RE: Re[4]: [sniffer] Large amounts of spam still getting through
Thanks Pete, I do not remember getting an update notification but that would definitely explain why we are getting go much spam now. Rick Hogue Intent.Net - Web Hosting 3802 Handley Avenue Louisville, KY 40218 1-502-459-3100 1-800-866-2983 Toll Free New Books Available "Prosperity Or Better Times Ten" "Hot Slot Secrets" "The Incredible Inman's Louisville Trivia Challenge" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, October 15, 2005 2:10 PM To: Rick Hogue Subject: Re[4]: [sniffer] Large amounts of spam still getting through On Saturday, October 15, 2005, 12:33:47 PM, Rick wrote: RH> My only concern is that all of this was being caught by Sniffer before and RH> all of a sudden very little of it is being caught. We are told that they are RH> working on it to get it fixed but we are getting slammed by customers RH> telling us we are not catching any spam. RH> Any help in a solution other than greylisting would be really appreciated. Rick, I checked your license by your domain and found that it has expired. We will have sent you a renewal notice in the first week of Semptember and we did not get a response. Pleaes send a note to [EMAIL PROTECTED] and we will send you an invoice you can pay online to renew. Updates for your account have been off since 20051005. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False Postive Processing more automation?
On Saturday, October 15, 2005, 3:51:22 PM, Scott wrote: > When I submit false positives to Sniffer about half come back rule clean. I then have to go to the logs and pull out those messages and resubmit the false positives with the log lines. I believe I am FTPing up my log files to Sniffer nightly. Isn't there a way to automatically pull these log lines out of the logs I have already sent up to Sniffer? We process a huge volume of log file data. The logs are processed for their statistics and discarded so that we can keep up. There is an option to have SNF produce a .xhdr file that can be included in the message by some systems. If a message contains those headers then it is possible to look up the necessary data from the headers. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False Postive Processing more automation?
When I submit false positives to Sniffer about half come back rule clean. I then have to go to the logs and pull out those messages and resubmit the false positives with the log lines. I believe I am FTPing up my log files to Sniffer nightly. Isn't there a way to automatically pull these log lines out of the logs I have already sent up to Sniffer?
Re: Re[2]: [sniffer] Large amounts of spam still getting through
I just assumed it was a defective spamming software. - Original Message - From: "John T (Lists)" <[EMAIL PROTECTED]> To: Sent: Saturday, October 15, 2005 2:10 PM Subject: RE: Re[2]: [sniffer] Large amounts of spam still getting through I wonder is that is some kind Outlook vulnerability. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Saturday, October 15, 2005 10:43 AM To: sniffer@SortMonster.com Subject: RE: Re[2]: [sniffer] Large amounts of spam still getting through We're seeing the header info in the body problem. It seems to be always spam. Another way it manifests itself is that Declude can't alter the Subject line properly. The folks at Declude tell us that they're aware of it, and that they are just waiting for more "pre altered by Declude" examples to code for it. Rob M. Stein wrote: >By the way, has anyone seen the spam that gets through that has the header info in >the body of the mail message instead of where it's supposed to be? How is that possible? --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Large amounts of spam still getting through
I wonder is that is some kind Outlook vulnerability. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Robert Grosshandler > Sent: Saturday, October 15, 2005 10:43 AM > To: sniffer@SortMonster.com > Subject: RE: Re[2]: [sniffer] Large amounts of spam still getting through > > We're seeing the header info in the body problem. It seems to be always > spam. Another way it manifests itself is that Declude can't alter the > Subject line properly. > > The folks at Declude tell us that they're aware of it, and that they are > just waiting for more "pre altered by Declude" examples to code for it. > > Rob > > > M. Stein wrote: > > >By the way, has anyone seen the spam that gets through that has the header > info in >the body of the mail message instead of where it's supposed to be? > How is that possible? > > --- > [This E-mail scanned for viruses by Declude Virus] > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[4]: [sniffer] Large amounts of spam still getting through
