AIL PROTECTED]>
To: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
Sent: Thursday, July 29, 2004 11:49 AM
Subject: Re[2]: [sniffer] Effectiveness (lately)
On Thursday, July 29, 2004, 11:48:58 AM, John wrote:
JTL> I have also noticed an increase in the amount of spam that go
lmachoff (Lists)
> Subject: Re[2]: [sniffer] Effectiveness (lately)
>
> On Thursday, July 29, 2004, 11:48:58 AM, John wrote:
>
> JTL> I have also noticed an increase in the amount of spam that got
through,
> JTL> mainly on gatewayed domains. I did forward a bunch in the last 18
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On
> Behalf Of Pete McNeil
> Sent: Thursday, July 29, 2004 8:50 AM
> To: John Tolmachoff (Lists)
> Subject: Re[2]: [sniffer] Effectiveness (lately)
>
> On Thursday, July 29, 2004, 11:48:58 AM, John wrote:
>
> JTL> I have also not
nt: Saturday, July 31, 2004 1:48 PM
> To: John Tolmachoff (Lists)
> Subject: Re[2]: [sniffer] Rule Strengths
>
> On Saturday, July 31, 2004, 3:32:46 PM, John wrote:
>
> JTL> (Moved to list)
>
> JTL> Thanks, got it.
>
> JTL> This is my current lines, do I need
On Tuesday, September 14, 2004, 11:41:48 AM, Corby wrote:
AC> To which addresss should I send these?
AC> Also, I mis-stated the spam. They were not plain text, but
AC> html, but clearly have many "classic" spam attributes. I will
AC> send them along, but need to know where.
Please zip them an
On Tuesday, September 14, 2004, 11:48:43 AM, Corby wrote:
AC> I suppose everyone's userbases have differenent
AC> requirements. An ISP or private enterprise might worry about
AC> false postives on "horny teenagers" and "penis enlargement", but
AC> for our local government agency, it causes proble
On Wednesday, September 15, 2004, 11:29:19 AM, Jim wrote:
JM> Pete,
JM> What about the Spam that seems to have been slipping through recently? I
JM> have submitted half a dozen or so in the last 24 hours and I am still
JM> getting copies. I also loaded the new version of sniffer yesterday but th
On Saturday, September 18, 2004, 9:07:55 PM, Matt wrote:
M> John,
M> If you read this more carefully, I was not suggesting that
M> action betaken that would affect everyone's system in such a way
M> that it wouldrequire modifications. The 60 result code was
M> recently changed fromGray rules to
On Saturday, September 18, 2004, 11:22:02 PM, Matt wrote:
M> Thanks Pete, but let me just stress the largest issue that I see and I
M> think you already are aware of it. The new IP classification is the
M> most likely to produce false positives and it's result code of 60 places
M> precedence of t
The current default is 1.0, but I've been thinking of changing that to
0.8 based on recent changes in spammer behavior. Perhaps we can try
that and then make further adjustments later.
Send a note to support@ if you want to do this.
Thanks!
_M
On Sunday, November 7, 2004, 7:50:24 PM, Brian wrot
Hello SniffMe,
Thursday, November 11, 2004, 2:38:05 AM, you wrote:
S> One thing to consider before making the Imail -> MDaemon jump
S> (or similar mailservers) ... When I evaluated MDaemon, I noticed
S> that messages are stored in individual .msg files inside the user's
S> mailbox directory. Im
On Sunday, November 28, 2004, 7:55:31 PM, Scott wrote:
SF> Pete,
SF> I forward all my messages from '[EMAIL PROTECTED]' to
SF> trigger my update. If my renewal notice is sent from the same
SF> address I will not receive it. Can you send me a update
SF> notification email or let me know what els
requently triggered tests).
