RE: SPAM filter...

["Shawn Jackson" <sjackson () horizonusa com>]

        We have only had one false positive since implementing the
system about two months ago. With SA we also use DCC and Razor. If you
want I can send you our running SA config, we currently run a score of
7.0. We tested a lot of different solutions and SA just worked the best.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Naren - Pactech [mailto:naren () pactech net] 
Sent: Tuesday, December 16, 2003 2:04 AM
To: Shawn Jackson; 'Vedantam sekhar'; security-basics () securityfocus com
Subject: RE: SPAM filter...

Agreed with you .. but .. as implemented by one of my own ISP (where I
have an account .. ) SPAM Assasin has the highest false positive rates
.. 

As that is beyond my control (i.e. the spam assasin is maintained by the
ISP) - there is nothing much I could do. Almost 10 % of my valid emails
become tagged as {SPAM} ..

In comparison, I would prefer something with a lower false positive rate
.. where the ones that missed out can be manually filtered, rather than
tagging valid emails .. as SPAM.

BTW, I have no experience with Amavisd-New

Anyway, I think the issue for Sekhar is on stopping people from finding
out valid emails. AS far as I know, there is no hard and fast solution
for that: the mail has to reach the database - or end email server, to
confirm if the email address that the mail is destined for exists or not
!

The solutions for this would be .. 

1) dont bounce back unknown email addresses .. (easier to manage if the
number of users are small .. ) and instead re-route them to a dummy
email address or send to delete

2) filter (on the firewall or gateway .. depending on what you are
using) the sources sending these mails .. 

Dunno if these will solve the problem, or assist you, but I guess, they
should help .. !!

Naren

T. Naren 
Technical Manager - Pactech Pte Ltd., Singapore
Infocomm Security Solutions Distribution and Services
o: +65-62711123
p: +65-95778725
e: naren () pactech net 
w: <http://www.pactech.net>
[Firewalls: Borderware - Watchguard - Sonicwall]


-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Tuesday, December 16, 2003 9:19 AM
To: Vedantam sekhar; security-basics () securityfocus com
Subject: RE: SPAM filter...



        We use Postfix, Amavisd-New and Spam Assassin and its cut
out-of-the-box we filtered 98% of our spam. All of which are open-source
projects. 

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Vedantam sekhar [mailto:sekhar56us () yahoo com] 
Sent: Friday, December 12, 2003 10:05 PM
To: security-basics () securityfocus com
Subject: SPAM filter...

Dear All,

Can any body suggest me the mail filter software(Opensource :-)) which
can avoid the dictionary atttacks on the server.Our mx server has
Solaris O.S. 

The spammmers are trying to find out the Valid E-mails by blindly
sending mails to randomly selected characters as receipent ID?


Thanks

V.N.SEKHAR

---------------------------------------------------------------------------
----------------------------------------------------------------------------