Re: [Declude.JunkMail] RFCSPACE Explanation?
I have been looking for an explanation of the RFCSPACE test but I cannot find one Anybody have a detailed explanation with references? Do you mean CMDSPACE? That one looks for a space in the SMTP commands, such as RCPT TO:, that really shouldn't be there (although some people may try to argue that the RFCs do allow it). No legitimate mailserver that I am aware of has the space there, although some mail clients (most notable Outlook) include it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Switch to control bandwidth
Hi Matt, Read thru their web site - it's not "open source" and he will tell you that. Best thing is to open up a SALES TICKET and ask your questions - he's pretty fast on getting back to you. Also, you can download beta/demo software to try out -- so, you might give that a try. And, he sells a failover nic card too in case the box dies you can still have your data pass through. hth. -jason M> Thanks, this looks like another good candidate. The software license of M> $795 isn't that bad, and you don't need anything special to run it to M> capacity on my network. I would like to see it in action however, and M> figure out if it was easy to use (worth money to me), and also as stable M> as could be. I don't know how I might have a hot spare configuration M> with a setup like this so having something that is virtually bulletproof M> is worth a lot here. M> I'm also guessing that this is an open source app underneath the GUI and M> managed updates. It would be nice to know what that was. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] RFCSPACE Explanation?
Hello, I have been looking for an explanation of the RFCSPACE test but I cannot find one Anybody have a detailed explanation with references? Thanks, Adam --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Switch to control bandwidth
Thanks, this looks like another good candidate. The software license of $795 isn't that bad, and you don't need anything special to run it to capacity on my network. I would like to see it in action however, and figure out if it was easy to use (worth money to me), and also as stable as could be. I don't know how I might have a hot spare configuration with a setup like this so having something that is virtually bulletproof is worth a lot here. I'm also guessing that this is an open source app underneath the GUI and managed updates. It would be nice to know what that was. Matt sbsi lists wrote: Hi Matt, you might look at http://www.etinc.com/index.php?cPath=25 more $$s than your budget UNLESS you go with their software and you handle the OS/Hardware. I don't have experience with this -- yet... but thinking of using one of their appliances or get the software and trying it. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Switch to control bandwidth
Darin Cox wrote: For the specific cases you outlined, it sounds like IMGate might help. We don't use it, but from what I've read on the lists, it sounds like it could be configured to protect against these scenarios. We use a single box solution integrating VamSoft's ORF with MS SMTP on the same box as IMail (and also on a backup server that is live with ORF/MS SMTP, cold spare for IMail/Declude). I finally got address validation going the other day, and we are blocking 70% of address attempts (typically 5 bad addresses per dictionary attack E-mail). This only saved an average of about 100Kbps or about 1/6th of average hourly bandwidth at peak times. Spam is typically very small and more of a processing issue than a bandwidth issue. We still have about 40 domains not being fully validated, but the bulk of the issues have been resolved with what we have and the others will come in time. This was only a minor nuisance as this stuff was easy to block with our Declude setup and it is very low in bandwidth unless you get hit by the million address per day guy, but that hasn't happened to us yet. We are protected from that now, and this was designed as protection from just that sort of thing. I'm also looking at tarpitting, dictionary attack protection, and select gateway blacklisting of abusive hosts, but we don't have anything in place for that yet. It's not a fire yet, but I figure that I can save processing power and therefore software and hardware expense by introducing these things before I run out of capacity. Right now we are limited in bandwidth and not burstable, but that will change in 1 1/2 to 2 1/2 months when we migrate our facilities. Then the issue becomes expense, and bandwidth will cost me $200 per Mbps at 95th percentile, so an investment in hardware as opposed to bandwidth seems like a good idea to save money in the long haul. I figure that I can easily save $2,400 a year in bandwidth by doing this, and also protect the CPU utilization and against DOS at the same time. I'm under the impression that you can greatly affect your 95th percentile rate by merely limiting individual IP's, and having 4 MX records and IMail on a separate IP, I think we could manage this fairly effectively without affecting service. Same goes for HTTP and FTP stuff as well. I don't think that anyone would complain about being limited to 512Kbps for a HTTP/FTP connection without being charged for more, and slightly delaying MX's SMTP traffic in this way has almost no affect on QOS for hosted E-mail customers. I know...too much detail :) Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] OT: Switch to control bandwidth
