Mike Cardwell wrote:
> W B Hacker wrote:
*snip*
>>
>> More than good enough for my needs, though I am still puzzled that it fails to
>> detect all connections.
>
> It doesn't provide results for me for around 8% of the connections. I'm
> not sure if that's because it doesn't detect the connection, or if it
> simply doesn't have a matching signature:
>
It definitely had matching sigs for several of the ones missed-out here - they
were 'known' sources from my own machines. And that was for ssh OR smtp.
FWIW it reports OS X 10.3.9 to be pre 6.X FreeBSD, and FreeBSD 7.1 is
unrecognized but it shows 'stuff' - and it detects both at least half the time.
I'd say missing 8% would be a best-case figure.
> Connections: 6716
> FreeBSD: accept:5, reject:9
> Linux: accept:318, reject:139
> MacOS: accept:2, reject:19
> NetBSD: reject:2
> Novell: reject:1
> Solaris: accept:36, reject:147
> Unknown: accept:475, reject:107
> Windows: accept:30, reject:5426
>
> There doesn't seem to be a strong correlation between the OS and the
> spamminess of the message, apart from when Windows is the connecting OS.
> Only 1 in 180 emails from a Windows host was accepted by my email system.
>
Interesting stat.
Not germane to smtp, but the next question would be if there was any useful
content in the few you DID accept from WinBoxen.
I wouldn't take a great deal of effort here to WL the few legit corrrespondents
with that particular parasite and block the rest.
'Per user' of course.
Some have correspondents who go ballistic when we reject based on ClamAV finding
hard ID on their WinCrobe of the day and reporting it by name.
'It has to be your ISP's fault, we move millions of messages a day and don't
have problems with any other..."
Aye. More's the pity....
Given it is Government Department network that is infected...
With THAT lot I'd far *rather* tell 'em it was the 'stupidity filter' that
blocked 'em.
Bill
