[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
I just sent my request to them!! Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +61(0)424 987 789 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - On 10/06/10 9:40 PM, e...@insight.rr.com wrote: SmarterTools to include a true integration of MessageSniffer into smartermail # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Direct SmarterMail integration -- Some Testers ?
We use MX Guard / Invuribl / Sniffer combo would it be a matter of removing Sniffer from the MXGuard.ini ? I would still like to use all 3 options. Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +61(0)424 987 789 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - On 10/06/10 7:24 AM, Pete McNeil wrote: On 6/9/2010 4:24 PM, e...@insight.rr.com wrote: Pete, This is great news! Strictly speaking, this is not new... But, somehow, it's been overlooked. We are interested in improving this option as much as possible and looking into other options too. It would also be a better option if you are able to work with smarterTools directly and see about getting sniffer integrated as a built in call when enabled. We would love to do that. Please ask them about it so that they know their customers are interested in this !! We are ready to work with them to develop a tight integration with SNF whenever they are ready to go with it. We will also continue to contact them about this (we have several times already). Your solution will work for some, but we would require it to be built in vs the cmd line option as we use that for other software processing currently. What are the chances the command line option could be multiplexed in your case? Would that solve the problem? _M # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Australian Bank Phishing emails always seem to get through
Thanks for the response I will setup and UserTrap mail box. and ask our customers to forward to that mailbox. Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - Pete McNeil wrote: David Moore wrote: We are continually seeing Australian bank phishing emails such as the one below (I personally have about 10 a day) that always seem to get through I guess it is because we are in Australia and it is only targeted at .au domains and nobody has bothered to tell sort monster there is a problem. However is there anything we can do to sortmonster such as list all emails from the major Australian banks as suspect. I have created a number of rules from the sample. I think it would be a mistake to tag all messages from major Australian banks -- surely there would be false positives and we can do much better than that. In fact the majority of rules I've just created from this sample are independent of the bank involved so they will work on many bank phishing messages. You are correct that we don't get many submissions from our .au customers -- more .au customers making more spam submissions would help quite a bit. If you could submit these messages to us then we will be able to build rules to combat them. http://www.armresearch.com/support/articles/procedures/spamSubmissions.jsp If you are getting 10 of these per day that number should drop significantly very quickly -- and so would the number for our other .au customers. If you find that there are any other spam that continue to get through even after repeated submissions to us then please treat them as "Chronic Spam" (see the link above) and they will get special attention. We're anxious to solve this problem for you. Our target is no false positives, and no spam leakage. Every little bit helps us get closer. Best, _M # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Australian Bank Phishing emails always seem to get through
We are continually seeing Australian bank phishing emails such as the one below (I personally have about 10 a day) that always seem to get through I guess it is because we are in Australia and it is only targeted at .au domains and nobody has bothered to tell sort monster there is a problem. However is there anything we can do to sortmonster such as list all emails from the major Australian banks as suspect. Original Message Subject:Urgent Notification! Date: 02 Jun 2009 01:54:34 -0500 From: Commonwealth Bank To: webmas...@adsldirect.com.au We recorded a payment request from "HostGator -www.hostgator.com- Reseller Web Hosting" to enable the charge of $74.95 on your account. Because the order was made from an African internet address, we put an Exception Payment on transaction id #POS PAYM7284 motivated by our Geographical Tracking System. *THE PAYMENT IS PENDING FOR THE MOMENT.* If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "HostGator - Reseller Web Hosting". If you didn't make this payment and would like to decline the $74.95 billing to your card, please follow the link below to cancel the payment : Cancel this payment (transaction id #POS PAYM7284) <http://mbl-109-47-183.dsl.net.pk/.security/> *NOTE:* Because email is not a secure form of communication, please do not reply to this email. © Commonwealth Bank of Australia 2009 ABN 48 123 123 124 -- Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -
[sniffer] Re: DST update problem - server changes
