On Thu, Jan 15, 2009 at 09:06, Mark Martinec wrote:
> Jonas,
>
>> I just found one reason for FPs in the Botnet plugin. It doesn't
>> make a difference between timeouts (and other DNS errors) and
>> negative answers. So if your DNS server/proxy is overloaded (or
>> slow for some other reason), you
On Thu, January 15, 2009 18:06, Mark Martinec wrote:
> Not to forget the long-standing DNS problem with Botnet:
> http://marc.info/?l=spamassassin-users&m=118641079630268
> http://marc.info/?l=spamassassin-users&m=120783518919154
i have changed to use BadRelay from
http://sa.hege.li/BadRela
Jonas,
> I just found one reason for FPs in the Botnet plugin. It doesn't
> make a difference between timeouts (and other DNS errors) and
> negative answers. So if your DNS server/proxy is overloaded (or
> slow for some other reason), you'll get FPs
>
> Since 15 minutes ago, I'm running a slightly
At 01:36 15-01-2009, Rasmus Haslund wrote:
implement it with the SA engine running in Icewarp Merak. Anyway we do
have alot of problems with FP when we try out new things and I just have
to say some things just does not work good on a large scale where you
have to deal with all kinds og languages
>
> I just found one reason for FPs in the Botnet plugin. It
> doesn't make a difference between timeouts (and other DNS
> errors) and negative answers. So if your DNS server/proxy is
> overloaded (or slow for some other reason), you'll get FPs
>
> Since 15 minutes ago, I'm running a slight
Daniel J McDonald wrote:
I too found botnet to be a great source of FP. By combining it with p0f
it's moderately useful.
I just found one reason for FPs in the Botnet plugin. It doesn't
make a difference between timeouts (and other DNS errors) and
negative answers. So if your DNS server/pro
On 1/15/2009 1:36 AM, Rasmus Haslund wrote:
SM wrote:
"Botnet Plugin" sounds like a plugin that detect botnets ... If
Rasmus is finding that many false ositives, then he's using the wrong tools.
Well I am not using the botnet plugin because i am not sure how to
implement
SM wrote:
> "Botnet Plugin" sounds like a plugin that detect botnets ... If
> Rasmus is finding that many false positives, then he's using the wrong
> tools.
Well I am not using the botnet plugin because i am not sure how to
implement it with the SA engine running in Icewarp Merak. Anyway we do
At 12:44 14-01-2009, Rob McEwen wrote:
No. This is just due to the fact that, unfortunately, some mail servers
and IPs (which send desired and solicited messages) are somewhat
incorrectly configured. It turns out that a distributor receiving
legitimate business e-mail from vendors & customers in
Rob McEwen a écrit :
> SM wrote:
>> "Botnet Plugin" sounds like a plugin that detect botnets ... If
>> Rasmus is finding that many false positives, then he's using the wrong
>> tools.
>
> No. This is just due to the fact that, unfortunately, some mail servers
> and IPs (which send desired and sol
On Wed, Jan 14, 2009 at 13:06, Dave Pooser wrote:
>> None of my friends are on
>> services that are that poorly configured
>
> No friends on Verizon? Their @#$% mail servers are 70% of my FPs.
Heh. Guess not :-)
> None of my friends are on
> services that are that poorly configured
No friends on Verizon? Their @#$% mail servers are 70% of my FPs.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserve
SM wrote:
> "Botnet Plugin" sounds like a plugin that detect botnets ... If
> Rasmus is finding that many false positives, then he's using the wrong
> tools.
No. This is just due to the fact that, unfortunately, some mail servers
and IPs (which send desired and solicited messages) are somewhat
in
At 06:59 14-01-2009, Rob McEwen wrote:
Because Rasmus manages a mail server where B2B mail is routinely
sent/received _globally_, Rasmus is the king of finding FPs. I could be
wrong, but judging from previous reports about the Botnet Plugin, I
predict that Rasmus will either (a) find the Botnet P
> -- Forwarded message --
> From: "Bret Miller"
> To: "John Rudd"
> Date: Tue, 21 Aug 2007 13:08:06 -0700
> Subject: RE: BOTNET Exceptions for Today
>> Bret Miller wrote:
> Maybe these aren't false positives because botnet is identifying them for
> what they are-- badly configure
On Wed, 14 Jan 2009 09:23:51 -0500, John Rudd wrote:
How's it working for you, so far?
