Rasmus Haslund wrote: >> After a loud outcry from our users from the increasing level of spam in >> their inboxes, I installed the Botnet >Plugin. >> > Is this something that can be used with the SA in Icewarp Merak? >
Because Rasmus manages a mail server where B2B mail is routinely sent/received _globally_, Rasmus is the king of finding FPs. I could be wrong, but judging from previous reports about the Botnet Plugin, I predict that Rasmus will either (a) find the Botnet Plugin utterly unusable due to FPs, or (b) only be able to score it by a point or two due to excessive FPs. (Rasmus--by all means--please don't take my word for it--try it out and then let us know what happened!) Regarding using the Botnet Plugin as a replacement for SaneSecurity... I found that the _best_ part about SaneSecurity was its assistance with catching spam that could NOT ever be caught using _any_ kind of DNSBL. For example, "419" scam spams sent from the large freemail providers where the message cannot possibly be blocked because of being sent from an IP that send large amounts of legit mail and because there is simply no domain in the body of the message for surbl/uribl/ivmURI to grab onto. THAT was the best part about SaneSecurity, imo. Therefore, if someone is missing SaneSecurity, I'd suggest first making sure they have Sought Rules installed and frequently updating--if not already running. QUESTIONS: Is SaneSecurity still collecting data and generating the rulesets? (but just not able to distribute them) Is there any end in sight for the DDOS? Has anyone tried to mitigate their DDOS? (There is a super-secret list out there consisting of professionals who work for all the largest ISPs and security vendors. They have ways to help mitigate these things. They look for IPs conducting the DDOS, on each of their own networks, and they simply shut those IPs down at the access point.) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