I to have the same problem I have reverted back to the old script. (We are windows based) Regards David Moore moo...@romtech.com.au J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - Shawn wrote: > Pete, > > I upgraded to the latest getRulebase file and followed the > instructions, but now all I see on my windows system (DST) is the > following: (I replaced my license ID # with ) > > > snf2check: .new ERROR_RULE_FILE! > 1 file(s) copied.R:2349772 [0/12 - 0] W:0 C:0 B:0 T:0 S:0 > snf2check: .new ERROR_RULE_FILE! > 1 file(s) copied.R:2349772 [0/12 - 0] W:0 C:0 B:0 T:0 S:0 > > > over and over again for pages and pages in my console window. > > > Everything worked great until I updated to the latest getRulebase. My > license ID and everything are all the same and I re-verified them > after I copied the info from the other getRulebase script. > > What is causing this? > > Thanks, > Shawn > > On Mon, Mar 9, 2009 at 2:44 PM, Pete McNeil > mailto:madscient...@armresearch.com>> > wrote: > > Hello Sniffer Folks, > > DST Update Problem: A bug in the old getRulebase.cmd script caused > Win* systems to discard the server's timestamp on rulebase files > and substitute the local timestamp. As a result any system that > change to DST (daylight savings time) after our rulebase delivery > servers would continuously show a newer rulebase file on our > servers. As a result these systems would repeatedly download the > rulebase file as quickly as they could. > > Solutions: > > 1. Everyone should upgrade their getRulebase.cmd script to the > latest version: > http://www.armresearch.com/message-sniffer/download/CURL-getRulebase.zip > > ** Note that most *NIX systems do not have the same problem with > wget, but everyone should check. > *** Note that going forward a CURL based update script is > preferred. Since CURL is available on most *NIX systems by default > we do not expect this to be a problem. > > 2. If not upgrading to the latest version then they should modify > their wget based scripts to ensure that the server's timestamp on > the rulebase file is preserved. > > 3. Since many systems will not be upgraded in the short term, we > are also taking action on the delivery server to prevent problems > with ruelbase updates: From now on a new rulebase will show it's > new timestamp for 5 minutes after it is posted. Then the timestamp > will be pushed back one hour to limit the amount of time systems > with later DST transitions will see the files as new. > > The results of this change will be: > > * Systems that have upgraded to the new getRulebase.cmd script or > are using an otherwise correct update script will see no > difference. By default, SNFSync events occur about once per minute > and since the new rulebase file will be shown with it's current > timestamp for 5 minutes each correctly configured SNF node will > see and download the fresh rulebase file as soon as it is available. > > * Some systems that have not upgraded may attempt to download a > new rulebase file twice, or possibly three times depending upon > timing. However after that time (based on a 180 second guard time) > these systems should cease to see the rulebase files as new and > will stop trying to download the files. Once these systems move to > DST they will operate normally. Of course we hope that all systems > will upgrade their update scripting before this! > > * Systems that are using a scheduled task to update their rulebase > may sometimes see the newer time stamp and may sometimes se
[sniffer] Re: Sniffer Helper App?
I MOVED FROM Imail 8 to SmarterMail 4.3 and then 5.1, best thing I ever did (> the cost of an Imail maintenance contract for Enterprise unlimited users / domains). SmarterMail has grey listing built in so 90-95% spam gets killed at source the other spam is handled out of the box by SpamAssassin. I do have mXGuard and Sniffer full licences but as yet I haven't had to enable them. (mainly because I have only just installed SmarterMail v5.1) Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve Guluk Sent: Wednesday, 2 July 2008 5:18 AM To: Message Sniffer Community Subject: [sniffer] Sniffer Helper App? Hello, I run iMail 9.0 and would like a program that can do GeoIP to screen foreign countries before they even get to iMail. I used to use MXGuard (still have an active license) but my server could not handle the CPU draw. I moved to eWall which really has some great potential as it is a nice light gateway client that works with Sniffer but it also crashes and has a few other problems (this program also introduced me to GeoIP). Any other suggestions as I am beat after trying to get some decent spam relief as well as relief from an aging server. My server is an AMD 2.0 with Raid and 2 gigs of Ram It's faired well over the last couple years but the spam levels ramping up are starting to take their toll and I don't want to move to a new server just yet. eWalls got me spoiled on the GeoIP feature where it polls a DB for country info based on the incoming IP and can delete emails before they reach iMail. Any suggestions on what I should consider to help with spam and also use Sniffer. Is Declude worth while? Some other light gateway like eWall ? Thanks in advance for any suggestions, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Australian Bank Junk Emails
