RE: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message I too have had an unusual amount of spam messages. Graphic pornography to the CEO’s box, ouch! I paste the header info into the spam message I forward to them. I have also noticed that the IMail box is running unusually slow the past few days. It seems like it is scanning harder and catching less. Anyone else noticing the slow speed of the IMail box? Jacques From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Schick Sent: Wednesday, November 02, 2005 2:48 PM To: sniffer@SortMonster.com Subject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
[sniffer] Message sniffer in FreeBSD & Postfix
Hi, Is there anyone else who would like to see Message Sniffer incorporated into Amavis-new? This would be a great addition to my IMGate - Postfix mail gateway. Currently I use message sniffer on my Imail box but would like to offload that server and do the "sniffing" before the mail hits Imail. Thanks, Jacques Brouwers This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Message sniffer in FreeBSD & Postfix
Correct, the weighted system that amavis uses would be better in my situation. Having said that I am going to try DustyC's method put the spam in the users junk folder (still using the weighted system). Do you have the problem of the user's junk mail using up their mail box quota? Jacques -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Deal Sent: Wednesday, February 08, 2006 9:49 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Message sniffer in FreeBSD & Postfix > > Does not require spamassassin or amavis. You can do it just with > postfix. > > DustyC > True, but he wanted it to work with amavisd-new. Less risk of a false positive if its part of a weighted system. Craig This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] log upload script
Hi All, I have looked on the submitted scripts page (http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDeta ils.SubmittedScripts) and found a wonderful script that downloads the new rulebase file written in Perl (thanks Vivek!). Does anyone have a script that uploads the log file that will work on *nix? I would certainly appreciate it if you could share it. Jacques Brouwers # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] FTP Troubles
Hello, I'm having trouble uploading my log files also. Here is an excerpt from the log. --13:41:49-- `/var/spool/snfilter/logs/12345abcde.log.0.gz' => ftp://snifferlog:[EMAIL PROTECTED]:21//var/spool/snfilter/logs/12345a bcde.log.0.gz Connecting to 207.97.229.114:21... connected! Logging in as snifferlog ... Logged in! ==> MKD var failed (Permission denied.). Failed to change to target directory. Skipping this file/dir. Jacques Brouwers # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: yahoo mail problems
I seem to have no problems with postfix. Oct 17 10:49:54 smtp postfix/smtp[12057]: E531D1CD02: to=<[EMAIL PROTECTED]>, relay=mx3.mail.yahoo.com[67.28.113.74]:25, delay=2.5, delays=0.05/0.01/0.4/2, dsn=2.0.0, status=sent (250 ok dirdel) I checked the logs from yesterday also and have not had any issues. Jacques Brouwers From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Tuesday, October 17, 2006 10:50 AM To: Message Sniffer Community Subject: [sniffer] Re: yahoo mail problems mx3 appears to respond Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Tech Support Sent: Tuesday, October 17, 2006 12:36 PM To: Message Sniffer Community Subject: [sniffer] Re: yahoo mail problems We were thinking of that approach but we run dedicated dns servers that are extremely high traffic so we would have to setup dns on each server as adding the zone to our true dns would cause lookup issues for other yahoo services From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, October 17, 2006 12:38 PM To: Message Sniffer Community Subject: [sniffer] Re: yahoo mail problems I had a similar problem with Hotmail once upon a time; the details were different, but the remedy was the same. I run a caching DNS server on my outbound DNS host, so I simply added a DNS zone for Yahoo.com on it, and populated only enough MX record information so that I could reliably get to just a few hosts. The same dummy zone technique could be used here to consistently deliver mail to the same Yahoo! mail hosts and therefore their greylisting will work as they expect. If you try it and it works, please let us know. Andrew 8) From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Tech Support Sent: Tuesday, October 17, 2006 9:12 AM To: Message Sniffer Community Subject: [sniffer] Re: yahoo mail problems Here’s what we have found so far Yahoo is grey listing but instead of running a centralized GL database each of their servers has it’s own A lookup for their MX shows Mx1.mail.yahoo.com Mx2.mail.yahoo.com Mx3.mail.yahoo.com So your server grabs one of these and does a lookup which returns a round robin response for mx1.mail.yahoo.com of 4.79.181.14 4.79.181.15 4.79.181.168 67.28.113.71 67.28.113.73 67.28.113.19 Each of which has a TTL of 1800 So your server tries one of these and gets deferred to try again. It waits and tries again – but depending on your retry frequency TTL may have expired And so the process starts over with a new MX1.mail.yahoo.com server Not sure if this is all correct but it is the best we can figure out as of yet From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House Support Sent: Tuesday, October 17, 2006 12:11 PM To: Message Sniffer Community Subject: [sniffer] Re: yahoo mail problems Now that I've looked into it further, yes! Our E-mails to Yahoo have also been bouncing back as undeliverable with the same error. I have sent out a few test messages and will report back when I have some more info. Michael Stein Computer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 11:52 AM Subject: [sniffer] Re: yahoo mail problems Thanks, but were not blacklisted and there are no entries other than message has been deferred ☹ From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Computer House Support Sent: Tuesday, October 17, 2006 11:54 AM To: Message Sniffer Community Subject: [sniffer] Re: yahoo mail problems I would recommend checking your mail server logs for a more detailed description of the bounce error. You may find that it is a DNS or spam blacklist issue. www.dnsstuff.com is a good resource. Michael Stein Computer House - Original Message - From: Tech Support To: Message Sniffer Community Sent: Tuesday, October 17, 2006 10:50 AM Subject: [sniffer] yahoo mail problems I’m sorry to post this here but we are desperately looking for opinions quickly as this has becoming a real issue to us and I could not think of any better place to find truly technical mail server folks ☺ We seem to be having multiple mail servers on multiple networks having issues sending to yahoo servers for going on 36 hours now these are a variety of server types on a variety of networks telnet on port 25 is usually getting this 451 Message temporarily deferred - 4.16.50 keep in mind that some of our servers are having no issues sending mail any one else having
