[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Ok I guess I had a basic understanding of how the old way and new way works, that makes it much clearer. I hadn't messed with it until now I'm looking at the new version b/c I am getting a lot of spam thru the floodgates lately, more and more. I tried creating a service with srvany but it was throwing an error when I was starting the service. Any special arguments you are supposed to put in the path that the service runs? Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 3com IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV HP Computers/Servers & Printers -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 8:13 PM To: Message Sniffer Community Subject: [sniffer] Re: SNFV2-9 Wide Beta now at version 1.4 Hello Chris, Quite a while ago, SNF was based on cellular peer-server technology. Each time your MTA called SNF with a message it would look to see if any other instances were alive and if they were then they would coordinate together to save resources. A bit after that we created a persistent mode where you could start an instance that would run as a kind of lightweight service. That instance would stay alive all the time so as you called other instances to scan messages they would see the persistent instance and let it take care of the heavy work -- that way only one instance ever had to load the rulebase file. Once the persistent mode was available there was no reason to use SNF any other way so most folks set up a persistent instance and took advantage of the extra throughput on their systems. That is currently the accepted way to run SNF. The new version is a complete departure from the old ways. There is now a client and a service. The client software knows how to talk to the server software and that's about all it does. The server software does all of the scanning and other heavy tasks. Now, for most folks, this is a fairly simple transition. They will replace their persistent instance with the new server software and they will begin calling the new client software the same way they used to call SNF. The client will pass the scan request on to the server and will return the customary result code. If you've never run a persistent instance using srvany, Firedaemon, or some other tool then that part will be new to you. Hope this helps, _M Tuesday, October 9, 2007, 7:36:02 PM, you wrote: > Pete, > Im a bit confused about the persistasnt mode settings. I don't remember > installing a service for my current sniffer installation. I thought it > just continued running after the first time it was called by my mail > server. With the new release, do I have to install as a service? > Thanks, > Chris > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On > Behalf Of Pete McNeil > Sent: Tuesday, October 09, 2007 5:54 PM > To: Message Sniffer Community > Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4 > Hello Sniffer Folks, > We have worked through some minor bugs and added some new features. > The newest version of the beta is 1.4. > http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted > .Distributions#NEW_SNF_V2-9_Wide_Beta > Please upgrade your snf_engine.xml and SNFServer.exe files from the > latest distribution when you get a chance. > * Adds support for scanning Communigate Pro message files directly. > * Tightens up XCI handler code. > * Removes problematic/redundant XCI watchdog code which caused trouble > on some MDaemon systems. > Source & MDaemon folks-- a revised alpha distribution will be updated > shortly with the new changes incorporated. > Thanks, > _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mo
[sniffer] Re: SNFV2-9 Wide Beta now at version 1.4
Pete, Im a bit confused about the persistasnt mode settings. I don't remember installing a service for my current sniffer installation. I thought it just continued running after the first time it was called by my mail server. With the new release, do I have to install as a service? Thanks, Chris -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, October 09, 2007 5:54 PM To: Message Sniffer Community Subject: [sniffer] SNFV2-9 Wide Beta now at version 1.4 Hello Sniffer Folks, We have worked through some minor bugs and added some new features. The newest version of the beta is 1.4. http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted .Distributions#NEW_SNF_V2-9_Wide_Beta Please upgrade your snf_engine.xml and SNFServer.exe files from the latest distribution when you get a chance. * Adds support for scanning Communigate Pro message files directly. * Tightens up XCI handler code. * Removes problematic/redundant XCI watchdog code which caused trouble on some MDaemon systems. Source & MDaemon folks-- a revised alpha distribution will be updated shortly with the new changes incorporated. Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: New campaign not caught