We consistently get Australian banks phising junk emails that sortmonster doesn't seem to pickup can you add the following banks to your rules as banks very rarely send out emails. ANZ Bank WestPac St George National Australia Bank Bank of Queensland Full list here http://www.afsd.com.au/banks1.html Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Thanks for the clarity. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, 13 January 2008 1:25 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello David, Saturday, January 12, 2008, 6:19:11 PM, you wrote: > I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is > my server ip) as well as 127.0.0.1 and do I also put my public IP address in > this file. That might be a good idea -- it all depends upon your environment. When in doubt, add the IP that belongs to you. Any IP that you know and trust which might end up in the Received headers should go into the ignore list. GBUdb determines the source IP of the message as the first Received IP it sees that is NOT in the ignore list. This allows for a high degree of flexibility in message processing pathways - provided you can identify the IPs involved (which is usually the case). Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
I have a question about GBUdbIgnoreList.txt do I put 192.168.100.1 (which is my server ip) as well as 127.0.0.1 and do I also put my public IP address in this file. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Sunday, 13 January 2008 4:25 AM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Harry, You can run the SNF program from the command line with no parameters. It will complain and then tell you about itself. _M Saturday, January 12, 2008, 12:10:35 PM, you wrote: > I do not recall upgrading > How can I tell the version that I am running? > thanks > Harry Vanderzand > Intown Internet > 11 Belmont Ave. W. > Kitchener, ON, N2M 1L2 > 519-741-1222 > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Saturday, January 12, 2008 12:09 PM > To: Message Sniffer Community > Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade > Hello David, > When using snfupd with the new version you can skip the line that > tells SNF to reload. > REM %LicenseID%.exe reload > Most likely the error you received is because there is no executable > named for your license ID. This is ok with the new version. The > snfupd.cmd script was originally written to work with version 2 which > does require "branding" the SNF executable. > The new version of SNF does not require branding. Also, the new > version will very quickly recognize that there is a new rulebase file > and will load it automatically so there is no reason (nor facility) to > notify it about the update. > Hope this helps, > _M > Saturday, January 12, 2008, 11:21:37 AM, you wrote: >> Ok I have most off this working with Imail 8.22 >> So far this is what I have done >> Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup >> task schedule. >> Which generates an from the snfupd.cmd C:\SNF>>>snfupd.cmd >> 'mylicencekeynotshownhere.exe' is not recognized as an internal or > external >> command, >> operable program or batch file. >> REM Load new rulebase file. >> %LicenseID%.exe reload >> So how do I get the SNFserver to update with the latest .snf file. >> Regards David Moore >> [EMAIL PROTECTED] >> J.P. MCP, MCSE, MCSE + INTERNET, CNE. >> www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC > sales >> Office Phone: (+612) 9453 1990 >> Fax Phone: (+612) 9453 1880 >> Mobile Phone: +614 18 282 648 >> Skype Phone: ADSLDIRECT >> POSTAL ADDRESS: >> PO BOX 190 >> BELROSE NSW 2085 >> AUSTRALIA. >> - >> This email message is only intended for the addressee(s) and contains >> information that may be confidential, legally privileged and/or copyright. >> If you are not the intended recipient please notify the sender by reply >> email and immediately delete this email. Use, disclosure or reproduction > of >> this email, or taking any action in reliance on its contents by anyone > other >> than the intended recipient(s) is strictly prohibited. No representation > is >> made that this email or any attachments are free of viruses. Virus > scanning >> is recommended and is the responsibility of the recipient. >> - >> -Original Message- >> From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf >> Of Pete McNeil >> Sent: Thursday, 18 October 2007 9:58 AM >> To: Message Sniffer Communi
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
Ok I have most off this working with Imail 8.22 So far this is what I have done Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup task schedule. Which generates an from the snfupd.cmd C:\SNF>snfupd.cmd 'mylicencekeynotshownhere.exe' is not recognized as an internal or external command, operable program or batch file. REM Load new rulebase file. %LicenseID%.exe reload So how do I get the SNFserver to update with the latest .snf file. