[opensuse] AntiSPAM question...
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?. Example: Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3) Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 6/24/2011 8:00 AM, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?.
Example:
Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
Regards,
If all antispam engines have a low false positive rate it wouldn't be a problem and it is not dissimilar to what happens with this mailing list and I suspect all mail in general. For example: My posts are spam scanned outbound by my workstation (1), then sent via gmail (which is a pretty good anti-spam all by itself) (2) then to the list server, where it is run thru Amavisd-New (3), and shotgunned out to the list, where each recipient has yet another one or two layers of anti-spam and malware detection, (4, 5, 6?). Multiple scans are the norm these days I suspect. Even Spamassassin runs mail thru several engines. I really don't worry about false positives much. People who were going to give me a million dollars via email will always ask if I got their email should their offer fall into my spam folder. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Multiple scans are the norm these days I suspect. Even Spamassassin runs mail thru several engines.
Uh no, SA has just the one "engine". Extensive rulesets and DNS-checks, but only one engine.
I really don't worry about false positives much. People who were going to give me a million dollars via email will always ask if I got their email should their offer fall into my spam folder.
New potential customers usually only ask once. -- Per Jessen, Zürich (19.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 24.06.2011 17:00, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?.
Example:
Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
In most cases it is a recipe for headache and not worth the trouble. I could unterstand if you wish to separate spam filtering and virus filtering if you are under heavy load, but not two appliances chained. If one spamfilter is not satisfying, customize one until it meets your needs. Sandy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic said the following on 06/25/2011 04:59 PM:
On 24.06.2011 17:00, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?.
Example:
Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
In most cases it is a recipe for headache and not worth the trouble. I could unterstand if you wish to separate spam filtering and virus filtering if you are under heavy load, but not two appliances chained. If one spamfilter is not satisfying, customize one until it meets your needs.
+1 The nature of spam filtering and virus filtering is very different. As Sandy says, you can customise spam filtering very easily. Chaining the different algorithms and rule set of virus filters might make sense if you are in the context where that matters. However there are alternatives such as sanitisers that may be more useful for a Linux context. -- Most people are not really free. They are confined by the niche in the world that they carve out for themselves. They limit themselves to fewer possibilities by the narrowness of their vision. --V. S. Naipaul -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2011-06-24 at 11:00 -0400, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?. Example: Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
Sounds awful. On our edge we have an SMTP server that verifies the inbound address exists and uses RBLs and Greylist. This delivers messages that pass to an internal SMTP server that uses CLAM (anti-virus) and SPAMAssasin (Anit-spam, to score messages). SPAMAssasin sits in its own VM (just so it is easier to update). The SMTP server can use an external content filter. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2011/6/27 Adam Tauno Williams <awilliam@whitemice.org>:
On Fri, 2011-06-24 at 11:00 -0400, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?. Example: Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
Sounds awful.
On our edge we have an SMTP server that verifies the inbound address exists and uses RBLs and Greylist. This delivers messages that pass to an internal SMTP server that uses CLAM (anti-virus) and SPAMAssasin (Anit-spam, to score messages). SPAMAssasin sits in its own VM (just so it is easier to update). The SMTP server can use an external content filter.
Thanks a lot for the input guys. This is a "customer requirement" as they "need" to justify those licenses paid in AntiSPAM appliances (more than one :s), I really don't like the added complexity and currently look for good arguments against this... Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 6/27/2011 7:16 AM, Adam Tauno Williams wrote:
On Fri, 2011-06-24 at 11:00 -0400, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?. Example: Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
Sounds awful.
On our edge we have an SMTP server that verifies the inbound address exists and uses RBLs and Greylist. This delivers messages that pass to an internal SMTP server that uses CLAM (anti-virus) and SPAMAssasin (Anit-spam, to score messages). SPAMAssasin sits in its own VM (just so it is easier to update). The SMTP server can use an external content filter.
Wait, how can you say it sounds awful when you are doing EXACTLY the same thing via a VM? -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On 6/27/2011 7:16 AM, Adam Tauno Williams wrote:
On Fri, 2011-06-24 at 11:00 -0400, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?. Example: Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
Sounds awful.
On our edge we have an SMTP server that verifies the inbound address exists and uses RBLs and Greylist. This delivers messages that pass to an internal SMTP server that uses CLAM (anti-virus) and SPAMAssasin (Anit-spam, to score messages). SPAMAssasin sits in its own VM (just so it is easier to update). The SMTP server can use an external content filter.
Wait, how can you say it sounds awful when you are doing EXACTLY the same thing via a VM?
What Adam describes is quite typical of an anti-spam setup, but not at all like Ciro's setup. Judging by his description, Ciro has three independent anti-spam filters, whereas Adam has one anti-spam filter, separated into three separate functions. (inbound, virus, anti-spam). -- Per Jessen, Zürich (21.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2011/6/29 Per Jessen <per@opensuse.org>:
John Andersen wrote:
On 6/27/2011 7:16 AM, Adam Tauno Williams wrote:
On Fri, 2011-06-24 at 11:00 -0400, Ciro Iriarte wrote:
Maybe this is a little out of topic, but maybe some of you have experience with this.... What do you thing about chaining SPAM filters?, can this led to false positives faster?. Example: Internet ---> GW-Relay+Antispam (host1) ---> Antispam Appliance (host2) ---> MDA+Antispam (host3)
Sounds awful.
On our edge we have an SMTP server that verifies the inbound address exists and uses RBLs and Greylist. This delivers messages that pass to an internal SMTP server that uses CLAM (anti-virus) and SPAMAssasin (Anit-spam, to score messages). SPAMAssasin sits in its own VM (just so it is easier to update). The SMTP server can use an external content filter.
Wait, how can you say it sounds awful when you are doing EXACTLY the same thing via a VM?
What Adam describes is quite typical of an anti-spam setup, but not at all like Ciro's setup. Judging by his description, Ciro has three independent anti-spam filters, whereas Adam has one anti-spam filter, separated into three separate functions. (inbound, virus, anti-spam).
-- Per Jessen, Zürich (21.2°C)
Yup... Management mess... Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Adam Tauno Williams -
Anton Aylward -
Ciro Iriarte -
John Andersen -
Per Jessen -
Sandy Drobic