What is up with the PDF spams? They are getting thru the filters like crazy for the past few days... Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 3com IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com/> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV HP Computers/Servers & Printers -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, August 07, 2007 2:44 PM To: Message Sniffer Community Subject: [sniffer] Re: New campaign not caught Hello Scott, We have been working on both and we've made progress. There are a number of other variants and campaigns all with high bandwidth we are also working on. _M Tuesday, August 7, 2007, 12:46:36 PM, you wrote: > Last night I started getting spam with numbers in the subject and a hex code in the body. This morning that switched over to stock spam PDFs. Hopefully rules can be targeted towards them! Scott Fisher Dir of IT Farm Progress Companies 191 S Gary Ave Carol Stream, IL 60188 Tel: 630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: .pdf Attachments
Also getting tons of them in past few days Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: Thursday, June 28, 2007 10:44 AM To: Message Sniffer Community Subject: [sniffer] Re: .pdf Attachments I'm getting a bunch of these as well the last few days. Sniffer is only catching about 50% of them. -Joe - Original Message - From: "Greg Coffey" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, June 28, 2007 9:20 AM Subject: [sniffer] .pdf Attachments > What is with all the .pdf attachments in spam? I haven't noticed this > trend previously. Are they infected or what is the scheme? > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Appriver issue
Kevin, I don't quite understand. Do you, or do you not subscribe to appriver's hosted service? By the headers it appears you do. Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Saturday, May 19, 2007 7:37 AM To: Message Sniffer Community Subject: [sniffer] Re: Appriver issue My personal opinion is worth way less than John's, but I'd still like to insert it here. I was dramatically affected by a software product that I don't even subscribe to, so I'm somewhat curious why you would defend them so readily at this juncture. Perhaps they aren't totally to blame. But perhaps you are unaware of some of the ramifications of this foul-up. I'm not sure. But if you were affected by a service that you didn't have any connection to the way I was, perhaps it would be a different story. It seems like every message that was sent to appriver to be pattern-checked for potential spam, was then sent out to the intended recipient, *every time it was checked against their spam filters*. Which caused 1000 messages to be delivered per message, and then some, which caused a crazy amount of return or bounced messages in turn (which is where my server was hit). Again, I don't have all the facts and I may be wrong about some of the details, but this is what appears to have happened to me. Here is a snippet of one of the messages that was bounced back to my server, just FYI. This is just a snippet, and the headers were much longer, but I just wanted to throw them out there just in case. Received: from server128.appriver.com (HELO inbound.appriver.com) ([207.97.226.126]) by rrcs-mgw-01b.hrndva.rr.com with ESMTP; 17 May 2007 14:38:51 -0400 Received: by inbound.appriver.com (CommuniGate Pro PIPE 5.1.7) with PIPE id 7902890; Thu, 17 May 2007 14:19:43 -0400 Received: from [207.97.230.16] (HELO server97.appriver.com) by inbound.appriver.com (CommuniGate Pro SMTP 5.1.7) with ESMTP id 7902398; Thu, 17 May 2007 14:18:45 -0400 Received: by server97.appriver.com (CommuniGate Pro PIPE 5.1.4) with PIPE id 337776981; Thu, 17 May 2007 14:16:18 -0400 Received: from [74.205.4.33] (HELO inbound.appriver.com) John T (lists) wrote: > > Inserting my 2 cents here since that is all that it is worth. > > > > In backing up what Matt said, let me relate a similar example of a > problem that occurred a year and a half ago to a major IT security > products vendor: > > > > At about 6:15 AM PT on a week day in the middle of a normal busy week, > their content filtering servers begin to become unresponsive. At > first, it was intermittent and hard to pinpoint. But within about 45 > minutes, they stopped responding completely. Well, their appliances > did what they were designed to do by default configuration, fail safe. > Block all access if the content filtering server does not respond. All > one had to do though was to log onto the appliance and change the > failsafe block to allow. But this is where the fun (not) began. There > are hundreds or more of library's, both public and private, as well as > schools, that are using those appliances and that content filtering > service. Guess what? They are bound by law to have content filtering > in place, meaning they could not turn the fail safe off. Companies and > schools and libraries started screaming bloody murder and demanded a > resolution an hour ago. The content filtering service was finally > restored about 2:30 PM if I recall correctly. > > > > So, what happened? I mean this is a big company and it should have > things in place to prevent this. Right? > > > > They did. As much as some one would expect them to. > > > > They had 4 servers. The servers were fine, they were still running. > There were no sof