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, 18 October 2007 9:58 AM To: Message Sniffer Community Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade Hello Sniffer folks, Please find the latest SNF V2-9 distribution files here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis tributions#NEW_SNF_V2-9_Wide_Beta If you are running a previous version of SNF V2-9, please upgrade as soon as possible. The newest version includes some bug fixes. From the change log: 20071017 - SNF2-9b1.5.exe Added a missing #include directive to the networking.hpp file. The missing #include was not a factor on Linux and Windows systems but caused compiler errors on BSD systems. Corrected a bug in the GBUdb White Range code where any message with a white range source IP was being forced to the white result code. The engine now (correctly) only forces the result and records the event when a black pattern rule was matched and the White Range IP causes that scan result to be overturned. If the scan result was not a black pattern match then the original scan result is allowed to pass through. Corrected a bug in the Header Analysis filter chain module that would cause the first header in the message to be ignored in some cases. Corrected an XML log format problem so that elements are correctly open ended or closed (empty) according to whether they have subordinate elements. Adjusted the GBUdb header info format. The order of the Confidence figure and Probabilty figure is now the same as in the XML log files (C then P). The confidence and probability figures are now preceeded with c= and p= respectively so that it's easy to tell which is which. Thanks! _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
We are using MxGuard, Sniffer, InvURIBL combo on Imail will the beta sniffer still fit with this combination with out issues? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of E. H. (Eric) Fletcher Sent: Friday, 21 December 2007 8:35 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Frank: Thanks for your input. There are definitely things leaking though that wouldn't have leaked through before. We've held off hoping for a production release but it may not be practical much longer. On that note, for anyone else in the same position, we tested adding InvURIBL from Invariant Systems. It's not a sniffer replacement but definitely caught a lot of what sniffer currently lets through for the very valid reasons Pete has covered. The only thing missing seemed to be a white list so that you could white list legitimate publications that might contain links to 'offensive' sites. That can probably be tuned out thru weighting however we'd hoped not to be re-inventing the wheel for a short term solution. Eric - Original Message - From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, December 20, 2007 1:17 PM Subject: [sniffer] Re: Excessive amounts of spam > > We have been running it for - I guess - 2 month now without any trouble. > > >> How stable is the beta version? >> >> Regards David Moore >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> >> J.P. MCP, MCSE, MCSE + INTERNET, CNE. >> www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and >> Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales >> >> Office Phone: (+612) 9453 1990 >> Fax Phone: (+612) 9453 1880 >> Mobile Phone: +614 18 282 648 >> Skype Phone: ADSLDIRECT >> >> POSTAL ADDRESS: >> PO BOX 190 >> BELROSE NSW 2085 >> AUSTRALIA. >> >> - >> >> This email message is only intended for the addressee(s) and contains >> information that may be confidential, legally privileged and/or >> copyright. If you are not the intended recipient please notify the sender >> by reply email and immediately delete this email. Use, disclosure or >> reproduction of this email, or taking any action in reliance on its >> contents by anyone other than the intended recipient(s) is strictly >> prohibited. No representation is made that this email or any attachments >> are free of viruses. Virus scanning is recommended and is the >> responsibility of the recipient. >> >> - >> >> *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On >> Behalf Of *Pete McNeil >> *Sent:* Friday, 21 December 2007 8:10 AM >> *To:* Message Sniffer Community >> *Subject:* [sniffer] Re: Excessive amounts of spam >> >> Hello David, >> >> Thursday, December 20, 2007, 3:25:45 PM, you wrote: >> >> >>> >> >> >> >> Ø If you are not yet running the latest beta then that might help quite >> a bit since the GBUdb (IP reputation system) does a good job capturing >> new spam from old bots even before rules are coded. >> >> Please clarify are you saying it would help if we had the beta installed? >> >> Yes. The new GBUdb engine reduces leakage quite a bit. As more systems >> adopt the new version this will improve even more. Most new spam >> campaigns are started with some large fraction of existing bots. Messages >> from
[sniffer] Re: Excessive amounts of spam
How stable is the beta version? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, 21 December 2007 8:10 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: > Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, 21 December 2007 6:14 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Hello Steve, Thursday, December 20, 2007, 1:54:12 PM, you wrote: > Hello, Any word on the ramping up of Viagra spams getting through in the last week? I'm now getting more and more clients complaining so maybe the Message Sniffer traps are not getting these. Or is everyone off for the holidays already? I'll start sending over the ones I get to the spam address as a follow up. We are definitely here 24/7/365. We've seen a number of heavy campaigns recently, but we've generally been on top of them. At the moment we have 98.3% capture on our heaviest spamtraps - they are showing 400% of their nominal traffic - this is most likely attributable to the new campaigns launched today: At least two new campaigns launched today within the last few hours and we had both of those blocked very quickly. If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Also, be sure that your rulebase is up to date. The best way to update your rulebase is to trigger your update script based on our update notifications. If instead you are using a scheduled task / cron then you will want to check for a new rulebase at least once per hour. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