On Wed, Jan 14, 2009 at 06:12, Paul Griffith wrote:
On Tue, 13 Jan 2009 05:28:42 -0500, si wrote:
Guys,
I'm sure you're as sad as I am re- temporary suspension of the
brilliant
services offered by S
On Wed, January 14, 2009 17:33, John Hardin wrote:
> Is there any other distributed content distribution system they
> could use for free this way?
bittorrent ?
(micro$oft have problem delivering windows 7 betas from there
network, opensource problems ?) :=)
--
Benny Pedersen
Need more webspa
Is there any way that a more distributed method of delivering
updates could be more resistant to DDOS attacks? E.g.
trackerless bittorrents (DHT), or something along those lines?
Just wondering in general
On Wed, 14 Jan 2009, Rob McEwen wrote:
QUESTIONS:
Is SaneSecurity still collecting data and generating the rulesets? (but
just not able to distribute them)
I was wondering that myself, and was also wondering whether there was a
way to leverage the Coral cache system to avoid DDoS - for examp
si-12 wrote:
>
> I appreciate that great progress is being mad re- getting the service back
> online again, but in the mean time was wondering ... has anyone found
> anything as effective as a temporary replacement or enhancement?
One rsync server is already up and running and is currently being
Rob McEwen wrote:
> And I thing it is
> probably better used as a scoring list instead of a blocking list.
>
oops. I meant "probably better scored below threshold", since, of
course, BotNet isn't a "list".
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
John Rudd wrote:
> Botnet isn't a DNSBL...
>
I never said it was a DNSBL.
But it definitely has a particular focus on the sending IP, and that
sending IP's rDNS. Therefore, for all practical purposes, it is trying
to do the job of a DNSBL. As I recall, the discussion about BotNet's
development
On Wed, 2009-01-14 at 09:59 -0500, Rob McEwen wrote:
> Rasmus Haslund wrote:
> >> After a loud outcry from our users from the increasing level of spam in
> >> their inboxes, I installed the Botnet >Plugin.
> >>
> > Is this something that can be used with the SA in Icewarp Merak?
> >
>
> B
On Wed, Jan 14, 2009 at 06:59, Rob McEwen wrote:
> Regarding using the Botnet Plugin as a replacement for SaneSecurity... I
> found that the _best_ part about SaneSecurity was its assistance with
> catching spam that could NOT ever be caught using _any_ kind of DNSBL.
Botnet isn't a DNSBL...
Rasmus Haslund wrote:
>> After a loud outcry from our users from the increasing level of spam in
>> their inboxes, I installed the Botnet >Plugin.
>>
> Is this something that can be used with the SA in Icewarp Merak?
>
Because Rasmus manages a mail server where B2B mail is routinely
sent/r
e're still in pretty good shape, but we certainly notice that the Sane
Security stuff isn't there any more.
Mup.
--- On Wed, 14/1/09, John Rudd wrote:
From: John Rudd
Subject: Re: Temporary 'Replacements' for SaneSecurity
To: "Paul Griffith"
Cc: g_b...@yahoo.c
How's it working for you, so far?
On Wed, Jan 14, 2009 at 06:12, Paul Griffith wrote:
> On Tue, 13 Jan 2009 05:28:42 -0500, si wrote:
>
>> Guys,
>>
>> I'm sure you're as sad as I am re- temporary suspension of the brilliant
>> services offered by Steve Basford and is helpers at Sane Security. I
>After a loud outcry from our users from the increasing level of spam in
their inboxes, I installed the Botnet >Plugin.
Is this something that can be used with the SA in Icewarp Merak?
NOWACO A/S
Rasmus Haslund
On Tue, 13 Jan 2009 05:28:42 -0500, si wrote:
Guys,
I'm sure you're as sad as I am re- temporary suspension of the brilliant
services offered by Steve Basford and is helpers at Sane Security. In a
sick kind of way, the 'bad guys' are acknowledging the work these guys
have done by DOSing
Guys,
I'm sure you're as sad as I am re- temporary suspension of the brilliant
services offered by Steve Basford and is helpers at Sane Security. In a sick
kind of way, the 'bad guys' are acknowledging the work these guys have done by
DOSing them, but that doesn't help much with the daily grin
30 matches
Mail list logo