[sniffer] Re: Appriver issue
Maybe I caused the confusion. The problem I had was with my customer using appriver. Not with my customers using message sniffer. How can something that happens with rulebase downloads effect your mail server? It shouldn't. I would expect there's a seperate problem with your mail server that jus happened to occur the same day by coincidence I received a call from appriver today explaining that they released a patch that had acted badly on their servers. Which is why appriver customers had problems. Message sniffer resides on your own server so it should never be effected by any outside outages Thank You, Chris Bunting Lancaster Networks 717-278-6639 >Sent by my BlackBerry wireless device -Original Message- From: Pete McNeil <[EMAIL PROTECTED]> Date: Fri, 18 May 2007 21:44:18 To:"Message Sniffer Community" Subject: [sniffer] Re: Appriver issue Hello Kevin, Friday, May 18, 2007, 8:52:47 PM, you wrote: > Pete - Thanks for the reply, but I guess I don't understand what you're > saying. "Some packet loss" and "rulebase downloads to slow down for a > time" don't reflect what happened to me yesterday and apparently not > what happened to one of the other posters either when he said that > Appriver was having a problem "with sending messages over and over > again". I received over (at last count) 35,000 messages (almost all of > which were bounced replies, from one email from one of our users who > sent an email to about 70 people) yesterday. > And I had already gone to http://www.armresearch.com/ yesterday and > there was nothing there. There is nothing there today that I can see. > What happened? I lost an entire day's worth of email because of bounced > messages. I didn't sleep last night. I don't even use Appriver. I > would hope someone could explain it a little better than that. Thanks. I was answering the question - how is AppRiver related to Message Sniffer. I don't have specifics on the problem at AppRiver yet - they are still picking up the pieces, though operations are back to normal afaik. I do know (preliminarily) that the problem occurred when a new piece of software caused some messages with multiple recipients to loop and as a result to be replicated and resent repeatedly. If you are not a user of AppRiver then you shouldn't have been effected. Perhaps if you sent a message to someone who is a user of AppRiver then that might have gotten your messages involved. The only direct effect I'm aware of for SNF users was that for a time rulebase downloads were slowed due to packet loss. Since we use AppRiver for filtering (they, after all are using SNF) some messages that get sent to us apparently did loop to some lists. Also, some email to our accounts was delayed. I would need to know a lot more about your system and the email you lost before I could make any guesses as to what happened there -- but if you're not using AppRiver then you shouldn't have been effected. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Downloads are not working....
Today's outage was horrible for one of my customers who was waiting on important emails regarding a property closing today they were buying, it it fouled all sorts of things up. I guess in some ways appriver's hosted solution is nice if YOUR server goes down, but if THEIR servers go down, its bad I think I'm going to move them on to my servers using message sniffer instead... Service finally came up around 6pm ET and they got the emails finally Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, May 17, 2007 3:55 PM To: Message Sniffer Community Subject: [sniffer] Re: Downloads are not working Thanks for the update, Pete. Over on the Declude JunkMail support mailing list, it's like déjà vu all over again. Andrew 8) p.s. For the many of us here that don't subscribe to that list... The small number of recently active messages have been re-queued to the list several times. > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Thursday, May 17, 2007 12:50 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Downloads are not working > > Hello Chris, > > Thursday, May 17, 2007, 2:30:13 PM, you wrote: > > > Oh god, that would explain why I put in a support request with > > appriver and it bounced back. One of our clients exchange > servers was > > down today and they queue mail until it is back up, but I'm > trying to > > get someone to release it now. > > This isn't good > > The good news is that the problem has been corrected now. We > are still seeing some after-effects from it, but those should > be gone before too long. > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Downloads are not working....