Andrew 8)
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 30, 2004 9:56 AM
To: Chuck Schick
Subject: Re[2]: [sniffer] Recent SPAM
On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote:
CS> Yes,
CS> I have seen
r 30, 2004 9:56 AM
> To: Chuck Schick
> Subject: Re[2]: [sniffer] Recent SPAM
>
> On Tuesday, November 30, 2004, 12:45:27 PM, Chuck wrote:
>
> CS> Yes,
>
> CS> I have seen three pieces of spam over and over again - two for drugs
and one
> CS> porn. I am running
On Thursday, December 2, 2004, 4:15:43 PM, Jim wrote:
JM> Pete,
JM> We have rules setup in declude based upon sniffer return codes 60 and 62 to
JM> mark all messages with those tests as spam, however we do not have any 61 or
JM> 62 return codes setup. Can you briefly explain what each of these gr
On Friday, December 3, 2004, 8:53:26 AM, Joe wrote:
JW> OK, I'm confused. First I admit I don't spend much time on Sniffer or
JW> Declude settings, and I haven't learned the programs very well.
JW> I used the default Sniffer config files. If I changed as indicated below
JW> will it catch more S
On Friday, December 10, 2004, 1:11:48 PM, Rick wrote:
RR> it's the 'definition' of what is my rulebase that is unclear here.
RR> Specifically, if I add a domain name in the file 'whitelist.sender' in my
RR> mxguard directory (under my imail directory), will this be recognized
RR> without restarti
place?
- Original Message -
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Marc Hilliker" <[EMAIL PROTECTED]>
Sent: Wednesday, December 15, 2004 4:11 PM
Subject: Re[2]: [sniffer] Few questions
On Wednesday, December 15, 2004, 2:42:55 PM, Marc wrote:
MH> Pete
]
On Behalf Of ~ ROB @ ZELLEM ~
Sent: Wednesday, December 15, 2004 2:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Re[2]: [sniffer] Few questions
hey guys..
when you talk about getting emails about the file being old.. well i have
the file for a week now and did not get any kind of email about this
ED]
On
> Behalf Of ~ ROB @ ZELLEM ~
> Sent: Wednesday, December 15, 2004 1:25 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Re[2]: [sniffer] Few questions
>
> hey guys..
>
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscripti
Pete,
FWIW, it appears that I just had a bad download. I re-downloaded it, and
it's running w/o errors. Thx.
---
Marc
MH> I downloaded the sniffer demo a couple of days ago and finally installed
it
MH> to run as an external test w/Declude today. I ran it all morning w/o any
MH> problems. This
Title: Re: Re[2]: [sniffer] Sniffer Updates
Automate harassment reminders to those of us not using it. :)
I think I'll go enable gzip tonight
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: Landry William
Sent: Mon Dec 27 12:36:06 2004
Su
Title: Re: Re[2]: [sniffer] Sniffer Updates
Does anyone have any good instructions on how to
modify your update scripts to use gzip?
Jim Matuska Jr.Computer Tech2, CCNANez
Perce TribeInformation Systems[EMAIL PROTECTED]
- Original Message -
From:
Tom Baker |
Netsmith
Title: Re: Re[2]: [sniffer] Sniffer Updates
See http://www.sortmonster.com/MessageSniffer/Help/AutomatingUpdatesHelp.html for
some sample scripts.
Bill
-Original Message-From: Jim Matuska
[mailto:[EMAIL PROTECTED]Sent: Monday, December 27, 2004 10:51
AMTo: sniffer
Title: Re: Re[2]: [sniffer] Sniffer Updates
I made this one, which is probably also somewhere on the
sniffer site. Change directories and keys for your use:
d:
cd\Batch Files\Sniffer
wget http://sniffer:[EMAIL PROTECTED]/Sniffer/Updates/.snf -O .snf.gz --timestamping
--header=Accept
On Tuesday, December 28, 2004, 12:49:21 PM, Jim wrote:
JM> I agree that something needs to be done about the update scripts that are
JM> inadvertently downloading the full rulebase all the time. I didn't even
JM> know it but we were doing this until I went through our update script again
JM> this
On Tuesday, January 4, 2005, 6:06:00 PM, Rick wrote:
RR> I've sure been seeing it. My db updates are triggered off email update
RR> notices from sniffer, so I know I have the latest.
RR> Feels like something's gone wrong with sniffer due to the year change.
We are definitely experiencing a spam
On Tuesday, January 4, 2005, 6:13:24 PM, Matt wrote:
M> I've noted that dictionary attack type spam is generally of this
M> variety, and while you are probably blocking a great deal of this, the
M> sheer volume makes it look like you aren't doing that well against it.
M> I've also noted that the
Yep, just checked mine rulebase too, went from 17mb to just under 25mb.
Things still appear to be functioning okay.
