7
Message Sniffer Support?
Idea shared by Emmet McGovern - 11/5/2014 at 7:48 AM
Completed
I thought you were adding message sniffer support in SM13?  What happened?

119 Replies

Reply to Thread
4
Employee Replied
Employee Post
Hello Emmet,
That functionality is still planned for SmarterMail 13, but will be coming in a minor release.
4
SmarterMail already supports Message Sniffer.  Here are the installation instructions:
http://armresearch.com/Documentation/Papers/InstallGuides/Smartermail.jsp
 
Just to throw in my opinion... Message Sniffer is probably the best single anti-spam tool available... period.
 
-Joe
Thanks, -Joe
0
That's fairly expensive...
0
Also that method will not work with smtp blocking will it?
0
Well depending on the license it's cheaper (or the same) than Cyren and in my opinion MUCH better than Cyren. I don't know how SmarterTools would implement Message Sniffer, but I suspect it would be the same as Cyren so the answer would be NO you couldn't use it for SMTP Blocking. But there are much easier and better ways to accomplish that if desired.

I'm not trying to sound like a commercial for Message Sniffer, but it's one of the few products out there that does exactly what they claim. When I tried Cyren it was hit and miss. Message Sniffer is rock solid at blocking even the very newest spam storms.

-Joe
Thanks, -Joe
1
Can I remove any of my other checks once message sniffer is installed?
0
While you can use MS through command line or other tools, its not as ideal as direct integration assuming SM is going to use the SDK method for integration. That said... no matter how you use it, it is the single best spam prevention we use. We don't even weight on it, we just delete.
0
No, you should still use your other checks. We just delete on positive which eliminates a majority of the spam, then let the rbls and uri's clean up the rest.
0
I don't know your configuration, but I would keep a few RBL's like zen.spamhaus.org, and b.barracudacentral.org and bl.spamcop.net. I would also keep the Reverse DNS test. Enable SMTP Blocking and set your Incoming Threshold to a value that would require at least 2 of the above tests to FAIL. So if all of the above were weighted at 10 then set the SMTP Blocking Threshold to 20. That way you never block a valid message, but you'll reduce the load on your server considerably since about 2/3 of the spam will simply be blocked by using these very reliable RBL's and the rDNS. Never block on any one test.

Additionally I'd add three URIBLS... dbl.spamhaus.org, multi.uribl.com, and multi.suribl.com and keep a weight of half an RBL... so in my above example they would keep a weight of 5.

You can keep other tests like SPF, DKIM, but never give them a negative weight for passing, and only a slight weight for failure.

Then if you add Message Sniffer to your SpamAssassin-Based Pattern Matching and you will virtually ELIMINATE all spam and have a near zero false positive rate.

One other suggestion... never set a spam weight action that would Delete a message. That leaves messages unaccounted for (neither the sender nor receiver know about the message) and could put you in a very bad legal liability position.

Best of luck,
-Joe
Thanks, -Joe
0
My setup now is basically 90% exactly what Bruce recommends in his spam document. I am also currently running a full blown SpamAssassin that has helped immensely with reducing spam. I was able to tweak the default scores to get the best results.

I want to get away from that though as we are getting false positives, not many but still.

I am goign to remove my spam assassin setup and substitute it with MS.

I'll test for a month and see if we want to continue.
0
Emmet, I don't know your reason for running SmarterMail. If you're running simply for yourself, or your company, and the company has made the decision to delete messages then I think that's fine. But if you provide email services for others then it's very dangerous to set an action to Delete.

Everyone is free to run their server how they see fit, and I'm not preaching here, but I would just like to point out the danger of setting spam weight action to Delete.

First, if you use good SMTP Blocking practices (use only highly accurate tests and make sure the message fails at least two tests). This will eliminate most spam, and the sender of the message is notified that their message wasn't delivered. You're covered because they were notified the message was blocked.

Once a message passes SMTP Blocking for further testing then you should really only use up to three actions. Either do nothing and deliver to the user, prefix the subject as suspected spam and deliver to the user, or hold the message in their Junk E-Mail folder. In the case of the latter we send out a report every night to each user informing them of messages held in their Junk E-Mail folder but will be automatically deleted in 14 days (via Folder Auto-Clean). But in any case the message is accounted for... it was either delivered or held. and the recipient was notified.