On Saturday, October 15, 2005, 12:33:47 PM, Rick wrote: RH> My only concern is that all of this was being caught by Sniffer before and RH> all of a sudden very little of it is being caught. We are told that they are RH> working on it to get it fixed but we are getting slammed by customers RH> telling us we are not catching any spam. RH> Any help in a solution other than greylisting would be really appreciated. Rick, I checked your license by your domain and found that it has expired. We will have sent you a renewal notice in the first week of Semptember and we did not get a response. Pleaes send a note to [EMAIL PROTECTED] and we will send you an invoice you can pay online to renew. Updates for your account have been off since 20051005. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Large amounts of spam still getting through
We're seeing the header info in the body problem. It seems to be always spam. Another way it manifests itself is that Declude can't alter the Subject line properly. The folks at Declude tell us that they're aware of it, and that they are just waiting for more "pre altered by Declude" examples to code for it. Rob M. Stein wrote: >By the way, has anyone seen the spam that gets through that has the header info in >the body of the mail message instead of where it's supposed to be? How is that possible? --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] Large amounts of spam still getting through
For what it's worth, we have not see a major increase in spam this week either. Things seem pretty normal. We did recently upgrade to the Pro version of Declude Junkmail, and now it is much easier to block mail from certain countries (like .cz .ru etc.) as well as header and subject content, etc. By the way, has anyone seen the spam that gets through that has the header info in the body of the mail message instead of where it's supposed to be? How is that possible? Michael Stein Computer House www.computerhouse.com - Original Message - From: "Rick Hogue" <[EMAIL PROTECTED]> To: Sent: Saturday, October 15, 2005 12:33 PM Subject: RE: Re[2]: [sniffer] Large amounts of spam still getting through My only concern is that all of this was being caught by Sniffer before and all of a sudden very little of it is being caught. We are told that they are working on it to get it fixed but we are getting slammed by customers telling us we are not catching any spam. Any help in a solution other than greylisting would be really appreciated. Or is this a declude problem? Rick Hogue Intent.Net - Web Hosting 3802 Handley Avenue Louisville, KY 40218 1-502-459-3100 1-800-866-2983 Toll Free --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Large amounts of spam still getting through
Rick, I, for one, have not seen any increase in spam getting through recently. It may be because I have so many other filters in front of Sniffer that my capture/reject rates are so high, but I have not had a single spam make it through to my own inbox this entire week. That's on the verge of a record for me. I'm sure that I am personally targeted with a minimum of 300+ spams each day. I have not heard any complaints from my users as of late, either. Sniffer is just a single tool, and it takes an entire arsenal if you want to get anywhere near (or above) a 99% spam kill rate. You may very well want to check on the declude list concerning the latest tweaks to that software for the best performance. I use MxGuard, so I couldn't really give you much advice on Declude. The bottom line is, the more spam you stop BEFORE it gets to Sniffer, the better off you will be. Sniffer is pulling its own weight here very nicely, so I'm sure that mileage may vary. If anything, I am seeing less spam get through this week than I did the week before. William Van Hefner Network Administrator Vantek Communications, Inc. 555 H Street, Ste. C Eureka, CA 95501 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Hogue > Sent: Saturday, October 15, 2005 9:34 AM > To: sniffer@SortMonster.com > Subject: RE: Re[2]: [sniffer] Large amounts of spam still > getting through > > > My only concern is that all of this was being caught by > Sniffer before and all of a sudden very little of it is being > caught. We are told that they are working on it to get it > fixed but we are getting slammed by customers telling us we > are not catching any spam. > > Any help in a solution other than greylisting would be really > appreciated. > > Or is this a declude problem? > > Rick Hogue > > Intent.Net - Web Hosting > > 3802 Handley Avenue > > Louisville, KY 40218 > > 1-502-459-3100 > > 1-800-866-2983 Toll Free > > --- > [This E-mail scanned for viruses by Declude on > http://www.intent.net hosted Email] > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Large amounts of spam still getting through
My only concern is that all of this was being caught by Sniffer before and all of a sudden very little of it is being caught. We are told that they are working on it to get it fixed but we are getting slammed by customers telling us we are not catching any spam. Any help in a solution other than greylisting would be really appreciated. Or is this a declude problem? Rick Hogue Intent.Net - Web Hosting 3802 Handley Avenue Louisville, KY 40218 1-502-459-3100 1-800-866-2983 Toll Free --- [This E-mail scanned for viruses by Declude on http://www.intent.net hosted Email] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] Large amounts of spam still getting through
