[sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade
I do not recall upgrading How can I tell the version that I am running? thanks Harry Vanderzand Intown Internet 11 Belmont Ave. W. Kitchener, ON, N2M 1L2 519-741-1222 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Saturday, January 12, 2008 12:09 PM To: Message Sniffer Community Subject: [sniffer] Re: SNF V2-9b1.5 Released - Please Upgrade Hello David, When using snfupd with the new version you can skip the line that tells SNF to reload. REM %LicenseID%.exe reload Most likely the error you received is because there is no executable named for your license ID. This is ok with the new version. The snfupd.cmd script was originally written to work with version 2 which does require "branding" the SNF executable. The new version of SNF does not require branding. Also, the new version will very quickly recognize that there is a new rulebase file and will load it automatically so there is no reason (nor facility) to notify it about the update. Hope this helps, _M Saturday, January 12, 2008, 11:21:37 AM, you wrote: > Ok I have most off this working with Imail 8.22 > So far this is what I have done > Copied, unpacked RImailSnifferUpdateTools.zip, edited snfupd.cmd and setup > task schedule. > Which generates an from the snfupd.cmd C:\SNF>>snfupd.cmd > 'mylicencekeynotshownhere.exe' is not recognized as an internal or external > command, > operable program or batch file. > REM Load new rulebase file. > %LicenseID%.exe reload > So how do I get the SNFserver to update with the latest .snf file. > Regards David Moore > [EMAIL PROTECTED] > J.P. MCP, MCSE, MCSE + INTERNET, CNE. > www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales > Office Phone: (+612) 9453 1990 > Fax Phone: (+612) 9453 1880 > Mobile Phone: +614 18 282 648 > Skype Phone: ADSLDIRECT > POSTAL ADDRESS: > PO BOX 190 > BELROSE NSW 2085 > AUSTRALIA. > - > This email message is only intended for the addressee(s) and contains > information that may be confidential, legally privileged and/or copyright. > If you are not the intended recipient please notify the sender by reply > email and immediately delete this email. Use, disclosure or reproduction of > this email, or taking any action in reliance on its contents by anyone other > than the intended recipient(s) is strictly prohibited. No representation is > made that this email or any attachments are free of viruses. Virus scanning > is recommended and is the responsibility of the recipient. > - > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Thursday, 18 October 2007 9:58 AM > To: Message Sniffer Community > Subject: [sniffer] SNF V2-9b1.5 Released - Please Upgrade > Hello Sniffer folks, > Please find the latest SNF V2-9 distribution files here: > http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis > tributions#NEW_SNF_V2-9_Wide_Beta > If you are running a previous version of SNF V2-9, please upgrade as > soon as possible. > The newest version includes some bug fixes. From the change log: > 20071017 - SNF2-9b1.5.exe > Added a missing #include directive to the networking.hpp file. The > missing #include was not a factor on Linux and Windows systems but > caused compiler errors on BSD systems. > Corrected a bug in the GBUdb White Range code where any message with a > white range source IP was being forced to the white result code. The > engine now (correctly) only forces the result and records the event when > a black pattern rule was matched and the White Range IP causes that > scan result to be overturned. If the scan result was not a black pattern > match then the original scan result is allowed to pass through. > Corrected a bug in the Header Analysis filter chain module that would > cause the first header in the message to be ignored in some cases. > Corrected an XML log format problem so that elements are correctly > open ended or closed (empty) according to whether they > have subordinate elements. > Adjusted the GBUdb header info format. The order of the Confidence > figure and Probabilty figure is now the same as in the XML log files > (C then P). The confidence and probability figures are now preceeded > with c= and p= respectively so that it's easy to tell which is which. > Thanks! > _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to th
[sniffer] Re: Is this working?