Bill
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 04, 2005 9:49 PM
To: Computer House Support
Subject: Re[2]: [sniffer] RuleBase
5, 2005 12:28 PM
To: GlobalWeb.net Billing
Subject: Re[2]: [sniffer] RuleBase ktk82hrr
On Wednesday, January 5, 2005, 10:39:19 AM, GlobalWeb.net wrote:
GnB> Ours went from 11mb to 5mb with AUTH errors now...am looking into
it
Auth errors most likely indicate a bad download. Be sure to
On Saturday, January 8, 2005, 12:45:50 PM, Kirk wrote:
KM> I've gone through some and haven't found any commonality by sender, etc,
KM> but it seems that some are getting through that I'd have expected to get
KM> triggered on the subject line alone. For example:
KM> Tadalafil Soft Tabs - Great
On Saturday, January 8, 2005, 12:47:21 PM, Kirk wrote:
KM> Is there any tool available with which to analyze sniffer logs to get any
KM> kind of count on the number of hits, etc?
Here's one way
http://www.sawmill.net/formats/Message_Sniffer.html
_M
This E-Mail came from the Message Snif
On Monday, January 10, 2005, 12:38:45 AM, Kirk wrote:
KM> I would like to attack this more aggressively. The increase we've seen in
KM> spam getting through over the last week has brought on a dramatic increase
KM> in customer complaints. What different approaches might I be able to take?
I'm
On Monday, January 10, 2005, 11:34:44 AM, Matt wrote:
M> I just wanted to add some stats that I thought might be of
M> some use here. I gathered info on my block rates over the past
M> three days and compared my Sniffer hits to them. There has been no
M> measurable change to my system with an a
On Monday, January 10, 2005, 7:17:29 PM, Andrew wrote:
CA> Pete, I thought that you had said at one point that SortMonster fetches
CA> one or more SURBL zones and incorporates those as spam data for Message
CA> Sniffer?
CA> It seems like a great idea to me. But then, from my distance, a lot of
C
On Saturday, January 29, 2005, 9:15:23 PM, Glenn wrote:
GR> This is question is a little off subject, but do you have any
GR> recommendations for Imail queue manager settings? We are running Sniffer
GR> with declude 1.82 under Imail 8.15 and the server seems to bog down
GR> sometimes.
It is likel
On Monday, January 31, 2005, 12:28:00 PM, Landry wrote:
LW> Well, after a second look (reviewing the headers), it looks like the message
LW> got hung-up in the convoluted mess of internal mail gateways that Siemens
LW> maintains (which I have no control over). Sorry for the noise...!
Whew! Thou
On Monday, February 14, 2005, 2:37:20 PM, Andy wrote:
AS> If I may suggest:
AS> - at least 24 hours before the cut-over, change DNS timeout for "A" and
AS> CNAME records to 4 hours.
AS> - on the day of the cutover, change DNS timeouts to 1 hour
AS> That will minimize any impact.
AS> - after the
On Wednesday, February 16, 2005, 3:55:57 AM, Bonno wrote:
BB> Hi,
BB> [...]
>> This is a _special_ reminder that we are in the process of migrating
>> our servers and applications to a new facility.
BB> []
>> See you on the other side ;-)
BB> Looks like sniffer is now "on the other side".
On Friday, February 18, 2005, 1:55:00 PM, Andy wrote:
AS> Hi,
AS> You know of this one:
AS> http://www.mailmage.com/products/software/freeutils/MilterSink/webhelp/milte
AS> rsink_help.htm ?
Well, yes, and I'd love to put it out there. Perhaps I'm missing
something obvious but there doesn't seem
On Friday, February 18, 2005, 7:23:03 PM, Matt wrote:
M> Sanford Whiteman wrote:
>>Incidentally, it is a transport sink, not a protocol sink, meaning
>>that envelope rejection is not possible. I can't defend this as solely
>>a choice made for stability, as it was also a choice necessitated
On Saturday, February 19, 2005, 1:20:39 AM, ron wrote:
rdc> Hi folks,
rdc> I think I have ended up on some sort of private email list. Can you please
rdc> remove [EMAIL PROTECTED] and [EMAIL PROTECTED] from your mail list.