Title: Message I can add a few bits. Packeteer.com and Net-Reality.com both have swissarmy-like products that will fit the bill, but they don't come at a pricepoint that fits your budget. If their licencing scheme fits, and you can get a bargain on eBay, I'd recommend them. And they do work inline, and "fail open" if the hardware fails or the power to their unit is unplugged. I'm pretty sure that the rate limiting in HTTP for W2K3 does work, but it can't take into account how much of your pipe is empty, it will only work based on your pre-set maximum limit. The queuing problem you saw with IMail is a product of their limited threading. You had ample CPU left, but the thread was full. IMail has an upgrade soon (already? 8.2?) that would help, at least with 2 out of the three issues you cited. Andrew 8) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, February 16, 2005 12:51 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] OT: Switch to control bandwidthI've got a nice solution for this called IPcheck Server Monitor from Paessler (http://www.paessler.com/products/ipcheck/?link=menu). It is buggy however from the standpoint of the interface, though they have been continually improving and fixing it. It has nice notification features such as dependencies. I monitor from a separate network from the servers themselves, giving a good impression of what my customers experience.I kind of feel tied down to monitoring and then researching, and then resolving issues. For instance, in the last 24 hours I had the following happen: - Customer's mail server IP changed without notifying us, causing lots of spooled messages. - One person sent about 150 MB of E-mail (separate large messages) to a MailPure protected account and that slowed down our responsiveness on all services (HTTP and POP3 also affected. No fix can be applied for this except for limiting as the traffic was legit, just unusually bursty. - Customer's remote Web server misbehaving and delivered 10,000 messages to their own account through our gateway. No immediate issues, but it bears watching for potential escalation that could threaten our performance.I'm spending a lot of time with this stuff on a regular basis and want to be a bit more proactive so that I don't need to feel tied down. Almost all issues can be controlled by rate limiting, though some require extensive granularity to achieve sufficient protection. QOS is also at issue since I stay away from doing inexpensive services, concentrating on value-added, and many of my customers do expect more.Right now I'm fine, but the more I grow, the more often these things will occur and I think it's time to put something else in place that can stop issues from potentially affecting every service/customer.MattDarin Cox wrote: Best solution is monitoring. Without creating a system of dedicated circuits to each customer you can't guarantee one customer will not adversely affect another. Rate-limiting at the switch (or software "switch") will help, but still means a smaller pipe for everyone else...and doesn't help with multiple customers misbehaving. With appropriate SNMP or RMON monitoring, however, you can be notified as soon as traffic goes beyond a given threshold and react accordingly. Darin. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Wednesday, February 16, 2005 3:18 PM Subject: Re: [Declude.JunkMail] OT: Switch to control bandwidth I just wanted to follow up on this thread. First, thanks for all of the suggestions. Here's a summary of what caught my eye. 1) There are some decent choices out there, and seemingly a 3COM SuperStack 3 3226 comes at a nice price point (around $500) and allows limiting per port at 1 Mbps increments and also does 7 custom levels of protocol prioritization. This was suggested to me off-list. It seems like a good thing for colocation since you don't care for more granularity among your customers, they can choose to do with their bandwidth what they wish. I'm not into colocation yet and this probably falls short of my needs otherwise.2) I was also intrigued by the NetEqualizer product, which seems to be a the commercial version of an open source project called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). This might very well offer functionality beyond all of the switches, but offers more complication in setup and management unless you go with the for-profit version. This is of course not a switch, but that's ok since cheap switches can be plac