If the user decides to set a filter to Delete a message that's their choice and you have no liability.

If you set an action to Delete then neither the sender nor the receiver know anything about the message. There are 100% valid messages sent thru email servers that are improperly configured. It happens. If you take upon your own authority to Delete a message without notifying either the sender or recipient of the message 100% of the liability is on your shoulders.

Just my opinion,
-Joe
Thanks, -Joe
0
We use Smartermail's message archiving system wide. So all messages are backed up.

Your users must have huge junk folders!
1
What about ClamAV, is it safe to disable once MS is in place?
0
No, not really, but it really doesn't matter since it's Auto-Cleaned. Our script that sends out our nightly Quarantine Report gives users instructions on how to add any valid messages held in their Junk E-Mail folder to their Trusted Senders list which improves overall accuracy. For example, there are a few newsletters like "This is True" and "Swanni's TV Predictions" that are always listed on an RBL. Those are just a couple of examples, but many newsletters end up on RBL's. The way we have things set-up the users that want to receive those types of newsletters are notified if their held in Junk E-Mail and only have to add them to Trusted Senders one time. Other users consider them spam.

The bottom line is that most of our users really like the system. We also allow them to opt-out of receiving the report, but very few do.

We also archive ALL messages for 3 days but we don't let our customers know that. We do sell per domain Archiving service (1, 3, or 5 years) for those needing HIPAA compliance. Keep in mind if you set any spam weight action to Delete your server cannot be considered HIPAA compliant.

But once again, everyone is free to run their server the way they want to do so.

-Joe
Thanks, -Joe
0
Thanks Joe!
0
If you're using a product like SpamAssassin In A Box then you could simply add Message Sniffer to that instead of directly to SmarterMail.
Thanks, -Joe
0
Yeah that's what we were using... I will maybe attempt that later, but I was suspecting it for false positives. Doesn't MS do all I need? I am going to use the command line just till it's added natively in smartermail.
0
I know Message Sniffer claims to do virus scanning, but since it's really just a rule-set I don't have full confidence in it catching all the viruses. I'd keep ClamAV enabled. There will be no conflict between the two, and there's nothing wrong with staying safe and leaving ClamAV running.

-Joe
Thanks, -Joe
0
Message Sniffer is great, but SMTP Blocking (and Greylisting) eliminate the most spam. If you don't SMTP Block you'll be overwhelmed with spam. Take a look at your Reports, Dashboards, System Statistics, Security tab and you'll see how important it is to not accept all those messages. Just make sure to use reasonable SMTP blocking policies.

If you have good SMTP Blocking policies in place, enable Greylisting with reasonable settings, then you might be able to get good results by using Message Sniffer as the only test. I've never tried it. Give it a shot and see what happens.

-Joe
Thanks, -Joe
0
We've been using Message Sniffer since it was released back in the Sort Monster days. I haven't seen a false positive in years. Occasionally we quarantine it for review but most of the time it goes straight to the trash.
0
Well for now I am simply leaving my setup alone except for swapping SA for MS... I'll see how we do.
0
The ONE thing I'm not sure about if you use that setup is that I THINK you'll have to update your local.cf file every time SmarterMail is updated. I believe it overwrites the existing local.cf, but I am NOT sure of this.

Technically SmarterMail should NOT overwrite the local.cf (and maybe they don't, but I think they do).

-Joe
Thanks, -Joe
0
Well hopefully the next minor has the MS integration
0
Hope to have this feature implemented in SM 13 as it will help us.
0
I got a few spam over the weekend that I then used to tweak the Smartermail scoring with. So far so good though. I am seeing less spam overall I believe.
1
WARNING:  If you're running Message Sniffer via the command line and added Message Sniffer to your SpamAssassin-Based Pattern Matching local.cf file you will have to add the rules back to the local.cf file any time you update or re-install SmarterMail.
 
I set up a test, and SmarterMail overwrites the local.cf file.  I tried to make the local.cf file read-only and the upgrade threw an error.
 
So just remember to add the Message Sniffer rules back into the local.cf after any re-install or upgrade.
 
SmarterTools:  I think this is a bug.  The local.cf file should be a persistent file in any SpamAssassin installation and an sa-update, etc. should not touch that file.  I think your installer should check to see if a local.cf exists and if so do not overwrite it.
 