Thanks Pete. I just called them and got someone to tell me the same but no eta. Thank You, Chris Bunting Lancaster Networks 717-278-6639 >Sent by my BlackBerry wireless device -Original Message- From: Pete McNeil <[EMAIL PROTECTED]> Date: Thu, 17 May 2007 14:48:35 To:"Message Sniffer Community" Subject: [sniffer] Re: Downloads are not working Hello Matt, Thursday, May 17, 2007, 2:22:56 PM, you wrote: > Appriver, who is somehow involved with Sniffer, is having a ridicolous > problem with sending messages over and over again (once every few > seconds). They pulled their contact information from their site but > didn't take down their servers. I suspect this is putting strain on > them and if Sniffer uses their bandwidth for downloads, that could > explain things. I'm not sure what the actual issue is (I will get that data later), however I've just been informed that it should be resolved in the next 20 minutes or so. Our rulebase server is on the same network so it is effected. BTW - they did not take down their contact information. It is right where it always has been. _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Downloads are not working....
Oh god, that would explain why I put in a support request with appriver and it bounced back. One of our clients exchange servers was down today and they queue mail until it is back up, but I'm trying to get someone to release it now. This isn't good Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, May 17, 2007 2:23 PM To: Message Sniffer Community Subject: [sniffer] Re: Downloads are not working Appriver, who is somehow involved with Sniffer, is having a ridicolous problem with sending messages over and over again (once every few seconds). They pulled their contact information from their site but didn't take down their servers. I suspect this is putting strain on them and if Sniffer uses their bandwidth for downloads, that could explain things. Matt Chuck Schick wrote: > Speeds are really slow and the connection is lost before > completionEverything checks out good on our end. Is something going on > with the sortmonster end of things? > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Downloads are not working....
Matt, I see their contact info there, where are you saying they removed it?? Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, May 17, 2007 2:23 PM To: Message Sniffer Community Subject: [sniffer] Re: Downloads are not working Appriver, who is somehow involved with Sniffer, is having a ridicolous problem with sending messages over and over again (once every few seconds). They pulled their contact information from their site but didn't take down their servers. I suspect this is putting strain on them and if Sniffer uses their bandwidth for downloads, that could explain things. Matt Chuck Schick wrote: > Speeds are really slow and the connection is lost before > completionEverything checks out good on our end. Is something going on > with the sortmonster end of things? > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Lots of Spam getting through last two days
I've been seeing lots of spam overall for the past few weeks. Filters are definitely not working as they used to. All of my customers are commenting about it also Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Greg Coffey Sent: Saturday, May 05, 2007 11:55 AM To: Message Sniffer Community Subject: [sniffer] Lots of Spam getting through last two days My secondary is catching most but I'm seeing quite a few sliding though Sniffer. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Anyone else getting hit hard today?
Nope everything is up to date, no errors... it seems to have stopped as of about 1pm et here... I'll send some samples Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, April 15, 2007 2:52 PM To: Message Sniffer Community Subject: [sniffer] Re: Anyone else getting hit hard today? Hello Chris, We're catching nominal amounts at our spamtrap processors. The primary spamtrap handler is showing > 98% capture. Is something broken on your end? Have you forwarded samples to spam@ ? Any errors in your SNF log? Rulebase up to date? _M Sunday, April 15, 2007, 2:33:26 PM, you wrote: > I'm getting a ton of spam today that is getting thru the filter, and a lot that is getting caught... anyone else seeing this? Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Anyone else getting hit hard today?
I'm getting a ton of spam today that is getting thru the filter, and a lot that is getting caught... anyone else seeing this? Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright.
