> 3) then be able to create a temporary rule to help block messages
> - must be viable until SNF has an updated ruleset to start clearing
out
> the attack
> - I don't think declude (what I use w/SNF) has rule expirations (but
> would be a nice feature)
What I do when I create a temp rule
Yes.
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of David
> Moore
> Sent: Thursday, December 20, 2007 2:24 PM
> To: Message Sniffer Community
> Subject: [sniffer] Re: Excessive amounts of spam
>
> We are using MxGuard, Sniffer, InvURI
I have not noticed any increase on FPs on the one server that is running it.
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Darin
> Cox
> Sent: Thursday, December 20, 2007 1:29 PM
> To: Message Sniffer Community
> Subject: [sniffer] Re:
s that link on the armresearch.com page?
>
> If you know this to be the case, please show us all.
>
> David P.
>
>
>
> - Original Message -
> From: "John T (lists)" <[EMAIL PROTECTED]>
> To: "Message Sniffer Community"
>
Please do what you are supposed to do and take responsibility to update your
own subscription!
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> [EMAIL PROTECTED]
> Sent: Thursday, November 29, 2007 5:12 AM
> To: Message Sniffer Communit
Yes, there is a difference. Webmail is different. Additional features in the
SMTP service. Vulnerabilities fixed. Bugs fixed.
There is indeed a patch for version 8, it is called 8.22 + HF2.
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
To clarify something that came up in another post a couple of weeks ago, is
it necessary to send false positive reports from the specified email
address, or any address as long as it includes the proper information such
as the license in the subject line?
John T
Thanks as always Pete for a great explination.
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> Pete McNeil
> Sent: Wednesday, October 17, 2007 5:35 AM
> To: Message Sniffer Community
> Subject: [sniffer] Re: Beta
>
> Hello John,
>
>
> Our SYNC server software rejects connections by default. If an SNF
> node follows the expected connection protocols and authenticates
> properly and consistently then it will be allowed to communicate with
> the system. If it fails to do any of these things or looks suspicious
> in any way then i
3) The logs are rotating according to UTC time. How can that be configured
to rotate in local time?
John T
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of John T (lists)
Sent: Thursday, October 11, 2007 11:05 AM
To: Message Sniffer Community
Subject: [sniffer] New
A couple of notes I have noticed:
1)When SNFServer starts and creates the file id_snf_engine_cfg.log,
would it be a good idea to list the version of the SNFServer?
2)In your announcement about the version 1.4 beta, you said to upgrade
the snf_engine.xml as well. Why? Since there are ma
I think he was asking about the log rotate script that also FTPs a copy up
to sniffer. Do we still need to FTP a log to Sniffer?
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> Pete McNeil
> Sent: Tuesday, October 09, 2007 9:28 PM
>
OK, a couple of questions.
If an IP is found to be BAD, the website states a non-zero code will be
returned. Well, I know that those of us using Declude and using listed
return codes other than non-zero will have a problem with this. Can this be
set to a specific return code that we can then use w
> Some of the spammers are apparently using my email address as the sender.
Any
> way to defeat that or capitalize on it? I get several bounces a week from
all over the
> world.
Ah, the American spirit at work. If you can't stop it, make money on it.
;-)>
(And yes, I know that is not what you m
I have been asked by a client to help find a way to catch headhunters and
such that attempt to recruit currant employees. I have yet to spend time on
this as it seems creating a filter in Declude for this while maintaining
low/no false positives would be some what difficult.
While this is outside
I saw several legit eBay notices caught by Scams Category on Sunday morning.
Details sent to Sniffer.
John T
#
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to: <[EMAIL PROTECTED
> My personal opinion is worth way less than John's, but I'd still like
> to
> insert it here. I was dramatically affected by a software product that
> I don't even subscribe to, so I'm somewhat curious why you would defend
> them so readily at this juncture. Perhaps they aren't totally to
> blam
Inserting my 2 cents here since that is all that it is worth.
In backing up what Matt said, let me relate a similar example of a problem
that occurred a year and a half ago to a major IT security products vendor:
At about 6:15 AM PT on a week day in the middle of a normal busy week, their
c
Yes, it is called email gateway service and many of us do that and it is
fairly straightforward to setup but there are a number of steps.
John T
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
> Of K Mitchell
> Sent: Thursday, March 08, 2007 6:16
As some one who speaks Russian, it would be more productive for you to
forward those spams to sniffer for processing rather than create a rule
based on normal common language characters. Besides, that is not what I
expect from Sniffer. My understand of the premise of Message Sniffer is to
create ru
On the ones that I see get through, (image spams,) I usually see a Sniffer
triggered update within 60 minutes after that and then that stops them.
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
> -Original Me
Working good here Pete.
John T
eServices For You
"Life is a succession of lessons which must be lived to be understood."
