Andy, > Are the sample rules in the release notes still the preferred p0f ruleset > for SA?
Yes, still valid. It's pretty much what I'm using at our site. The IP distance (hop count) rules may need tweaking if your site is close to poorly policed ISPs, but it works well in our academic networks topology. The BOTNET* rules may need replacing an old DKIM_VERIFIED rule with a DKIM_VALID, reflecting the change of a rule name with SpamAssassin 3.3.0. > Does anybody have any comments or experiences? We're in the process of > upgrading amavisd-new, and want to take this opportunity to utilize this > additional tool. Every little bit helps in fighting spam. P0f is quite effective in distinguishing Windows-based botnets from the rest. It is also quite useful with reducing numerous false positives of a Botnet plugin, if using it. Mark ------------------------------------------------------------------------------ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