If it ain't broke there's not much to say. All is well Harry Vanderzand Intown Internet 11 Belmont Ave. W. Kitchener, ON, N2M 1L2 519-741-1222 -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Shaun Sturby, MCSE Optrics Engineering Sent: Wednesday, March 28, 2007 1:52 PM To: Message Sniffer Community Subject: [sniffer] Re: Is this working? Pong Shaun Sturby Technical Services Manager - - - - - - - - - - - - - - - - - - - Optrics Engineering | www.Optrics.com Canada: 6810 - 104 Street, Edmonton, AB, T6H 2L6 TF: 877-463-7638Fax: 780-432-5630 USA: 1740 S 300 West #10, Clearfield, UT, 84015 TF: 877-386-3763Fax: 801-705-3150 -- - - - - - - - - - - - - - - - - - - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Phillip Cohen Sent: Wednesday, March 28, 2007 11:43 AM To: Message Sniffer Community Subject: [sniffer] Is this working? Since installing Mail Sniffer I have not gotten anything on this list. Has it just been slow and there is no traffic or is sniffer eating up this list as SPAM? Phil # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Triggered rulebase update script
I successfully implemented this. I was downloading the update every two hours before. Since the change I seem to have eliminated those few Spam messages that got through. I use declude and sniffer together. I am more pleased than ever with the results. Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Tuesday, December 12, 2006 2:51 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Triggered rulebase update script > > Harry, you change your email notifications by sending an > email to the support@ address and requesting it. > > The Wiki has documentation for setting up the automatic > download based on these notifications here, for Ipswitch IMail: > > http://kb.armresearch.com/index.php?title=Message_Sniffer.Tech > nicalDetai > ls.AutoUpdates > > Andrew 8) > > > > -Original Message- > > From: Message Sniffer Community > > [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand > > Sent: Tuesday, December 12, 2006 10:54 AM > > To: Message Sniffer Community > > Subject: [sniffer] Triggered rulebase update script > > > > Can anyone guide me to a link that would help me set up a triggered > > update. > > > > I am using the scheduled method at the moment and would > like to change > > it. > > > > Also, how does one change the e-mail address that is used > by sniffer > > for sending update notifications? > > > > Thank you > > > > Harry Vanderzand > > inTown Internet & Computer Services > > 519-741-1222 > > > > > > > > > > > -Original Message- > > > From: Message Sniffer Community > > > [mailto:[EMAIL PROTECTED] On Behalf Of Bill Green > dfn Systems > > > Sent: Tuesday, December 12, 2006 1:15 PM > > > To: Message Sniffer Community > > > Subject: [sniffer] Re: Stock spam > > > > > > > It's interesting to see such mixed results posted. It makes > > > me wonder > > > > what the differences are between the systems reporting > high catch > > > > rates (which we also see, once a campaign has been > > > analyzed) and low > > > > catch rates. > > > > > > I personally found the importance of triggered updates. I was > > > receiving lots of stock and image spam. I had scheduled updates > > > several times a day so I didn't think that had much to do > > with it. I > > > couldn't get the Triggered update script to work until last > > week when > > > I executed each line manually and found my bonehead > > mistake. Spam has > > > all but disappeared. > > > > > > I would encourage anyone using scheduled updates, no matter how > > > frequently, to move to a Triggered Update script > > > > > > Bill Green > > > dfn Systems > > > > > > > > > > > > # > > > This message is sent to you because you are subscribed to > > > the mailing list . > > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > > switch to > > > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > > To switch > > > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > > > administrative queries to <[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > > # > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to > > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch > > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > > administrative queries to <[EMAIL PROTECTED]> > > > > > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> To switch to the INDEX mode, > E-mail to <[EMAIL PROTECTED]> Send administrative > queries to <[EMAIL PROTECTED]> > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] FW: umzqbs4l.snf Update 20061212.1926
Harry Vanderzand inTown Internet & Computer Services 519-741-1222 -Original Message- From: Harry Vanderzand [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 2:48 PM To: '[EMAIL PROTECTED]' Subject: FW: umzqbs4l.snf Update 20061212.1926 Harry Vanderzand inTown Internet & Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 2:27 PM To: Harry Vanderzand Subject: umzqbs4l.snf Update 20061212.1926 This is a Message Sniffer Rulebase Update Notification. It indicates that your SNF rulebase has just been recompiled with our latest antispam rules. You should receive a notice like this every few hours, every day. You should configure your system to download your .snf file each time this message is received. This message can be redirected to any address you like for that purpose. Most email systems provide a "Program Alias" mechanism that will launch a program when a message is received at a particular address. You can find more information about auto-downloads visit our wiki http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.A utoUpdates - or send a note to [EMAIL PROTECTED] if you have questions. If you choose to download your rulebase file using a scheduled task then we can disable these notifications. Please send your request to [EMAIL PROTECTED] Information about your rulebase, authentication string, and download passwords follow... The umzqbs4l.snf rule base has been updated. The file is 11942816 bytes and contains 71743 rules. Your unique rulebase and license ID: umzqbs4l.snf Authentication code for this license is: cjyzyuvli5p5kvbe Please see the following URL for installation instructions: http://kb.armresearch.com/index.php?title=Message_Sniffer.Installation You can download your rulebase file at: http://www.sortmonster.net/Sniffer/Updates/umzqbs4l.snf or ftp://ftp.sortmonster.net/umzqbs4l.snf Login with: sniffer, ki11sp8m For the latest software distribution: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Dis tributions Down/Up-load automation starter scripts for windows are available on our site (you will need to modify them for your use): http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.S ubmittedScripts Please upload your Message Sniffer log files daily to ftp.sortmonster.net. Login With: snifferlog, ki11sp8m THANKS! -Support # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Triggered rulebase update script
Can anyone guide me to a link that would help me set up a triggered update. I am using the scheduled method at the moment and would like to change it. Also, how does one change the e-mail address that is used by sniffer for sending update notifications? Thank you Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Bill Green dfn Systems > Sent: Tuesday, December 12, 2006 1:15 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Stock spam > > > It's interesting to see such mixed results posted. It makes > me wonder > > what the differences are between the systems reporting high catch > > rates (which we also see, once a campaign has been > analyzed) and low > > catch rates. > > I personally found the importance of triggered updates. I was > receiving lots of stock and image spam. I had scheduled > updates several times a day so I didn't think that had much > to do with it. I couldn't get the Triggered update script to > work until last week when I executed each line manually and > found my bonehead mistake. Spam has all but disappeared. > > I would encourage anyone using scheduled updates, no matter > how frequently, to move to a Triggered Update script > > Bill Green > dfn Systems > > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> To switch to the INDEX mode, > E-mail to <[EMAIL PROTECTED]> Send administrative > queries to <[EMAIL PROTECTED]> > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Update pacing...
