Educause Security Discussion mailing list archives
Re: Barracuda Spam Filter
From: CAROLE CARMODY <Carole_Carmody () BLOOMFIELD EDU>
Date: Mon, 25 Jul 2005 14:49:42 -0400
Why do you say that it is safe to assume that I misspoke and that I meant to say that it is rejecting 90% of inbound mail as spam? That is not what I said not what I intended to say. The Director of Telecommunications at the College has said that (after looking at the logs) he believes that of the spam that arrives at the College through the e-mail system, only about 10% of all spam gets through as a result of using the Barracuda. Why is catching 90% of the spam pointless? If we don't catch 100% of the spam is this solution failing? -----Original Message----- From: Hall, Rand [mailto:rand () MERRIMACK EDU] Sent: Monday, July 25, 2005 2:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter I think it's safe to assume that Carole misspoke and really meant to say that the Barracuda is rejecting 90% of inbound mail as spam. Indeed, only catching 90% of spam would be pointless. Cheers, Rand -----Original Message----- From: Information Security [mailto:infosecurity () UTPA EDU] Sent: Monday, July 25, 2005 1:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter CAROLE CARMODY wrote:
We absolutely love the Barracuda. We have been using it since March
and
it has blocked about 90% of the spam coming in. We would never give it up!
We had (well, still have actually) a very effective content-based spam filter that was tagging >99% of spam accurately with a tiny false positive rate, but we scarcely receive any spam for it to tag any more since we added greylisting to our repertoire. The greylisting is rejecting almost all the spam before it hits our mail server, reliably, and we're lucky if we get one spam a day in our boxes now. (But when we do, it is correctly tagged by the content-based filter, which is primarily based on SpamProbe, but which also uses a combination of spamassassin and several dead accounts (spam traps) for self-training the Bayesian recogniser.) We're using OpenBSD + spamd for greylisting, but there are lots of other solutions as well. We just chose that one because it was transparent and could be implemented independently of our existing solution without too much disruption. Turned out what was intended as a trial was so successful that we just left it in place. When you get into the 100's of spams per day level (per person), you'll find that a filter that is only 90% effective is not really acceptable. Anyway, we don't have a spam problem any more. I cannot recommend greylisting as a technique highly enough. We made some small adjustments during the first week, and it's been working great on autopilot ever since. We had been worried we might lose some legit mail but it has not been an issue. Incidentally the spam filter also checks for viruses at the same time, using two independent virus checkers (uvscan and clamav). With the exception of uvscan, which we happened to get anyway with our desktop AV contract, what we're doing is all open source. Biggest cost has been hardware to run it on. If we'd done the greylisting first, though, we would not have needed as beefy hardware as we actually bought. Rejecting connections before they hit the spam filter has dropped our load averages considerably - probably extending the future capacity of the machines by a couple of years. Graham
Current thread:
- Re: Barracuda Spam Filter, (continued)
- Re: Barracuda Spam Filter Fretz, Kerry (Jul 25)
- Re: Barracuda Spam Filter Sherry Callahan (Jul 25)
- Re: Barracuda Spam Filter Flagg, Martin D. (Jul 25)
- Re: Barracuda Spam Filter Dewitt Latimer (Jul 25)
- Re: Barracuda Spam Filter Jeffrey I. Schiller (Jul 25)
- Re: Barracuda Spam Filter Kenneth G. Arnold (Jul 25)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 25)
- Re: Barracuda Spam Filter CAROLE CARMODY (Jul 25)
- Re: Barracuda Spam Filter Information Security (Jul 25)
- Re: Barracuda Spam Filter Hall, Rand (Jul 25)
- Re: Barracuda Spam Filter CAROLE CARMODY (Jul 25)
- Re: Barracuda Spam Filter Hall, Rand (Jul 25)
- Re: Barracuda Spam Filter Graham Toal (Jul 25)
- Re: Barracuda Spam Filter CAROLE CARMODY (Jul 25)
- Re: Barracuda Spam Filter Bruce Hudson (Jul 25)
- Re: Barracuda Spam Filter Jeff Kell (Jul 25)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 25)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 25)
- Re: Barracuda Spam Filter Gibbs, Aaron M. (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
(Thread continues...)