When do you think the beta version will go to non beta i.e. live. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, 7 November 2007 2:32 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello Serge, Tuesday, November 6, 2007, 9:56:26 PM, you wrote: > Hello what files need to go in the workplace directory ? TIA Normally, all of the distribution files plus your rulebase (.snf) file. Also, it is common to have your update script and utilities in the workspace or a sub directory from there. It is possible with the new version to put some of these files in different locations - but that is more complex. You can see the directory options in the top few lines of the snf_engine.xml file where you can set paths for logs, rulebase files, workspace, and identity. Be sure to include the full path (on winx boxes this includes the drive letter). One common option when setting up the new beta on a system that already has the old version running is to configure the snf_engine.xml so that the rulebase file is located in the old SNF workspace. This way it is easy to switch back if desired, and existing update mechanisms can remain unchanged until you are ready to make a permanent switch. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Spam
Well done Andy, cant wait for some spam to try it out on. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, 30 May 2007 7:39 AM To: Message Sniffer Community Subject: [sniffer] Re: Spam I recommend "SpamSource", if you are an Outlook user. It's a little toolbar applet that you can configure any recipient of the forwarded spam and it will include all the original mail headers - just the way Sniffer, Spamcop etc. like it. All you do is press the button on the toolbar and the message will be forwarded, deleted from your inbox and not even appear in your "sent" folder (all configurable). Best Regards, Andy -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of David Moore Sent: Tuesday, May 29, 2007 4:54 PM To: Message Sniffer Community Subject: [sniffer] Re: Spam Long time in getting back to you about this but: >preferably to a spam collection pop3 box on your system I am happy to send it to a box called [EMAIL PROTECTED] password sort!23&1#6eh will you arange for your bot to collect ? When I send spam to [EMAIL PROTECTED] in the past I have been laborusly opening the header, coping header content, forwarding email, past header content to beginning of email and sending is there a quicker way. If I send spam to [EMAIL PROTECTED] how would I stop our system from re tagging the email as spam from me. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, 14 May 2007 9:27 PM To: Message Sniffer Community Subject: [sniffer] Re: Spam Hello David, Monday, May 14, 2007, 2:59:16 AM, you wrote: Do not send spam to the sniffer@ list. Submit un-captured spam to [EMAIL PROTECTED], or preferably to a spam collection pop3 box on your system that can be picked up by our bots. Thanks! _M # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PRO
[sniffer] Re: Spam
Long time in getting back to you about this but: >preferably to a spam collection pop3 box on your system I am happy to send it to a box called [EMAIL PROTECTED] password sort!23&1#6eh will you arange for your bot to collect ? When I send spam to [EMAIL PROTECTED] in the past I have been laborusly opening the header, coping header content, forwarding email, past header content to beginning of email and sending is there a quicker way. If I send spam to [EMAIL PROTECTED] how would I stop our system from re tagging the email as spam from me. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, 14 May 2007 9:27 PM To: Message Sniffer Community Subject: [sniffer] Re: Spam Hello David, Monday, May 14, 2007, 2:59:16 AM, you wrote: Do not send spam to the sniffer@ list. Submit un-captured spam to [EMAIL PROTECTED], or preferably to a spam collection pop3 box on your system that can be picked up by our bots. Thanks! _M # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Appriver issue