[sniffer] Re: Blank Header Emails still getting Through
You can set up a rule on your mail server to reject them if they have blank headers Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bayerdorffer Sent: Thursday, March 29, 2007 2:42 PM To: Message Sniffer Community Subject: [sniffer] Blank Header Emails still getting Through Hello, I've sent examples of these, every time I get them for several weeks, and they are still getting through. Is there something about them that is difficult? Because the body always has the same message. Something about doing email campaigns for charities. Thanks, Daniel -- Daniel Bayerdorffer [EMAIL PROTECTED] Numberall Stamp & Tool Co., Inc. PO Box 187 Sangerville, ME 04479 USA TEL 207-876-3541 FAX 207-876-3566 www.numberall.com <http://www.numberall.com/> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Integration with Mailenable -> Domain Keys
The other issue with SmarterMail is it doesn't have any gui. Which I guess isn't a bad thing. But I sometimes like a gui for certain things. Also Declude seemed very expensive to use with sniffer Sent via my BlackBerry -> Ask me about it! -Original Message- From: "E. H. \(Eric\) Fletcher" <[EMAIL PROTECTED]> Date: Sat, 17 Mar 2007 14:42:43 To:"Message Sniffer Community" Subject: [sniffer] Re: Integration with Mailenable -> Domain Keys Phil / Jay: I am also looking at SmarterMail as an addition to or replacement for several IMail servers and looking at calling MessageSniffer from it without Declude because of the Declude bundling of things we don't want or see value in. While doing a little more reading on the SmarterTools site I saw a link that addresses your discussion on domain keys: http://smartermail.exhalus.net/domainkeys/ Eric - Original Message - From: "Jay Sudowski - Handy Networks LLC" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Saturday, March 17, 2007 1:43 PM Subject: [sniffer] Re: Integration with Mailenable Hi Phil - Good question. We integrate Sniffer into SmarterMail via Declude. However, SmarterMail does have the capability to run a program against a message before it is delivered. We have some customers that use a batch file to call f-prot and get virus scanning integrated into their mail server on the cheap. I believe it would likely be possible to make use of the same functionality to call Sniffer directly, and thus avoid having to purchase Declude. I have just never had a need to attempt this. As for domain keys, I don't believe so. However, you can setup SPFyou're your domains simply by adding the appropriate DNS records to said domains zone files. -Jay -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Cohen Sent: Friday, March 16, 2007 12:01 PM To: Message Sniffer Community Subject: [sniffer] Re: Integration with Mailenable Jay, Thanks for the heads up on Mailenable. I took a look at SmarterMail and it looks pretty good. How does it interface with Message Sniffer or does it require and external gateway such as EWall? How has support been with it and how have they been as far as updates. Also does it have "domain keys" capability and SPF support for sending mail to yahoo.com etc... Thanks, Phil At 07:26 PM 3/15/2007, you wrote: >Stay Away From MailEnable. > >There are so many exploits out there for MailEnable, and there are more >exploits found monthly, if not weekly. At one particular interval, >MailEnable had to re-release the same patch several times in the *same* >week because it kept on not actually fixing the root of the issue. If >you run MailEnable, odds are that you will end up exploited, even if you >stay on the of the patches. > >On top of that, MailEnable is just simply a CPU and IO hog, much more so >than other other mail server I have ever seen. By default, they use >entirely text based configuration files, which on occasion get truncated >to zero during periods of high activity on the server. > >In the past year, we have assisted our customers move 20,000+ mailboxes >away from MailEnable, mostly all to SmarterMail. Do not waste your time >and money with MailEnable. > >-Jay > >-Original Message- >From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On >Behalf Of Phillip Cohen >Sent: Thursday, March 15, 2007 12:22 PM >To: Message Sniffer Community >Subject: [sniffer] Integration with Mailenable > > >We are finally going to replace our old Vopmail server. Looking at >Mailenable Enterprise. Will Sortmonster work with that program? Is >anyone using Mailenable? If so how is it and if it works with >Sortmonster how did you use them together. > >THanks, > >Phil > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> > > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: <[EMAIL PROTECTED]> >To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> >To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> >Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to
