Re: [Declude.JunkMail] OT: Switch to control bandwidth

[Matt]

Darin Cox wrote: For the specific cases you outlined, it sounds like IMGate might help.  We don't use it, but from what I've read on the lists, it sounds like it could be configured to protect against these scenarios.   We use a single box solution integrating VamSoft's ORF with MS SMTP on the same box as IMail (and also on a backup server that is live with ORF/MS SMTP, cold spare for IMail/Declude).  I finally got address validation going the other day, and we are blocking 70% of address attempts (typically 5 bad addresses per dictionary attack E-mail).  This only saved an average of about 100Kbps or about 1/6th of average hourly bandwidth at peak times.  Spam is typically very small and more of a processing issue than a bandwidth issue.  We still have about 40 domains not being fully validated, but the bulk of the issues have been resolved with what we have and the others will come in time.  This was only a minor nuisance as this stuff was easy to block with our Declude setup and it is very low in bandwidth unless you get hit by the million address per day guy, but that hasn't happened to us yet.  We are protected from that now, and this was designed as protection from just that sort of thing.  I'm also looking at tarpitting, dictionary attack protection, and select gateway blacklisting of abusive hosts, but we don't have anything in place for that yet.  It's not a fire yet, but I figure that I can save processing power and therefore software and hardware expense by introducing these things before I run out of capacity. Right now we are limited in bandwidth and not burstable, but that will change in 1 1/2 to 2 1/2 months when we migrate our facilities.  Then the issue becomes expense, and bandwidth will cost me $200 per Mbps at 95th percentile, so an investment in hardware as opposed to bandwidth seems like a good idea to save money in the long haul.  I figure that I can easily save $2,400 a year in bandwidth by doing this, and also protect the CPU utilization and against DOS at the same time.  I'm under the impression that you can greatly affect your 95th percentile rate by merely limiting individual IP's, and having 4 MX records and IMail on a separate IP, I think we could manage this fairly effectively without affecting service.  Same goes for HTTP and FTP stuff as well.  I don't think that anyone would complain about being limited to 512Kbps for a HTTP/FTP connection without being charged for more, and slightly delaying MX's SMTP traffic in this way has almost no affect on QOS for hosted E-mail customers. I know...too much detail :) Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================