I think what Peter is try to say is that Sort monster is hosted at Appriver and Appriver had an issue and therefore so did Sort monster. http://www.dnsstuff.com/tools/dnsreport.ch?&domain=sortmonster.com Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Saturday, 19 May 2007 11:59 AM To: Message Sniffer Community Subject: [sniffer] Re: Appriver issue Thanks for the explanation, and I wasn't trying to blame you - just wanted more info is all. We use Sniffer, but not Appriver. You said that if we don't use Appriver, we shouldn't have been affected, but you also seemed to say that if one of the recipient's of my user's email uses Appriver that might've caused a problem. And also that *some* of Sniffer users might have experienced the problem as well. It sounds like things are still being worked out. I just wanted some kind of verification that they were aware of the problem, were working on it, that they were in some way sorry about what happened...you know - the usual stuff. And I know that you are not an official rep of Appriver or anything, but presently you're all we have in that role ;) Thanks Kevin Pete McNeil wrote: > Hello Kevin, > > Friday, May 18, 2007, 8:52:47 PM, you wrote: > > >> Pete - Thanks for the reply, but I guess I don't understand what >> you're saying. "Some packet loss" and "rulebase downloads to slow >> down for a time" don't reflect what happened to me yesterday and >> apparently not what happened to one of the other posters either when >> he said that Appriver was having a problem "with sending messages >> over and over again". I received over (at last count) 35,000 >> messages (almost all of which were bounced replies, from one email >> from one of our users who sent an email to about 70 people) yesterday. >> > > >> And I had already gone to http://www.armresearch.com/ yesterday and >> there was nothing there. There is nothing there today that I can see. >> > > >> What happened? I lost an entire day's worth of email because of >> bounced messages. I didn't sleep last night. I don't even use >> Appriver. I would hope someone could explain it a little better than that. Thanks. >> > > I was answering the question - how is AppRiver related to Message > Sniffer. > > I don't have specifics on the problem at AppRiver yet - they are still > picking up the pieces, though operations are back to normal afaik. I > do know (preliminarily) that the problem occurred when a new piece of > software caused some messages with multiple recipients to loop and as > a result to be replicated and resent repeatedly. > > If you are not a user of AppRiver then you shouldn't have been > effected. Perhaps if you sent a message to someone who is a user of > AppRiver then that might have gotten your messages involved. > > The only direct effect I'm aware of for SNF users was that for a time > rulebase downloads were slowed due to packet loss. > > Since we use AppRiver for filtering (they, after all are using SNF) > some messages that get sent to us apparently did loop to some lists. > Also, some email to our accounts was delayed. > > I would need to know a lot more about your system and the email you > lost before I could make any guesses as to what happened there -- but > if you're not using AppRiver then you shouldn't have been effected. > > Hope this helps, > > _M > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to &l
[sniffer] Re: Spam
DIGI FOX Inc Good afternoon, Can we try and make you interested in a home based job that may pay up to AUD2500-3500 per month? No envelope filling nonsense, no start up charges, this is a straightforward offer. You don.t have to give up your present career; it will only take a small part of your time. All you need to have to start running your business with our company are reliable E-mail access and a bank account. And your willingness to earn, of course. The job is transaction handling. You will receive the transfers our customers/resellers send directly to you and forward it to us or our agents via one of chosen money transfer agencies. The job is pretty simple and you won't need any special knowledge to start, though we do require that you are able to act on a very short notice. We only pay such a decent commission because we keep our customers happy with our swiftness. And if you are looking for career there.s a chance of becoming a part of our team in the future (based on your performance), team in which you will be truly respected and honestly rewarded - just think about this! We hope to hear from you soon. Please email back [EMAIL PROTECTED] and we will be glad to provide more information. Thank you! I have been getting these emails all day and reporting them to [EMAIL PROTECTED] why are they still gett through I have seen about 30 of them to my email address alone. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, 14 May 2007 7:54 AM To: Message Sniffer Community Subject: [sniffer] Re: Spam Hello Rick, About that time they started serveral new campaigns using what appears to be a new version of message obfuscating bot software along with several new sources for "stuffing". Volumes and leakage have been up since then. Today's activity is a new, much stronger burst of the same activity (it appears). Hope this helps, _M Sunday, May 13, 2007, 5:47:48 PM, you wrote: > We are seeing the same thing. Started about a week and a half ago. > Rick Hogue > 502-649-3431 Cell > > "Is your association working on the web?" > http://www.samprogram.com > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On > Behalf Of Chuck Schick > Sent: Sunday, May 13, 2007 1:06 PM > To: Message Sniffer Community > Subject: [sniffer] Spam > We are seeing a lot of spam getting through. running updates but does > not seem to be stopping it. > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > administrative queries to <[EMAIL PROTECTED]> > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > administrative queries to <[EMAIL PROTECTED]> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you becaus
[sniffer] Re: Integration with Mailenable