[sniffer] Re: Integration with Mailenable
Merak mail server has been great for us, we have 10,000 users, and have not had any problems with it over the 5+ years we have been using it... It's been rock-solid. Don't waste your money on the anti-virus/anti-spam filtering services... just use message sniffer with a content filter and you are set. Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Jay Sudowski - Handy Networks LLC Sent: Thursday, March 15, 2007 10:27 PM To: Message Sniffer Community Subject: [sniffer] Re: Integration with Mailenable Stay Away From MailEnable. There are so many exploits out there for MailEnable, and there are more exploits found monthly, if not weekly. At one particular interval, MailEnable had to re-release the same patch several times in the *same* week because it kept on not actually fixing the root of the issue. If you run MailEnable, odds are that you will end up exploited, even if you stay on the of the patches. On top of that, MailEnable is just simply a CPU and IO hog, much more so than other other mail server I have ever seen. By default, they use entirely text based configuration files, which on occasion get truncated to zero during periods of high activity on the server. In the past year, we have assisted our customers move 20,000+ mailboxes away from MailEnable, mostly all to SmarterMail. Do not waste your time and money with MailEnable. -Jay -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Cohen Sent: Thursday, March 15, 2007 12:22 PM To: Message Sniffer Community Subject: [sniffer] Integration with Mailenable We are finally going to replace our old Vopmail server. Looking at Mailenable Enterprise. Will Sortmonster work with that program? Is anyone using Mailenable? If so how is it and if it works with Sortmonster how did you use them together. THanks, Phil # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Merak integration problems
Thanks Pete, that did the trick! Although after importing the filter it's a bit stange how it actually works (I can't find the logic listed after importing it into the GUI), but it does actually work well. Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, March 12, 2007 7:23 AM To: Message Sniffer Community Subject: [sniffer] Re: Merak integration problems Hello Chris, Monday, March 12, 2007, 1:07:37 AM, you wrote: > Fellow Listees... I am currently running Merak Mail Server 8.9.1, and using my own implementation of Message sniffer as an antivirus scanner. > Anyone have any ideas? Have you seen this: http://forum.icewarp.com/viewtopic.php?p=3964&sid=09b684820aa495200c00be 8857c42e6c Or more specifically this: aguk Joined: 16 Oct 2006 Posts: 105 Posted: Mon Dec 18, 2006 11:01 pmPost subject: Well stupidly there is a Content Filter to make this work. I have the following content filter and it appears to be working. Code: 1 SNIFFER 0 1 0 6 8 0 1 1 0 4 8 D:\sniffer\snfrv2r3.exe xnk05x5vmipeaof7 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0X-SNIFFER-FLAG: Yes _ Andy http://aguk.net Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Merak integration problems
Fellow Listees... I am currently running Merak Mail Server 8.9.1, and using my own implementation of Message sniffer as an antivirus scanner. Problem is, every once in a while things jam up, and it coughs up a bunch of temp files that eventually cause duplicate emails over and over, email stoppage, or mixed up emails to wrong boxes... Unfortunately it's happening more than I can tolerate Does anyone know how to get MS working with spam assissan running on windows? Merak has spam assassin built-in, but I could never get the MS plugin to work... I am at this point considering a different mail server altogether Anyone have any ideas? I'm willing to pay someone for their time if they can get MS integrated better for me in merak. I would like to have more control over what it does with "spam" mails, such as tagging, etc. and I have none of this running it as an AV scanner Thank You, Chris Bunting Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 MS Certified Systems Engineer IP Telephony Expert Lancaster Networks 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright.
[sniffer] Re: Uptick in spam
No stock spam here Thank You, Chris Bunting Direct: 717-278-6639 Office: 888-LANCNET x703 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bayerdorffer Sent: Monday, February 26, 2007 12:21 PM To: Message Sniffer Community Subject: [sniffer] Uptick in spam Hello, I've had a lot more stock spam coming through lately. Has anyone else noticed this? Thanks, Daniel # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Transition to new deliver server completed. Watch Out For The Minor Changes!