My script does not check for update first. Is there a sample that does do that that you can point me to? Thank you Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Monday, June 19, 2006 4:15 PM > To: Message Sniffer Community > Subject: [sniffer] Update pacing... > > Hello Message, > > We have just reduced our rulebase update pacing from 150 minutes to > 120 minutes. > > This means rulebase updates will now arrive 20% faster. > > If you are using a scheduled task to retrieve your updates, please > adjust your timing appropriately. (about every 60 minutes should be > reasonable provided your script checks for an updated file before > performing the download). > > If you are triggering your updates based on the arrival of our > update notification messages then you need not take any additional > action - the change will be automatic. > > Thanks, > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Weight Gate Success? Failure?
I saw the activity on the list when it was created but have not seen a full description of it and it's functionality. I may be interested in using it but am not sure at this point. Could you provide that? Thank you Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: Message Sniffer Community > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Tuesday, June 13, 2006 11:49 AM > To: Message Sniffer Community > Subject: [sniffer] Weight Gate Success? Failure? > > Hello Sniffer Folks, > > Is anyone successfully using the WeightGate utility? > > Anyone having trouble with it? > > I've literally heard nothing so far ;-) > > Thanks, > > _M > > -- > Pete McNeil > Chief Scientist, > Arm Research Labs, LLC. > > > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
RE: [sniffer] New Web Site!
What is a wiki? Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Friday, March 17, 2006 11:07 AM > To: sniffer@sortmonster.com > Subject: [sniffer] New Web Site! > > Hello Sniffer Folks, > > Today we are making a major transition. The old Message Sniffer web > site will be torn down and replaced with a new WIKI: > > http://kb.armresearch.com/index.php?title=Message_Sniffer > > The top Message Sniffer page will retain it's index for a while but > instead of sending you to the original pages the links will take you > to appropriate pages in the new WIKI. > > Also - if you try to go directly to an old page you will be > redirected automatically to the appropriate new page. > > The WIKI requires that you create an account and log-in before > making any changes. We know there are blackhats out there so we will > be watching very closely... If we find there is abuse, we will > disable the ability to create accounts and you will need to contact > us at support@ if you want the ability to post -- let's hope it > doesn't come to that. > > We will continue to update, improve, and correct the wiki - it will, > in fact, be under constant development. > > Have fun! > > Thanks, > > _M > > Pete McNeil (Madscientist) > President, MicroNeil Research Corporation Chief SortMonster > (www.sortmonster.com) Chief Scientist (www.armresearch.com) > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] declude tests
Thanks so much Pete I got it all sorted out Phew It's humming along just fine with each individual test. I look forward to the day that there are more gui's in products like this. That way I can choose what I want done but the software does the configuring for me and thus eliminates syntax errors and other misunderstandings. Both declude and sniffer would benefit greatly from that. I future wish Thanks again Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Tuesday, March 07, 2006 6:28 PM > To: Harry Vanderzand > Subject: Re[2]: [sniffer] declude tests > > On Tuesday, March 7, 2006, 6:20:04 PM, Harry wrote: > > HV> I guess I am not understanding something here after all this time > > HV> So as I understand I leave the persistent word out of the declude > HV> config and just run the service? > > YES. :-) > > The instances launched by Declude will recognize that the > service is running and will elect to be peer-client instances > automatically. > > Also, if the service fails for any reason then they will > automatically adopt peer-server mode. > > (In Peer-Server mode, instances take turns acting as a > service for short periods to improve performance.) > > Hope this helps, > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] declude tests
I guess I am not understanding something here after all this time So as I understand I leave the persistent word out of the declude config and just run the service? Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Tuesday, March 07, 2006 6:10 PM > To: Harry Vanderzand > Subject: Re: [sniffer] declude tests > > On Tuesday, March 7, 2006, 4:58:35 PM, Harry wrote: > > HV> > HV> > HV> at the moment I run the following test in declude > HV> > HV> SNIFFER external nonzero > HV> "D:\IMail\Declude\sniffer\xx.exe > persistent" 13 > HV> 0 > HV> > > THIS IS WRONG! > > You should not have the persistent command line option in > your Declude configuration. You should only run your > persistent instance outside of Declude. Run only peer > instances (without the persistent keyword) from inside Declude. > > HV> I have seen a more detailed setup before and am > interested in doing > HV> that here also. Is there a comprehensive list somewhere > along with instructions? > HV> > HV> If I want to apply separate weighting using only some of the > HV> detailed test and then a catchall test for the rest, is > that possible? > > Sure. The easiest way I know of is to leave your existing > line in place and then add an additional test (using SNF) > that adjusts the specific result code you want to tune. > > For example, if you wanted to back down group 63 you might add a line: > > SNF63 external 63 "D:\IMail\Declude\sniffer\xx.exe > " -3 0 > > Declude will recognize that the command line is identical and > will simply reuse the result with the new test name "SNF63" > instead of running SNF again. > > Hope this helps, > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] declude tests
