here's why this is important to us:
We use mxguard to quarantine anything it detects as a "high"
probability of being spam while "medium" and "low" go right through. We
then manually run through the quarantine and review each email. False
positives are actually quite low and we can tweak the whitelist files
to let those through. This should leave only "new" spam but it doesn't
because we're getting more of the same spam that could be removed
automatically IF the url-domain was checked in the beginning right
after the whitelist.
Kevin R. Gillis wrote:
hi bill,
on your network architecture, presumably
mxguard sitting in front of av/as/imail?
would a perimeter smtp gateway (sitting on
most outer edge of your network) that could do url-domain and other
whitelist checking work - before traffic reaches your av/as/imail box?
bye for now,
kg
Apparently, the reason this is happening is because
the url-domain list isn't checked against an email until after MxGuard.
If the email fails any of its spam tests then it would be quarantined
which is a setting we have. Seems like a HUGE waste of processing since
the url-domain file would eliminate better than 90% of what mxguard is
catching. As I sent to Travis, IMHO it would be MUCH better if Imail
would process mail in the following order:
1. URL-Domain
2. Imail Spam filtering
3. 3rd party filtering
Since Queue Mgr manages the url-domain list the process is in this
order:
1. Imail Spam filtering
2. 3rd party filtering
3. URL-Domain
Consider all the unnecessary processing of mail that could be
eliminated by not having Declude or MxGuard process mail that's on your
list? A ton. Based on yesterdays traffic more than 10% of all email
would never had to be scanned for viruses (twice since we run two
scanners).
This would certainly free up a great deal more processes to make the
web messaging faster or to handle even more email per server.
RMilner wrote:
I have documented this since
Ipswitch's first attempt with Spam filtering and posted about it in the
forum over 2 years ago.
Tripp gave same answer he's
giving you, but it has never been fixed - as you have witnessed.
The only reason I feel most
others don't scream about it was the fact they were all using Declude
at the time.
I'm having trouble understanding how the
url-domain file functions. I have a domain listed in their that's an
obvious spammer which is 'nightofyourlife.com'. All these people seem
to be able to do to bypass the url-domain list is to simply place a sub
in front of their domain name like 'skip.nightofyourlife.com'
and they slip through. is this how simple it is to get past the file or
am I doing something wrong?
If it is this simple it needs to be changed so it will be triggered
with '*.nightofyourlife.com'.
__________ NOD32 1.1368 (20060116) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
|
