A wiki is a site that is publically editable. Anyone can add to the site as
long as they have a valid account.
- Original Message -
From: Harry Vanderzand [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Friday, March 17, 2006 11:15 AM
Subject: RE: [sniffer] New Web Site!
What
??? That can't be done when Sniffer directly POPs a submission mailbox.
- Original Message -
From: Roger Moser [EMAIL PROTECTED]
To: sniffer@sortmonster.com
Sent: Thursday, March 16, 2006 4:18 PM
Subject: [sniffer] reporting spam
I just found out that when you are reporting received
On Thursday, March 16, 2006, 5:18:00 PM, Roger wrote:
RM I just found out that when you are reporting received spam to
RM [EMAIL PROTECTED], you should remove the Received: header added by your
RM mail server. Otherwise you might create a rule that filters all mail from
RM your mail server.
Pete,
I would definitely like to see rules classified for what they are based
on instead of the content, but certainly I don't expect to see that
without a major new release.
Rules such as those based phrases, IP's, domains, patterns, and viruses
all have different accuracies and issues.
On Friday, March 10, 2006, 2:00:42 PM, John wrote:
JTL I am seeing a log of spam with a subject line of with fw: or re: followed
by
JTL the username portion of the reciepient. Any way to create a rule for this?
There's nothing simple we can do for this one based on that alone - at
least not
Pete,
In light of current and prolonged issues, this seems like a good and
safe tactic. I would appreciate it however if maybe you could place the
rules in another result code since this result code is not as accurate
as some others are and some of us weight it lower than others.
Thanks,
@SortMonster.com
Sent: Friday, March 10, 2006 3:37 PM
Subject: Re: [sniffer] New RuleBot F002 Online
Pete,
In light of current and prolonged issues, this seems like a good and
safe tactic. I would appreciate it however if maybe you could place the
rules in another result code since this result code
Good job, Pete. Through these changes we saw a minimal increase in false
positives on one day, and detection seems to have improved as well.
Darin.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: sniffer@sortmonster.com
Sent: Thursday, March 09, 2006 3:08 AM
Subject:
Hi Pete -
Pete McNeil wrote:
Hello Sniffer Folks,
The F001 Rule Bot has been adjusted.
Is it possible for you to recommend a percentage of accuracy or maybe
better stated a percentage of delete weight for each rule? I am
wondering which rules you feel are the weakest and which are the
On Tuesday, March 7, 2006, 5:00:33 PM, Heimir wrote:
HE Why is this not filtered?
HE Every one of them contains the word
HE Domains4u
HE I have reported several but they are still coming in.
Actually, they are now (I tried coding the message and duped out on
the domain rules).
Domains4u is
Request sent.
Thank you for your prompt response.
Cordially,
Heimir Eidskrem
i360, Inc.
2825 Wilcrest, Suite 675
Houston, TX 77042
Ph: 713-981-4900
Fax: 832-242-6632
[EMAIL PROTECTED]
www.i360.net
www.i360hosting.com
www.realister.com
Houston's Leading Internet Consulting Company
Pete
rnal
060 "D:\IMail\Declude\sniffer\xx.exe xx
persistent" 12
0
Harry Vanderzand inTown Internet Computer Services 519-741-1222
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Tuesday, March 07, 2006 5:06 PMTo:
sniffer@SortMo
On Tuesday, March 7, 2006, 4:58:35 PM, Harry wrote:
HV
HV
HV at the moment I run the following test in declude
HV
HV SNIFFER external nonzero
HV D:\IMail\Declude\sniffer\xx.exe persistent 13 0
HV
THIS IS WRONG!
