Hello Pete, Are you going to implement something similar for false positives?
Thanks, Daniel > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Friday, October 14, 2005 12:32 AM > To: William Van Hefner > Subject: Re[2]: [sniffer] POP Approach > > On Wednesday, October 12, 2005, 6:30:45 PM, William wrote: > > WVH> Pete, > > WVH> Was just wondering, I have all of my e-mail pass through > an IMGate/Postfix > WVH> machine prior to hitting my main mail server. Sometimes, > e-mail (especially > WVH> spam) gets forwarded from the secondary MX as well. If > we use the POP method > WVH> of redirecting spam to an appropriate mailbox are you > just going to be > WVH> scanning the messages for content, or inspecting the > headers for IP > WVH> information as well? > > We will inspect all parts of the messages manually and with automated > tools. This is true of all spam that arrives at our system no matter > how it gets there. > > WVH> Reason I'm asking is, I just want to make sure that one > of my own servers > WVH> doesn't end up included in some type of blacklist rule. > It seems like it > WVH> would take an awful lot of work on your part to ensure > that any filters > WVH> don't contain IPs of one of your customer's machines, if > you are scanning > WVH> header information. When you throw-in the fact that the > redirect may come > WVH> from the client of an entirely different network with no > link whatsoever to > WVH> our DNS records, that would seem to make taking any > header information > WVH> (except maybe the Subject or From lines) into account a > very risky > WVH> proposition. Thanks!!! > > Actually, we can often be very precise about the routing of messages > pulled from pop accounts. > > That said, there is always a non-zero risk that an IP which is listed > in certain black lists and also arrives at one of our traps may be > added to our rulebase. This is almost always an automated process > since we have determined that manually entered IPs are prone to > errors. > > If an IP on one of your servers does get tagged, then you would be > able to use to rule-panic procedure for immediate relief and once the > problem was solved it could not be recreated. > > Part of our system is that it remembers every mistake we ever made and > prevents us making that same mistake again --- unless we're really, > really determined ;-) > > Understand, I'm not making light of this possibility... we take all > false positive cases (real or imagined) very seriously. I do want to > point out that these cases are rare, easily solved, and nearly > impossible to repeat. I should also point out that this "risk" is not > increased by using the pop3 method. > > Hope this helps, > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