Re: [Declude.JunkMail] Massive DJM Logs and DLAnalyzer
I'm currently running with LOG LEVEL set to HIGH so I can get the most out of Invariant Systems DLAnalyzer. So this 2nd question might be better directed towards them. Really the only report I generate every month is a Test Summary Report so I can see the effectiveness of tests and a Domain Summary Report so I can tell how spam filtering customers how much spam we are blocking for them. Do I need to have the LOG LEVEL set to HIGH to get accurate reports for those? Dan, For a straight test summary report you only need low. However, for the domain report it gets a bit more complicated. I always recommend "HIGH" for those, but you can get by with MID. If you run MID you lose the ability for DLAnalyzer to detect which domains are incoming or outgoing. Which means if you run at Log level MID you will need to manually specify the domains. I hope this helps. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Switch to control bandwidth
I hear ya... hate to be in reactive mode as well. When sharing pipes you only have two choices, clamp bandwidth down for any single customer to the point that one or more customers' abuse won't impact others, or react via monitoring. For the specific cases you outlined, it sounds like IMGate might help. We don't use it, but from what I've read on the lists, it sounds like it could be configured to protect against these scenarios. Darin. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Wednesday, February 16, 2005 3:51 PM Subject: Re: [Declude.JunkMail] OT: Switch to control bandwidth I've got a nice solution for this called IPcheck Server Monitor from Paessler (http://www.paessler.com/products/ipcheck/?link=menu). It is buggy however from the standpoint of the interface, though they have been continually improving and fixing it. It has nice notification features such as dependencies. I monitor from a separate network from the servers themselves, giving a good impression of what my customers experience.I kind of feel tied down to monitoring and then researching, and then resolving issues. For instance, in the last 24 hours I had the following happen: - Customer's mail server IP changed without notifying us, causing lots of spooled messages. - One person sent about 150 MB of E-mail (separate large messages) to a MailPure protected account and that slowed down our responsiveness on all services (HTTP and POP3 also affected. No fix can be applied for this except for limiting as the traffic was legit, just unusually bursty. - Customer's remote Web server misbehaving and delivered 10,000 messages to their own account through our gateway. No immediate issues, but it bears watching for potential escalation that could threaten our performance.I'm spending a lot of time with this stuff on a regular basis and want to be a bit more proactive so that I don't need to feel tied down. Almost all issues can be controlled by rate limiting, though some require extensive granularity to achieve sufficient protection. QOS is also at issue since I stay away from doing inexpensive services, concentrating on value-added, and many of my customers do expect more.Right now I'm fine, but the more I grow, the more often these things will occur and I think it's time to put something else in place that can stop issues from potentially affecting every service/customer.MattDarin Cox wrote: Best solution is monitoring. Without creating a system of dedicated circuits to each customer you can't guarantee one customer will not adversely affect another. Rate-limiting at the switch (or software "switch") will help, but still means a smaller pipe for everyone else...and doesn't help with multiple customers misbehaving. With appropriate SNMP or RMON monitoring, however, you can be notified as soon as traffic goes beyond a given threshold and react accordingly. Darin. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Wednesday, February 16, 2005 3:18 PM Subject: Re: [Declude.JunkMail] OT: Switch to control bandwidth I just wanted to follow up on this thread. First, thanks for all of the suggestions. Here's a summary of what caught my eye. 1) There are some decent choices out there, and seemingly a 3COM SuperStack 3 3226 comes at a nice price point (around $500) and allows limiting per port at 1 Mbps increments and also does 7 custom levels of protocol prioritization. This was suggested to me off-list. It seems like a good thing for colocation since you don't care for more granularity among your customers, they can choose to do with their bandwidth what they wish. I'm not into colocation yet and this probably falls short of my needs otherwise.2) I was also intrigued by the NetEqualizer product, which seems to be a the commercial version of an open source project