I found and removed [EMAIL PROTECTED] from the Message Sniffer
support li
CTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Pete McNeil
Sent: Saturday, February 19, 2005 2:25 PM
To: Matt
Subject: Re[2]: [sniffer] Seperate Lists?
On Saturday, February 19, 2005, 2:05:09 PM, Matt wrote:
M> Pete,
M> Being guilty of being 'chatty' myself, I still second this id
om: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Friday, April 01, 2005 11:17 AM
To: Keith Johnson
Subject: Re[2]: [sniffer] Persistent Sniffer
On Friday, April 1, 2005, 8:04:27 AM, Keith wrote:
KJ> I have read forum results that this behavior is the reverse of wha
On Tuesday, May 10, 2005, 12:12:40 PM, Computer wrote:
CHS> Comcast messages still getting caught. Even after adding the panic rule.
CHS> Even this mail from the list got caught. Can you update my rulebase?
Hmmm... Be sure the format is correct and that it is not commented
out.
All rulebases a
On Tuesday, May 10, 2005, 12:31:18 PM, Erik wrote:
E> Pete,
E> Is this in the "beta"/"free" release of Sniffer rules?
It may not be --- it's new enough that it may have been excluded from
the demo rulebase. To make sure you should make a quick scan of your
SNF log file for that rule number. In an
On Tuesday, May 10, 2005, 12:45:53 PM, Computer wrote:
CHS> Mail from Comcast is still getting caught, even with the panic rule in
CHS> place. Any suggestions?
* be sure you have updated .cfg
* be sure your entry is in the correct format. You will find examples
at the bottom of your .cfg file w
On Tuesday, May 10, 2005, 12:41:42 PM, Matt wrote:
M> Warning!
M> When you add a RulePanic entry and are running Sniffer in persistent
M> mode, you have to restart the service for it to take effect.
You can also issue ".exe reload"
M> Pete, when you send out these notifications, would you ple
On Tuesday, May 10, 2005, 1:03:18 PM, Matt wrote:
M> Pete,
M> My config file was completely unedited, i.e. every setting was commented
M> out. I verified that one and a half hours after the config change this
M> rule was still hitting until I had restarted the service. Maybe there
M> is a bug i
On Tuesday, May 17, 2005, 1:44:30 PM, Jim wrote:
JM> Pete,
JM> Is there a possibility of setting up another return code for
JM> situations such as this such as a blacklist rulecode that only has
JM> rules for messages such as these that should be blacklisted
JM> immediately. I wouldn't mind set
On Tuesday, May 17, 2005, 3:27:13 PM, Matt wrote:
M> Pete,
M> Your memory fails you :) I reported one just yesterday,
M> however it was understandable. The rule is below (slightly
M> obfuscated for public consumption).
MB>> Final
MB>> RULE 349776-055: User Submission, 13 days, 3.1979660500
Hi Joe,
Yeah, we had talked about buying the low cost Declude Virus/JM
versions and then letting Sniffer hook into those as well as then
hooking with SmarterMail...
That's an option for you too.
-jason
- - - - - - - - - - - - - - - - - - >
Wednesday, June 1, 2005, 7:02:30 PM, you w
On Monday, June 6, 2005, 5:50:38 PM, Dave wrote:
DK> Same exact IP here!
We've got a couple of rules for this now -- making the rounds as new
compiles go out.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortm
On Wednesday, July 20, 2005, 12:05:29 PM, John wrote:
JC> Thanks, that helps a lot. Didn't understand the replace "nonzero" with the
JC> weight number in the Global file.
Minor correction...
Actually -- you replace "nonzero" with the result code.
You adjust the weights at the end of the line as
On Thursday, July 21, 2005, 12:01:32 PM, Darin wrote:
DC> I thought we were supposed to just forward these as attachments to the spam@
DC> address?
We're trying to move away from that :-)
poping the messages is more scalable.
_M
This E-Mail came from the Message Sniffer mailing list. For inf
On Thursday, July 21, 2005, 1:12:18 PM, Dan wrote:
DH> That helps to tune the overall rulebase, but this tunes MY rulebase to
DH> the types of spam that we receive. If I send it to the spam@ address it
DH> may or may not get added to the rulebase. Done this way, I KNOW it is
DH> going to be adde
eil
> Sent: Tuesday, September 13, 2005 4:45 AM
> To: John Tolmachoff (Lists)
> Subject: Re[2]: [sniffer] False positive
>
> I have your response in my sent folder.
