2

I came across best practices from BarracudasNetwork website https://www.barracudanetworks.com/docs/other/barracuda_spam_&_virus_firewall_bayesian.pdf

These recommendations suggest to keep good quality Bayesian Learning samples on a static level of few hundred emails each type (valid emails and known spam).

Here is my question - how such a configuration handle 'seasonal spam periods'? What I mean here are spam emails related to the world events e.g. emails related to Barack Obama and presidential election or riots in Egipt. We noticed that during these events noticable portion of spam we captured with our restricted setup had some references to the events.

Now, if we were to keep adding these seasonal spam examples we would end up with thousands of emails in the spam samples.

I should add that our mail servers receive tens of thousands emails every day.

What would be the best way to handle mentioned situations?

Here is what we have been using (in case it matters):

  • Firmware v3.5.12.025 (2009-09-03 19:21:07)
  • Model: 600

Many thanks, Luke

Luke G
  • 151
  • 6

2 Answers2

2

Barracuda units are based on SpamAssassin (not the same exactly, but based on...). I've never found any significant value in keeping old spam samples for the Bayesian filter in SA. The spammers are undoubtedly "learning", spam doesn't look the same as it did a year ago.

It is a good idea to keep around some ham, especially if you're in a financial, pharmaceutical, medical, or similar industry where your ham looks a lot like spam. The Bayesian filter will do a much better job in these cases if you have some examples of both (again, using examples that are current)... works for me.

Chris S
  • 77,337
  • 11
  • 120
  • 212
2

PLEASE upgrade the firmware and OS revision of your Barracuda Spam Filter!! (assuming you have an active subscription)

You're missing out on features. There have been HUGE bugs that have been resolved since the 2009-era firmware you have now. The current revision level is version 5.1.x.

enter image description here

Seasonal SPAM trends would also be reflected in the BarracudaCentral database, which should be the first line of defense in your Spam Filter unit. You should not need to adjust or modify your thresholds to accommodate world events.

I would not try to learn every piece of mail that comes in. I keep my Bayesian databases for large client installations small... maybe 300-400 examples of SPAM and HAM. That's all you should really need. Otherwise, you may be poisoning the database. Note: You want more SPAM than HAM, like the example below:

enter image description here

Community
  • 1
ewwhite
  • 194,921
  • 91
  • 434
  • 799