called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). This might very well offer functionality beyond all of the switches, but offers more complication in setup and management unless you go with the for-profit version. This is of course not a switch, but that's ok since cheap switches can be placed behind it.3) Cisco is of course a popular choice, but I'm not a fan of their ridiculous licensing schemes for the software and high prices. Used, these things come fairly cheap, but they are the 'Outlook' of routers and switches, and the most likely to be targeted by exploits. For that reason, I am probably going to migrate away from anything Cisco once I outgrow what I already have. I may change my mind however.4) I don't think I need a firewall, or don't want to deal with the expense and limitations of it (concurrent sessions, etc.). I have s
[Declude.JunkMail] Massive DJM Logs and DLAnalyzer
Hello, All, I've noticed that my DJM logs have been growing progressively bigger until yesterday I had one top out at over 380+ MB. I think these might be effecting the performance of Declude but I don't have any proof. As these logs grow bigger is there any correlation between log size and performance? I'm currently running with LOG LEVEL set to HIGH so I can get the most out of Invariant Systems DLAnalyzer. So this 2nd question might be better directed towards them. Really the only report I generate every month is a Test Summary Report so I can see the effectiveness of tests and a Domain Summary Report so I can tell how spam filtering customers how much spam we are blocking for them. Do I need to have the LOG LEVEL set to HIGH to get accurate reports for those? Thanks, Dan Geiser [EMAIL PROTECTED] --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Switch to control bandwidth
The only other thing that I could possibly think of is a lot of what you are talking about could be QoS'ed. Unfortunatly, this would be on a service level requirement. For exmaple not letting SMTP exceed a certain bandwidth when web is at a certain level, but allowing SMTP to burst when web is low. Darrell Darin Cox writes: Best solution is monitoring. Without creating a system of dedicated circuits to each customer you can't guarantee one customer will not adversely affect another. Rate-limiting at the switch (or software "switch") will help, but still means a smaller pipe for everyone else...and doesn't help with multiple customers misbehaving. With appropriate SNMP or RMON monitoring, however, you can be notified as soon as traffic goes beyond a given threshold and react accordingly. Darin. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Wednesday, February 16, 2005 3:18 PM Subject: Re: [Declude.JunkMail] OT: Switch to control bandwidth I just wanted to follow up on this thread. First, thanks for all of the suggestions. Here's a summary of what caught my eye. 1) There are some decent choices out there, and seemingly a 3COM SuperStack 3 3226 comes at a nice price point (around $500) and allows limiting per port at 1 Mbps increments and also does 7 custom levels of protocol prioritization. This was suggested to me off-list. It seems like a good thing for colocation since you don't care for more granularity among your customers, they can choose to do with their bandwidth what they wish. I'm not into colocation yet and this probably falls short of my needs otherwise. 2) I was also intrigued by the NetEqualizer product, which seems to be a the commercial version of an open source project called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). This might very well offer functionality beyond all of the switches, but offers more complication in setup and management unless you go with the for-profit version. This is of course not a switch, but that's ok since cheap switches can be placed behind it. 3) Cisco is of course a popular choice, but I'm not a fan of their ridiculous licensing schemes for the software and high prices. Used, these things come fairly cheap, but they are the 'Outlook' of routers and switches, and the most likely to be targeted by exploits. For that reason, I am probably going to migrate away from anything Cisco once I outgrow what I already have. I may change my mind however. 