Re: [AMaViS-user] Current p0f rules?

Andy,

> Are the sample rules in the release notes still the preferred p0f ruleset
> for SA?

Yes, still valid. It's pretty much what I'm using at our site.

The IP distance (hop count) rules may need tweaking if your site
is close to poorly policed ISPs, but it works well in our academic
networks topology.

The BOTNET* rules may need replacing an old DKIM_VERIFIED rule with
a DKIM_VALID, reflecting the change of a rule name with SpamAssassin 3.3.0.

> Does anybody have any comments or experiences? We're in the process of
> upgrading amavisd-new, and want to take this opportunity to utilize this
> additional tool.

Every little bit helps in fighting spam. P0f is quite effective
in distinguishing Windows-based botnets from the rest. It is also
quite useful with reducing numerous false positives of a Botnet
plugin, if using it.

  Mark

------------------------------------------------------------------------------

_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
 Please visit http://www.ijs.si/software/amavisd/ regularly
 For administrativa requests please send email to rainer at openantivirus dot org

• This message: [ Message body ]
• Next message: Mark Martinec: "Re: [AMaViS-user] UTF8 in fields subject and from_addr in msgs table"
• Previous message: Mark Martinec: "Re: [AMaViS-user] severe performance degredation by amavisd 2.6.4 under load"
• In reply to: Andy Dills: "[AMaViS-user] Current p0f rules?"
• Next in thread: Andy Dills: "Re: [AMaViS-user] Current p0f rules?"
• Reply: Andy Dills: "Re: [AMaViS-user] Current p0f rules?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]