LOL! On Saturday, October 15, 2005, 4:34:09 AM, John wrote: JTL> On a very off topic note, why are we still both up? JTL> John T JTL> eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Large amounts of spam still getting through
John, Because we are both network admins, and the best time of the week to work on server changes is late at night, on weekends? That's my excuse! Being an insomniac doesn't hurt, either. :-) William Van Hefner Network Administrator Vantek Communications, Inc. 555 H Street, Ste. C Eureka, CA 95501 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: Saturday, October 15, 2005 1:34 AM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Large amounts of spam still getting through > > > On a very off topic note, why are we still both up? > > John T > eServices For You > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > On > > Behalf Of William Van Hefner > > Sent: Saturday, October 15, 2005 1:01 AM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > John, > > > > This may be slightly OT. Hope Pete doesn't mind. :-) > > > > The default in greylisting that comes with Postfix is 300 seconds, > although > > you can change that value to whatever you want. The first > reason that > > greylisting was implemented was because almost no spamware > ever tried > > resending messages at the time the idea was originally > brought about. > > Now, > I > > would say that about 85% of spamware and zombies never retry. It is > > the > BIG > > spamhauses that always retry, and Sniffer is an excellent companion > > for catching those. It is currently best suited for stopping zombie > > spamware, and the majority of small spammers that never > retry sending > > messages. > > > > As far as the delay timing goes, that is really up to each > individual > admin > > and should be fine tuned depending upon what kind of > traffic patterns > > you are dealing with. I could certainly see the need for > some admins > > to crank the delay up to 15-20 minutes, while I have other hosting > > customers that > are > > whitelisted entirely (you can whitelist individual domains or just > > users using greylisting). The best use may be to whitelist > some user > > addresses, and leave others with significant delays. I > always believe > > that users > should > > use a "personal" e-mail address, and another one that is > strictly for > > mailing lists, online ordering, and stuff like that. > > > > There is a lot of tweaking that can be done with > greylisting, but it > > is > only > > one part of the overall antispam picture. One of its biggest > > advantages is the bandwidth and CPU processing it can save > you, as it > > rejects a substantial amount of spam with very little bandwidth > > consumption. There > are > > also technically no "false positives", as all mail (even spam) will > > eventually be passed through. Obviously, it only works best > for SOME > > spam though, and other things like Sniffer solve different parts of > > the puzzle. Between the different methods I am using, which > don't even > > include > Bayesian > > at the moment, I am seeing far better than a 99% success > (rejecting or > > deleting spam) rate, with very few false positives. > > > > > > > > William Van Hefner > > Network Administrator > > > > Vantek Communications, Inc. > > 555 H Street, Ste. C > > Eureka, CA 95501 > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > > Sent: Saturday, October 15, 2005 12:41 AM > > > To: sniffer@SortMonster.com > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > > > > 5 minutes would hardily be noticed. Discussions I was having with > > > others involved delays of an hour or two. > > > > > > I do not see how "greylisting" a message for 5 minutes would help > > > except when fighting harvesting or dictionary type spam attacks. > > > > > > John T > > > eServices For You > > > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > On > > > > Behalf Of William Van Hefner > > > > Sent: Saturday, October 15, 2005 12:22 AM > > > > To: sniffer@SortMonster.com > > > > Subject: RE: [sniffer] Large amounts of spam still > getting through > > > > > > > > John, > > > > > > > > I have no clue what the "legal implications" would be, as > > > long as both > > > > my customers know that I'm using it and the sender is notified > > > > appropriately via SMTP. I use greylisting via > IMGate/Postfix and > > > > it works like a charm. > > > It > > > > takes a good couple of weeks to build up decent whitelist > > > (both manual > > > > whitelisting and automated whitelisting are recommended), but > > > > after that > > > it > > > > is pretty much smooth sailing. I've yet to have a > single complaint > > > > from my users over greylisting, other than the fact that it > > > > delayed their e-mails > > > by > > > > around 5 minutes for the first coup
RE: [sniffer] Large amounts of spam still getting through