4) I don't think I need a firewall, or don't want to deal with the expense and limitations of it (concurrent sessions, etc.). I have so few ports open that I'm fine with router level protection and this is exclusively a DMZ with no client computers behind it. Despite what these products offer, I still think that the switches generally come up short of being a perfect solution to my needs (that of a Web hosting/E-mail provider). I essentially have 5 services that I need to support across 3 machines; HTTP, FTP, DNS, SMTP, and POP3. It seems that by just simply bandwidth limiting a port, I won't be able to slow down but a portion of the problematic bandwidth and there can be other issues caused by that (such as limiting all HTTP because of one site that is getting hammered). It would be best to limit HTTP by IP instead of by port. I haven't tested it out yet, but it may be that IIS will actually work when limiting in Windows 2003 unlike 2k, and that may solve my issue on that front at least. FTP may or may not be covered by the same, I'm not sure yet. It seems however that some of the worst issues are coming from fairly unique situations and specific IP addresses. Conditions like E-mail loops can not only bring down a mail server, but also bring down a whole network if all of your bandwidth is used. This of course can also affect POP3 service. If a customer does a mass mailing with huge images sourced from their site, the bandwidth could also bring us down without limits. I even had a customer send 144 messages out the other day with a 2.5 MB attachment, and if you do the math, you will find that this was 400 MB of bandwidth that IMail naturally attempts to deliver ASAP. I've also noted that IMail doesn't do well with response times under heavy bandwidth load even if the CPU is fine while other services on the same box have far less latency. This affects the quality of service to my customers, and I like things to be responsive. So what I am really looking for is some way to protect Web hosting clients from another Web hosting client's issue, protect POP3 service from having the bandwidth bogarted by some SMTP loop, or FTP, or HTTP, etc. Since everyone shares the same MX records, and the same outgoing SMTP and POP3, it's hard to find decent separation unless I get down to the IP level and start limiting things based on at least the destination IP if not the source IP also. To do anything less would seem to be somew
Re: [Declude.JunkMail] OT: Switch to control bandwidth
I've got a nice solution for this called IPcheck Server Monitor from Paessler (http://www.paessler.com/products/ipcheck/?link=menu). It is buggy however from the standpoint of the interface, though they have been continually improving and fixing it. It has nice notification features such as dependencies. I monitor from a separate network from the servers themselves, giving a good impression of what my customers experience. I kind of feel tied down to monitoring and then researching, and then resolving issues. For instance, in the last 24 hours I had the following happen: - Customer's mail server IP changed without notifying us, causing lots of spooled messages. - One person sent about 150 MB of E-mail (separate large messages) to a MailPure protected account and that slowed down our responsiveness on all services (HTTP and POP3 also affected. No fix can be applied for this except for limiting as the traffic was legit, just unusually bursty. - Customer's remote Web server misbehaving and delivered 10,000 messages to their own account through our gateway. No immediate issues, but it bears watching for potential escalation that could threaten our performance. I'm spending a lot of time with this stuff on a regular basis and want to be a bit more proactive so that I don't need to feel tied down. Almost all issues can be controlled by rate limiting, though some require extensive granularity to achieve sufficient protection. QOS is also at issue since I stay away from doing inexpensive services, concentrating on value-added, and many of my customers do expect more. Right now I'm fine, but the more I grow, the more often these things will occur and I think it's time to put something else in place that can stop issues from potentially affecting every service/customer. Matt Darin Cox wrote: Best solution is monitoring. Without creating a system of dedicated circuits to each customer you can't guarantee one customer will not adversely affect another. Rate-limiting at the switch (or software "switch") will help, but still means a smaller pipe for everyone else...and doesn't help with multiple customers misbehaving. With appropriate SNMP or RMON monitoring, however, you can be notified as soon as traffic goes beyond a given threshold and react accordingly. Darin. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Wednesday, February 16, 2005 3:18 PM Subject: Re: [Declude.JunkMail] OT: Switch to control bandwidth I just wanted to follow up on this thread. First, thanks for all of the suggestions. Here's a summary of what caught my eye. 1) There are some decent choices out there, and seemingly a 3COM SuperStack 3 3226 comes at a nice price point (around $500) and allows limiting per port at 1 Mbps increments and also does 7 custom levels of protocol prioritization. This was suggested to me off-list. It seems like a good thing for colocation since you don't care for more granularity among your customers, they can choose to do with their bandwidth what they wish. I'm not into colocation yet and this probably falls short of my needs otherwise. 