I to would like to pursue this option I have in the past purchased Mail Enable Enterprise 2 but could no handle the amount of spam it let in and reverted back to Imail 8.22 and unwilling to upgrade to 2006.2. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Cohen Sent: Friday, 16 March 2007 5:22 AM To: Message Sniffer Community Subject: [sniffer] Integration with Mailenable We are finally going to replace our old Vopmail server. Looking at Mailenable Enterprise. Will Sortmonster work with that program? Is anyone using Mailenable? If so how is it and if it works with Sortmonster how did you use them together. THanks, Phil # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Lots of stock spam getting through
Dito. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, 6 February 2007 8:35 AM To: Message Sniffer Community Subject: [sniffer] Lots of stock spam getting through We are seeing a major increase in stock spam today with the subject "think about it" "think of it" - Sniffer is not catching these yet. I checked and our rulebase is up to date. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Stock spam
I have setup that all [SPAM] be delivered to junk mail and then I run C:\IMail\immsgexp.exe -tc:\imail -d7 -m"Junk E-Mail.mbx" Every night as a task to kill any messages older than 7 days that way if the customer does not empty junk mail we do, This does a pretty good job of keeping the system in check. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Herb Guenther Sent: Wednesday, 13 December 2006 5:10 AM To: Message Sniffer Community Subject: [sniffer] Re: Stock spam We went from about 40K total messages a day on about 10K good at the beginning of the year, to 60K over summer, 90K in Sept, and about 180K now with about 13K good, w about a 20% increase in mailboxes. Had to upgrade our server a few weeks ago. We also for the first time went to deleting messages that scored 2X the marked as spam level. So we now delete about 120K messages a day with Declude level. We are also having sniffers point by itself mark as spam, used to take at least one other test to fail. I don't know what we will do if we see another 5X increase next year, I guess buy another server and move some domains. Herb David Waller wrote: > On the sub topic of increased spam rates we're seen a 10x increase > from 30-40k per day to 250-450k per day in over the last 3 months, > none of this due to increased customer count :( > > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On > Behalf Of Pete McNeil > Sent: 12 December 2006 17:43 > To: Message Sniffer Community > Subject: [sniffer] Re: Stock spam > > > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > administrative queries to <[EMAIL PROTECTED]> > > -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: [Fwd: keep up with the jones']
We also sent this to [EMAIL PROTECTED] this morning so it is interesting to see how this got submitted to the mail list if that is how it got through. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Kim W. Premuda Sent: Wednesday, 4 October 2006 4:06 PM To: Message Sniffer Community Subject: [sniffer] Re: [Fwd: keep up with the jones'] Sorry...this was mistakenly sent to the wrong e-mail address. It was supposed to go to '[EMAIL PROTECTED]', and I was off one line when I clicked on the item in my address book. Kim W. Premuda FastWave Internet Services San Diego, CA --- [This E-mail scanned for viruses by Declude Virus] # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Sniffer does not catch as much as it used to.
Imail MXGuard + Sniffer + invURIBL =97% capture rate. Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA. -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, 20 September 2006 11:11 PM To: Message Sniffer Community Subject: [sniffer] Re: Sniffer does not catch as much as it used to. Hi Rick, It's a constant battle, with spammers getting more sophisticated, and filtering tools trying to catch up and anticipate the next move. That said, we do not see the kind of leakage you see, probably due to other tests we run on our systems. I would recommend you supplement with BLs and other Declude tests to stop the leakage. Also, make sure any negative weights you have are not allowing the leakage. An external test you may consider is invURIBL from invariant systems. We haven't run it, but have heard good reports from others who do run it. All the best, Darin. - Original Message - From: "Rick Hogue" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Wednesday, September 20, 2006 8:34 AM Subject: [sniffer] Sniffer does not catch as much as it used to. I just signed my annual renewal for Sniffer but it seems that it used to catch lots of the email and now is only catching about 50% of the email Why when we are sending in our information does this continue to happen? We are getting lots of you won, Pharmacy spelled wrong and nonsense emails that sail through both Declude and Sniffer. Between the 2 of them that is over $1000 per year for spam/virus/hijack protection that seems not be happening like it used to. Any answers as to when we will get relief on these? Rick Hogue Intent.Net Web Hosting -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.12.5/451 - Release Date: 9/19/2006 # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Another example of an empty email but looking at the source.