>
> I will send it again..
>
> _M
>
> On Monday, September 12, 2005, 8:37:52 PM, John wrote:
&g
We've been head-to-head with these guys for a while now. For example,
they have pioneered a new form of obfuscation that we have been
developing abstract rules for since their first campaign a few weeks
ago.
The obfuscation technique is column obfuscation which involves
using CSS float left style
On Tuesday, October 4, 2005, 2:07:10 PM, John wrote:
JTL> Work on one thing at a time.
Good advice...
JTL> Leave Sniffer in persistent mode and work on the threads.
JTL> You have it at 15 now, and things are backing up. Turn it
JTL> up to say 25 and see what happens.
I just want to add that
On Monday, October 10, 2005, 11:46:36 PM, support wrote:
s> Dear Pete,
s> We had to reinstall Imail, and now I am not seeing any more TMP files in the
s> spool folder. Everything seems to be working OK, but I miss those sweet
s> little TMP files. Should I be concerned? What may have changed?
On Tuesday, October 11, 2005, 1:19:01 PM, Matt wrote:
>
Pete,
You're one of those "Reply-All" people aren't you :)
FYI, I had a customer press Reply-All on a message with 1,880 recipients on Thursday...he still can't use his account. The number of recipients uncovered a bug in more tha
sniffer@SortMonster.com
Subject: Re[2]: [sniffer] POP Approach
Just a little "me too" here .. you're very right to be concerned
about this kind of thing. This happened to us twice (once with an
inbound gateway server, and once with a primary POP box). It was
nothing short of devast
Hello Pete,
Are you going to implement something similar for false positives?
Thanks,
Daniel
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
> Sent: Friday, October 14, 2005 12:32 AM
> To: William Van Hefner
On Monday, December 5, 2005, 3:33:33 PM, Andrew wrote:
>
I had the same question, but more specifically:
Is is helpful for sniffer trap (spam and user trap) submissions to skip, or to include messages on which sniffer already hits.
It's best for those messages to be removed. The tr
On Monday, December 5, 2005, 3:38:14 PM, Andrew wrote:
>
(nuts, to fast on the "Send" button).
... plus, future hits on spam that is already detected can accumulate hits on, say, SNIFFEREXPIP that weren't already hitting. Therefore, trying to save bandwidth and processing power over at
TECTED]>
To: "Darin Cox" <[EMAIL PROTECTED]>
Cc: ; <[EMAIL PROTECTED]>
Sent: Wednesday, January 18, 2006 1:40 PM
Subject: Re[2]: [sniffer] False Positives
On Wednesday, January 18, 2006, 8:54:49 AM, Darin wrote:
DC> Agreed. We counted 100 false positives yesterday,
On Monday, January 30, 2006, 11:07:26 AM, Michiel wrote:
MP> G'day,
MP> I'm just wandering... what CAN be done about this? If I send an embedded
MP> picture to someone, how's sniffer gonna see the difference between my
MP> holiday picture and the stock spam?
MP> I reckon it's gonna be tough to b
I do most humbly apologize,
It was my intention to do it immediately, however I became embroiled
in related support issues and was delayed.
I don't expect more of these, but I will make announcing their
discovery the next event after removing them from the system.
Thanks,
_M
On Tuesday, Februa
Somebody please tell me I'm doing something wrong here. I use this
expression in Baregrep "Final\t828931" and it yields 22,055 matching
lines across 3 of my 4 license's log files.
Since this is set to my hold weight, I'm assuming that means I've had
22,055 holds on this rule?
--
Best regards,
D
Hello Matt,
Tuesday, February 7, 2006, 6:27:25 PM, you wrote:
M> rule number, and I don't have the tools set up or the knowledge of grep
M> yet to do a piped query of Sniffer's logs to extract the spool file names.
http://www.baremetalsoft.com/ is a great grep'er for windows. In BSD I
always use
I've had an internal note that our colo provider is working on a
networking problem. That's probably what you're seeing. Apparently it
doesn't effect all paths to the 'net equally and/or it may be solved
by now.