2) I was also intrigued by the NetEqualizer product, which seems to be a the commercial version of an open source project called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). This might very well offer functionality beyond all of the switches, but offers more complication in setup and management unless you go with the for-profit version. This is of course not a switch, but that's ok since cheap switches can be placed behind it. 3) Cisco is of course a popular choice, but I'm not a fan of their ridiculous licensing schemes for the software and high prices. Used, these things come fairly cheap, but they are the 'Outlook' of routers and switches, and the most likely to be targeted by exploits. For that reason, I am probably going to migrate away from anything Cisco once I outgrow what I already have. I may change my mind however. 4) I don't think I need a firewall, or don't want to deal with the expense and limitations of it (concurrent sessions, etc.). I have so few ports open that I'm fine with router level protection and this is exclusively a DMZ with no client computers behind it. Despite what these products offer, I still think that the switches generally come up short of being a perfect solution to my needs (that of a Web hosting/E-mail provider). I essentially have 5 services that I need to support across 3 machines; HTTP, FTP, DNS, SMTP, and POP3. It seems that by just simply bandwidth limiting a port, I won't be able to slow down but a portion of the problematic bandwidth and there can be other issues caused by that (such as limiting all HTTP because of one site that is getting hammered). It would be best to limit HTTP by IP instead of by port. I haven't tested it out yet, but it may b
Re[2]: [Declude.JunkMail] OT: Switch to control bandwidth
Hi Matt, you might look at http://www.etinc.com/index.php?cPath=25 more $$s than your budget UNLESS you go with their software and you handle the OS/Hardware. I don't have experience with this -- yet... but thinking of using one of their appliances or get the software and trying it. -- Thanks again, -jason [EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - > Wednesday, February 16, 2005, 2:18:27 PM, you wrote: M> I just wanted to follow up on this thread. First, thanks for M> all of the suggestions. Here's a summary of what caught my eye. M> 1) There are some decent choices out there, and seemingly a M> 3COM SuperStack 3 3226 comes at a nice price point (around $500) M> and allows limiting per port at 1 Mbps increments and also does 7 M> custom levels of protocol prioritization. This was suggested to me M> off-list. It seems like a good thing for colocation since you M> don't care for more granularity among your customers, they can M> choose to do with their bandwidth what they wish. I'm not into M> colocation yet and this probably falls short of my needs otherwise. M> 2) I was also intrigued by the NetEqualizer product, which M> seems to be a the commercial version of an open source project M> called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). M> This might very well offer functionality beyond all of the M> switches, but offers more complication in setup and management M> unless you go with the for-profit version. This is of course not a M> switch, but that's ok since cheap switches can be placed behind it. M> 3) Cisco is of course a popular choice, but I'm not a fan of M> their ridiculous licensing schemes for the software and high M> prices. Used, these things come fairly cheap, but they are the M> 'Outlook' of routers and switches, and the most likely to be M> targeted by exploits. For that reason, I am probably going to M> migrate away from anything Cisco once I outgrow what I already M> have. I may change my mind however. M> 4) I don't think I need a firewall, or don't want to deal with M> the expense and limitations of it (concurrent sessions, etc.). I M> have so few ports open that I'm fine with router level protection M> and this is exclusively a DMZ with no client computers behind it. M> Despite what these products offer, I still think that the M> switches generally come up short of being a perfect solution to my M> needs (that of a Web hosting/E-mail provider). I essentially have M> 5 services that I need to support across 3 machines; HTTP, FTP, M> DNS, SMTP, and POP3. It seems that by just simply bandwidth M> limiting a port, I won't be able to slow down but a portion of the M> problematic bandwidth and there can be other issues caused by that M> (such as limiting all HTTP because of one site that is getting M> hammered). It would be best to limit HTTP by IP instead of by M> port. I haven't tested it out yet, but it may be that IIS will M> actually work when limiting in Windows 2003 unlike 2k, and that may M> solve my issue on that front at least. FTP may or may not be M> covered by the same, I'm not sure yet. M> It seems however that some of the worst issues are coming