RE: SPAM filter...

From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 12/16/03

  • Next message: JM: "RE: DMZ and AD Authentication"
    Date: Tue, 16 Dec 2003 09:08:21 -0800
    To: <naren@pactech.net>, "Vedantam sekhar" <sekhar56us@yahoo.com>, <security-basics@securityfocus.com>
    
    

            We have only had one false positive since implementing the
    system about two months ago. With SA we also use DCC and Razor. If you
    want I can send you our running SA config, we currently run a score of
    7.0. We tested a lot of different solutions and SA just worked the best.

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521
    www.horizonusa.com
     
    Email: sjackson@horizonusa.com
    Phone: (775) 858-2338
           (800) 325-1199 x338

    -----Original Message-----
    From: Naren - Pactech [mailto:naren@pactech.net]
    Sent: Tuesday, December 16, 2003 2:04 AM
    To: Shawn Jackson; 'Vedantam sekhar'; security-basics@securityfocus.com
    Subject: RE: SPAM filter...

    Agreed with you .. but .. as implemented by one of my own ISP (where I
    have an account .. ) SPAM Assasin has the highest false positive rates
    ..

    As that is beyond my control (i.e. the spam assasin is maintained by the
    ISP) - there is nothing much I could do. Almost 10 % of my valid emails
    become tagged as {SPAM} ..

    In comparison, I would prefer something with a lower false positive rate
    .. where the ones that missed out can be manually filtered, rather than
    tagging valid emails .. as SPAM.

    BTW, I have no experience with Amavisd-New

    Anyway, I think the issue for Sekhar is on stopping people from finding
    out valid emails. AS far as I know, there is no hard and fast solution
    for that: the mail has to reach the database - or end email server, to
    confirm if the email address that the mail is destined for exists or not
    !

    The solutions for this would be ..

    1) dont bounce back unknown email addresses .. (easier to manage if the
    number of users are small .. ) and instead re-route them to a dummy
    email address or send to delete

    2) filter (on the firewall or gateway .. depending on what you are
    using) the sources sending these mails ..

    Dunno if these will solve the problem, or assist you, but I guess, they
    should help .. !!

    Naren

    T. Naren
    Technical Manager - Pactech Pte Ltd., Singapore
    Infocomm Security Solutions Distribution and Services
    o: +65-62711123
    p: +65-95778725
    e: naren@pactech.net
    w: <http://www.pactech.net>
    [Firewalls: Borderware - Watchguard - Sonicwall]

    -----Original Message-----
    From: Shawn Jackson [mailto:sjackson@horizonusa.com]
    Sent: Tuesday, December 16, 2003 9:19 AM
    To: Vedantam sekhar; security-basics@securityfocus.com
    Subject: RE: SPAM filter...

            We use Postfix, Amavisd-New and Spam Assassin and its cut
    out-of-the-box we filtered 98% of our spam. All of which are open-source
    projects.

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521
    www.horizonusa.com
     
    Email: sjackson@horizonusa.com
    Phone: (775) 858-2338
           (800) 325-1199 x338

    -----Original Message-----
    From: Vedantam sekhar [mailto:sekhar56us@yahoo.com]
    Sent: Friday, December 12, 2003 10:05 PM
    To: security-basics@securityfocus.com
    Subject: SPAM filter...

    Dear All,

    Can any body suggest me the mail filter software(Opensource :-)) which
    can avoid the dictionary atttacks on the server.Our mx server has
    Solaris O.S.

    The spammmers are trying to find out the Valid E-mails by blindly
    sending mails to randomly selected characters as receipent ID?

    Thanks

    V.N.SEKHAR

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: JM: "RE: DMZ and AD Authentication"

    Relevant Pages

    • Re: Why cant ISPs stop spam/virus ?!
      ... I don't doubt that a small load of well designed spam can pass through. ... You need to get a decent ISP. ... The method of distribution is now thousands of Windows computers, ... You cannot filter by place of origin. ...
      (comp.os.linux.misc)
    • RE: SPAM filter...
      ... community that put a HUGE hurt on spam with little FPs. ... > tagging valid emails .. ... > the sources sending these mails .. ... > Subject: SPAM filter... ...
      (Security-Basics)
    • RE: SPAM filter...
      ... postfix turn on smtpd_helo_required to reject them right away. ... Subject: SPAM filter... ... > tagging valid emails .. ... > Subject: SPAM filter... ...
      (Security-Basics)
    • RE: Bystander shot by a spam filter.
      ... Bystander shot by a spam filter. ... bad advice is being mass marketed through the good offices of FreeBSD, ... Spambouncer doesn't like Inflow. ...
      (FreeBSD-Security)
    • Re: Look at these update from M$ Corporation.
      ... a mass scale which results in the complete breakdown of communication without ... few samples for the filters to learn that this is spam and that is not. ... because you're posting tripe to mailing lists with a needless Reply-To set ... samples of what I don't want and feeding them to the filter when the show up. ...
      (Debian-User)