New files available from http://mailsbestfriend.com/downloads/
4.12.05 FIX - Removed Key check for Declude, no need to hack the Host file.
Declude no longer requires a key to run.
4.12.04 ADD - Created new test NOHIT
4.12.03 ADD - Improved Hijack by monitoring the Authenticated user rather
than the mailfrom address
The NOHIT test is used to determine which tests did NOT trigger. The main
purpose of this implementation was to create a feedback system to Message
Sniffer ARM research to improve spam catch rates on new spam. The new test
syntax below and is located in the global.cfg
TEST-NAME1 NOHIT TEST-NAME2 WEIGHT 0
0
TEST-NAME1 Your given name of the test
NOHIT Test Type
TEST-NAME2 The name of the test you are tracking that did NOT trigger
WEIGHT The weight => when you would like this test to trigger
Example of use (This test will trigger if SNIFFER is NOT triggered for
emails over 30 points):
SNF-FEEDBACK NOHIT SNIFFER 30 0 0
Using this test we can identify messages that scored more than 30 points and
did NOT trigger sniffer. We then use either a COPYTO or ROUTETO Action in
the $default$.junkmail file to have these messages go to a specific inbox
where ARM research periodically retrieves these messages and writes new
rules to distribute to other Message Sniffer users.
The entry in the $default$.junkmail would be:
SNF-FEEDBACK ROUTETO <mailto:[email protected]> [email protected]
Where xxxx is your license key for Message Sniffer. Be sure to setup an
email user with <mailto:[email protected]> [email protected] on your server
and provide ARM research [email protected] with the POP account
details to access the account to retrieve messages.
I am sure there are other great ways the NOHIT test can be used. Let us know
if you have some ideas.
David Barker
Mail's Best Friend
Email : <mailto:[email protected]>
[email protected]
Web : <http://www.mailsbestfriend.com/> www.mailsbestfriend.com
Office : 866.919.2075
Mobile : 978.518.6461
cid:[email protected]
<<image001.png>>
