[Mimedefang] SNARE spam detection

- kd6lvw at yahoo.com
Wed Jul 29 18:07:41 EDT 2009


--- On Wed, 7/29/09, David F. Skoll <dfs at roaringpenguin.com> wrote:
> > If a non-spammer happens to be co-located in a spam-friendly
> > environment, ....  Expect false positives here.
> 
> Yes, for sure.  However, it can be useful as a Bayes token, maybe, or
> as a rule adding a couple of points.

OK, but using APEWS or UCE-PROTECT L2 or L3 blacklists would yield a similar result.  We already know how much those are loved.

> Yeah, the port scanning seemed fishy to me.  It could be that
> they only scan a few "well-known" bot control ports.

Which still runs into trouble on any system that tarpits all unused ports.



More information about the MIMEDefang mailing list