[sniffer] can auto-forward be disabled when spam is detected?
I'm using Sniffer with MXGuard, and Ipswitch Imail Server. For accounts whohave auto-forwarding setup totransfer mail to a remote mail account,I've noticed that they're transferring all mail, including detectable spam. Is there a way to block forwarding when spam is detected? Thanks. Rick Robeson getlocalnews.com [EMAIL PROTECTED]
Re: [sniffer] Arm Research Labs is officially launched!
I'm not sure what this means. Is SortMonster being acquired by ARM Research Labs? Vice versa? Just joint venture? Sure hope that a plugin to SmarterMail is just around the corner! -Joe - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: sniffer@sortmonster.com Sent: Thursday, September 01, 2005 12:41 AM Subject: [sniffer] Arm Research Labs is officially launched! Hello Sniffer Folks, ARM Research Labs (ARM) is a privately funded research and development group created to explore and develop new technologies for the Internet-based computing systems and infrastructures. To start with, ARM will be taking Message Sniffer to the next level by deploying it's core technologies on new platforms, creating new products and partnerships to leverage these technologies, and developing the next generation of technologies, products, and services. Though we have been keeping things quiet up to now we have been hard at work: ARM has already produced a new product for Exchange and IIS/SMTP based systems (See: Assert!) and increased our rulebase update rates by more than 40%. Much more is on it's way soon so stay tuned! Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] can auto-forward be disabled when spam is detected?
On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: RR I'm using Sniffer with MXGuard, and Ipswitch Imail Server. RR RR For accounts who have auto-forwarding setup to transfer mail RR to a remote mail account, I've noticed that they're transferring RR all mail, including detectable spam. Is there a way to block RR forwarding when spam is detected? That's an mxGuard question. SNF makes no distinctions on where the message is going in an IMail environment... My guess is that mxGuard is either not scanning these messages, or that it either can't or doesn't take action in those cases. If I had to guess it's probably most likely that IMail doesn't give mxGuard a chance to effect these messages, or that in a similar way mxGuard doesn't effect them due to the split envelope problem. Please let me know what you find out. Thanks, _M PS: Split Envelop Problem - When the SMTP envelope of a messages indicates multiple recipients, and one of the recipients has rules that would dispose of the message in some way there is an inherent conflict. It goes against RFCs to deliver the message to one recipient and not the other (though that is probably desirable and may be/become the best practice) since that would require splitting the envelope and the message into two copies with each copy following a different path. In a strict interpretation of email processing rules the message must be either delivered to all recipients on the envelope or not delivered. In many cases the final rule turns out to be: If anyone is supposed to receive this message then everyone must. Once they have received it they can discard it if they wish, but an MTA shouldn't make that call since it has essentially 'signed up' to be responsible for delivering the message as is. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] Arm Research Labs is officially launched!
On Thursday, September 1, 2005, 10:54:12 AM, Joe wrote: JW I'm not sure what this means. JW Is SortMonster being acquired by ARM Research Labs? Vice versa? Just joint JW venture? ARM Research Labs is a joint venture between AppRiver and MicroNeil, thus AR - from AppRiver and M - from MicroNeil Research. :-) JW Sure hope that a plugin to SmarterMail is just around the corner! Me too ;-) _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] can auto-forward be disabled when spam is detected?