You should not have the persistent command line option
There's been at least one FP ;)
--
Rule - 861038
NameF001 for Message 2888327: [216.239.56.131]
Created 2006-03-02
Source 216.239.56.131
Hidden false
Blocked false
Origin Automated-SpamTrap
TypeReceivedIP
Created By [EMAIL PROTECTED]
Owner [EMAIL
- Handy Networks LLC [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Monday, March 06, 2006 3:13 PM
Subject: RE: [sniffer] New Rulebot F001
There's been at least one FP ;)
--
Rule - 861038
NameF001 for Message 2888327: [216.239.56.131]
Created 2006-03-02
Source
Pete,
Does this mean that you are somehow supporting incremental rule base
updates, or is it that the compiler is just much faster so we will get
the same number of updates, but generally get them 40-120 minutes
earlier in relation to the data that generated them?
Either way, definitely an
the %WEIGHT% passes the current message weight from
Declude to INVURIBL. Used with SKIPWEIGHT option in
invuribl.exe.config
the %REMOTEIP% passes the sender's IP from Declude
to INVURIBL. Used to whitelist IPs in senderipwhitelist.txt
invuribl will find false positives, but is a very
Joe,
Are you using MDLP to autotune your weights in
Declude? If so, you can exclude invURIBL and other tests which you don't
want to change, whether because you think the weight is perfect, or because
their randomness doesn't fit MDLP's idea of a weighting
system.
Check out this snippet
, 2006 12:35
PM
Subject: RE: [sniffer] Sniffer, MDLP, and
invURIBL?
Joe,
Are you using MDLP to autotune your weights in
Declude? If so, you can exclude invURIBL and other tests which you don't
want to change, whether because you think the weight is perfect, or because
PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Friday, February 24, 2006 03:38 PM
To: Andy Schmidt
Subject: Re: [sniffer] IP Blacklist rules
On Friday, February 24, 2006, 2:56:02 PM, Andy wrote:
AS Hi,
AS I'm realizing that some Sniffer rules amount to nothing more than IP
A program like freeware Baregrep (http://www.baremetalsoft.com/baregrep/)
might be helpful to you.
Do you not regularly cycle your logs and submit them?
John C
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kevin Rogers
Sent: Thursday, February 23,
On Thursday, February 23, 2006, 5:48:55 AM, Kevin wrote:
KR So when I asked how I would send in false positives, someone mentioned
KR that I should look up the appropriate log entry and send that in. That
KR brings up another question. My log file is 270MB and climbing. I've
KR never opened it
Goran, I'd be interested in Pete's technical answer, too.
The practical answer is that you should always go with the persistent
instance of Message Sniffer. From reading Pete's previous screeds and
monitoring the list here in the last year and from having my own
troubles, it's pretty clear to me
On Thursday, February 23, 2006, 11:30:02 AM, Goran wrote:
GJ Hi,
GJ Is there any good rule of thumb, in terms of messages processed per
GJ minute/hour/day when you should move to a persistent instance of
GJ Sniffer?
I would suggest using the persistent mode unless you have a reason not
to. (In
PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Colbeck, Andrew
Sent: Thursday, February 23, 2006 11:39 AM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] When to go persistent
Goran, I'd be interested in Pete's technical answer, too.
The practical answer is that you should always go
?
Thanks,
Joe
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Goran Jovanovic sniffer@SortMonster.com
Sent: Thursday, February 23, 2006 10:44 AM
Subject: Re: [sniffer] When to go persistent
On Thursday, February 23, 2006, 11:30:02 AM, Goran wrote:
GJ Hi,
GJ Is there any good
On Thursday, February 23, 2006, 1:07:07 PM, Goran wrote:
GJ Pete,
GJ I have seen a couple of times that the file
GJ C:\External\Sniffer\my license-20060221071316x386D4931-2352.SVR
GJ Is open and cannot be backed up.
GJ What is this file? I assume that I do not need to be worried since the
GJ
Thank you that is great.
Goran Jovanovic
Omega Network Solutions
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Thursday, February 23, 2006 3:08 PM
To: Goran Jovanovic
Subject: Re: [sniffer] What is this file
On Thursday
On average it takes 2 or three days to hear back on false positives.
Darin.
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Tuesday, February 21, 2006 9:40 AM
Subject: [sniffer] False Positive - no reaction?