from M> fairly unique situations and specific IP addresses. Conditions M> like E-mail loops can not only bring down a mail server, but also M> bring down a whole network if all of your bandwidth is used. This M> of course can also affect POP3 service. If a customer does a mass M> mailing with huge images sourced from their site, the bandwidth M> could also bring us down without limits. I even had a customer M> send 144 messages out the other day with a 2.5 MB attachment, and M> if you do the math, you will find that this was 400 MB of bandwidth M> that IMail naturally attempts to deliver ASAP. I've also noted M> that IMail doesn't do well with response times under heavy M> bandwidth load even if the CPU is fine while other services on the M> same box have far less latency. This affects the quality of M> service to my customers, and I like things to be responsive. M> So what I am really looking for is some way to protect Web M> hosting clients from another Web hosting client's issue, protect M> POP3 service from having the bandwidth bogarted by some SMTP loop, M> or FTP, or HTTP, etc. Since everyone shares the same MX records, M> and the same outgoing SMTP and POP3, it's hard to find decent M> separation unless I get down to the IP level and start limiting M> things based on at least the destination IP if not the source IP M> also. To do anything less would seem to be somewhat futile because M> I would continue to have sporadic issues with the most problematic M> things which can be long-lived to the point that they are M> resolved/blocked (DOS or loops for instance). M> I kind of get the feeling that a hardware based solution M> living in a switch or firewall of some sort might not be M> appropriate because it would be too expensive for me to justify. M>
Re: [Declude.JunkMail] OT: Switch to control bandwidth
Best solution is monitoring. Without creating a system of dedicated circuits to each customer you can't guarantee one customer will not adversely affect another. Rate-limiting at the switch (or software "switch") will help, but still means a smaller pipe for everyone else...and doesn't help with multiple customers misbehaving. With appropriate SNMP or RMON monitoring, however, you can be notified as soon as traffic goes beyond a given threshold and react accordingly. Darin. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Wednesday, February 16, 2005 3:18 PM Subject: Re: [Declude.JunkMail] OT: Switch to control bandwidth I just wanted to follow up on this thread. First, thanks for all of the suggestions. Here's a summary of what caught my eye. 1) There are some decent choices out there, and seemingly a 3COM SuperStack 3 3226 comes at a nice price point (around $500) and allows limiting per port at 1 Mbps increments and also does 7 custom levels of protocol prioritization. This was suggested to me off-list. It seems like a good thing for colocation since you don't care for more granularity among your customers, they can choose to do with their bandwidth what they wish. I'm not into colocation yet and this probably falls short of my needs otherwise.2) I was also intrigued by the NetEqualizer product, which seems to be a the commercial version of an open source project called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). This might very well offer functionality beyond all of the switches, but offers more complication in setup and management unless you go with the for-profit version. This is of course not a switch, but that's ok since cheap switches can be placed behind it.3) Cisco is of course a popular choice, but I'm not a fan of their ridiculous licensing schemes for the software and high prices. Used, these things come fairly cheap, but they are the 'Outlook' of routers and switches, and the most likely to be targeted by exploits. For that reason, I am probably going to migrate away from anything Cisco once I outgrow what I already have. I may change my mind however.4) I don't think I need a firewall, or don't want to deal with the expense and limitations of it (concurrent sessions, etc.). I have so few ports open that I'm fine with router level protection and this is exclusively a DMZ with no client computers behind it.Despite what these products offer, I still think that the switches generally come up short of being a perfect solution to my needs (that of a Web hosting/E-mail provider). I essentially have 5 services that I need to support across 3 machines; HTTP, FTP, DNS, SMTP, and POP3. It seems that by just simply bandwidth limiting a port, I won't be able to slow down but a portion of the problematic bandwidth and there can be other issues caused by that (such as limiting all HTTP because of one site that is getting hammered). It would be best to limit HTTP by IP instead of by port. I haven't tested it out yet, but it may be that IIS will actually work when limiting in Windows 2003 unlike 2k, and that may solve