RE: Re[2]: [sniffer] False positive
Pete, other than database update e-mails, I see know e-mails from @microneil.com or [EMAIL PROTECTED] in the last 2 days received by my server. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, September 13, 2005 4:45 AM To: John Tolmachoff (Lists) Subject: Re[2]: [sniffer] False positive I have your response in my sent folder. I will send it again.. _M On Monday, September 12, 2005, 8:37:52 PM, John wrote: JTL I also have sent some false positives in the last 2 weeks with no response, JTL the lastest being at 09/10/05 at 9:49 AM PDT. JTL John T JTL eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] JTL On Behalf Of Pete McNeil Sent: Friday, September 09, 2005 5:08 AM To: Ali Resting Subject: Re: [sniffer] False positive On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: AR Hi Peter, AR I have submited 3 email to [EMAIL PROTECTED] with all the required AR fields as per you instaructions on the website, I have not received JTL any AR feedback whether this request has been effected. I cleared the false positives queue last night. I don't see any messages in there from you today. You should have received a response for each submission. I will review my responses and get back to you off list. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information JTL and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html JTL This E-Mail came from the Message Sniffer mailing list. For JTL information and (un)subscription instructions go to JTL http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] False positive
I also have sent some false positives in the last 2 weeks with no response, the lastest being at 09/10/05 at 9:49 AM PDT. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, September 09, 2005 5:08 AM To: Ali Resting Subject: Re: [sniffer] False positive On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: AR Hi Peter, AR I have submited 3 email to [EMAIL PROTECTED] with all the required AR fields as per you instaructions on the website, I have not received any AR feedback whether this request has been effected. I cleared the false positives queue last night. I don't see any messages in there from you today. You should have received a response for each submission. I will review my responses and get back to you off list. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Latest medication campaign
I am seeing a lot of these get through John T eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Latest medication campaign
Something I noticed about these. They are all using RE: or FW: and in the body they have the original message line. SpamCheck had a line the CheckWords giving negative 25 to that line. As such, SpamCheck was giving an overall weight of -19 which was taking away from everything else the message was failing. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, April 13, 2005 10:36 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Latest medication campaign On the weekend and since, I saw a lot of them get through but Sniffer was dutifully catching them, unfortunately, they also served to highlight Sniffer hyperaccuracy because those messages just weren't reaching my HOLD weight. Check out the Message Sniffer change rates for the last few days: http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp Something is definitely going on. On Sunday, the blue line was almost the entire New Rule group. It started me thinking about making Sniffer my hold weight, and then only applying counterweights. Meanwhile, I've added SURBL-ish testing with a tiny Declude weight, but with a combo of the new test and any Sniffer hit, that seems to have made the difference. I've only seen 1 undeliverable end up in the postmaster box, and I've fixed why that happened (I set my skipweight for various Declude filter text tests too low, so they weren't getting run when the weight was close to my HOLD weight). So now it's back to the server room for me. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, April 13, 2005 10:16 AM To: sniffer@SortMonster.com Subject: [sniffer] Latest medication campaign I am seeing a lot of these get through John T eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Moving Sniffer to Declude/SmarterMail
Now does anyone know how much overhead Windows 2000/2003 software RAID 1 on dynamic disks produces over hardware level RAID 1? I am assuming it would be substantial. I have never noticed an issue, and I would only assume there would be an issue in higher end databases or where the CPU was already being tasked and near or at saturation by other processes. John Tolmachoff Engineer/Consultant/Owner eServices For You - This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] 2 FYIs
Bill's update script: This has been working great, with the download size aprox 1.8MB (rule base file is about 6.25MB) and time to download about 25 seconds. Thanks for the work Bill. Rule base changes: Thanks to Pete for the hard work, the rule base size has now changed from about 17MB to about 6.25MB. I am on maximum rules so my rule file is larger. John Tolmachoff Engineer/Consultant/Owner eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Triggered rulebase update instructions
