On Samstag, 22. Oktober 2005 18:01 Andy Smith wrote:
> Masses of legitimate email comes from hosts with no reverse DNS,
> incorrect HELO and other borderline or actual RFC violations.
It pretty much depends on the mail server and it's users. Our server
used to receive most e-mail from Austria, so
Chris L. Franklin wrote:
Andy Smith wrote:
On Sat, Oct 22, 2005 at 11:05:07AM -0400, Chris L. Franklin wrote:
For starters AWL, white lists and black lists in my option ar ethe
worst things ever. I disable them from the start. If your going to
whitelist some one, why would you want them to
Chris L. Franklin said:
> Thanks but we do run my servers as I posted above (minus the Non DNS
> compliant part). Blacked listed user and Domains my server to not accept
> messages from. Whitelisted users and domain DO NOT get passed though SA
> WE DO NOT use negitive scoring.
> We Stop 99.2% of al
Andy Smith wrote:
On Sat, Oct 22, 2005 at 11:05:07AM -0400, Chris L. Franklin wrote:
For starters AWL, white lists and black lists in my option ar ethe worst
things ever. I disable them from the start. If your going to whitelist
some one, why would you want them to even go though SA. (I don
On Sat, Oct 22, 2005 at 11:05:07AM -0400, Chris L. Franklin wrote:
> For starters AWL, white lists and black lists in my option ar ethe worst
> things ever. I disable them from the start. If your going to whitelist
> some one, why would you want them to even go though SA. (I don't)
Because a sou
Loren Wilton wrote:
Ps, The system only would need to "process all the rules regardless"
during the loading of the child.
Well, yes and no. This subject comes up a lot. For the record, I favor an
early exit, as you do. But also for the record, it really is more complex
than you make it
> Ps, The system only would need to "process all the rules regardless"
> during the loading of the child.
Well, yes and no. This subject comes up a lot. For the record, I favor an
early exit, as you do. But also for the record, it really is more complex
than you make it out to be, and there are
Chris L. Franklin wrote:
> Back in 2.64 There was the option to have SA stop going though rules
> then it hit a max score.
> Is there any option for this in 3.X.X ?
No there wasn't such an option in 2.64, that option existed back in SA 2.31, and
was removed from SA 2.40 and higer because it caused
Evan Platt wrote:
At 11:45 AM 10/21/2005, you wrote:
If you grouped the rulesets into +/- sets and processed all the -
rules first it wouldn't create false ly scored messages. Or would it ?
No, but you still would have to process all the rules regardless - I
mean a incorrectly whitelisted
Evan Platt wrote:
At 11:45 AM 10/21/2005, you wrote:
If you grouped the rulesets into +/- sets and processed all the -
rules first it wouldn't create false ly scored messages. Or would it ?
No, but you still would have to process all the rules regardless - I
mean a incorrectly whitelisted
Todd Merritt wrote:
> jdow wrote:
>
>> From: "Chris L. Franklin" <[EMAIL PROTECTED]>
>>
>>> Back in 2.64 There was the option to have SA stop going though
>>> rules then it hit a max score. Is there any option for this in
>>> 3.X.X ?
>>
>>
>> No. Such a rule actually costs processing time AND
jdow wrote:
From: "Chris L. Franklin" <[EMAIL PROTECTED]>
Back in 2.64 There was the option to have SA stop going though rules
then it hit a max score.
Is there any option for this in 3.X.X ?
No. Such a rule actually costs processing time AND would create false
positives or false negatives
At 11:45 AM 10/21/2005, you wrote:
If you grouped the rulesets into +/- sets and processed all the -
rules first it wouldn't create false ly scored messages. Or would it ?
No, but you still would have to process all the rules regardless - I
mean a incorrectly whitelisted message could have en
jdow wrote:
From: "Chris L. Franklin" <[EMAIL PROTECTED]>
Back in 2.64 There was the option to have SA stop going though rules
then it hit a max score.
Is there any option for this in 3.X.X ?
No. Such a rule actually costs processing time AND would create false
positives or false negatives
From: "Chris L. Franklin" <[EMAIL PROTECTED]>
Back in 2.64 There was the option to have SA stop going though rules
then it hit a max score.
Is there any option for this in 3.X.X ?
No. Such a rule actually costs processing time AND would create false
positives or false negatives entirely too e
At 09:03 AM 10/21/2005, you wrote:
Back in 2.64 There was the option to have SA stop going though rules
then it hit a max score.
Is there any option for this in 3.X.X ?
Nope.
All depends on the order of the rules. What if it had yet to come
across a whitelist rule?
Back in 2.64 There was the option to have SA stop going though rules
then it hit a max score.
Is there any option for this in 3.X.X ?
--
-- Chris L. Franklin --
17 matches
Mail list logo
