; Thu, 27 Jul 2006 17:27:28 +0200 From: "bjsytb" [EMAIL PROTECTED] Subject: =?GB2312?B?usN+zsR+ubJ+yc0=?= To: [EMAIL PROTECTED] Content-Type: TEXT/HTML Date: Thu, 27 Jul 2006 23:27:23 +0800 X-Mailer: AOL 7.0 for Windows US sub 118 Message-Id: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [200.127.81.225] X-Declude-Spoolname: DDB60DC5500D0D472.SMD X-Declude-Scan: Score [0] at 17:28:19 on 27 Jul 2006 X-Declude-Tests: Whitelisted Please let me know. Filippo Logos S.p.A. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way.
[sniffer] Re: Help
It sure sounds like a server issue to me and not a spam filtering issue. However, on that issue, wouldnt WHITELIST TODOMAIN @mydomain whitelist all email going to your domain? Its been a while since Ive run declude but that seems like it shouldnt be right. Jim Matuska Jr. Computer Tech2, CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED] From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Filippo Palmili Sent: Thursday, July 27, 2006 9:11 AM To: Message Sniffer Community Subject: [sniffer] Re: Help Whese: #= WHITELISTS === #WHITELISTHABEAS PREWHITELIST ON WHITELISTAUTH #WHITELISTLOCAL #(PRO version only) enables addresses in the web address book to automatically be white listed. #AUTOWHITELISTON # - Domain Example -WHITELIST FROM @declude.com # - User Example -WHITELIST FROM [EMAIL PROTECTED] # - IP Example - #WHITELISTIP 63.246.13.90 # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain Filippo At 18:06 27/07/2006, you wrote: *** My mail server have the relay activated only for certain IP address and networks. Filippo *** Sorry, I didn't read your message close enough. What whitelist settings do you have in global.cfg? Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Help
Stop using the silly WHITELIST TODOMAIN for one thing. What is the IP address they are coming from? Could be a compromised client? John T eServices For You Seek, and ye shall find! -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Filippo Palmili Sent: Thursday, July 27, 2006 9:11 AM To: Message Sniffer Community Subject: [sniffer] Re: Help Whese: #= WHITELISTS === #WHITELISTHABEAS PREWHITELIST ON WHITELISTAUTH #WHITELISTLOCAL #(PRO version only) enables addresses in the web address book to automatically be white listed. #AUTOWHITELISTON # - Domain Example -WHITELIST FROM @declude.com # - User Example -WHITELIST FROM [EMAIL PROTECTED] # - IP Example - #WHITELISTIP 63.246.13.90 # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ WHITELIST TO [EMAIL PROTECTED] WHITELIST TO [EMAIL PROTECTED] WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain WHITELIST TODOMAIN @mydomain Filippo At 18:06 27/07/2006, you wrote: *** My mail server have the relay activated only for certain IP address and networks. Filippo *** Sorry, I didn't read your message close enough. What whitelist settings do you have in global.cfg? Paul Navarre # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