thank you I put in the detailed tests as below. When the nonsero single test runs I get items trapped with a score of 7 by sniffer however when I turn it off and activate4 the detailed once I do not get a hit at all on the detailed tests even though it is the exact same item. What did I miss here? change from: #SNIFFER external nonzero "D:\IMail\Declude\sniffer\xx.exe xx persistent" 7 0to: #SNIFFER-TRAVEL external 047 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 10 0#SNIFFER-INSURANCE external 048 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 10 0#SNIFFER-AV-PUSH external 049 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 10 0#SNIFFER-WAREZ external 050 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 15 0#SNIFFER-SPAMWARE external 051 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 19 0#SNIFFER-SNAKEOIL external 052 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 19 0#SNIFFER-SCAMS external 053 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 19 0#SNIFFER-PORN external 054 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 19 0#SNIFFER-MALWARE external 055 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 20 0#SNIFFER-INKPRINTING external 056 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 10 0#SNIFFER-SCHEMES external 057 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 15 0#SNIFFER-CREDIT external 058 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 15 0#SNIFFER-GAMBLING external 059 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 15 0#SNIFFER-EXP-IP external 063 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 10 0#SNIFFER-OBFUSCATION external 062 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 15 0#SNIFFER-EXP-ABST external 061 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 10 0#SNIFFER-GENERAL external 060 "D:\IMail\Declude\sniffer\xx.exe xx persistent" 12 0 Harry Vanderzand inTown Internet & Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Tuesday, March 07, 2006 5:06 PMTo: sniffer@SortMonster.comSubject: Re: [sniffer] declude tests Here's a list of the return codes: http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html - Original Message - From: Harry Vanderzand To: sniffer@SortMonster.com Cc: Pete McNeil Sent: Tuesday, March 07, 2006 3:58 PM Subject: [sniffer] declude tests at the moment I run the following test in declude SNIFFER external nonzero "D:\IMail\Declude\sniffer\xx.exe persistent" 13 0 I have seen a more detailed setup before and am interested in doing that here also. Is there a comprehensive list somewhere along with instructions? If I want to apply separate weighting using only some of the detailed test and then a catchall test for the rest, is that possible? thank you Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2519-741-1222
[sniffer] declude tests
at the moment I run the following test in declude SNIFFER external nonzero "D:\IMail\Declude\sniffer\xx.exe persistent" 13 0 I have seen a more detailed setup before and am interested in doing that here also. Is there a comprehensive list somewhere along with instructions? If I want to apply separate weighting using only some of the detailed test and then a catchall test for the rest, is that possible? thank you Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2519-741-1222
RE: Re[2]: [sniffer] problems!!!!
Thank you Pete Harry Vanderzand inTown Internet & Computer Services 519-741-1222 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Wednesday, February 08, 2006 11:09 AM > To: Markus Gufler > Subject: Re[2]: [sniffer] problems > > On Wednesday, February 8, 2006, 10:48:10 AM, Markus wrote: > > MG> > MG> > MG> Harry, > MG> > MG> > MG> > MG> (please don't post your entire license code to a public list.) > > Yes, Harry, please don't. I'll be resetting your > Authorization code and sending it to you off list. > > Other than changing your authentication code you should not > need to change anything else in your configuration, that is, > unless you are having some other problem than we have assumed. > > MG> regarding the reliability of sniffer we should know that errors > MG> sometimes can happen, even at sniffer-side after they've > worked for > MG> years now very relaible. I don't expect that such errors > will happen now more often. > > Thanks for that. It is true that we've had a few bad days > here lately, but these things are unlikely to recur. For > example, the robot problem is a one-off event. It is > inexplicable how software that ran reliably for years > suddenly "loses it's mind" like that... the event was unforeseeable. > > Bad rules will happen from time to time, but less and less frequently. > To begin with, our staff has only recently been expanded, so > as time goes on they will become much more adept, less likely > to create errors, and more likely to catch them if they happen. > > Also, with each new event we learn new things about the > process and where it can fail, and then we implement changes > to prevent those failures. > > There will always be a non-zero probability of error... the > blackhats are continually changing their tactics, evolving > new techniques, and even mounting new kinds of attacks. In > order for us to respond to that environment we must also > continue to evolve with increasing speed - that means > entering unknown territory on a continual basis, and, with as > little damage as possible, it means we must make some > mistakes from time to time. > > MG> What you can do is trying to configure your declude > spamfilter in > MG> order to hold only if multiple or at least more then one test > MG> failed. For doing this the first step is to set the > maximum weight > MG> of each test (at least slightly) below your hold weight. > > This is always a good idea. No matter how good any single > component may be, you should a avoid relying on that single > component in order to mitigate risk and reduce errors - > nothing is perfect even if it can seem that way for a time. > > > > MG> Thanks to Andrew and Goran for their info's and scripts. > Saved a lot of time here. > > I second that! > > MG> Pete: Any info if and if yes when you can adapt MDLP for the > MG> declude v3 logfile? I realy miss this data. Once > accustomized to the > MG> hourly results of MDLP e sometimes feel now like a blind chicken > MG> :-) > > I'm hopeful I can spend some time on that soon. I also miss the data. > > Thanks! > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] problems!!!!
