We are using sniffer and free tools: yasu (URLBL) and RBLCHECK (DNSBL).
URLBL does catch some that sniffer dont. URLBL I think has as low false
rate as sniffer - but it does not catch as many as sniffer. DNSBL also
(mainly spamcop), but with much more false than sniffer. We have added
a IP whitelist for DNSBL to lower the false rate.
We used to run "spam assassin", but the above config has much lower false
and uses much less cpu.
Frank:
Thanks for your input. There are definitely things leaking though that
wouldn't have leaked through before. We've held off hoping for a
production release but it may not be practical much longer. On that
note, for anyone else in the same position, we tested adding InvURIBL
from Invariant Systems. It's not a sniffer replacement but definitely
caught a lot of what sniffer currently lets through for the very valid
reasons Pete has covered. The only thing missing seemed to be a white
list so that you could white list legitimate publications that might
contain links to 'offensive' sites. That can probably be tuned out thru
weighting however we'd hoped not to be re-inventing the wheel for a
short term solution.
Eric
----- Original Message ----- From: "Pi-Web - Frank Jensen"
<[EMAIL PROTECTED]>
To: "Message Sniffer Community" <sniffer@sortmonster.com>
Sent: Thursday, December 20, 2007 1:17 PM
Subject: [sniffer] Re: Excessive amounts of spam
We have been running it for - I guess - 2 month now without any trouble.
How stable is the beta version?
Regards David Moore
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
J.P. MCP, MCSE, MCSE + INTERNET, CNE.
www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and
Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales
Office Phone: (+612) 9453 1990
Fax Phone: (+612) 9453 1880
Mobile Phone: +614 18 282 648
Skype Phone: ADSLDIRECT
POSTAL ADDRESS:
PO BOX 190
BELROSE NSW 2085
AUSTRALIA.
---------------------------------------------------------------------
This email message is only intended for the addressee(s) and contains
information that may be confidential, legally privileged and/or
copyright. If you are not the intended recipient please notify the
sender by reply email and immediately delete this email. Use,
disclosure or reproduction of this email, or taking any action in
reliance on its contents by anyone other than the intended
recipient(s) is strictly prohibited. No representation is made that
this email or any attachments are free of viruses. Virus scanning is
recommended and is the responsibility of the recipient.
---------------------------------------------------------------------
*From:* Message Sniffer Community [mailto:[EMAIL PROTECTED]
*On Behalf Of *Pete McNeil
*Sent:* Friday, 21 December 2007 8:10 AM
*To:* Message Sniffer Community
*Subject:* [sniffer] Re: Excessive amounts of spam
Hello David,
Thursday, December 20, 2007, 3:25:45 PM, you wrote:
Ø If you are not yet running the latest beta then that might help
quite a bit since the GBUdb (IP reputation system) does a good job
capturing new spam from old bots even before rules are coded.
Please clarify are you saying it would help if we had the beta
installed?
Yes. The new GBUdb engine reduces leakage quite a bit. As more
systems adopt the new version this will improve even more. Most new
spam campaigns are started with some large fraction of existing bots.
Messages from bots that have already been identified will be blocked
even before new content rules can be generated (if needed). _M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to
<[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
--
Mvh. Frank Jensen
[EMAIL PROTECTED]
www.pi.dk
------------------------------------------------------------
Imponerende, fascinerende og kæmpe
Plakater f.eks. 149 x 149 = 629 kr
Vi kan også lave plakat fra dit digitale foto
www.plakatkunst.dk
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
--
Mvh. Frank Jensen
[EMAIL PROTECTED]
www.pi.dk
------------------------------------------------------------
Imponerende, fascinerende og kæmpe
Plakater f.eks. 149 x 149 = 629 kr
Vi kan også lave plakat fra dit digitale foto
www.plakatkunst.dk
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