On a very off topic note, why are we still both up? John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of William Van Hefner > Sent: Saturday, October 15, 2005 1:01 AM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Large amounts of spam still getting through > > John, > > This may be slightly OT. Hope Pete doesn't mind. :-) > > The default in greylisting that comes with Postfix is 300 seconds, although > you can change that value to whatever you want. The first reason that > greylisting was implemented was because almost no spamware ever tried > resending messages at the time the idea was originally brought about. Now, I > would say that about 85% of spamware and zombies never retry. It is the BIG > spamhauses that always retry, and Sniffer is an excellent companion for > catching those. It is currently best suited for stopping zombie spamware, > and the majority of small spammers that never retry sending messages. > > As far as the delay timing goes, that is really up to each individual admin > and should be fine tuned depending upon what kind of traffic patterns you > are dealing with. I could certainly see the need for some admins to crank > the delay up to 15-20 minutes, while I have other hosting customers that are > whitelisted entirely (you can whitelist individual domains or just users > using greylisting). The best use may be to whitelist some user addresses, > and leave others with significant delays. I always believe that users should > use a "personal" e-mail address, and another one that is strictly for > mailing lists, online ordering, and stuff like that. > > There is a lot of tweaking that can be done with greylisting, but it is only > one part of the overall antispam picture. One of its biggest advantages is > the bandwidth and CPU processing it can save you, as it rejects a > substantial amount of spam with very little bandwidth consumption. There are > also technically no "false positives", as all mail (even spam) will > eventually be passed through. Obviously, it only works best for SOME spam > though, and other things like Sniffer solve different parts of the puzzle. > Between the different methods I am using, which don't even include Bayesian > at the moment, I am seeing far better than a 99% success (rejecting or > deleting spam) rate, with very few false positives. > > > > William Van Hefner > Network Administrator > > Vantek Communications, Inc. > 555 H Street, Ste. C > Eureka, CA 95501 > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > Sent: Saturday, October 15, 2005 12:41 AM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > 5 minutes would hardily be noticed. Discussions I was having > > with others involved delays of an hour or two. > > > > I do not see how "greylisting" a message for 5 minutes would > > help except when fighting harvesting or dictionary type spam attacks. > > > > John T > > eServices For You > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > On > > > Behalf Of William Van Hefner > > > Sent: Saturday, October 15, 2005 12:22 AM > > > To: sniffer@SortMonster.com > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > John, > > > > > > I have no clue what the "legal implications" would be, as > > long as both > > > my customers know that I'm using it and the sender is notified > > > appropriately via SMTP. I use greylisting via IMGate/Postfix and it > > > works like a charm. > > It > > > takes a good couple of weeks to build up decent whitelist > > (both manual > > > whitelisting and automated whitelisting are recommended), but after > > > that > > it > > > is pretty much smooth sailing. I've yet to have a single complaint > > > from my users over greylisting, other than the fact that it delayed > > > their e-mails > > by > > > around 5 minutes for the first couple of weeks. If I had planned it > > better, > > > even those delays would largely not have occurred. > > > > > > I know of no way to implement greylisting on a Windows box. See > > > greylisting.org for more info. > > > > > > > > > William Van Hefner > > > Network Administrator > > > > > > Vantek Communications, Inc. > > > 555 H Street, Ste. C > > > Eureka, CA 95501 > > > 707.476.0833 ph > > > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > > > Sent: Friday, October 14, 2005 12:55 PM > > > > To: sniffer@SortMonster.com > > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > > > > > > > There has been a good amount of discussion about > > temporarily "grey > > > > listing" an e-mail message and there are many questions > > surrounding > > > > it, one of which is legal. > > > > >
RE: [sniffer] Large amounts of spam still getting through