You can change your rules to forward spam to separate user quarantine mailbox (not a subfolder or sub-mailbox) that does not have forwarding setup. You just cannot make the rules forward (or move)the spam to a sub-mailbox like [EMAIL PROTECTED] on an account that is forwarded. Craig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson Sent: Thursday, September 01, 2005 1:17 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? I think I see the problem, though not a quick solution. Mxguard merely handles traffic between imail and sniffer and calculates its spam score and probability. IT has no override capability excepting its own white and black lists blocking calling for sniffer processing. IMail's processing order of activies (as listed in http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter %204%20process ing2.html#47027 ) show that forwarding instructions are handled before domain or user incoming rule execution. It is the domain and user incoming rule execution that is the first level of being able to pick up sniffer/mxguard instructions (via x-header presence/value). Only connection or content filtering is used by imail prior to the forwarding process. I don't see any way to have mxguard or sniffer affect the connection or content filtering rules unless they were somehow able to (for example) add a dummy url to the content of the email which would trigger the content filtering url blacklist. Ipswitch probably considers the current forwarding processing order a feature (after all it allows another external mail server rulebase to inject it's rules). Unfortunately, in large quantity, lumping multiple aliases from multiple sites to a one or more users who then want auto-forward to another email server for internet mail (i.e. gmail) makes it look like my server is generating spam to gmail/yahoo/etc. Ideas? Rick Robeson getlocalnews.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil Sent: Thursday, September 01, 2005 8:44 AM To: Rick Robeson Subject: Re: [sniffer] can auto-forward be disabled when spam is detected? On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: RR I'm using Sniffer with MXGuard, and Ipswitch Imail Server. RR RR For accounts who have auto-forwarding setup to transfer mail to a RR remote mail account, I've noticed that they're transferring all RR mail, including detectable spam. Is there a way to block forwarding RR when spam is detected? That's an mxGuard question. SNF makes no distinctions on where the message is going in an IMail environment... My guess is that mxGuard is either not scanning these messages, or that it either can't or doesn't take action in those cases. If I had to guess it's probably most likely that IMail doesn't give mxGuard a chance to effect these messages, or that in a similar way mxGuard doesn't effect them due to the split envelope problem. Please let me know what you find out. Thanks, _M PS: Split Envelop Problem - When the SMTP envelope of a messages indicates multiple recipients, and one of the recipients has rules that would dispose of the message in some way there is an inherent conflict. It goes against RFCs to deliver the message to one recipient and not the other (though that is probably desirable and may be/become the best practice) since that would require splitting the envelope and the message into two copies with each copy following a different path. In a strict interpretation of email processing rules the message must be either delivered to all recipients on the envelope or not delivered. In many cases the final rule turns out to be: If anyone is supposed to receive this message then everyone must. Once they have received it they can discard it if they wish, but an MTA shouldn't make that call since it has essentially 'signed up' to be responsible for delivering the message as is. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] can auto-forward be disabled when spam is detected?
How would that address the fact that imail processes the auto-forward rule before processing the incoming messages rules (which is where I trigger x-header sniffer flag)? Rick Robeson getlocalnews.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig Deal Sent: Thursday, September 01, 2005 11:43 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? You can change your rules to forward spam to separate user quarantine mailbox (not a subfolder or sub-mailbox) that does not have forwarding setup. You just cannot make the rules forward (or move)the spam to a sub-mailbox like [EMAIL PROTECTED] on an account that is forwarded. Craig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson Sent: Thursday, September 01, 2005 1:17 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? I think I see the problem, though not a quick solution. Mxguard merely handles traffic between imail and sniffer and calculates its spam score and probability. IT has no override capability excepting its own white and black lists blocking calling for sniffer processing. IMail's processing order of activies (as listed in http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter %204%20process ing2.html#47027 ) show that forwarding instructions are handled before domain or user incoming rule execution. It is the domain and user incoming rule execution that is the first level of being able to pick up sniffer/mxguard instructions (via x-header presence/value). Only connection or content filtering is used by imail prior to the forwarding process. I don't see any way to have mxguard or sniffer affect the connection or content filtering rules unless they were somehow able to (for example) add a dummy url to the content of the email which would trigger the content filtering url blacklist. Ipswitch probably considers the current forwarding processing order a feature (after all it allows another external mail server rulebase to inject it's rules). Unfortunately, in large quantity, lumping multiple aliases from multiple sites to a one or more users who then want auto-forward to another email server for internet mail (i.e. gmail) makes it look like my server is generating spam to gmail/yahoo/etc. Ideas? Rick Robeson getlocalnews.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil Sent: Thursday, September 01, 2005 8:44 AM To: Rick Robeson Subject: Re: [sniffer] can auto-forward be disabled when spam is detected? On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: RR I'm using Sniffer with MXGuard, and Ipswitch Imail Server. RR RR For accounts who have auto-forwarding setup to transfer mail to a RR remote mail account, I've noticed that they're transferring all RR mail, including detectable spam. Is there a way to block forwarding RR when spam is detected? That's an mxGuard question. SNF makes no distinctions on where the message is going in an IMail environment... My guess is that mxGuard is either not scanning these messages, or that it either can't or doesn't take action in those cases. If I had to guess it's probably most likely that IMail doesn't give mxGuard a chance to effect these messages, or that in a similar way mxGuard doesn't effect them due to the split envelope problem. Please let me know what you find out. Thanks, _M PS: Split Envelop Problem - When the SMTP envelope of a messages indicates multiple recipients, and one of the recipients has rules that would dispose of the message in some way there is an inherent conflict. It goes against RFCs to deliver the message to one recipient and not the other (though that is probably desirable and may be/become the best practice) since that would require splitting the envelope and the message into two copies with each copy following a different path. In a strict interpretation of email processing rules the message must be either delivered to all recipients on the envelope or not delivered. In many cases the final rule turns out to be: If anyone is supposed to receive this message then everyone must. Once they have received it they can discard it if they wish, but an MTA shouldn't make that call since it has essentially 'signed up' to be responsible for delivering the message as is. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail
RE: [sniffer] can auto-forward be disabled when spam is detected?