Pete, Every so often I end up with thousands of .snf, .xxx and .que files in my sniffer directory, and it stops filtering spam. Any ideas?? I have to delete them, and restart my smtp server & sniffer engine Thank You, Chris Bunting Enterprise Account Manager Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 Fax: 717-431-6262 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, January 04, 2007 5:07 PM To: Message Sniffer Community Subject: [sniffer] Transition to new deliver server completed. Watch Out For The Minor Changes! Hello Message, So far the upgrade seems to have gone off with only one minor hitch. The new server's authentication realm is "SNF" It used to be "SortMonster" If you are using the perl script from khera@kcilink.com then you will need to make this minor adjustment or else the script will fail to authenticate. As far as I can tell from watching the logs there are no other issues so far. Thanks to Matt Reimer for tracking this down and reporting the fix. Best, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Blocking emails with Cyrillic characters
I agree, sniffer isn't a "filter" for that type of thing, that's why your mail server has filters for rbl's, etc,etc. I think it does a fine job right now Thank You, Chris Bunting Enterprise Account Manager Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 Fax: 717-431-6262 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com/> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Wednesday, December 13, 2006 20:48 To: Message Sniffer Community Subject: [sniffer] Re: Blocking emails with Cyrillic characters As some one who speaks Russian, it would be more productive for you to forward those spams to sniffer for processing rather than create a rule based on normal common language characters. Besides, that is not what I expect from Sniffer. My understand of the premise of Message Sniffer is to create rules that search for a pattern in spam messages that can be reliably duplicated. Having a rule solely based on inclusion of common language characters would under-mind that trust we have in Message Sniffer. John T eServices For You "Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve Guluk Sent: Wednesday, December 13, 2006 12:43 PM To: Message Sniffer Community Subject: [sniffer] Blocking emails with Cyrillic characters Hello Comrades, Could we get a rule that looks for various common Russian words (or Cyrillic characters) and then gives them a spam value? Do you sell much Sniffer Product to Russia? If not, rules that focus on common russian words would be great for blocking much of the spam that makes it's way past Sniffer. You could always create a way for people that want Russian emails to exclude this rule. No? Not that I know all the details of how you guys create your rules but a rule looking for common Cyrillic characters could catch all spam formatted in Russian as well as other languages that use similar characters. Otherwise you should hire some coders that understand these languages as I get a heap of spam that passes Sniffer by using what looks like Russian or Cyrillic characters. I run iMail 8.22 so if anyone has any other ideas that could block these please post your suggestions, I guess we could create a phrase list from some of the Cyrillic spams..? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Integration with Merak mail server
http://www.lancnet.com/messagesniffer.htm I put together a tutorial for installing MS with merak mail server Thank You, Chris Bunting Enterprise Account Manager Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 Fax: 717-431-6262 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com/> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright.
[sniffer] Re: Files that appeared in sniffer directory
Thanks Pete! Thank You, Chris Bunting Enterprise Account Manager Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 Fax: 717-431-6262 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com/> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, December 03, 2006 18:58 To: Message Sniffer Community Subject: [sniffer] Re: Files that appeared in sniffer directory Hello Chris, Sunday, December 3, 2006, 2:47:50 PM, you wrote: > All of a sudden I have a bunch of .xxx and .fin files in my ms directory, what are these for? Those files were always there -- but they have always gone away quickly enough that you didn't notice (I suspect). http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetai ls.Peer-Server If you have a number of these files that are not going away then something has gone wrong -- possibly during a reboot or some kind of change, or perhaps if your server has been overloaded. You can usually clear the problem by following this procedure: 1. Stop SMTP processing 2. Wait for all messages to be finished 3. Stop your persistent instance (if you have one). 4. Delete any left-over XXX, FIN, QUE, etc files (see the list in the above link). 5. Start your persistent instance (if you have one). 6. Restart your SMTP processing. 7. Check your SNF log file for any errors. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Files that appeared in sniffer directory
All of a sudden I have a bunch of .xxx and .fin files in my ms directory, what are these for? Thank You, Chris Bunting Enterprise Account Manager Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 Fax: 717-431-6262 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com <http://www.lancasternetworks.com/> -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright.