John, This may be slightly OT. Hope Pete doesn't mind. :-) The default in greylisting that comes with Postfix is 300 seconds, although you can change that value to whatever you want. The first reason that greylisting was implemented was because almost no spamware ever tried resending messages at the time the idea was originally brought about. Now, I would say that about 85% of spamware and zombies never retry. It is the BIG spamhauses that always retry, and Sniffer is an excellent companion for catching those. It is currently best suited for stopping zombie spamware, and the majority of small spammers that never retry sending messages. As far as the delay timing goes, that is really up to each individual admin and should be fine tuned depending upon what kind of traffic patterns you are dealing with. I could certainly see the need for some admins to crank the delay up to 15-20 minutes, while I have other hosting customers that are whitelisted entirely (you can whitelist individual domains or just users using greylisting). The best use may be to whitelist some user addresses, and leave others with significant delays. I always believe that users should use a "personal" e-mail address, and another one that is strictly for mailing lists, online ordering, and stuff like that. There is a lot of tweaking that can be done with greylisting, but it is only one part of the overall antispam picture. One of its biggest advantages is the bandwidth and CPU processing it can save you, as it rejects a substantial amount of spam with very little bandwidth consumption. There are also technically no "false positives", as all mail (even spam) will eventually be passed through. Obviously, it only works best for SOME spam though, and other things like Sniffer solve different parts of the puzzle. Between the different methods I am using, which don't even include Bayesian at the moment, I am seeing far better than a 99% success (rejecting or deleting spam) rate, with very few false positives. William Van Hefner Network Administrator Vantek Communications, Inc. 555 H Street, Ste. C Eureka, CA 95501 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: Saturday, October 15, 2005 12:41 AM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Large amounts of spam still getting through > > > 5 minutes would hardily be noticed. Discussions I was having > with others involved delays of an hour or two. > > I do not see how "greylisting" a message for 5 minutes would > help except when fighting harvesting or dictionary type spam attacks. > > John T > eServices For You > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > On > > Behalf Of William Van Hefner > > Sent: Saturday, October 15, 2005 12:22 AM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > John, > > > > I have no clue what the "legal implications" would be, as > long as both > > my customers know that I'm using it and the sender is notified > > appropriately via SMTP. I use greylisting via IMGate/Postfix and it > > works like a charm. > It > > takes a good couple of weeks to build up decent whitelist > (both manual > > whitelisting and automated whitelisting are recommended), but after > > that > it > > is pretty much smooth sailing. I've yet to have a single complaint > > from my users over greylisting, other than the fact that it delayed > > their e-mails > by > > around 5 minutes for the first couple of weeks. If I had planned it > better, > > even those delays would largely not have occurred. > > > > I know of no way to implement greylisting on a Windows box. See > > greylisting.org for more info. > > > > > > William Van Hefner > > Network Administrator > > > > Vantek Communications, Inc. > > 555 H Street, Ste. C > > Eureka, CA 95501 > > 707.476.0833 ph > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > > Sent: Friday, October 14, 2005 12:55 PM > > > To: sniffer@SortMonster.com > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > > > > There has been a good amount of discussion about > temporarily "grey > > > listing" an e-mail message and there are many questions > surrounding > > > it, one of which is legal. > > > > > > John T > > > eServices For You > > > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > On > > > > Behalf Of Mike Nice > > > > Sent: Friday, October 14, 2005 12:43 PM > > > > To: sniffer@SortMonster.com > > > > Subject: Re: [sniffer] Large amounts of spam still > getting through > > > > > > > > > getting much better at what they do. When a spammer uses > > > Geocities > > > links, > > > > > hijacks real accounts on major providers to send spam > through, > > > > > and >
RE: [sniffer] Large amounts of spam still getting through
5 minutes would hardily be noticed. Discussions I was having with others involved delays of an hour or two. I do not see how "greylisting" a message for 5 minutes would help except when fighting harvesting or dictionary type spam attacks. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of William Van Hefner > Sent: Saturday, October 15, 2005 12:22 AM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Large amounts of spam still getting through > > John, > > I have no clue what the "legal implications" would be, as long as both my > customers know that I'm using it and the sender is notified appropriately > via SMTP. I use greylisting via IMGate/Postfix and it works like a charm. It > takes a good couple of weeks to build up decent whitelist (both manual > whitelisting and automated whitelisting are recommended), but after that it > is pretty much smooth sailing. I've yet to have a single complaint from my > users over greylisting, other than the fact that it delayed their e-mails by > around 5 minutes for the first couple of weeks. If I had planned it better, > even those delays