Ralph Waldo Emerson (1802-1882)
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> Pete McNeil
> Sent: Tuesday, December
Message Sniffer
Community [mailto:[EMAIL PROTECTED] On
Behalf Of John T (Lists)
Sent: Thursday, October 26, 2006 8:13 AM
To: Message Sniffer Community
Subject: [sniffer] Re: Yahoo! Is
Retarded
You’re preaching to the choir.
John T
eServices For You
"Life is a succession of
lessons which
You’re preaching to the choir.
John T
eServices For You
"Life is a succession
of lessons which must be lived to be understood."
Ralph Waldo Emerson
(1802-1882)
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of
Jonathan
http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Integration
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of
Joe Wolf
Sent: Tuesday, October 24,
Declude is not ignoring the problem. David
Barker is aware of it and has responded discussion concerning this problem on
the Declude Junkmail list.
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: Message Sniffer Community
[mailto:[EMA
HA HA
HO HO
ROFLOL
Do you really think Yahoo and the other big ego head companies care about
us?
It would take a mass amount of paid Yahoo users to make some thing happen.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: Message Sniffer Community [mai
I have seen reports that Network Non-Solutions is having DNS Server issues
today.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> Pete McNeil
> Sent: Tuesday, October 17, 2006 2:29 PM
> T
I have noticed in the last couple of weeks a greatly improved response time
in reports of false positives.
Just want to say thanks.
John T
eServices For You
"Seek, and ye shall find!"
#
This message is sent to you because you are s
I concur Pete in that I have been thinking about upping the weight for the
EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30
and delete at 35.
SNIFFER-TRAVEL 47 20
SNIFFER-INSURANCE 48 20
SNIFFER-AV-PUSH 49 20
SNIFFER-WAREZ
???/
John T
eServices For You
"Seek, and ye shall find!"
-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of Kim W. Premuda
Sent: Tuesday, October 03, 2006 6:00 PM
To: Message Sniffer Community
Subject: [sn
Bleeping wonderful.
We have to put up with this for a week?
I guess a nice little Outlook rule is called for.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> [EMAIL PROTECTED]
> Sent: M
As Pete has said before, do not send
spam reports to the list.
There is a separate appropriate email
address for that.
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of
Stop using the silly WHITELIST TODOMAIN
for one thing.
What is the IP address they are coming
from? Could be a compromised client?
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED]
Reading through the updated script, I notice you are uploading the log file
whenever the script runs. I currently upload the log file once per day.
Pete, what is the preferred timing for uploading the log file?
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
>
Weekend, what is that?
Thanks Andrew.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
> Colbeck, Andrew
> Sent: Friday, July 07, 2006 6:24 PM
> To: Message Sniffer Community
> Subject: [sn
My thought is they are either building a
db of valid names or testing delivery techniques.
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From: Message Sniffer Community
[mailto:[EMAIL PROTECTED] On Behalf Of
Steve Guluk
Sent: Tuesday, June
> I got my Sniffer update at 5:03 pm no problem from Toronto
>
> Goran Jovanovic
> Omega Network Solutions
>
> -Original Message-
> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
> Behalf Of John T (Lists)
> Sent: Friday, June 02, 2006 5:23 PM
>
I am getting errors since late last night that host can not be found.
John T
eServices For You
"Seek, and ye shall find!"
#
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to: <[E
Pal's DNS have been p0wned.
>
> Andrew 8)
>
>
>
> > -----Original Message-
> > From: Message Sniffer Community
> > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> > Sent: Wednesday, May 24, 2006 9:31 AM
> > To: Message Sniffer Commun
27;s
> netblock) matches the forward lookup of the resulting address at PayPal.
>
> Therefore, PayPal is deliberately allowing that reverse IP in someone
> else's netblock.
>
> That, or both the netblock and PayPal's DNS have been p0wned.
>
> Andrew 8)
>
; > -----Original Message-
> > From: Message Sniffer Community
> > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> > Sent: Wednesday, May 24, 2006 9:31 AM
> > To: Message Sniffer Community
> > Subject: [sniffer]Possible Paypal Phishing
> >
> >
Attached are the headers to an e-mail I am suspecting as a clever phising
that has me worried.
It looks like a legit message sent on behalf of Paypal, however, it is sent
from an IP address not owned by Paypal BUT which has a REVDNS that ends in
paypal.com.
The message is full of links to images.
Another thing I am seeing that I need to investigate more is possible spam
from say paypal and the REVDNS ends in say paypal.com. But it will have to
wait until Sunday night.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: Message Sniffer Community [mailt
Pong
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: sniffer@sortmonster.com [mailto:[EMAIL PROTECTED] On Behalf
Of Pete
> McNeil
> Sent: Monday, May 15, 2006 10:12 PM
> To: sniffer@sortmonster.com
> Subject: Test
>
> Hello sniffer,
>
> Just testing.