-Joe
 
Thanks, -Joe
0
Rather than have them worry about that, I would say it's best they focus on actual core integration in Smartermail. My hope is to see it in the next minor... Which with any luck may be sooner than later. Fingers crossed.
0
I agree that native integration will be an improvement, but the local.cf being overwritten is a bug. SmarterMail's SpamAssassin-Based Pattern Matching is just a subset of the SpamAssassin content filtering rules. System Admins may wish to add or remove weight from some of those rules or even create their own rules. The local.cf is the place to make such changes and should NOT be overwritten.
Thanks, -Joe
0
I was able to tweak SpamAssassin in a Box to increase the score for tests that I wanted.
 
How am I able to tweak the scores in Message Sniffer?
 
Also it looks a lot like Message Sniffer is using smap assassin.
0
Why do you say it uses spam assassin?
0
Just because the scoring lines added to the header looks identical to what my SpamAssassin in a box looked like.
0
How else would it be compatible with systems designed to filter on SA like headers?
0
OK but my point is how is this any better than a normal SpamAssassin install that I can tweak and fine tune.

I have not gotten DIET emails since tweaking SpamAssassin in a box to score them higher to 5.0. Now with Message Sniffer I am getting DIET emails again and they are scored 0.7 (which was the default SA score BTW)

Being that I can't adjust Message Sniffer scoring then all of a sudden it's not serving me as well as SAiab
0
You can just add the Message Sniffer rules to SpamAssassin In A Box and the weight will transfer just fine.

Take a look at the Message Sniffer lines and see what it's saying on those messages. It takes a while for Message Sniffer to adapt to your system.

You should be seeing lines like the following in the message header:
X-MessageSniffer-Identifier: C:\SmarterMail\Spool\SubSpool3\261079409881.eml
X-GBUdb-Analysis: 0, 198.57.220.30, Ugly c=0 p=0 Source New
X-MessageSniffer-Scan-Result: 55
X-MessageSniffer-Rules: 55-6399744-1835-1906-m
55-6399744-3239-3310-m
55-6399744-4726-4797-m
55-6399744-0-4899-f

Then the appropriate line passing the weight to SmarterMail:
X-SmarterMail-SpamDetail: 5.0 SNF_MALWARE Virus, worm, and exploit patterns

-Joe
Thanks, -Joe
0
How are you implementing MS?
0
I use it inside SpamAssassin In A Box, but I've modified the normal install of SpamAssassin In A Box quite a bit.

-Joe
Thanks, -Joe
0
Sorry... I was asking Steve
0
I used Joe's initial link that impliments it via command line.
0
How do I add Message Sniffer to my spam assassin in a box install? I read the instructions but they are not clear enough
0
I got it configured and running, however I am seeing this error:

ERROR_MSG_XHDRi: Drop Msg XHDR injector can't remove original!

Even though the temp folder has everyone permissions
0
Looking forward to this...
0
Turns out somehow the plugin I downloaded was old. Got the latest version from Linda Pagillo, thanks so much!! Issue resolved.
0
Just FYI, if you're using SpamAssassin In A Box and want to use Message Sniffer the easiest way to do it is to follow the SmarterMail instructions for Message Sniffer, but simply add the rules to your SpamAssassin In A Box local.cf instead of the SmarterMail SpamAssassin-Based Pattern Matching.

You do NOT need to add the SpamAssassin plugin for Message Sniffer to SpamAssassin In A Box.

-Joe
Thanks, -Joe
0
Yeah but using the plugin means no command line is required.

Also nothing needs to be added to local.cf
0
Where did you download the outdated version Steve? Im curious about trying the direct integration into SpamAssassin In A Box. I haven't used the box version in a while but I see the CPU and stop issues are supposed to be resolved in the last update.
0
OK, I've installed it both ways. I'll try and give the pluses and minuses of both methods.

First, if you install Message Sniffer via the SmarterMail command line and add the rules to your SpamAssassin local.cf (either version) you get more information in the message header. For example:

X-MessageSniffer-Identifier: C:\SmarterMail\Spool\SubSpool7\261079438354.eml
X-GBUdb-Analysis: 0, 65.55.116.23, Ugly c=0 p=0 Source New
X-MessageSniffer-Scan-Result: 53
X-MessageSniffer-Rules: 53-6565193-2022-2076-m
58-6560660-2022-2076-m
53-6565193-0-32495-f
X-SmarterMail-SpamDetail: 5.0 SNF_SCAM Phishing, 419, and other scam patterns

So you can see what rules the message failed and the weight it transferred to SmarterMail and listed in the X-SmarterMail-SpamDetail header.

