[sniffer] Re: Announcing ClamAID - Clam AV installer for windows.
At 12:49 2/2/2009 -0500, you wrote: Hello Sniffer Folks, We've noticed that folks often have trouble getting Clam AV (the free open source anti-virus scanner) working correctly on their mail servers, so we've created a free product to help solve that. ClamAID (Clam AV Assisted Install Device). http://www.armresearch.com/tools/arm/clamAID.jsp What ClamIAD does is collect all of the bits and pieces that make ClamAV work, configure them, install them, and get them running with your email / filtering platform. So far ClamAID supports IceWarp, Declude/IMail, and Declude/SmarterMail. We will add support for additional platforms as requested (time permitting). Is an mxGuard/IMail version in the works? -- Kirk Mitchell-General Managermi...@keyconn.net Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: SPAM Storm?
At 06:19 PM 3/19/2007 -0400, Computer House Support wrote: Is it me, or is there an unbelievable spam storm going on this afternoon?? We got a fairly heavy burst this afternoon originating from an APNIC 210.x.x.x block. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: DNSBL
At 07:19 PM 2/28/2007 +0100, Alberto Santoni wrote: Hello does someone have heavy problems with the DNSBLs? I have Imail server 2006.1 + mxguard + messagesniffer and it is since about a week that my server has almost always the CPU at 100%. I have stopped the check for all DNSBL but nothing has changed! - What makes you suspect DSNBL? - Have you seen an increase in the overall number of messages going through? - Are you using the sniffer persistant instance? - Check to see that the imail\spool\mx-pid folder isn't filling up. I'm running IMail 7.06/mxGuard/Message Sniffer and at times when I've had problems the solution has been to empty that mx-pid folder. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: DNSBL
At 01:16 PM 2/28/2007 -0700, [EMAIL PROTECTED] wrote: You definitely want to be running in persistent mode. I automated that whole process a while back after upgrading to Win2003. It deletes the .tmp .gse files a couple times per day. It flushes out the spool and spam folder for anything older than 5 days. In the good ol' days, I used to manually do all that at least once a day. The old 2000 install had some corrupt files and I couldn't automate anything, yuck! I'm still on Win2k. I've been able to automate emptying the mx-pid folder periodically, downloading sniffer updates, and uploading/dating sniffer logs nightly. I could also automate dumping the .tmp and .gse files periodically(may give that shot), not sure how I could do the clean out files after 5 days thing though. I'm assuming you're talking about the scattered extra .smd files. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: DNSBL
At 03:19 PM 2/28/2007 -0700, [EMAIL PROTECTED] wrote: C:\WINDOWS\system32\cmd.exe /c c:\imail\isplcln -n 5 -l 10 Above is the command I use in scheduled tasks. Make sure you have ispcln.exe on your system. I can't remember whether it came with Imail or I had to download it somewhere. Looking through IPSwitch's support knowledgebase, it appears that isplcln.exe has been part of IMail since 5.x, but I was never aware of it. Thanks. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Uploading problems
At 09:35 PM 12/8/2006 -0500, K Mitchell wrote: At 02:11 AM 12/9/2006 -, Serge wrote: Hi Pete all after 200 PORT command successful. Consider using PASV. I am getting 425 connection failed Is this another FW issue ? would you please share the batch script you use with wput to upload logs on pasv mode Forgot to add in my previous post; I used the wputrc file included with wput to make a wput.ini file in which I specified PASV ;connection_mode = pasv -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Uploading problems
At 09:35 PM 12/8/2006 -0500, K Mitchell wrote: I've just finished putting mine all together. Each of the components have been tested individually, tonight shortly after midnight will be the first test of it in it's entirety. In the way of explanation, here's what I'm doing each night shortly after midnight: - moving the current logfile to a subfolder, thus rotating the logfiles - renaming the file to add the date -this uses the Namedate utility I found at http://www.informatics-consulting.de/software/namedate.htm - uploading the file - moving the file to yet another subfolder -this is because the upload script uses * to cover the date variable, so it wouldn't be good to have 2 or more dated files in the same folder - sending myself an email confirming that the process has completed successfully This didn't quite work as planned. Apparently wput doesn't recognize variables in the filename, so I had to swap some lines and do the upload before the renaming to add the date. I had been hoping to date it before sending so that, in the odd chance that my prior log hadn't been processed yet, the new file would have a different name and upload with no problems. I'll just have to hope that my logs get processed within 24 hours. Here's the new .cmd file: @echo off c: cd c:\imail\sniffer move c:\imail\sniffer\licenseID.log logs cd c:\imail\sniffer\logs wput -nd licenseID_*.log ftp://snifferlog:[EMAIL PROTECTED] echo Log upload completed! sniffupld.txt namedate /UYO-1Z:ymd licenseID.log echo Log dated! sniffupld.txt move c:\imail\sniffer\logs\licenseID_*.log sent echo Log moved to Sent folder! sniffupld.txt c:\imail\imail1 -f c:\imail\sniffer\logs\sniffupld.txt -s Sniffer log upload on %COMPUTERNAME% -t [EMAIL PROTECTED] -u sniffer -h yourdomain.net echo Confirmation emailed! del c:\imail\sniffer\logs\sniffupld.txt :Done -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Uploading problems