thank you Sorry for the licence goof. Just finished 4 hours going through spam Harry Vanderzand inTown Internet & Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus GuflerSent: Wednesday, February 08, 2006 10:48 AMTo: sniffer@SortMonster.comSubject: RE: [sniffer] problems Harry, (please don't post your entire license code to a public list.) regarding the reliability of sniffer we should know that errors sometimes can happen, even at sniffer-side after they've worked for years now very relaible. I don't expect that such errors will happen now more often. What you can do is trying to configure your declude spamfilter in order to hold only if multiple or at least more then one test failed. For doing this the first step is to set the maximum weight of each test (at least slightly) below your hold weight. I've configured different weights for different sniffer exit codes depending how reliable they seem to me but as a maximum weight for sniffer I've set 95% of the mark-subjectline-weight and around 63% of the hold-weight. So the problematic sniffer-rule from yesterday was not a real problem on our server. There was some single messages who has had a final weight above the the hold weight because we use combinations of the most reliable tests. From several thousand processed messages only around 20 messages has had a false-positive combination caused by sniffer-rule82893 and another spam test. Thanks to Andrew and Goran for their info's and scripts. Saved a lot of time here. Pete: Any info if and if yes when you can adapt MDLP for the declude v3 logfile? I realy miss this data. Once accustomized to the hourly results of MDLP e sometimes feel now like a blind chicken :-) Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Wednesday, February 08, 2006 4:02 PMTo: sniffer@SortMonster.comSubject: [sniffer] problems With the recent issues at sniffer it has caused tremendous problems with the entire client base here. Sniffer has been so reliable for so lond and al of a sudden recently I cannot rely on it any more What is going on with sniffer Will these issues get resolved or is it going to be more unstable than what we have come to rely on? I need my spam trap software to work without spend hours everyday and without getting a large group of my customers questioning the reliability of what I am doing. Hope there will be some indication of improvement. The following is my sniffer code SNIFFER external nonzero "D:\IMail\Declude\sniffer\ sniffer .exe x " 10 0 Should I be doing something different? This has worked very well for a year now. Harry Vanderzand inTown Internet & Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Tuesday, February 07, 2006 9:42 PMTo: sniffer@SortMonster.comSubject: RE: Re[4]: [sniffer] Bad Rule - 828931 Goran, this is pretty much what I did to get to re-queuing:gawk "$0 ~ /Final\t828931/ {print substr($3,2,16)}" gxamq2kt.log.20060207* >msgids.txtThe file msgids.txt will now contain just the GUID part of the D[guid].SMD from column 3 in the tab delimited Message Sniffer log files.I then used a batch file I had previously created called qm.cmd (for queue and move). Note that the folders I specify are for Declude 1.x, which has an overflow folder. I use the overflow folder so that Declude will re-analyze the message:Rem this is the qm.cmd file listingmove d:\imail\spool\spam\d%1.smd u:\imail\spool\ >nulmove d:\imail\spool\spam\q%1.smd u:\imail\spool\overflow\ >nulI then issued from the command line:for /F %i in (msgids.txt) do @qm.cmd %iThat takes of re-queuing all the held messages. I am using a move instead of a copy because I want Declude to be able to move a message it deems spam to the spam folder. If I used a copy, it would fail to do the move because the file is already in the spam folder, and Declude would then pass control back to Imail, which would then deliver the spam inbound.After my queue went back to normal, I then set to work on my dec0207.log file to determine if the entirety of the message was spam or ham based on whether it was held or not (which is the simple scenario I have).I hope that helps,Andrew 8) p.s. Another re-posting in HTML so as to preserve the line breaks. Sorry for
[sniffer] problems!!!!