Title: Message Never mind, I reread your original post and then checked my server and already had them installed. Now I just wait for the next update to occur. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, December 29, 2004 12:23 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Triggered rulebase update instructions Were might the wget and gzip files be? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Tuesday, December 28, 2004 11:34 PM To: 'sniffer@SortMonster.com' Subject: RE: [sniffer] Triggered rulebase update instructions John, since you have not implemented a trigger program alias yet, would you be willing to test the setup instructions and provide feedback? Bill -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 28, 2004 10:30 PM To: sniffer@SortMonster.com Subject: RE: [sniffer] Triggered rulebase update instructions Matt, you think too much. ;) (From one who needs to implement better scripts, including a triggered script for Sniffer.) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, December 28, 2004 10:17 PM To: sniffer@SortMonster.com Subject: Re: [sniffer] Triggered rulebase update instructions Bill, I think that this is overwhelmingly much better (the whole thing), but I have a few suggestions to add. 1) The commenting in the CMD file seemed a bit excessive and that made it a little hard to follow. It might be nice to arrange all of the tweakable variables in a single section instead of separating each one out, and then block coding the main program with a standard amount of commenting. I think that would make the script more readable for both programmers as well as beginners. 2) I personally find it to be a bit messy to have everything running from within my Sniffer directory. After all of the other CMD files, old rulebases, service related files, logs, etc., it's not obvious what is needed or not. I would suggest coding this up with a default directory structure of using a subdirectory called updates. This would require a separation of variables for the updates directory and the destination directory I believe. 3) I think it would be a good idea to consider a different default directory structure. With Sniffer evolving to support other platforms, IMail effectively abandoning us, and Declude moving to SmarterMail and possibly others, I could very well see Sniffer establishing a non-dependant directory structure. I would suggest that the default recommendation become C:\Sniffer, which might also necessitate a change in some of Pete's other documentation. Keep in mind that it is confusion and convolution that contributes to the lack of efficient rulebase downloads and not the lack of resources or help. IMO, things would benefit from standardization of this sort, and it should all be done with purpose. 4) Since this setup is targeted specifically at IMail, I would recommend that different packages be provided for different platforms, and these should probably be in separate zip's so that one doesn't get all sorts of extra stuff. This could be Rulebase_Updater_IMail.zip, but there should also be a Linux, MDaemon and SmarterMail updater added to the list. 5) I'm thinking that including the notification process within this script might be too much. The primary goal is to get people to use the automated system and compressed files, and this adds complexity to the setup. My thought here would be to create a chaining option that could be used to kick off any script, not necessarily IMail1.exe. You could then include this separate notification script in the package and have it configured from within that file, leaving only the optional chaining command within the primary script and stripping out the rest of the stuff. I do know that from interface design there is a basic tenet where you don't want to overwhelm the viewer/visitor, otherwise they retain even less than they would with a smaller group of things. Programming is often at odds with this tenet, which is fine for programmers because the functionality necessitates complication, but the issue being addressed here is really ease of use for the lowest common denominator, and the primary goal is just the downloads. You should consider that this whole thing will be used by people with very little administration experience, no programming experience, and in some cases, English will be a second language to them (or only translated by a tool of some sort). Most of this stuff is somewhat minor taken
RE: [sniffer] Triggered rulebase update instructions
Title: Message Seems to have worked good so far. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, December 29, 2004 12:30 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] Triggered rulebase update instructions Now I just wait for the next update to occur. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Tuesday, December 28, 2004 11:34 PM To: 'sniffer@SortMonster.com' Subject: RE: [sniffer] Triggered rulebase update instructions John, since you have not implemented a trigger program alias yet, would you be willing to test the setup instructions and provide feedback? Bill ---This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you
