[Mimedefang] SNARE spam detection
kd6lvw at yahoo.com
Wed Jul 29 18:07:41 EDT 2009
--- On Wed, 7/29/09, David F. Skoll <dfs at roaringpenguin.com> wrote:
> > If a non-spammer happens to be co-located in a spam-friendly
> > environment, .... Expect false positives here.
> Yes, for sure. However, it can be useful as a Bayes token, maybe, or
> as a rule adding a couple of points.
OK, but using APEWS or UCE-PROTECT L2 or L3 blacklists would yield a similar result. We already know how much those are loved.
> Yeah, the port scanning seemed fishy to me. It could be that
> they only scan a few "well-known" bot control ports.
Which still runs into trouble on any system that tarpits all unused ports.
More information about the MIMEDefang