The minuses to this method are that Message Sniffer runs on all messages (both inbound and outbound) but of course doesn't apply any weight to outbound messages unless you select that option in your Antispam tests. Also, Message Sniffer always passes a weight of 5 to SpamAssassin and as a result it's a go or no go test.

Secondly, if you have SpamAssassin In A Box or other Remote SpamAssassin server and implement Message Sniffer via the snf4sa.cf and snf4sa.pm files you get the benefit of variable weights assigned by Message Sniffer (it can even apply a negative weight which I don't really like, but I'm sure I can configure it to not do so). Here are a few examples:

X-SmarterMail-SpamDetail: -1.2 SNF4SA Message Sniffer
X-SmarterMail-SpamDetail: 5.0 SNF4SA Message Sniffer
X-SmarterMail-SpamDetail: 4.2 SNF4SA Message Sniffer

Another benefit is that it doesn't run on outbound email messages unless you enable Remote SpamAssassin for outbound messages (bad idea).

The minuses of installing this way is that the above line is the only information you get. You can't tell what Message Sniffer rules were tripped... all you get is "Message Sniffer" and a weight.

My summary: I like the additional message header information provided by installing the Message Sniffer rules to the local.cf and that it is a static weight if the message fails Message Sniffer. Message Sniffer seems to use very little CPU and RAM so the fact that it checks the outbound messages (even if you don't use it to apply any weight) the additional load is of no concern to me. Also this method works for any SmarterMail installation and doesn't require SpamAssassin In A Box or other Remote SpamAssassin installation.

Just my opinion... I like the additional info.

-Joe
Thanks, -Joe
0
Steve Reid, could you please describe your install procedure, and post a few examples of the headers from Message Sniffer / SmarterMail spam weighting.

I'm very interested in your results.

Thanks,
-Joe
Thanks, -Joe
0
Emmet McGovern, I downloaded the old non working version right off armresearch.com

I have informed them that the download is incorrect.
1
For anyone with SpamAssassin In A Box or Remote SpamAssassin and needs the updated files to integrate Message Sniffer you can grab them here:
 
-Joe
Thanks, -Joe
0
Once I got the most current version of the Message Sniffer Plugin SNF4SA it was straight forward. I just extracted the snf4sa.pm and snf4sa.cf into the C:\ProgramData\JAM Software\spamdService\sa-config folder and it began working.
 
I don't have good examples of headers though, since I enabled it I haven't had even one spam get through.
0
This message was spammy but not actual spam:

X-SmarterMail-Spam: SPF_Pass, Backscatterer, HostKarma - Yellowlist, SpamAssassin 0 [raw: 0], DK_None, DKIM_Pass
X-SmarterMail-SpamDetail: Content analysis details: (0.0 points, 5.0 required)
X-SmarterMail-SpamDetail: pts rule name description
X-SmarterMail-SpamDetail: ---- ---------------------- --------------------------------------------------
X-SmarterMail-SpamDetail: -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
X-SmarterMail-SpamDetail: [209.85.220.66 listed in wl.mailspike.net]
X-SmarterMail-SpamDetail: 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
X-SmarterMail-SpamDetail: (colorway12[at]gmail.com)
X-SmarterMail-SpamDetail: 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
X-SmarterMail-SpamDetail: Colors in HTML
X-SmarterMail-SpamDetail: 0.0 HTML_MESSAGE BODY: HTML included in message
X-SmarterMail-SpamDetail: 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
X-SmarterMail-SpamDetail: background
X-SmarterMail-SpamDetail: 0.0 T_OBFU_PDF_ATTACH BODY: PDF attachment with generic MIME type
X-SmarterMail-SpamDetail: 0.0 XPRIO Has X-Priority header
X-SmarterMail-SpamDetail: 0.0 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail
0
Joe important note that Message Sniffer only passes a 5 if you are using an old version of SpamAssassin. On new versions the weighting is dynamic.
0
They have updated the plugin download on their website. New version installed and working.
0
Steve, I think you misunderstood what I was saying. If you use the local.cf method it will score per the rules in the local.cf. All the rules (except 3) score 5. So there is no way to get a dynamic score using the local.cf method regardless of the version of SpamAssassin. Using the local.cf method also allows you to see the Message Sniffer rule results in the message header.

