Jeremy Harris wrote:
> Greg Swift wrote:
>
>> (http://www.zdziarski.com/projects/rabl/), and ClamAV. DSPAM scans the
>> msg for spam and virus(linking to clamav) and if it tags the message as
>> spam it sends RABL a notice about that customer's spamminess. Once the
>> user reaches a threshold (right now about 50 notices) RABL blacklists
>> them (default 6 hours). The nice thing about this concept is that its
>> automatic, and all the customer has to do is clean their machines and
>> then when 6hrs hit they are back to normal, until they get infected
>> again (or if they didnt suceed).
>>
>> But i don't know where to go from there, or if that is even the best way
>> to do that. Does anyone have any suggestions or anything?
>>
>
> In my humble opinion,1) fifty warnings is far too lenient,
true... the default is 10, but compared to the number of messages most
of those customers are trying to dump to the server 50 is a fraction of
a fraction. I would rather not turn on the new system and suddenly have
all my customers blacklisted because the filter was mis-tagging on
> and 2) six hours is far too short. To cause your customers to change behaviour
> you must cause them pain - this is basic Skinner conditioning.
>
actually most of them are pretty good about cleaning their machines once
they know they need to, because loosing e-mail at all is quite the
punishment.
> Cut off on one solid detection, don't re-enable until after they manually
> complain (and explain to them why your automatics need to protect the
> rest of the world from from their badly-administered systems), and
> then don't enable for another 12-24 hours (like, when it's convenient
> for your dayshift. Don't put it on automatic, that isn't painful
> enough for you *either*).
see.. thats all nice and fine, until you work for someplace where a
customer with no logged trouble ticket can call the C*O, whom he's never
talked to before, and yell until suddenly the world works the way he
wants it to because that means the C*O doesnt have to talk to him anymore.
right now our solution is a blacklist w/ a manual removal. Part of the
whole problem is that its a pita. Most of my customers aren't spammers,
most of the ones that would cause the problem would quickly get grabbed
in this, if they got past any of the lower level protections. A quick
fix on both sides is preferred.
-greg
--
http://www.gvtc.com
--
“While it is possible to change without improving, it is impossible to improve without changing.” -anonymous
“only he who attempts the absurd can achieve the impossible.” -anonymous
