What is going on with the sniffer not catching any of the spam that is now coming through? We are getting slammed with medication, mortgage and other junk email?
Rick Hogue Intent.Net - Web Hosting 3802 Handley Avenue Louisville, KY 40218 1-502-459-3100 1-800-866-2983 Toll Free New Books Available "Prosperity Or Better Times Ten" "Hot Slot Secrets" "The Incredible Inman's Louisville Trivia Challenge" -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Sent: Friday, October 14, 2005 12:40 AM To: [email protected] Subject: Re[2]: [sniffer] POP Approach Just a little "me too" here .. you're very right to be concerned about this kind of thing. This happened to us twice (once with an inbound gateway server, and once with a primary POP box). It was nothing short of devastating until we realized what was going on, and we spent a lot of time recovering the damage. Once we let them know what was happening, Pete was quick to add a whitelist entry into their system, and it didn't happen again (until the second time). All in all, I'm not overly concerned about it happening again, but if we ever changed the IPs of those two boxes, I'd certainly have him update the whitelist. Just my 2 cents, Jonathan At 11:31 PM 10/13/2005, you wrote: >On Wednesday, October 12, 2005, 6:30:45 PM, William wrote: > >WVH> Pete, > >WVH> Was just wondering, I have all of my e-mail pass through an >IMGate/Postfix >WVH> machine prior to hitting my main mail server. Sometimes, e-mail >(especially >WVH> spam) gets forwarded from the secondary MX as well. If we use >the POP method >WVH> of redirecting spam to an appropriate mailbox are you just going to be >WVH> scanning the messages for content, or inspecting the headers for IP >WVH> information as well? > >We will inspect all parts of the messages manually and with automated >tools. This is true of all spam that arrives at our system no matter >how it gets there. > >WVH> Reason I'm asking is, I just want to make sure that one of my own servers >WVH> doesn't end up included in some type of blacklist rule. It seems like it >WVH> would take an awful lot of work on your part to ensure that any filters >WVH> don't contain IPs of one of your customer's machines, if you are scanning >WVH> header information. When you throw-in the fact that the redirect may come >WVH> from the client of an entirely different network with no link >whatsoever to >WVH> our DNS records, that would seem to make taking any header information >WVH> (except maybe the Subject or From lines) into account a very risky >WVH> proposition. Thanks!!! > >Actually, we can often be very precise about the routing of messages >pulled from pop accounts. > >That said, there is always a non-zero risk that an IP which is listed >in certain black lists and also arrives at one of our traps may be >added to our rulebase. This is almost always an automated process >since we have determined that manually entered IPs are prone to >errors. > >If an IP on one of your servers does get tagged, then you would be >able to use to rule-panic procedure for immediate relief and once the >problem was solved it could not be recreated. > >Part of our system is that it remembers every mistake we ever made and >prevents us making that same mistake again --- unless we're really, >really determined ;-) > >Understand, I'm not making light of this possibility... we take all >false positive cases (real or imagined) very seriously. I do want to >point out that these cases are rare, easily solved, and nearly >impossible to repeat. I should also point out that this "risk" is not >increased by using the pop3 method. > >Hope this helps, > >_M > > > >This E-Mail came from the Message Sniffer mailing list. For >information and (un)subscription instructions go to >http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
