[unisog] Barracuda effectiveness (vs Puremessage)

Frank Bulk frnkblk at iname.com
Mon Jul 16 19:57:08 GMT 2007


Confirmed on the "Intent Analysis", that's the item we tend to "whitelist"
the most.

Frank

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of rick pim
Sent: Monday, July 16, 2007 2:18 PM
To: UNIversity Security Operations Group
Subject: [unisog] Barracuda effectiveness (vs Puremessage)


 > We have the Barracuda set to do the things their SE recommends. And
 > now they are recommending manual tuning involving keyword lists,
 > extra blacklists (beyond their own and xbl/sbl from spamhaus), bayes,
 > etc.

manually tag enough messages as "spam" and "not spam" to enable their
bayesian filtering and they get significantly better. (i think it's
200 of each). last time i did it it took a couple of days since it was
just a couple of us doing it and we were just using our own mail to do
the tagging. (actual 'face time' was fairly modest.) we've got some
users trained to send us new examples that (a) are spam and (b) aren't
flagged by the bayesian filters.

their 'intent analysis' tends to be -- in my experience -- overly
aggressive.

rp


_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list