[sniffer] Re: Version 2-3.5 Release -- Faster Engine
We are now using sniffer 2-3.5 on BSD. Jacques Brouwers -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, October 23, 2006 9:26 AM To: Message Sniffer Community Subject: [sniffer] Version 2-3.5 Release -- Faster Engine Hello SNF Folks, The plan was to hold off until the next major release, however in light of recent increases in spam traffic we are pushing out a new version with our faster engine included. All other upgrades are will wait for the major release ;-) The scanning engine upgrade results in a 2x speed increase that hopefully will help with the higher volumes we are seeing now. Version 2-3.5 also rolls up 2-3.2i1 which included the timing and file locking upgrades. You can find version 2-3.5 here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted .Distributions Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Version 2-3.5 Release -- Faster Engine
Pete, I only changed ownership of all the files in the Source folder before it would run. Then I copied the files into my snfilter folder. Easy as pi. I am running FreeBSD 6.0-SECURITY Thanks, Jacques Brouwers -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, October 23, 2006 1:30 PM To: Message Sniffer Community Subject: [sniffer] Re: Version 2-3.5 Release -- Faster Engine Hello Jacques, Monday, October 23, 2006, 3:25:52 PM, you wrote: > We are now using sniffer 2-3.5 on BSD. Did you have any trouble compiling that? Also, which version of BSD (for reference). Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Version 2-3.5 Release -- Faster Engine
Hi Pete, I'm trying this new release out on FreeBSD today and after the compile it seems there are a few missing files (compared to the .2 release). The one I seen to missing most is sniffer from the Source folder. There are only 21 file in the .5 release compared to 25 in the .2 release. Also on the new website I cannot find the instructions for setting up the .5 release on FreeBSD and am using some note I scribbled down a few months back. I do see how to integrate into spamassassin but I need the *bsd instructions also. Thanks, Jacques Brouwers -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, October 23, 2006 9:26 AM To: Message Sniffer Community Subject: [sniffer] Version 2-3.5 Release -- Faster Engine Hello SNF Folks, The plan was to hold off until the next major release, however in light of recent increases in spam traffic we are pushing out a new version with our faster engine included. All other upgrades are will wait for the major release ;-) The scanning engine upgrade results in a 2x speed increase that hopefully will help with the higher volumes we are seeing now. Version 2-3.5 also rolls up 2-3.2i1 which included the timing and file locking upgrades. You can find version 2-3.5 here: http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted .Distributions Thanks, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Trouble with new BSD server
Hi All, I have recently brought up a new FreeBSD server with postfix, amavisd-new and spamassassin. For some reason (which I cannot figure out) spamassassin won't call /var/spool/snfilter/sniffer. I can successfully send cleanmsg.txt and it successfully blocks junkmsg.txt. All the files, owners, and permissions appear to be the same as the older less powerful server. Can someone give me a hint as what to look for? Many Thanks, Jacques # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Trouble with new BSD server
Hi Pete, Thanks for the reply. I just added snfilter as a content filter to postfix to check the permissions (master.cf). The sniffer works with that same username. But still spamassassin won't call it. I would like to hear if any one has any other ideas? Thanks Jacques -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, December 05, 2006 8:13 AM To: Message Sniffer Community Subject: [sniffer] Re: Trouble with new BSD server Hello Jacques, Could it be a permissions issue? When you send/test you are likely a different user than when postfix does it. Hope this helps, _M Tuesday, December 5, 2006, 9:42:47 AM, you wrote: > Hi All, > I have recently brought up a new FreeBSD server with postfix, > amavisd-new and spamassassin. For some reason (which I cannot figure > out) spamassassin won't call /var/spool/snfilter/sniffer. I can > successfully send cleanmsg.txt and it successfully blocks junkmsg.txt. > All the files, owners, and permissions appear to be the same as the > older less powerful server. Can someone give me a hint as what to look > for? > Many Thanks, > Jacques > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Trouble with new BSD server
Pete, Maybe this will help? I don't understand what fixed relative path means. This is from the debug output from spamassassin (spamd) [582] dbg: plugin: fixed relative path: /usr/local/etc/mail/spamassassin/snfilter.pm [582] dbg: plugin: loading SNFilter from /usr/local/etc/mail/spamassassin/snfilter.pm [582] dbg: plugin: registered SNFilter = HASH(0x91925a4) It looks like sniffer is loaded but still won't catch mail because when I >./sniffer -f [EMAIL PROTECTED] [EMAIL PROTECTED] mail [EMAIL PROTECTED] < junkmsg.txt I do receive that one with Amavis and Spamassassin mentioned in the header. Jacques -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, December 05, 2006 8:13 AM To: Message Sniffer Community Subject: [sniffer] Re: Trouble with new BSD server Hello Jacques, Could it be a permissions issue? When you send/test you are likely a different user than when postfix does it. Hope this helps, _M Tuesday, December 5, 2006, 9:42:47 AM, you wrote: > Hi All, > I have recently brought up a new FreeBSD server with postfix, > amavisd-new and spamassassin. For some reason (which I cannot figure > out) spamassassin won't call /var/spool/snfilter/sniffer. I can > successfully send cleanmsg.txt and it successfully blocks junkmsg.txt. > All the files, owners, and permissions appear to be the same as the > older less powerful server. Can someone give me a hint as what to look > for? > Many Thanks, > Jacques > # > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>