With the recent issues at sniffer it has caused tremendous problems with the entire client base here. Sniffer has been so reliable for so lond and al of a sudden recently I cannot rely on it any more What is going on with sniffer Will these issues get resolved or is it going to be more unstable than what we have come to rely on? I need my spam trap software to work without spend hours everyday and without getting a large group of my customers questioning the reliability of what I am doing. Hope there will be some indication of improvement. The following is my sniffer code SNIFFER external nonzero "D:\IMail\Declude\sniffer\umzqbs4l.exe dky4t444qqpk69j6" 10 0 Should I be doing something different? This has worked very well for a year now. Harry Vanderzand inTown Internet & Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Tuesday, February 07, 2006 9:42 PMTo: sniffer@SortMonster.comSubject: RE: Re[4]: [sniffer] Bad Rule - 828931 Goran, this is pretty much what I did to get to re-queuing:gawk "$0 ~ /Final\t828931/ {print substr($3,2,16)}" gxamq2kt.log.20060207* >msgids.txtThe file msgids.txt will now contain just the GUID part of the D[guid].SMD from column 3 in the tab delimited Message Sniffer log files.I then used a batch file I had previously created called qm.cmd (for queue and move). Note that the folders I specify are for Declude 1.x, which has an overflow folder. I use the overflow folder so that Declude will re-analyze the message:Rem this is the qm.cmd file listingmove d:\imail\spool\spam\d%1.smd u:\imail\spool\ >nulmove d:\imail\spool\spam\q%1.smd u:\imail\spool\overflow\ >nulI then issued from the command line:for /F %i in (msgids.txt) do @qm.cmd %iThat takes of re-queuing all the held messages. I am using a move instead of a copy because I want Declude to be able to move a message it deems spam to the spam folder. If I used a copy, it would fail to do the move because the file is already in the spam folder, and Declude would then pass control back to Imail, which would then deliver the spam inbound.After my queue went back to normal, I then set to work on my dec0207.log file to determine if the entirety of the message was spam or ham based on whether it was held or not (which is the simple scenario I have).I hope that helps,Andrew 8) p.s. Another re-posting in HTML so as to preserve the line breaks. Sorry for the duplication, folks. > -Original Message-> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]] On Behalf Of Goran Jovanovic> Sent: Tuesday, February 07, 2006 5:39 PM> To: sniffer@SortMonster.com> Subject: RE: Re[4]: [sniffer] Bad Rule - 828931>> I just ran the grep command on my log and I got 850 hits.>> Now is there a way to take the output of the grep command and> use it pull out the total weight of corresponding message> from the declude log file, or maybe the subject?>> Goran Jovanovic> Omega Network Solutions>> >> > -Original Message-> > From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]]> > On Behalf Of David Sullivan> > Sent: Tuesday, February 07, 2006 7:47 PM> > To: Landry, William (MED US)> > Subject: Re[4]: [sniffer] Bad Rule - 828931> >> > Hello William,> >> > Tuesday, February 7, 2006, 7:39:05 PM, you wrote:> >> > LWMU> grep -c "Final.*828931" c:\imail\declude\sniffer\logfile.log> >> > That's what I tried. Just figured out I forgot to> capitalize the "F".> > It works.> >> > Confirmed - 22,055> >> > I'm writing a program now to parse the sniffer log file,> extract the> > file ID, lookup the id in sql server, determine quarantine> location,> > extract q/d pair from quarantine and send to user.> >> > --> > Best regards,> > David mailto:[EMAIL PROTECTED]> >> >> >> > This E-Mail came from the Message Sniffer mailing list. For> information> > and (un)subscription instructions go to> > http://www.sortmonster.com/MessageSniffer/Help/Help.html>>> This E-Mail came from the Message Sniffer mailing list. For> information and (un)subscription instructions go to> http://www.sortmonster.com/MessageSniffer/Help/Help.html>
RE: Re[2]: [sniffer] Sniffer working now
Is there a way to stop sniffer from processing if declude is at a certain weight already? Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2519-741-1222
[sniffer] 3.05.5 issues continued
Does anyone know the defaults for the declude.cfg settings below? WAITFORMAIL WAITFORTHREADS WAITBETWEENTHREADS I am still trying to tune my server. I have the max threads setting at 10 right now. It seems way to low for a dual processor 3.4Ghz Xeon machine. Yet any higher and more spam gets through that should have been caught. Possibly there are timeouts occurring. I also have sniffer but cannot keep it in persistent mode as mail gets backlogged. I am aware that there was some kind of issue with dual cpu's but am not sure exactly what it was or whether it has been solved yet or not. I am wondering whether experimenting with the decude.cfg settings will help me tune the machine. One more issue I have seen too is that there are a few "Q" files left stranded in the proc directory every day. What's that about? Hoping to get everything settled down so I can focus on other parts of my business and go back to maintenance mode with my mail server. Thanks for your feedback Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] [Declude.JunkMail] 3.05.5 issues