RE: [sniffer] Triggered rulebase update instructions
Matt, you think too much. ;) (From one who needs to implement better scripts, including a triggered script for Sniffer.) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, December 28, 2004 10:17 PM To: sniffer@SortMonster.com Subject: Re: [sniffer] Triggered rulebase update instructions Bill, I think that this is overwhelmingly much better (the whole thing), but I have a few suggestions to add. 1) The commenting in the CMD file seemed a bit excessive and that made it a little hard to follow. It might be nice to arrange all of the tweakable variables in a single section instead of separating each one out, and then block coding the main program with a standard amount of commenting. I think that would make the script more readable for both programmers as well as beginners. 2) I personally find it to be a bit messy to have everything running from within my Sniffer directory. After all of the other CMD files, old rulebases, service related files, logs, etc., it's not obvious what is needed or not. I would suggest coding this up with a default directory structure of using a subdirectory called updates. This would require a separation of variables for the updates directory and the destination directory I believe. 3) I think it would be a good idea to consider a different default directory structure. With Sniffer evolving to support other platforms, IMail effectively abandoning us, and Declude moving to SmarterMail and possibly others, I could very well see Sniffer establishing a non-dependant directory structure. I would suggest that the default recommendation become C:\Sniffer, which might also necessitate a change in some of Pete's other documentation. Keep in mind that it is confusion and convolution that contributes to the lack of efficient rulebase downloads and not the lack of resources or help. IMO, things would benefit from standardization of this sort, and it should all be done with purpose. 4) Since this setup is targeted specifically at IMail, I would recommend that different packages be provided for different platforms, and these should probably be in separate zip's so that one doesn't get all sorts of extra stuff. This could be Rulebase_Updater_IMail.zip, but there should also be a Linux, MDaemon and SmarterMail updater added to the list. 5) I'm thinking that including the notification process within this script might be too much. The primary goal is to get people to use the automated system and compressed files, and this adds complexity to the setup. My thought here would be to create a chaining option that could be used to kick off any script, not necessarily IMail1.exe. You could then include this separate notification script in the package and have it configured from within that file, leaving only the optional chaining command within the primary script and stripping out the rest of the stuff. I do know that from interface design there is a basic tenet where you don't want to overwhelm the viewer/visitor, otherwise they retain even less than they would with a smaller group of things. Programming is often at odds with this tenet, which is fine for programmers because the functionality necessitates complication, but the issue being addressed here is really ease of use for the lowest common denominator, and the primary goal is just the downloads. You should consider that this whole thing will be used by people with very little administration experience, no programming experience, and in some cases, English will be a second language to them (or only translated by a tool of some sort). Most of this stuff is somewhat minor taken in isolation from each other, but I believe that it could be a bit tighter in one way or another for a better result. I'll volunteer my own services if you would like for me to provide examples of any one of these things, but I'll wait for your direction before doing so. I think the most important thing would be for Pete to provide some guidance for the preferred directory structure (independent of the app), so that this could be used for the default settings in this and other scripts. Matt Landry William wrote: Attached is an updated instructions file to fix some typos and missedinformation. I'll send out another update after receiving feedback fromothers.Bill---This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please
RE: [sniffer] Sniffer updates...
Title: Message Joe, I will back up Matts comments. Declude has/is indeed suffering from less than honest/moral individuals/companies and they are correct in taking steps to protect their products and company. Only the method they are using is being questioned. Believe me, those of us heavily involved in Imail/Declude are monitoring this issue and voicing our opinions, both publicly and privately. Lets not throw out the baby with the bath water. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, December 22, 2004 7:23 AM To: [EMAIL PROTECTED] Subject: Re: [sniffer] Sniffer updates... Joe, In their defense, I don't think that they necessarily knew any better than to have approached it this way. I don't necessarily get that the new ownership has worked from the IT side of the business before and understands security and trust as a corporate administrator would, in fact Barry comes from the marketing side of the business and I'm afraid that this is a bit of trial-by-fire. I expect (hope) that he will get the message and change their ways before this will be released in final format. Scott didn't have the resources to enforce licensing, and as a business, this is critical to their success. I have no qualms with that goal. They didn't intend to violate privacy or functionality, they just overlooked it. The whole IMail debacle is a different story. Most everyone using Declude on that platform will eventually be switching, and Declude has been more than fair by offering free migrations of their license to a different platform, starting with SmarterMail which is very reasonably priced and seemingly quite responsive to their customers. Matt Joe Wolf wrote: I'm currently using Sniffer via Imail and Declude. We all know that Ipswitch has lost their mind and is abandoning the small ISP, and now it seems that Declude has lost their way. The new version of Declude is tied to a single MAC address. That counts me out since I run multiple NIC's in the same machine and am multi-homed. Their spyware phone home system is a violation of our security policies as well. That leads me to Sniffer. I love the product. Does anyone have a complete list of mail servers that have direct support for Sniffer? The Imail / Declude thing is too much to deal with and I'm going to make a change. Thanks, Joe -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: Re[2]: [sniffer] Few questions
ATTENTION ROB OF ZELLMAN PRINTING: Turn off read receipts. Fix the problem with your server rejecting replies to the very read receipts you request. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ~ ROB @ ZELLEM ~ Sent: Wednesday, December 15, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: Re: Re[2]: [sniffer] Few questions hey guys.. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] Recent SPAM
I forwarded some yesterday to spam@ and then attached them and sent to [EMAIL PROTECTED] John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, November 30, 2004 9:56 AM To: Chuck Schick Subject: Re[2]: [sniffer] Recent SPAM On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote: CS Yes, CS I have seen three pieces of spam over and over again - two for drugs and one CS porn. I am running the latest version, rules are up to date, no on the log CS files, I am forwarding the emails to [EMAIL PROTECTED] CS I was thinking about raising this issue so I am glad someone else is seeing CS the same thing. Please zip up some examples of these three spam and send them to me at [EMAIL PROTECTED] I will see if I can identify anything special about them and create some rules. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Not Getting Updates
What you should be doing is forwarding but leaving a copy. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fosseen Sent: Sunday, November 28, 2004 4:56 PM To: [EMAIL PROTECTED] Subject: Re: [sniffer] Not Getting Updates Pete, I forward all my messages from '[EMAIL PROTECTED]' to trigger my update. If my renewal notice is sent from the same address I will not receive it. Can you send me a update notification email or let me know what else to create the rule on. I could turn off the rule for a little while but then I will miss an update. Thanks. -- Original Message -- From: Pete McNeil [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Sun, 28 Nov 2004 18:08:46 -0500 On Sunday, November 28, 2004, 6:01:39 PM, Richard wrote: RF I just noticed that I am no longer getting updated emails for the sniffer to RF trigger the automatic update.. The last one was on Nov 11...Customers had RF told me they were getting more spam but I just thought we were getting RF hammered with more.. Hi Richard, According to our records your license expired on 2004-11-01. You should have received an renewal notice by email about a month before that. Last License Compile: 11/11/2004 22:37:00 (GMT) I will launch a compile of your rulebase. Please complete a renewal as soon as possible. I am on duty through the evening. I will be sure to re-enable your account as soon as the renewal comes through. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[4]: [sniffer] New Version 2-3.2 has been officially released.
Well, still no problems so far so I'll write it up to . earth rays, solar spots, pick whatever you want. It seems it was a one time thing. You must be referring to the RAW law. John Tolmachoff Engineer/Consultant/Owner eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[4]: [sniffer] New Version 2-3.2 has been officially released.
Well, still no problems so far so I'll write it up to . earth rays, solar spots, pick whatever you want. It seems it was a one time thing. You must be referring to the RAW law. RAW? Random Answer Whatchamacallit? Random Acts of Weirdness The RAW law, Keyboard Virus and the PEBKAC phenomenon are the 3 most common reasons for problems. The PEBKAC phenomenon: Problem Exists Between Keyboard And Chair SAFTEY DISCLAIMER: The forgoing information is considered entertainment in nature and is not meant to represent or describe any person living or dead in the past, present or future. It is meant to create something odd in the IT Industry, a smile. Any one else in the US working Thursday and Friday? I am! :s John Tolmachoff Engineer/Consultant/Owner eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Test ordering/precedence