Received: from PC05.4ueleoz.org [202.215.167.25] by romtech.com.au with ESMTP (SMTPD-8.22) id A7AC0224; Thu, 24 Aug 2006 08:33:16 +1000 Message-Id: <[EMAIL PROTECTED]> X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: d7ab017912af X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) Subject: From: [EMAIL PROTECTED] Date: Thu, 24 Aug 2006 08:33:20 +1000 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 454950044 X-IMail-ThreadID: d7ab017912af Body contents below <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> End of email Is there a rule to filter out empty emails ? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA.
[sniffer] Blank emails
I am seeing a lot of Spam emails with blank body’s is this because our internet connection is too slow or because the spammers are failing to complete there transaction Received: from CIBER2.ctijdq6u.org [201.135.34.108] by romtech.com.au with ESMTP (SMTPD-8.22) id A02D0268; Thu, 24 Aug 2006 08:01:17 +1000 Message-Id: <[EMAIL PROTECTED]> X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: d027016d10c4 X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) Subject: From: [EMAIL PROTECTED] Date: Thu, 24 Aug 2006 08:01:22 +1000 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 454950041 X-IMail-ThreadID: d027016d10c4 Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA.
[sniffer] Am I submitting to s...@sortmonster.com properly
I just want to know if I am submitting spam emails to [EMAIL PROTECTED] properly being in Australia we see a lot of spam targeting ANZ, National and Commonwealth bank and they seem to be evading the Sniffer program so when I send a spam to [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the header and forward the email to [EMAIL PROTECTED] is this working properly. Please see example below. Regards David Moore Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by romtech.com.au (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 Message-ID: <[EMAIL PROTECTED]> From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Commonweal Bank of Australia new security features. Date: Tue, 22 Aug 2006 10:45:09 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_001D_01C6C5D8.0A0008A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 X-mxGuard-SpoolID: 082d00a1ecb1 X-mxGuard-Sender: [EMAIL PROTECTED] X-mxGuard-Virus-Info: No viruses detected X-mxGuard-Spam-Score: 0 X-mxGuard-Spam-Probability: CLEAN X-Note: This message has been scanned for spam and viruses by mxGuard for IMail (www.mxguard.com) X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 454949852 X-IMail-ThreadID: 082d00a1ecb1 From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] Sent: Tuesday, 22 August 2006 4:45 PM To: [EMAIL PROTECTED] Subject: Commonweal Bank of Australia new security features. It has come to our attention that your account needs to be confirmed due to the recent changes we have made to our NetBank online system. We contacted you for the following reason: Confirm your Information in order to activate new NetBank security features for your account. Be sure to log in securely by following the link below. It's important that you confirm your NetBank account information otherwise you will not be able to access our online services. We encourage you to login in to your Commonwealth Bank account as soon as possible to help avoid this. Click here We appreciate your understanding as we work to ensure account safety. Sincerely, Commonweal Bank of Australia management stuff. Email ID: GFR97DF
[sniffer] Newbie Question about .fin and .srv
I am running mxGuard, invURIBL, Message sniffer and I have just installed the Message Sniffer as a service in persistent mode. I have a few files in the Sniffer directory that are about 24 hour old can they be deleted? (License code removed) -20060812095802xAAF83996-1008.SVR -20060812175037x5315DDED-688.FIN -20060812170345xC4A5F6BC-5852.FIN -20060812100537x6AB29C04-5872.FIN -20060812091354xAAF83996-6124.SVR Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. DELIVERY ADDRESS: 21 GLEN STREET BELROSE NSW 2085 AUSTRALIA. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>