If you use snf4sa.cf then you get dynamic scoring as long as you're running SpamAssassin 3.2.0 or later. I'm running 3.4.0.30. The problem with this mode is that you don't get any of the Message Sniffer rule details in the message header. Just the one line with the dynamic score and "SNF4A Message Sniffer". No other info.

-Joe
Thanks, -Joe
0
In the above example Message Sniffer didn't trip any rules. You can send yourself some spam test messages from this site:
http://domino-118a.maysoft.com/selfservespam2.nsf/dl
Thanks, -Joe
0
I'm afraid everything is working so well now that these emails do not make it through. I still have not seen a single spam. Don't forget in our setup we delete.
0
I have pointed Arm Research support to this thread. I asked for them to include the same amount of detail in the headers for the plugin.
1
Would love to see Message Snifter built in!
4
After giving Message Sniffer a go for the 30 day trial period we have decided not to purchase a subscription. I honestly fail to see how it is any better than SpamAssassin.
 
We were still getting spam through and also I was getting complaints about false positives.
 
Message Sniffer is by no means a solution to Smartermails current spam issues.
0
Thanks for the information. We keep looking to find the "right" solution and haven't had one solution that our clients all universally accept as "good for them".
0
Hi Steve, Are you sure you were running it correctly, what is hard is you have to edit the local.cf file each time you install a new SmarterMail version, than you have to stop and start MailService after adjusting the local.cf file in SAData folder. Can't wait until SmarterTools integrates this into a minor update of v13. -dave
0
I actually am already running SpamAssassin in a box. So I chose to integrate it via the plugin for SA. It was all setup properly however there was only a negligible reduction in spam. Also there were more false positives than without MS. Either way we are sick of paying for so called spam solutions only to be left wanting more every time. My SpamAssassin in a box license was $77 for three years. Whereas Message Sniffer wanted $99 per year, which is insane considering how light our mail volume truly is.
0
Your results seem to be the exact opposite of everyone, including myself that uses Message Sniffer. I've never had a false positive and it eliminates the majority of the spam our server receives. Something must be odd with the SA implementation.
0
My spam is mostly elliminated already from implimenting Bruce's settings as well as having the full SA running. Adding MS made little improvement for my setup... Also "everyone"? I doubt there are many people running MS with smartermail.
0
I guess we should assume that not many people use SM too since the community here is so small.
0
I'm not assuming anything. How do you speak for everyone? Do you work for Message Sniffer?
0
You did make assumptions. " I doubt there are many people running MS with smartermail." I simply stated that your results seem to differ quite differently than anyone else and maybe theres an issue with SA implementation. Go to the old forums and try to find anything negative about MS. You wont.
0
I am going to try them again once its officially integrated. I agree that maybe its because of SA. I do have a few hesitations about how MS works though.
3
Are you guys still on track for Message Sniffer integration for SM 13?
0
I am wondering the same.
0
The other providers don't provide authenticated SMTP or SMTP with encryption for use in public networks. We have set up a single email address ( mailSender@foo.com ) on our SmarterMail server to allow the client to log into our server and use it as an SMTP sender. They still pop or imap to their main server for mail. \ ahsan
0
Nobody knows except SmarterTools and they've ignored all the questions. The lack of TLS fallback is causing us significant problems as well. This is not the fault of SmarterMail directly, but they could put code in to drop to an open connection if no cipher suites or protocols can be agreed upon after the STARTTLS command. Our CentOS servers support TLS fallback. Looks like we're going to have to mak some changes. I'm supposedly a "SmarerMail Product Expert" but nothing show as such on my posts, and I have no more access to SmarterTools support than you do. I really don't understand this. I have a long list of problems to report and nobody seems to give a damn. Off my soap box now.
Thanks, -Joe
0
I feel you Joe, but each issue should be separated to track it better. Have you considered opening a ticket for each issue?
1
When can we expect to see this ?
0
I've stopped holding my breath for it. This request has gained traction off and on for years now. I think the only reason it's gotten a second look this time around is because Declude went belly up. (yes I know you can still use declude)
3
Employee Replied
Employee Post
I can confirm that Message Sniffer support is currently under development and will be included in SmarterMail 14.
2
Employee Replied
Employee Post
Message Sniffer is now an add-on option for anti-spam and is automatically available for the duration of SmaterMail 14 BETA.  Licensing and pricing details continue to be worked out.
0
What does this mean? I already have a long term Message Sniffer vendor that I am happy with. Why do I need to switch licensing to SM? Are you planning a per user model or annual license that is the same as our current license costs with Message Sniffer?
0
Employee Replied
Employee Post
Emmet, you will not be required to switch licensing to SM. You can continue to use the MS vendor. The Message Sniffer add-on was included as it fits in with our existing spam features. Those without prior MS licensing can now have built-in access to it.