Hi,
I filed this false positive
I'm a little behind. I'm going to do false positives in the next 10
minutes. I only have 20 to do it should go fast. Sorry for the delay.
Thanks,
_M
On Tuesday, February 21, 2006, 9:40:07 AM, Andy wrote:
AS Hi,
AS I filed this false positive report a day ago and never heard back.
AS Just
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Tuesday, February 21, 2006 09:55 AM
To: Andy Schmidt
Subject: Re: [sniffer] False Positive - no reaction?
I'm a little behind. I'm going to do false positives in the next 10 minutes.
I only have 20 to do
On Wednesday, February 15, 2006, 8:53:27 AM, Heimir wrote:
HE Anyway to stop this spam.
HE We are getting hundreds of them.
HE I have personally gotten 23.
It's a challenging one... there is almost no data, and the geocities
link is constantly different.
I've written another abstract to cover
Heimir,
It's not a Sniffer-related answer but I personaly use a combination of a
text filter file (looking for known geocities-links) and the IP-blacklist
SORBS-DUHL (who contains dialup ip-ranges). As all my customers are
connecting with SMTP-Auth or from known IP-ranges I can whitelist them. So
Hi Pete,
[]
If you wish, it is possible to create a local black rule for any
geocities link. On many ISP systems this would cause false positives,
but on more private systems it may be a reasonable solution.
I think I could use such a black rulw without getting to may FPs, but in
which
would you share your filters?
I assume Declude filters.
Cordially,
Heimir Eidskrem
i360, Inc.
2825 Wilcrest, Suite 675
Houston, TX 77042
Ph: 713-981-4900
Fax: 832-242-6632
[EMAIL PROTECTED]
www.i360.net
www.i360hosting.com
www.realister.com
Houston's Leading Internet Consulting Company
would you share your filters?
I assume Declude filters.
Yes.
Attached is the original message from Scott Fisher regarding the
geocities-filter file. (I call it GEOCITIESLINKS)
I've replaced each weight (100 and 75 points) with 0. So this test will add
no weight to the final result.
In
Answered off-list
_M
On Tuesday, February 14, 2006, 2:07:48 PM, Steve wrote:
SG Hello,
SG Could you please tell me what would cause an email to fail rule # 831417
SG This was a good email flagged this morning and deleted.
SG Regards,
SG Steve Guluk
SG SGDesign
SG (949) 661-9333
SG ICQ:
Search your sniffer logs and include the log lines for that particular
message.
-Jay
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers
Sent: Wednesday, February 15, 2006 3:55 PM
To: sniffer@SortMonster.com
Subject: [sniffer] False Positives
On Wednesday, February 15, 2006, 3:54:50 PM, Kevin wrote:
KR My users have been getting a lot of FPs by Sniffer lately. They send me
KR the email with the FULL HEADERS displayed and I forward this email on to
KR SortMonster. The program they use to analyze incoming submissions check
KR MY email
PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Wednesday, February 15, 2006 1:28 PM
To: Kevin Rogers
Subject: Re: [sniffer] False Positives
On Wednesday, February 15, 2006, 3:54:50 PM, Kevin wrote:
KR My users have been getting
@SortMonster.com
Sent: Wednesday, February 15, 2006 4:40 PM
Subject: RE: [sniffer] False Positives
Pete,
Is there anyway to get an automatic response similar to the one listed below
for the FP address, but for submissions to your spam@ address? It would be
nice to get some feedback when submitting spam
On Monday, February 13, 2006, 3:18:00 PM, David wrote:
DS Anyone ever seen this in a log file of a valid license?
DS 20060213200957 De7928e8800a61b18.smd 328 266
DS ERROR_MAX_EVALS 72 0 0 18885 1024
DS This line has shown up 3 times today in a log file that processes
Harry,
(please don't post your entire license code to a public
list.)
regarding the reliability of sniffer we should know that
errors sometimes can happen, even at sniffer-side after they've worked for years
now very relaible. I don't expect that such errors will happen now more
often.