_M
On Tuesday, February 7, 2006, 5:53:35 PM, John wrote:
JC> Agreed, my last report
Hello Pete,
Tuesday, February 7, 2006, 7:43:52 PM, you wrote:
PM> The rule would match the intended spam (and there was a lot of it, so
PM> 22,055 most likely includes mostly spam.
On spot check I'm seeing about 30-40% of the messages are valid.
PM> Unfortunately it would also match messages co
On Tuesday, February 7, 2006, 7:54:10 PM, John wrote:
JC> So, in my terms (simple), this rule only catches msg if the two drug names
JC> are in that order and in all capitals, but not necessarily one immediately
JC> following the other?
That was close to the original intent. The rule would also
Hello Pete,
PM> It is theoretically possible for too many evaluators to be spawned,
PM> but highly unlikely. Most of the time, fewer than 100 are generated.
PM> It's ok for this to happen, but it is noteworthy.
PM> I will look for any rules that make this more likely than usual.
I have a monit
On Wednesday, February 15, 2006, 11:02:11 AM, Bonno wrote:
BB> Hi Pete,
BB> []
>> If you wish, it is possible to create a local black rule for any
>> geocities link. On many ISP systems this would cause false positives,
>> but on more private systems it may be a reasonable solution.
>>
BB> I
On Monday, March 6, 2006, 3:13:53 PM, Jay wrote:
JSHNL> There's been at least one FP ;)
JSHNL> --
JSHNL> Rule - 861038
JSHNL> NameF001 for Message 2888327: [216.239.56.131]
JSHNL> Created 2006-03-02
JSHNL> Source 216.239.56.131
JSHNL> Hidden false
JSHNL> Blocked fal
On Monday, March 6, 2006, 3:42:50 PM, Darin wrote:
DC> We just reviewed this morning's logs and had a few false positives. Not
DC> sure if these are due to the new rulebot, but it's more than we've had for
DC> the entire day for the past month.
DC> Rules
DC> --
DC> 873261
DC> 866398
DC>
CTED] On Behalf Of Pete McNeil
> Sent: Tuesday, March 07, 2006 6:28 PM
> To: Harry Vanderzand
> Subject: Re[2]: [sniffer] declude tests
>
> On Tuesday, March 7, 2006, 6:20:04 PM, Harry wrote:
>
> HV> I guess I am not understanding something here after all this time
>
&g
On Friday, March 17, 2006, 11:53:58 AM, John wrote:
JTL> What is the purpose of using a WIKI site?
A few things really -
* It's fast and easy to create, update, and correct the content.
Things happen quickly here and in the messaging security business in
general. It makes sense to use tools that
On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote:
DC> Nope. None of them.
DC> I haven't heard back from the replies to a couple of false positives on the
DC> 10th, and we haven't heard anything from our submissions on the 16th (6) and
DC> 17th (2). I don't remember if we've heard anything f
Hello John,
Tuesday, June 6, 2006, 7:25:33 PM, you wrote:
>
>
>
> My thought is they are either building a db of valid names or testing
> delivery techniques.
I've got a few theories on this... but the most likely is that this is
just another one that got away from them. There are se
Hello Darin,
Wednesday, June 7, 2006, 7:31:29 AM, you wrote:
>
>
> The one issue with this I have is
>
>
>
> 1) Forward full original source to Sniffer with license code.
>
> If we could do it without the license code, it would be much
> easier to automate on our end. I already ha
Hello Scott,
Wednesday, June 7, 2006, 10:08:58 AM, you wrote:
>
>
> For me the pain of false positives submissions is the research
> that happens when I get a "no rule found" return.
>
>
>
> I then need to find the queue-id of the original message and then
> find the appropriate Snif
Hello Darin,
Wednesday, June 7, 2006, 5:14:02 PM, you wrote:
>
>
> Oh, I assumed the rule had been removed. Are you saying there was
> a rule in place, but the FP processing somehow failed to find it?
> If so, I'd say that is a major failing on the part of the FP processing.
>
>
>
>> This also got me thinking of the flip side, spam reporting. There's a
>> significant untapped load of spam that sniffer doesn't fail that we
filter.
>> I was thinking about creating a filter to copy your spam@ address with
>> messages that get moved to our archive (we archive held spam for 30 d
Thanks for the response George but I am still confused.