The actual licensing and pricing details are still be discussed and worked out. However, for the duration of the beta, the Message Sniffer option is on and free to use.
0
Sorry, I'm still confused. Are you planning on charging additional to the cost of licensing MS in order to have direct integration?
0
Charging additional for this now ??? Sigh! :(
0
It's pretty clear that you can either pay MS directly, or there will be an option to pay ST for the add-on. Either or, not both. There is no charge for the integration.
0
Employee Replied
Employee Post
Hello everyone,
 
It was decided today that the Message Sniffer integration will be removed from the SmarterMail 14.x BETA.
 
When adding a new product integration or add-on, it's important that the pricing is equivalent to the product and that the quality matches what is currently available. We've found that the Message Sniffer integration was unable to match up with the Cyren add-ons that are currently available, and, unfortunately, we have been unable to come to terms in our negotiations and discussions with Message Sniffer. This is something we're still looking into; however, at this point, the ball is in Message Sniffer's court on whether the integration will be possible. 
 
Please understand that we know how much this integration has been requested and are aware of how much attention this has received. We're doing what's in our power to make this happen and will keep you updated on the progress, if any.
 
Thank you,
0
Are you suggesting that Message Sniffer is not technically able to be integrated, or that you are unable to get a good enough price to resell MS to your customers?
0
The Cyren comparison is laughable, so let's assume the latter.
0
This is beyond disappointing.
2
This is not a big deal either way.  You can use Message Sniffer with SmarterMail a couple of different ways.  The first is essentially as good as being integrated... just follow the following instructions:
https://www.armresearch.com/Documentation/Papers/InstallGuides/Smartermail.jsp
 
Or if you're using SpamAssassinInABox you can integrate it this way:
https://www.armresearch.com/Documentation/Papers/InstallGuides/SNFSpamAssassin.jsp
 
Both will give you the same exact results as if it had been integrated by SmarterTools.  If you want to buy Message Sniffer I'd suggest a reseller rather than going direct with ARM.
 
-Joe
Thanks, -Joe
0
Thanks, Joe.  What I do see as a big deal is ST's willingness to rip out a promised integration.  Not a good sign for the future of this product.
0
SmarterUser... forget about it... it doesn't matter. You can use Message Sniffer all you want. ST integration would offer NO benefits other than higher prices. Honest.
Thanks, -Joe
3
Look at it this way... you can have FULL Message Sniffer integrated support at a lower cost than SmarterTools would have offered.  This is SmarterTools loss and your gain.  Full functionality.
 
There are many other solutions for SmarterMail I have worked out.  I have not made several of them public because SmarterTools chooses not to work with me.  I told Tim I will move forward with my own solutions if needed.   I don't want to, but I want SmarterMail to be the best mail server in the world.  I can do things they have no clue how to do.
 
I am not interested in this for profit.  Only betterment of the product.  Since SmarterTools has not wanted to work with me or even communicate with me I'll move forward with my own solutions.  I have preliminary agreements with a few solutions.  
 
The bottom line is that if SmarterTools doesn't want to work with us we can still make it a better product for little or no cost.  It will just take some time.   I've not posted in the ClamSup thread for some time because I have a much better solution.
 
I have the solution to Message Sniffer.  Cyren is a JOKE and is terrible.  There are spam solutions widely posted here that are illogical and just plain ineffective.  I can virtually eliminate inbound and outboud spam with near ZERO false positives and not use the ridiculous popular solution that blocks hundreds or thousands of valid messages.
 
The solution is just around the corner and will be very inexpensive.
 