:
sniffer@SortMonster.comSubject: RE: [sniffer]
problems
Harry,
(please don't post your entire license code to a public
list.)
regarding the reliability of sniffer we should know that
errors sometimes can happen, even at sniffer-side after they've worked for
years now very
I have an idea. These problems seem to stem
mostly from changes in the methods of handling rulebase updates.
We were lucky enough not to be affected with the
latest rule issue, but the previous one made for a very long day
andsomedisgruntled customers.
Would it be feasible to announce in
so and so it
shouldn't be necessary to do something like manualy block
updates.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin
CoxSent: Wednesday, February 08, 2006 4:59 PMTo:
sniffer@SortMonster.comSubject: Re: [sniffer]
problems
I ha
On Wednesday, February 8, 2006, 11:19:52 AM, Andy wrote:
AS Pete,
AS The only idea I came up with, would be to have ALL new rules go into a 6
AS hour proving category (=return code) before they are moved into their
AS final category.
AS By using Sniffer return codes, folks could decide to trust
Is there anyone else who would like to see Message Sniffer
incorporated into Amavis-new? This would be a great addition
to my IMGate - Postfix mail gateway. Currently I use message
sniffer on my Imail box but would like to offload that server
and do the sniffing before the mail hits
Does not require spamassassin or amavis. You can do it just with postfix.
DustyC
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Craig Deal
Sent: Wednesday, February 08, 2006 10:41 AM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Message sniffer
Does not require spamassassin or amavis. You can do it just
with postfix.
DustyC
True, but he wanted it to work with amavisd-new. Less risk of a false
positive if its part of a weighted system.
Craig
This E-Mail came from the Message Sniffer mailing list. For information and
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal
Sent: Wednesday, February 08, 2006 9:49 AM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Message sniffer in FreeBSD Postfix
Does not require spamassassin or amavis. You can do it just
before it hits the Imail server.
DustyC
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Support
Sent: Wednesday, February 08, 2006 10:56 AM
To: sniffer@SortMonster.com
Subject: Re: [sniffer] Message sniffer in FreeBSD Postfix
Hi Dusty:
Was it much
On Wednesday, February 8, 2006, 12:54:56 PM, David wrote:
DP I am using a smtp proxy called Ewall with Message Sniffer.
DP I just checked inside the Ewall folders and found one named TEMP where I
DP found tens of thousands of files with the .xhdr extension.
DP What are these? Are they needed?
PROTECTED]
On Behalf Of Landry, William (MED US)
Sent: Wednesday, February 08, 2006 1:02 PM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Message sniffer in FreeBSD Postfix
Yep, but for someone not running IMail/Declude, the integration with
spamassassin and amavisd-new works great.
Bill
Jacques,
I am pretty sure that you would also need to install SpamAssassin in order
to get Sniffer to work. I do not believe that there is any way to plug
Sniffer into Amavis-new directly, nor would you necessarily want it to.
William Van Hefner
Network Administrator
Vantek Communications, Inc.
Wednesday, February 8, 2006, 11:19:52 AM, you wrote:
AS The only idea I came up with, would be to have ALL new rules go into a 6
AS hour proving category (=return code) before they are moved into their
AS final category.
AS By using Sniffer return codes, folks could decide to trust the
Dear Pete,
In the future, please let us know immediately when you become aware of this.
As it is, I will spend the next 3 hours picking out the fales positives from
the mailbox and forwarding them to the clients. If I could have put the
rulepanic in place an hour ago it would have saved me a
I'm not showing this from my location and the server looks ok.
I just downloaded a few rulebases, each in under 3 seconds.
Please provide a traceroute -- that should show us where the issue is
(if it is still there).
Thanks,
_M
On Tuesday, February 7, 2006, 4:39:35 PM, Chuck wrote:
CS
PROTECTED]
On Behalf Of Pete McNeil
Sent: Tuesday, February 07, 2006 4:46 PM
To: Chuck Schick
Subject: Re: [sniffer] Downloads are slow.
