Sniffer is doing its job well, but I am nearly overwhelmed by the load - to the point where I might have to turn sniffer off to reduce my processing footprint. I've already commented out INVURIBL.
My customers don't like lag at all. That being said, I wonder how I can better protect myself from botnets. Do you think that if I parsed the sniffer / declude logs and harvested IPs that sent me X pieces of mail rating a ridiculous score of X and then adding them to an internal RBL or blacklist would make a difference? Or are these botnets too varied and well managed for that to make a difference? Looking in my SmarterMail connects and blocks, I see that it is fairly proficient at not getting caught by my e-mail harvesting block settings. Hmmm. -- Michael Cummins -----Original Message----- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Pete McNeil Sent: Monday, May 10, 2010 1:15 PM To: Message Sniffer Community Subject: [sniffer] Re: Volume spike Mon 9AM EST On 5/10/2010 12:23 PM, Darin Cox wrote: > Hi Pete, > > No. Not leakage. Sniffer et al are doing their job well. > > Just a large spike in incoming spam volume. It settled down for us by about > 11am. > I checked on telemetry and found a mixed bag -- some systems were up quite a bit-- others were nominal. We have seen a few new storms come though too... but other than that a reasonably normal Monday. _M -- Chief Scientist ARM Research Labs, LLC www.armresearch.com ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>