Dual processor Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt > Sent: Wednesday, October 05, 2005 5:49 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] [Declude.JunkMail] 3.05.5 issues > > Single CPU or Dual Processor CPU? > > Best Regards > Andy Schmidt > > Phone: +1 201 934-3414 x20 (Business) > Fax:+1 201 934-9206 > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Harry Vanderzand > Sent: Wednesday, October 05, 2005 05:28 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] [Declude.JunkMail] 3.05.5 issues > > And you also have sniffer working in persistent mode? > > Plus there is no spam "leaking" out? > > > > Harry Vanderzand > inTown Internet & Computer Services > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 > 519-741-1222 > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Hickman > > Sent: Wednesday, October 05, 2005 5:09 PM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] [Declude.JunkMail] 3.05.5 issues > > > > I had the exact same problem. I increased the process threads for > > Declude, and it fixed the problem. I set it to 100 for the > number of > > threads. > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > On Behalf Of Harry Vanderzand > > Sent: Tuesday, October 04, 2005 1:46 PM > > To: Declude.JunkMail@declude.com > > Cc: sniffer@SortMonster.com > > Subject: RE: [sniffer] [Declude.JunkMail] 3.05.5 issues > > > > I have got it down to 15 and tried to set sniffer back to > persistent > > mode again > > > > However I find that with sniffer in persistent mode as David > > suggested, the proc directory starts back logging. which means the > > system is not keeping up with the flow of mail. > > Within 20 minutes I had 1400 files in the proc directory. > I stopped > > the sniffer service and now it is gradually catching up. > > > > Any more suggestions as to what can get tuned? > > > > I appreciate the assistance > > > > Thank you > > > > > > Harry Vanderzand > > inTown Internet & Computer Services > > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 > > 519-741-1222 > > > > > > > > > > > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T > > (Lists) > > Sent: Tuesday, October 04, 2005 1:06 PM > > To: Declude.JunkMail@declude.com > > Subject: RE: [Declude.JunkMail] 3.05.5 issues > > > > > > > > Trial and error is best. Set it to some thing like 20 > and watch what > > happens. > > > > > > > > John T > > > > eServices For You > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Harry > > Vanderzand > > Sent: Tuesday, October 04, 2005 9:27 AM > > To: Declude.JunkMail@declude.com > > Subject: RE: [Declude.JunkMail] 3.05.5 issues > > > > > > > > thank you > > > > > > > > I was under the understanding given me by David from > Declude that it > > was appropriate given the amount of power my hardware has. > > > > > > > > What would you recommend for my hardware? > > > > > > > > Thanks John, I always appreciate your active > involvement in the list > > > > > > > > Harry Vanderzand > > inTown Internet & Computer Services > > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 > > 519-741-1222 > > > > > > > > > > > > > > > > > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T > > (Lists) > > Sent: Tuesday, October 04, 2005 12:11 PM > > To: Declude.JunkMail@declude.com > > Subject: RE: [Declude.JunkMail] 3.05.5 issues > > > > Your
RE: [sniffer] [Declude.JunkMail] 3.05.5 issues
And you also have sniffer working in persistent mode? Plus there is no spam "leaking" out? Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Hickman > Sent: Wednesday, October 05, 2005 5:09 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] [Declude.JunkMail] 3.05.5 issues > > I had the exact same problem. I increased the process > threads for Declude, and it fixed the problem. I set it to > 100 for the number of threads. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Harry Vanderzand > Sent: Tuesday, October 04, 2005 1:46 PM > To: Declude.JunkMail@declude.com > Cc: sniffer@SortMonster.com > Subject: RE: [sniffer] [Declude.JunkMail] 3.05.5 issues > > I have got it down to 15 and tried to set sniffer back to > persistent mode again > > However I find that with sniffer in persistent mode as David > suggested, the proc directory starts back logging. which > means the system is not keeping up with the flow of mail. > Within 20 minutes I had 1400 files in the proc directory. I > stopped the sniffer service and now it is gradually catching up. > > Any more suggestions as to what can get tuned? > > I appreciate the assistance > > Thank you > > > Harry Vanderzand > inTown Internet & Computer Services > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 > 519-741-1222 > > > > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > T (Lists) > Sent: Tuesday, October 04, 2005 1:06 PM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] 3.05.5 issues > > > > Trial and error is best. Set it to some thing like 20 > and watch what happens. > > > > John T > > eServices For You > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harry Vanderzand > Sent: Tuesday, October 04, 2005 9:27 AM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] 3.05.5 issues > > > > thank you > > > > I was under the understanding given me by David from > Declude that it was appropriate given the amount of power my > hardware has. > > > > What would you recommend for my hardware? > > > > Thanks John, I always appreciate your active > involvement in the list > > > > Harry Vanderzand > inTown Internet & Computer Services > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 > 519-741-1222 > > > > > > > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > T (Lists) > Sent: Tuesday, October 04, 2005 12:11 PM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] 3.05.5 issues > > Your threads is way too high, and I suspect > that there are time outs occurring and not all scanning is being done. > > > > John T > > eServices For You > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harry Vanderzand > Sent: Tuesday, October 04, 2005 6:17 AM > To: Declude.JunkMail@declude.com > Subject: [Declude.JunkMail] 3.05.5 issues > > > > I find that since being on the new version that > more spam is slipping through. We have imail v8.05, declude > and sniffer on win 2000 server dual xeon 3.4Ghz with 2Gb ram. > Threads are set to 50 with no other setting in declude.cfg > > > > Any advice you can give me to tighten it to > where we had it before? I have had several clients complaining > > > > Other than changing from V2.06.16 to 3.05 > nothing else has changed on the server > > > > thank you > > > > Harry Vanderzand > inTown Internet & Computer Services > 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 > 519-741-1222 > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] [Declude.JunkMail] 3.05.5 issues