I'm not showing this from my location and the server looks ok.
I just downloaded a few rulebases, each in under 3 seconds.
Please provide a traceroute
On Tuesday, February 7, 2006, 6:15:13 PM, David wrote:
DS Sorry, wrong thread on the last post.
DS Add'l question. Pete, what is the content of the rule?
The rule info is:
Rule - 828931
NameC%+I%+A%+L%+I%+S%+V%+I%+A%+G%+R%+A
Created 2006-02-07
Source
, February 07, 2006 6:44 PM
To: David Sullivan
Subject: Re: [sniffer] Bad Rule - 828931
On Tuesday, February 7, 2006, 6:15:13 PM, David wrote:
DS Sorry, wrong thread on the last post.
DS Add'l question. Pete, what is the content of the rule?
The rule info is:
Rule - 828931
NameC%+I%+A%+L%+I%+S
On Tuesday, February 7, 2006, 7:48:05 PM, John wrote:
JC I don't get into the sniffer logs like I should, but just noticed this. It
JC is 2/7/06 6:42 CST here, but my logs show 20060208004243, which would
JC indicate +6 hours off of Zulu, Greenwich, Coordinated Universal Time, or
JC whatever we
Pete,
Gotcha. Basically anything that I trapped that is over 10 KB may have
failed this (because that would be indicative of having an attachment in
base64). It is much less likely to have hit on things without
attachments, but it of course would be possible, and the bigger it was,
the
Pete,
The overflow directory disappeared when 3.x was introduced. I posted a
follow up on the Declude list about how to do this.
Matt
Pete McNeil wrote:
On Tuesday, February 7, 2006, 8:14:53 PM, David wrote:
DS Hello Pete,
DS Tuesday, February 7, 2006, 8:11:50 PM, you wrote:
DS Not
Thanks for the update, Pete.
I also appreciate that you expanded on how that rule went wild. I can
see that the intent was good but the unintended consequences were not so
good.
Here's how it played out on my server:
How many messages hit the FP rules: 2,042
How many messages Declude decided
Thanks for the update, Pete.I also appreciate that
you expanded on how that rule went wild. I can see that the intent was
good but the unintended consequences were not so good.Here's how it
played out on my server:How many messages hit the FP rules: 2,042How
many messages Declude decided
Isn't it time to call for an
exorcist?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran
JovanovicSent: donderdag 2 februari 2006 5:31To:
sniffer@SortMonster.comSubject: [sniffer] Stock SPAM now
HTML
Well the plain text stock spam has just taken a turn to
more
McNeil
Sent: Thursday, February 02, 2006 7:20 AM
To: Goran Jovanovic
Subject: Re: [sniffer] Stock SPAM now HTML
On Wednesday, February 1, 2006, 11:30:49 PM, Goran wrote:
GJ
GJ
GJ
GJ Well the plain text stock spam has just taken a turn to more
GJ interesting and SNF is not capturing it yet
We actually did that exact thing, went from Imail to MDaemon when Imail
started drastically increasing their prices a year or so ago. We are using
the same scripts now with MDaemon that we used in Imail and they just fine
(I think they may be Bills Landry's scripts). As for license file, it
On Thursday, February 2, 2006, 12:25:01 PM, Grant wrote:
GS Has anyone got an automated updating script for updating rulebases for
GS MDaemon. I am just demoing the software now. The plugin seems to be
GS working well. I have used the Imail script from the website that Bill
GS Landry
Attached is what I use, feel free to contact me off-list if you've got any
specific questions.
Originally taken from:
http://www.sortmonster.com/MessageSniffer/Help/AutomatingUpdatesHelp.html
--
Dave Habben
Coordinator of Network Services
Sauk Valley Community College
Grant Stufft wrote:
Has
G'day,
I'm just wandering... what CAN be done about this? If I send an embedded
picture to someone, how's sniffer gonna see the difference between my
holiday picture and the stock spam?