-Joe
 
Thanks, -Joe
1
I'm eager to see your solutions, Joe.  What we have now is indeed a joke -- we're stuck having to choose between ineffective solutions and over-the-top authoritarian approaches that do indeed block legitimate mail.  (I'm struggling with that now, and help via support ticket is slow going.)  ST should be motivated to help us deliver the best mail experience possible, but when was the last time you saw them posting suggestions or settings to help control spam?  (Other than Cyren, of course, which I won't go in to.)  If they had spent more time listening to you long ago, SmarterMail would be a much better product today, and we wouldn't all still be struggling to get a handle on spam.
0
We've been using MXGuard for several years with good results. Previously we used Declude integration but were never happy with the CPU usage.
0
It was my finding that Message Sniffer was not very good anyhow.
 
It seems they are just running a version of Spam Assassin and they have some custom rules. I do not see any value in their product and certainly none worth paying what they are asking. We get better results and much more control by running SpamAssassin in a box.
0
Steve, I saw your earlier comments on MS, and was quite surprised.  I used MS and Declude for years, and found it an extraordinary combination with virtually zero false positives.  Since Declude went belly up, I've been fighting a pitched spam battle.  I now use Spam Assassin in a Box, but don't find it anywhere close to MS.  MS is truly plug and play -- most other solutions require a fair bit of tweaking.  Anyhow, I guess it shows that everyone's mileage may vary.  But the real bottom line is that ST should be providing more and better ways to fight spam -- not eliminating integrations.
 
0
It is not some version of Spam Assassin. It outputs Spam Assassin patterned results. Its a near realtime pattern matching filter and IP list. Thats like saying Razor or Pyzor is Spam Assassin. Why would anyone make a spam assassin variant that's purpose it to act as a plugin to spam assassin? Maybe if your name is Xzibit and you host a show called Pimp my Mail Server.
0
Maybe I did not give it enough time. Either way having to pay such a high price is not up my alley so that's why I am not a fan. And my results and experience with it was definitely less than optimal.
0
I was pointing out similarities I noticed. When I swapped to it from SAIAB it was not catching nearly as much and it was marking false positives.
0
Joe, I too am looking forward to your solution. I'm getting tired of the ongoing fight with spam. I achieve a hard fought victory, but it never lasts long. After a couple weeks they outsmart me again. Thanks for your efforts!
Oh, and in case anyone wonders, I bought Cyren. Quit using it after about 6 months as it was worse than running nothing. Did not renew at the end of the year. Waste of time and money.

Joe
0
If you're running a smallish mail server, the price is $99 or $199 a year. I really don't see that as a high price. If you're running a server with more customers, even the full $495 is reasonable, and small discounts are available through resellers. It's the fastest and most accurate out-of-the-box solution I know.
0
Hi guys. I wanted to chime in here on the "Declude went belly up" comment. For those of you who don't already know, even though Declude the company is no more, we at Mail's Best Friend still offer, develop and support the Declude product(s). We also support Message Sniffer, SpamAssassin in a Box and many other email platforms and anti-spam services. I'm not trying to advertise here in the forums, I just wanted to let everyone know that if they need help, we are here. Declude is now available free on our website at http://mailsbestfriend.com/downloads
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Hi Joe, how do you send out a junk report every night?
0
Mike... take a look at this thread: http://portal.smartertools.com/community/a86275/smreport-quarantine-summary-report-for-smartermail.aspx

Or look for SMReport in the Product Tools and Utilities area.

-Joe
Thanks, -Joe
0
Perfect!, thanks
0
So .. now when we see addon pricing it looks like it is better to buy Message Sniffer subscription from some reseller like mailbestfriend and use Declude for MS integration. I was hoping that SmarterMail would offer pricing at least at similar level.
0
I knew they were gonna jack prices when they ignored every bring your own license question I asked. I didn't think the markup would be this bad though.
0
I don't understand how they get away with charging MORE than Message Sniffer does for unlimited mailboxes. The top tier should be no higher than list price. Geez. Declude is now an even better alternative.
0
I agree that the pricing doesn't make any sense at all. The unlimited license from resellers is under $450. If you buy it directly from ARM Research it's $499, but for SmarterMail it's $599. Over $150 higher than street price. I'm sad to see that.
Thanks, -Joe
0
It seems like they are just being greedy here... I mean come on we pay yearly to have new features added and issues fixed. This is a new feature yet we are forced to go directly through them with their higher pricing to use this new feature.
1
Tim Uzzanti Replied
Employee Post
If you have an existing Message Sniffer license, you can use it as you have in the past. 
 