I have got it down to 15 and tried to set sniffer back to persistent mode again However I find that with sniffer in persistent mode as David suggested, the proc directory starts back logging. which means the system is not keeping up with the flow of mail. Within 20 minutes I had 1400 files in the proc directory. I stopped the sniffer service and now it is gradually catching up. Any more suggestions as to what can get tuned? I appreciate the assistance Thank you Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Tuesday, October 04, 2005 1:06 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] 3.05.5 issues Trial and error is best. Set it to some thing like 20 and watch what happens. John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Tuesday, October 04, 2005 9:27 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] 3.05.5 issues thank you I was under the understanding given me by David from Declude that it was appropriate given the amount of power my hardware has. What would you recommend for my hardware? Thanks John, I always appreciate your active involvement in the list Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Tuesday, October 04, 2005 12:11 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] 3.05.5 issues Your threads is way too high, and I suspect that there are time outs occurring and not all scanning is being done. John T eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Tuesday, October 04, 2005 6:17 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] 3.05.5 issues I find that since being on the new version that more spam is slipping through. We have imail v8.05, declude and sniffer on win 2000 server dual xeon 3.4Ghz with 2Gb ram. Threads are set to 50 with no other setting in declude.cfg Any advice you can give me to tighten it to where we had it before? I have had several clients complaining Other than changing from V2.06.16 to 3.05 nothing else has changed on the server thank you Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2519-741-1222
[sniffer] Sniffer persistent mode with declude 3.05????
I am looking at setting up sniffer in persistent mode Could some direct me to the latest and best setup? Hopefully a set of straight forward steps? Also is there any special tuning to be done to it now that declude is running as a service? Thank you Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Version 2-3.0i5 posted for testing
Let me know when it is safe to run this on a production server Thank you Harry Vanderzand inTown Internet & Computer Services > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Friday, October 15, 2004 1:10 AM > To: [EMAIL PROTECTED] > Subject: [sniffer] Version 2-3.0i5 posted for testing > > Hello Sniffer Folks, > > Version 2-3.0i5 has been posted for testing. > > > <http://www.sortmonster.com/MessageSniffer/Betas/MessageSniffe > r2-3.0i5-Distribution.zip> > > This version implements a number of performance enhancements > relating to the use of a Persistent server instance. > > Be careful - this version has not been heavily tested. However it > appears to be quite stable and extremely fast. > > MDaemon users should see a significant improvement in performance. > Please let me know if this is true. The reason is that since most > MDaemon system integrate Message Sniffer through the content filter > and the content filter in MDaemon is apparently single threaded. The > performance tuning features of this version allow the client and > persistent server instances to coordinate much more closely with > regard to the available computing power in the system so that > polling delays _should be_ reduced significantly. _IN THEORY_ the > improved signaling between client and persistent server instances > will allow "polling synchronization" such that the highest possible > performance for the hardware and load conditions can be achieved. > > Having said that, I hope it turns out to be true ;-) Let me know!! > > Multi-Threaded systems should see a significant improvement in > performance also. In particular, jobs are now collected in batches > by the persistent server instance. This eliminates a great deal of > overhead (directory scans, locking, etc) on the part of the server > instance. In addition, client instances can now detect the presence > of a persistent server without locking and scanning the workspace. > The combination virtually eliminates locking conflicts and any > overhead usually associated with coordinating the peer-server > process. > > I don't know precisely what performance increases you should expect > from this. However I will say that in static tests the program ran > so quickly that I thought it was broken. Message processing rates on > my Toshiba 6100 were consistently above 14.2 Msg/Sec with CPU loads > in the high 80s. > > I have not yet tested this version on *nix systems... but I expect > similar performance improvements. > > I urge caution again - this is a somewhat radical set of changes > with some unexpectedly good _apparent_ performance improvements. I'm > not sure that I trust it yet... but I also haven't seen it fail. > More testing needs to be done... (I appreciate your help!) > > Please do keep me informed. > > Thanks, > _M > > Pete McNeil (Madscientist) > President, MicroNeil Research Corporation Chief SortMonster > (www.sortmonster.com) > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html