I reckon it's gonna be tough to block these?
Cheers,
Mike
-Original Message-
From: [EMAIL PROTECTED]
On Monday, January 30, 2006, 10:16:06 AM, Goran wrote:
GJ Hi,
GJ Are the bots working again? I am seeing a number of the STOCK pitches
GJ coming through (the ones that use the picture attachment eg.
GJ tdimg border=0 alt=
GJ src=cid:a8c0936faa69131141800cf3347d17a4/td)
GJ Sniffer did not catch
Subject: Re: [sniffer] The SPAM bots?
On Monday, January 30, 2006, 10:16:06 AM, Goran wrote:
GJ Hi,
GJ Are the bots working again? I am seeing a number of the STOCK
pitches
GJ coming through (the ones that use the picture attachment eg.
GJ tdimg border=0 alt=
GJ src
On Thursday, January 26, 2006, 11:22:40 AM, Jim wrote:
JMJ I seem to be noticing a lot of spam messages recently that are stock ads
for
JMJ offshore companies; I seem to be getting a lot of these that are not being
JMJ classified by sniffer. I have been forwarding these to the spam@ address,
, 2006 8:53 AM
To: Jim Matuska Jr.
Subject: Re: [sniffer] Stock Market Spam Messages
On Thursday, January 26, 2006, 11:22:40 AM, Jim wrote:
JMJ I seem to be noticing a lot of spam messages recently that are stock
ads for
JMJ offshore companies; I seem to be getting a lot
On Thursday, January 19, 2006, 8:37:01 AM, Jeff wrote:
JA
JA
JA I have been having a lot of problems with the rules since Friday.
JA
JA How can I see what rules are set for spamming.
There are many thousands of rules. For security purposes we don't
expose their content freely. If you
On Thursday, January 19, 2006, 12:51:47 PM, David wrote:
DP It seems I can not get mail from Brazil that does not fail the message
DP sniffer test, regardless of content.
DP Is this nation or any other totally black listed?
I'm not aware of any rule that blocks any particular nation, nor any
, January 19, 2006 9:15 AM
To: Jeff Alexander
Subject: Re: [sniffer] How can I
On Thursday, January 19, 2006, 8:37:01 AM, Jeff wrote:
JA
JA
JA I have been having a lot of problems with the rules since Friday.
JA
JA How can I see what rules are set for spamming.
There are many
My bet is that either OB or WS trees of SURBL are the culprit. I've seen
false postives from them before. Can your bot isolate the subs of the multi
lookup and only use the more reliable ones like JP, SC, etc? Also, these
are dynamic services and can change at any time... Sometimes in minutes.
Hi,
I am
experiencing the very same problem.
Regards,
Ali
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of Filippo PalmiliSent: Wednesday, January 18, 2006 3:34
PMTo: [EMAIL PROTECTED]Cc:
sniffer@SortMonster.comSubject: [sniffer]
Same with me. Last night there was a rules update and it fixed the problem.
Check the date of your rules update.
- Original Message -
From: Ali Resting [EMAIL PROTECTED]
To: sniffer@sortmonster.com
Cc: [EMAIL PROTECTED]
Sent: Wednesday, January 18, 2006 8:57 AM
Subject: [sniffer]
]
Sent: Wednesday, January 18, 2006 8:42 AM
Subject: Re: [sniffer] False Positives
Same with me. Last night there was a rules update and it fixed the problem.
Check the date of your rules update.
- Original Message -
From: Ali Resting [EMAIL PROTECTED]
To: sniffer@sortmonster.com
Cc
On Wednesday, January 18, 2006, 8:34:15 AM, Filippo wrote:
FP
FP Hello,
FP What's going on with rules? Today for 100 blocked by Sniffer
FP more than 10 where really legitimate.
FP Please advise.
Everything should be functioning normally today.
Please visit:
On Wednesday, January 18, 2006, 8:57:56 AM, Ali wrote:
AR Hi,
AR Over the last 2 days I have seen a major increase in false positives.