If you would like the deeper integration that ARM and SmarterTools will continue to develop as our partnership continues to evolve, you will need the Add-on. 
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
0
I personally feel that no one is losing anything in this situation. Folks are still able to use their current Sniffer licenses with Smartermail either via command line, Declude, SpamAssassin in a Box etc... as they always have. Those options are not changing as far as I can see. I can't imagine Smartertools "forcing" anyone to use the integrated Sniffer add-on. It's simply an option for people who choose to go that route. I'm assuming that now since there is an integrated option, people will be able to use Sniffer at the SMTP inbound connection check level which is not currently an available feature with the external Sniffer. That in itself would justify the higher price in my opinion. The external Sniffer option may make sense to some people, while the integrated add-on may make sense to other people. It all depends on the need of the customer. Again, I see this as simply another way to use Message Sniffer, not something being forced by Smartertools. Also, as all of us can see from previous forum posts, this is a feature that may people have been on top of Smartertools to implement for quite some time. Now that it's here, people can test it out themselves to see if the additional functionality justifies the price or if they would opt to just use the external Message Sniffer. Either way I think this is a great step forward for both Smartertools and Arm Research. Good job guys!
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
So if I have an existing license how do I get it to work with smartermail? OR are you saying that if we want to enable it in smartermail we HAVE to purchase the license through smarterTools?
0
Tim - I just want to add that if you are saying we have to purchase the addon through you - Could you at least sell the ability to activate message sniffer for $100 and let users bring their own licenses.
0
Tim Uzzanti Replied
Employee Post
Neither ARM or SmarterTools have the ability to accommodate this scenario in our licensing and/or billing systems. The best solution is to use your licenses as you have in the past and then transition to the integrated add-in.
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
0
Hello All,
   I have never used ARM - Message sniffer in the past .. However I have purchased the add-on from SmarterMail and enabled it ... but it appears to not do anything... 
 
    What am I missing?
 
Thanks...
0
What are you basing your comment on? Do you not see any reduction in the amount of spam? In Antispam Administration>Spam Checks what weight have you assigned to Message Sniffer? I have mine set at a weight of 20. It has nearly killed all spam on my domain.
0
Hello,
Mine is set to 30 with no apparent reduction in spam...
...
Thanks...
0
User Replied
You can verify it is running if you look at the X-SmarterMail-Spam header in a message you received. You will see various spam check results including something like "Message Sniffer 0 [code: 0]" if Message Sniffer scanned the message.

The first number is the total spam weight that was added to the message and the code number is a Message Sniffer code that classifies the type of spam. A zero code means it does not classify as spam.

Note that some messages may not have spam checks done in which case you would not see the X-SmarterMail-Spam header. Messages sent from a client that authenticated with SmarterMail (so you sending to yourself, for example) or from a white listed IP address would not have spam checks done.
0
Tim, how about something a little more basic - I couldn't get to where I was even offered the opportunity to make the purchase. The web page one is sent to from in my SmarterMail 14.4 activation page is the most non-intuitive I have been to in quite some time. My browser appears not allowed to "save" my username and password, so whenever I leave that page I have to go look up the password again to get in. Then, I see no way to simply make the purchase of individual add-ons. Very frustrating.
Take care, Charles - Please LIKE US at http://facebook.com/CharlesWorksLLC and connect with me at http://linkedin.com/in/charlesworks "Bridging the gap between geeks and everyone else since 1998." CharlesWorks for YOU! CharlesWorks, LLC, Peterborough, NH 03458-1645 http://CharlesWorks.net - Domains - Hosting - Web Design - WordPress - Social Media Updating - Search Engine Optimization - 603-924-9867 office
0
Tim Uzzanti Replied
Employee Post
I'm not 100% sure what your referring to. Have you tried going to our online shopping cart (web site) and choose Modify License. Pick the key and then choose the add-ons? Also, in future versions of SmarterTools products most of the add-ons and purchase will be able to be done within the products as well. Everything were doing is API driven now.
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com

Reply to Thread