Matt Matt Matt. Then everyone would have to make sure they made the relevant changes on their systems. As we have seen on the Declude Junkmail list, there will always be those who set up their systems and then forget about them. Making a change like that would cause problems. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, September 18, 2004 5:28 PM To: [EMAIL PROTECTED] Subject: [sniffer] Test ordering/precedence Pete, Given some of the recent changes in the result codes for Sniffer, I thought I would inquire about the precedence of the result codes and how these can affect systems. On my system I have weighted the result codes differently and overall, I would consider the following order to be suggestive of the order of reliability from the most reliable to the least reliable. Note that this is not scientific, but instead based on doing review and tests that hit less often could appear higher in terms of stated reliability though I have considered this in making the list: 1. SNIFFER-INK(56) SNIFFER-CASINO(59) SNIFFER-INSURANCE(48) SNIFFER-MEDIA(50) SNIFFER-GETRICH(57) SNIFFER-DEBT(58) SNIFFER-PHARMACY(52) 2. SNIFFER-AVSOFT(49) SNIFFER-PHISHING(53) 3. SNIFFER-TRAVEL(47) SNIFFER-PORN(54) 4. SNIFFER-SPAMWARE(51) SNIFFER-OBFUSCATION(61) SNIFFER-MALWARE(55) 5. SNIFFER-EXPERIMENTAL(62) 6. SNIFFER-GENERAL(63) 7. SNIFFER-IP(60) I'm not sure exactly how Sniffer orders the precedence of the result code, but I would like to recommend that you give some consideration to reviewing such things in light of recent changes and also maybe consider allowing us to customize the precedence as a part of our rulebase. Thanks, Matt -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [sniffer] Rule Strengths
(Moved to list) Thanks, got it. This is my current lines, do I need to add others, or are the rules within these codes? (I hold at 25 and delete at 35) Is there a full list of codes on the web site? SNIFFER-TRAVEL external 04715 0 SNIFFER-INSURANCE external 04815 0 SNIFFER-AV-PUSH external 04915 0 SNIFFER-WAREZ external 05025 0 SNIFFER-SPAMWAREexternal 05130 0 SNIFFER-SNAKEOILexternal 05225 0 SNIFFER-SCAMS external 05330 0 SNIFFER-PORNexternal 05430 0 SNIFFER-MALWARE external 05520 0 SNIFFER-ADVERTISING external 05615 0 SNIFFER-SCHEMES external 05725 0 SNIFFER-CREDIT external 05825 0 SNIFFER-GAMBLINGexternal 05925 0 SNIFFER-GREYMAILexternal 06010 0 SNIFFER-OBFUSCATION external 06115 0 SNIFFER-EXPERIMENTALexternal 06220 0 SNIFFER-GENERAL external 06320 0 John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- Subject: Re[2]: Rule Strengths On Saturday, July 31, 2004, 1:57:19 PM, John wrote: JT OK, I am willing to try that on this server, as the volume is low. JT How do I change it? You ask and I make the change. I've ordered a recompile of your rulebase. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[6]: [sniffer] Effectiveness (lately)
Let me clarify. On the spam that is gotten through, but is to a non-existent user, which then Exchange creates a NDR and attaches the spam to it, of which I get a copy of the NDR, if I look at the headers of that spam message that is now attached to the NDR, the header lines for all other servers as well as the Declude header lines have been striped. E-mail that a valid user receives does indeed have the headers. (I just checked.) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Thursday, July 29, 2004 12:17 PM To: '[EMAIL PROTECTED]' Subject: RE: Re[6]: [sniffer] Effectiveness (lately) That's strange, our Exchange server does not strip off any of the Declude headers. Bill -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Thursday, July 29, 2004 11:52 AM To: [EMAIL PROTECTED] Subject: RE: Re[6]: [sniffer] Effectiveness (lately) Should I continue to forward spam that is not caught then? I problem I have, is on the gatewayed domains, which are running Exchange, Exchange strips out the Header that Declude puts in, making it difficult to see what happened and caught by what tests. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, July 29, 2004 10:52 AM To: John Tolmachoff (Lists) Subject: Re[6]: [sniffer] Effectiveness (lately) On Thursday, July 29, 2004, 1:23:11 PM, John wrote: JTL Would the new attached fall under the same rule? Yes. It looks like the same domain is involved. I've launched a compile of your rulebase - you should be updated very quickly. In this case it seems that you started receiving these a few days before we got our first copy. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] Declude configuration
I am new to Sniffer, and have it up and running with the basic line looking for a nonzero return code. I would now like to start setting different weights for different return codes. Does some one have a example configuration I can use? John Tolmachoff Engineer/Consultant/Owner eServices For You This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html