AR Literally all hotmail and yahoo address are being caught by sniffer
AR inclusive of other legit domains.
AR Please confirm what may be causing this and what
On Wednesday, January 18, 2006, 11:06:44 AM, Filippo wrote:
FP
FP Hello,
FP What's going on with rules? Today for 100 blocked by Sniffer
FP more than 10 where really legitimate.
Please visit:
http://www.mail-archive.com/sniffer@sortmonster.com/msg02346.html
and
Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Tuesday, January 17, 2006 7:21 AM
Subject: Re: [sniffer] Watch out... SURBL SORBS full of large ISPs
Pete,
I reviewed my Hold range going back to Monday morning and I wasn't able
to find anything out of the ordinary. I also searched my logs from my
URIBL tool that queries SURBL among other things, and I wasn't able to
find any hits for those domains that you pointed out. I guess that I
Thank you, Pete.
In my spelunking, I've found too many rules to put in as panic entries
my .cfg file, and this morning I dropped the weight for my experimental
class tests to low values, and heavily edited my combo tests that
build on Sniffer hits.
I'm attaching a report showing the number of
On Tuesday, January 17, 2006, 6:44:20 PM, Frederick wrote:
FS
FS
FS Can you send the update or I will have to disable Sniffer.
FS
FS
FS
FS It is catching almost all our emails.
Your last update was 2144GMT, about 146 minutes ago (if my math is
right). Pacing as at 150 minutes,
On Friday, January 6, 2006, 2:09:12 PM, Chuck wrote:
CS Hopefully the rulebase is being updated but we are getting slammed by this
CS stuff.
Stock push?
I saw a bunch of broken stock push come through this morning (0330).
Not getting any more through the traps.
Also a lot of image based stock
Like others, I received the same special offer email off list. I've never
heard of ComputerHouse. IMO, resellers should not be using this list to
solicit business, either through a list posting or soliciting individual
posters. I would think that sort of behavior goes against their reseller
Sorry papa _M
Sorry John T
Just want to see sniffer around in the future and got a little excited.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil
Sent: Wednesday, December 28, 2005 9:51 PM
To: sniffer@sortmonster.com
Subject: [sniffer] About
Customers who purchased Sniffer via Declude can look on their Host Records
and the dates should be there.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Steve Jones
Sent: Tuesday, December 27, 2005 1:31 PM
To: sniffer@SortMonster.com
Subject: Re
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Last chance to renew at the old price!
Pete, why over a 50% increase? That seems rather drastic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Tuesday, December 27, 2005 12:42
Tel. 850-932-5338 x303
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fox, Thomas
Sent: Tuesday, December 27, 2005 1:03 PM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Last chance to renew at the old price!
I said the same thing, and the response
results.
Just 2 cents from a guy that rarely says anything :)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Michael Murdoch
Sent: Tuesday, December 27, 2005 2:14 PM
To: sniffer@SortMonster.com
Cc: Pete McNeil
Subject: RE: [sniffer] Last chance to renew
, like it or lump
it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Koontz
Sent: Tuesday, December 27, 2005 1:57 PM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Last chance to renew at the old price!
Pete, why over a 50% increase
: Tuesday, December 27, 2005 11:14 AM
To: sniffer@SortMonster.com
Cc: Pete McNeil
Subject: RE: [sniffer] Last chance to renew at the old price!
Importance: High
Hi Folks,
Actually, here is some more detail as to the reasons for the price
increase. In addition, please bear in mind that that prices
Of Rick Robeson
Sent: Tuesday, December 27, 2005 1:29 PM
To: sniffer@SortMonster.com
Subject: RE: [sniffer] Last chance to renew at the old price!
We've always paid under the 'monthly' plan.
How will this be affected?
Should we switch to the yearly plan?
Rick Robeson
getlocalnews.com
[EMAIL
101 - 200 of 1018 matches
Mail list logo