I understand what you are saying, and I'm not sure why it works, but it does. If you setup a rule to forward spam (based on X-Headers) to a separate Quarantine mailbox, it will only forward the good emails to the user gmail/yahoo account. I have it setup this way for several clients that use Exchange. A forward is setup for each user that goes to the Exchange server. The Imail rules forward spam to a central quarintine mailbox on Imail. If the email is caught by one of the rules it does not get forwarded to the clients Exchange Server. Craig Imail 8.15/mxGuard/Sniffer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson Sent: Thursday, September 01, 2005 1:54 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? How would that address the fact that imail processes the auto-forward rule before processing the incoming messages rules (which is where I trigger x-header sniffer flag)? Rick Robeson getlocalnews.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig Deal Sent: Thursday, September 01, 2005 11:43 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? You can change your rules to forward spam to separate user quarantine mailbox (not a subfolder or sub-mailbox) that does not have forwarding setup. You just cannot make the rules forward (or move)the spam to a sub-mailbox like [EMAIL PROTECTED] on an account that is forwarded. Craig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson Sent: Thursday, September 01, 2005 1:17 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? I think I see the problem, though not a quick solution. Mxguard merely handles traffic between imail and sniffer and calculates its spam score and probability. IT has no override capability excepting its own white and black lists blocking calling for sniffer processing. IMail's processing order of activies (as listed in http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter %204%20process ing2.html#47027 ) show that forwarding instructions are handled before domain or user incoming rule execution. It is the domain and user incoming rule execution that is the first level of being able to pick up sniffer/mxguard instructions (via x-header presence/value). Only connection or content filtering is used by imail prior to the forwarding process. I don't see any way to have mxguard or sniffer affect the connection or content filtering rules unless they were somehow able to (for example) add a dummy url to the content of the email which would trigger the content filtering url blacklist. Ipswitch probably considers the current forwarding processing order a feature (after all it allows another external mail server rulebase to inject it's rules). Unfortunately, in large quantity, lumping multiple aliases from multiple sites to a one or more users who then want auto-forward to another email server for internet mail (i.e. gmail) makes it look like my server is generating spam to gmail/yahoo/etc. Ideas? Rick Robeson getlocalnews.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil Sent: Thursday, September 01, 2005 8:44 AM To: Rick Robeson Subject: Re: [sniffer] can auto-forward be disabled when spam is detected? On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: RR I'm using Sniffer with MXGuard, and Ipswitch Imail Server. RR RR For accounts who have auto-forwarding setup to transfer mail to a RR remote mail account, I've noticed that they're transferring all RR mail, including detectable spam. Is there a way to block forwarding RR when spam is detected? That's an mxGuard question. SNF makes no distinctions on where the message is going in an IMail environment... My guess is that mxGuard is either not scanning these messages, or that it either can't or doesn't take action in those cases. If I had to guess it's probably most likely that IMail doesn't give mxGuard a chance to effect these messages, or that in a similar way mxGuard doesn't effect them due to the split envelope problem. Please let me know what you find out. Thanks, _M PS: Split Envelop Problem - When the SMTP envelope of a messages indicates multiple recipients, and one of the recipients has rules that would dispose of the message in some way there is an inherent conflict. It goes against RFCs to deliver the message to one recipient and not the other
Re[2]: [sniffer] can auto-forward be disabled when spam is detected?
You can change your rules to forward spam to separate user quarantine mailbox (not a subfolder or sub-mailbox) that does not have forwarding setup. You just cannot make the rules forward (or move)the spam to a sub-mailbox like [EMAIL PROTECTED] on an account that is forwarded. That's an overly complex solution. Just put a forward on the main.mbx by using a main.fwd -- do not use forward.ima. Unless you have users regularly using direct mailbox subaddressing (which is not common), you won't need to deploy any other mailboxname.fwd. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