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Pete McNeil
> Sent: Friday, May 05, 2006 11:37 AM
> To: John T (Lists)
> Subject: Re[4]: [sniffer] Lot of Drugs Spam getting through sniffer
>
> On Friday, May 5, 2006, 1:08:14 PM, John wrote:
>
> JTL> Wel
OTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Pete McNeil
> Sent: Friday, May 05, 2006 9:09 AM
> To: John T (Lists)
> Subject: Re[2]: [sniffer] Lot of Drugs Spam getting through sniffer
>
> We've had that rule before and had to pull it for false positives.
>
> _
FYI, I created a Declude Filter:
Subject END NOTCONTAINS news
BODY25 CONTAINShttp://geocities.com/
Been catching every one like that.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROT
It seems today that updates have been slow to retrieve, the last one being
averaging 54 Kbps. Updates are triggered on the e-mail update notice.
John T
eServices For You
"Seek, and ye shall find!"
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription in
I
am human and humans make mistakes and do dumb things from time to time.
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Pete McNeil
> Sent: Friday, March 17, 2006 9:30 AM
>
What is the purpose of using a WIKI site?
John T
eServices For You
"Seek, and ye shall find!"
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Pete McNeil
> Sent: Friday, March 17, 2006 8:07 AM
> To: sniffer@sortmonster.com
> Subject: [sniffer] New
Title: Message
Yes
John T
eServices For You
"Seek, and ye shall
find!"
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen S Zappardo
Sent: Thursday, March 16, 2006
7:57 AM
To: sniffer@sortmonster.com
Subject: [sniffer] Imail
I am seeing a log of spam with a subject line of with fw: or re: followed by
the username portion of the reciepient. Any way to create a rule for this?
John T
eServices For You
"Seek, and ye shall find!"
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscri
determine a minimum selling
price. Any such stipulation in an agreement would put both of you in
violation of federal price-fixing laws.
-Joe
- Original Message -
From: John
T (Lists)
To: sniffer@SortMonster.com
Sent: Wednesday,
December 28, 2005 7:29 PM
Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of John T (Lists)
Sent: Wednesday,
December 28, 2005 8:46 PM
To: sniffer@SortMonster.com
Subject: RE: Re[2]: [sniffer] Last
chance to renew at the old price!
Absolutely not. In fact, if you read my
post after this, I am qu
: Did you just solicit
the ENTIRE sniffer community with pricing that will undermine Pete?
Never bit the hand that feeds you my
friend.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On
Behalf Of John T (Lists)
Sent: Wednesday,
December 28, 2005
According to the Reseller agreement I
signed when I became a reseller of Message Sniffer, I can not charge that low
of a price.
As such, Pete or some one at Sniffer
would need to notify me that I had permission to sell at such a low price.
What I mean is, be careful.
John T
Although I am a registered reseller, I normally
only sell hardware and software to clients as part of my services.
However, if any one is interested in a
price, contact me off list.
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Pete, I am both a Sniffer reseller and user, and I was blind sided by this
announcement.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Pete McNeil
> Sent: Tuesday, December 27, 2005 2:11 PM
> To: Darin Cox
> Subject: Re[2
The only problem with that, and one which I do not know how large of a
problem it is, is if you have always provided a single product, and suddenly
divide it into 2 levels, you end up with twice the amount of critics: Those
that pay less but expect more, those that pay more and then expect even
mor
Because the vendors are so lame as to have that enabled by default.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Kevin Stanford
> Sent: Thursday, December 15, 2005 10:11 AM
> To: sniffer@SortMonster.com
> Subject: RE: [s
I wonder is that is some kind Outlook vulnerability.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Robert Grosshandler
> Sent: Saturday, October 15, 2005 10:43 AM
> To: sniffer@SortMonster.com
> Subject: RE: Re[2]: [sniffe
h don't even include
Bayesian
> at the moment, I am seeing far better than a 99% success (rejecting or
> deleting spam) rate, with very few false positives.
>
>
>
> William Van Hefner
> Network Administrator
>
> Vantek Communications, Inc.
> 555 H Street, Ste.
ommunications, Inc.
> 555 H Street, Ste. C
> Eureka, CA 95501
> 707.476.0833 ph
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
> > Sent: Friday, October 14, 2005 12:55 PM
> > To: sniffer@Sor
There has been a good amount of discussion about temporarily "grey listing"
an e-mail message and there are many questions surrounding it, one of which
is legal.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Mike Nice
> S
No need to block zips, with Declude just add "BANZIPEXTSON" to your
virus.cfg file since the payload is an exe within the zip and since we are
all already banning executable files, correct?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROT
1222
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Tuesday,
October 04, 2005 1:06 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail]
3.05.5 issues
Trial and error is best. Set it to some
thing like 20 and watch what happens.
Jo
67 matches
Mail list logo