At 12:37 AM 12/9/2006 -0500, K Mitchell wrote: wput -nd licenseID_*.log ftp://snifferlog:[EMAIL PROTECTED] Sorry, this line now becomes: wput -nd licenseID.log ftp://snifferlog:[EMAIL PROTECTED] -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Uploading problems
At 06:53 PM 12/3/2006 -0500, Pete McNeil wrote: Hello K, FTP access for log files is restricted for security reasons. The information your provide below shows you attempting to do a number of things that are not allowed - for example, directory listings. It is possible that the system disconnected you for security reasons (thought I doubt it). Uploading log files should be very simple. That's what I thought, but for some reason it no longer works as well as it used to. Up until a couple of months ago, I never had any issues uploading logfiles. Then I started getting periodic transfer failures that increased in frequency until I'm at the point now where nothing seems to work. Connect, login, put your file. Since my FTP program hasn't seemed to be able to get log files uploaded, I tried uploading via the command prompt on my mail server... ftp open ftp.sortmonster.net Connected to www.sortmonster.net. 220 Hello. User (www.sortmonster.net:(none)): 331 Please specify the password. 230 Login successful. ftp ftp bin 200 Switching to Binary mode. ftp hash Hash mark printing On ftp: (2048 bytes/hash mark) . ftp send mylogfile061203.log 200 PORT command successful. Consider using PASV. 150 Ok to send data. At this point it just hangs, no transfer occurring. In the event that it might be transferring but not displaying the hash marks, I left it sit for over 30 minutes(10mb logfile)...nothing. I'm not sure what else to try. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Uploading problems
At 10:22 PM 12/7/2006 -0500, Pete McNeil wrote: Hello K, At this point it just hangs, no transfer occurring. In the event that it might be transferring but not displaying the hash marks, I left it sit for over 30 minutes(10mb logfile)...nothing. I'm not sure what else to try. What you've described usually goes along with a firewall problem. Firewalls and FTP are always a challenge. What seems to be happening is that the command channel is working fine, but when it's time to set up the data channel that fails- and so you don't get any data. There is no firewall. I have TCP port filtering set up on the machine, but both 20 and 21 are open. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Uploading problems
At 11:16 PM 12/7/2006 -0700, Jay Sudowski - Handy Networks LLC wrote: Give this a try: http://www.ncftp.com/download/ Just did about 5 minutes ago. It won't run without specifying a destination directory, and sortmonster ftp won't allow any directory settings. Thanks though :o) -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Uploading problems
Still having issues uploading my log files. Sometimes the uploads go smoothly, other times it starts the transfer, then errors out partway through. Here's a log of yet another failed transfer; connecting to 207.97.229.114:21 Connected to 207.97.229.114 port 21 220 Hello. USER snifferlog 331 Please specify the password. PASS (hidden) 230 Login successful. PWD 550 Permission denied. SYST 215 UNIX Type: L8 Host type (S): UNIX (standard) TYPE A 200 Switching to ASCII mode. PORT 63,175,74,17,12,152 200 PORT command successful. Consider using PASV. LIST 550 Permission denied. ! Retrieve of folder listing failed (0) sending logfile01.log as logfile01.log (1 of 2) TYPE I 200 Switching to Binary mode. PORT 63,175,74,17,12,154 200 PORT command successful. Consider using PASV. STOR logfile01.log 150 Ok to send data. ! Send error: connection reset Transmitted 27779584 bytes in 930.4 secs, (292.72 Kbps), transfer failed ! Receive error: Blocking call cancelled -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Increase in spam
I've been seeing a massive increase in spam over the last 2 days getting through with minimal scores. Could this be due to the drawback of the filter involved with false positives, or something else? -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Log uploading issues
In order to keep my log files more orderly, I rotate them at 12:01 each morning with the previous day's log named for that day. Every few days I manually upload them to ftp.sortmonster.net File sizes run 8-11mb on average. Until recently, I've never had any noticible issues doing it this way. Recently, however, I've been getting a large number of stuck uploads and transfer failures. Nothing's changed at my end of the transfer; same FTP client, same settings. Has something changed at your end that I need to take into account. -- Kirk Mitchell-General Manager[EMAIL PROTECTED] Keystone Connect Unlock Your World Altoona, PA 814-941-5000 http://www.keyconn.net # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]