would largely not have occurred. > > I know of no way to implement greylisting on a Windows box. See > greylisting.org for more info. > > > William Van Hefner > Network Administrator > > Vantek Communications, Inc. > 555 H Street, Ste. C > Eureka, CA 95501 > 707.476.0833 ph > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > Sent: Friday, October 14, 2005 12:55 PM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > There has been a good amount of discussion about temporarily > > "grey listing" an e-mail message and there are many questions > > surrounding it, one of which is legal. > > > > John T > > eServices For You > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > On > > > Behalf Of Mike Nice > > > Sent: Friday, October 14, 2005 12:43 PM > > > To: sniffer@SortMonster.com > > > Subject: Re: [sniffer] Large amounts of spam still getting through > > > > > > > getting much better at what they do. When a spammer uses > > Geocities > > links, > > > > hijacks real accounts on major providers to send spam through, and > > changes > > > > their techniques every few hours, it makes it difficult > > for Sniffer > > > > to proactively block them, and the delay between rulebase updates > > > > means a delay in catching things that have been tagged. > > > > > > This brings to mind a technique with optional adaptive delay - > > > enabled > > by > > > the user. Each mail is assigned a 'triplicate': (To_Email, > > From_Email, > > > and domain_of_sending_server). Previously unknown triplicates are > > > held for a period of time before being examined for spam. > > The delay > > > is long enough that SpamCop, Sniffer, and InvURIBL mailtraps see > > > copies of the spam and update the blacklists. > > > > > >This would be hard to do with the stock IMail, but > > possibly could > > > be > > done > > > by Declude with the V3 architecture and a database. > > > > > >It still doesn't provide a good answer to the problem of > > spammers > > > hijacking a computer and sending spam through legitimate servers. > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > information > > and > > > (un)subscription instructions go to > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > information and (un)subscription instructions go to > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Large amounts of spam still getting through
John, I have no clue what the "legal implications" would be, as long as both my customers know that I'm using it and the sender is notified appropriately via SMTP. I use greylisting via IMGate/Postfix and it works like a charm. It takes a good couple of weeks to build up decent whitelist (both manual whitelisting and automated whitelisting are recommended), but after that it is pretty much smooth sailing. I've yet to have a single complaint from my users over greylisting, other than the fact that it delayed their e-mails by around 5 minutes for the first couple of weeks. If I had planned it better, even those delays would largely not have occurred. I know of no way to implement greylisting on a Windows box. See greylisting.org for more info. William Van Hefner Network Administrator Vantek Communications, Inc. 555 H Street, Ste. C Eureka, CA 95501 707.476.0833 ph > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: Friday, October 14, 2005 12:55 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Large amounts of spam still getting through > > > There has been a good amount of discussion about temporarily > "grey listing" an e-mail message and there are many questions > surrounding it, one of which is legal. > > John T > eServices For You > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > On > > Behalf Of Mike Nice > > Sent: Friday, October 14, 2005 12:43 PM > > To: sniffer@SortMonster.com > > Subject: Re: [sniffer] Large amounts of spam still getting through > > > > > getting much better at what they do. When a spammer uses > Geocities > links, > > > hijacks real accounts on major providers to send spam through, and > changes > > > their techniques every few hours, it makes it difficult > for Sniffer > > > to proactively block them, and the delay between rulebase updates > > > means a delay in catching things that have been tagged. > > > > This brings to mind a technique with optional adaptive delay - > > enabled > by > > the user. Each mail is assigned a 'triplicate': (To_Email, > From_Email, > > and domain_of_sending_server). Previously unknown triplicates are > > held for a period of time before being examined for spam. > The delay > > is long enough that SpamCop, Sniffer, and InvURIBL mailtraps see > > copies of the spam and update the blacklists. > > > >This would be hard to do with the stock IMail, but > possibly could > > be > done > > by Declude with the V3 architecture and a database. > > > >It still doesn't provide a good answer to the problem of > spammers > > hijacking a computer and sending spam through legitimate servers. > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > information > and > > (un)subscription instructions go to > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