When I go into Spam Filter I am putting the domain that I want whitelisted
into the appropiate tab. There dont appear to be any "stop processing messages"
tickboxes.
In my Content Filter I just have the 3 sniffer rules. Is there some
ne.
Good luck!
- Original Message -
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Tom Baker|Netsmith Inc" <[EMAIL PROTECTED]>
Sent: Friday, June 11, 2004 11:15 PM
Subject: Re[2]: [sniffer] automate sniffer updates
> Definitely the most strongly r
trivity Network Operations
- Original Message -
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Bonno Bloksma" <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 9:43 AM
Subject: Re[2]: [sniffer] A few notes...
> On Tuesday, July 27, 2004, 4:42:26 AM, Bonno wrote:
>
On Wednesday, September 1, 2004, 11:34:16 AM, Landry wrote:
LW> Haven't seen it here, but sounds like it could possibly be some kind of
LW> permissions issue. What account is the script running under, and what are
LW> the permissions on the file?
LW> In my master.cf file (user=snfilter):
LW> s
On Monday, September 13, 2004, 10:20:06 PM, Keith wrote:
KJ> Pete,
KJ> I take it this can be run without the persistent mode? Thanks for the aid.
Yes. It is no different than the current version except for the patch.
_M
This E-Mail came from the Message Sniffer mailing list. For infor
Pete, I started running the new code this morning, and so far, so good.
I'll let you know if I see anything strange.
Bill
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 14, 2004 8:56 AM
To: Agid, Corby
Subject: Re[2]: [sniffer] Surprising m
-Original Message-
From: Pete McNeil [mailto:[EMAIL PROTECTED]
I've actually been thinking very strongly of reorganizing the rule group IDs
recently. Especially in light of the new changes we've made with robots et
al. The accuracy of the Experimental IP group has gone up considerably -
On Tuesday, October 12, 2004, 12:16:16 PM, Frederick wrote:
FS> Link not working
Please try again, I copied the wrong link initially.
I've corrected the problem at the server.
Thanks,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instruction
On Wednesday, October 20, 2004, 12:19:12 PM, Jorge wrote:
>> I am particularly interested to hear from MDaemon users who should
>> realize a multi-fold improvement in processing speed by using this
>> new version of persistent server. This is one of the critical goals
>> of these modification
On Wednesday, October 20, 2004, 4:03:15 PM, Jorge wrote:
>>If you fire up Task Manager on a windows machine (or your favourite ps tool
>>elsewhere), and set the View, Update Speed to High, then sort by the name in
>>reverse, you will see multiple sniffer.exe and one with a PID that doesn't
>>chan
On Sunday, October 31, 2004, 9:45:19 PM, Andrew wrote:
CA> For what it's worth, another two lessons I learned:
CA> If you start a persistent instance, then delete or rename your rulebase,
CA> when you issue a reload, you get this in your log:
CA> snfrv2r3 20041031022545 -INITIALIZING- 0 0 E
On Sunday, October 31, 2004, 11:33:49 PM, Andy wrote:
AS> 1. on 10:28 5:46PM I downloaded and installed the new Sniffer version.
AS> 2. I just ran:
AS> D:\IMAIL\Sniffer\Win32>mylicense.exe myauthcode rotate
-->> this had no effect
AS> D:\IMAIL\Sniffer\Win32>mylicense.exe myauthcode stop
AS> D
counted. - Albert Einstein
_
- Original Message -
From: "Pete McNeil" <[EMAIL PROTECTED]>
To: "Scott Fosseen" <[EMAIL PROTECTED]>
Sent: Sunday, November 28, 2004 7:42 PM
Subject: Re[2]: [s
; <[EMAIL PROTECTED]>
Sent: Sunday, November 28, 2004 8:42 PM
Subject: Re[2]: [sniffer] Not Getting Updates
On Sunday, November 28, 2004, 7:55:31 PM, Scott wrote:
SF> Pete,
SF> I forward all my messages from '[EMAIL PROTECTED]' to
SF> trigger my update. If my renewal notice
Hi Pete,
The false positive rates for all of these rule groups have fallen
dramatically over the past 8 months and at this point they are all
comparable. Different systems see different rates, but all rates are
low.
Yup, I used to rate the sixties series different in declude but I have
stopped to
101 - 200 of 452 matches
Mail list logo