my issue on that front at least. FTP may or may not be covered by the same, I'm not sure yet.It seems however that some of the worst issues are coming from fairly unique situations and specific IP addresses. Conditions like E-mail loops can not only bring down a mail server, but also bring down a whole network if all of your bandwidth is used. This of course can also affect POP3 service. If a customer does a mass mailing with huge images sourced from their site, the bandwidth could also bring us down without limits. I even had a customer send 144 messages out the other day with a 2.5 MB attachment, and if you do the math, you will find that this was 400 MB of bandwidth that IMail naturally attempts to deliver ASAP. I've also noted that IMail doesn't do well with response times under heavy bandwidth load even if the CPU is fine while other services on the same box have far less latency. This affects the quality of service to my customers, and I like things to be responsive.So what I am really looking for is some way to protect Web hosting clients from another Web hosting client's issue, protect POP3 service from having the bandwidth bogarted by some SMTP loop, or FTP, or HTTP, etc. Since everyone shares the same MX records, and the same outgoing SMTP and POP3, it's hard to find decent separation unless I get down to the IP level and start limiting things based on at least the destination IP if not the source IP also. To do anything less would seem to be somewhat futile because I would continue to have sporadic issues with the most problematic things which can be long-lived to the point that they are resolved/blocked (DOS or loops for instance).I kind of get the feeling that a hardware based solution living in
Re: [Declude.JunkMail] OT: Switch to control bandwidth
I just wanted to follow up on this thread. First, thanks for all of the suggestions. Here's a summary of what caught my eye. 1) There are some decent choices out there, and seemingly a 3COM SuperStack 3 3226 comes at a nice price point (around $500) and allows limiting per port at 1 Mbps increments and also does 7 custom levels of protocol prioritization. This was suggested to me off-list. It seems like a good thing for colocation since you don't care for more granularity among your customers, they can choose to do with their bandwidth what they wish. I'm not into colocation yet and this probably falls short of my needs otherwise. 2) I was also intrigued by the NetEqualizer product, which seems to be a the commercial version of an open source project called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com). This might very well offer functionality beyond all of the switches, but offers more complication in setup and management unless you go with the for-profit version. This is of course not a switch, but that's ok since cheap switches can be placed behind it. 3) Cisco is of course a popular choice, but I'm not a fan of their ridiculous licensing schemes for the software and high prices. Used, these things come fairly cheap, but they are the 'Outlook' of routers and switches, and the most likely to be targeted by exploits. For that reason, I am probably going to migrate away from anything Cisco once I outgrow what I already have. I may change my mind however. 4) I don't think I need a firewall, or don't want to deal with the expense and limitations of it (concurrent sessions, etc.). I have so few ports open that I'm fine with router level protection and this is exclusively a DMZ with no client computers behind it. Despite what these products offer, I still think that the switches generally come up short of being a perfect solution to my needs (that of a Web hosting/E-mail provider). I essentially have 5 services that I need to support across 3 machines; HTTP, FTP, DNS, SMTP, and POP3. It seems that by just simply bandwidth limiting a port, I won't be able to slow down but a portion of the problematic bandwidth and there can be other issues caused by that (such as limiting all HTTP because of one site that is getting hammered). It would be best to limit HTTP by IP instead of by port. I haven't tested it out yet, but it may be that IIS will actually work when limiting in Windows 2003 unlike 2k, and that may solve my issue on that front at least. FTP may or may not be covered by the same, I'm not sure yet. It seems however that some of the worst issues are coming from fairly unique situations and specific IP addresses. Conditions like E-mail loops can not only bring down a mail server, but also bring down a whole network if all of your bandwidth is used. This of course can also affect POP3 service. If a customer does a mass mailing with huge images sourced from their site, the bandwidth could also bring us down without limits. I even had a customer send 144 messages out the other day with a 2.5 MB attachment, and if you do the math, you will find that this was 400 MB of bandwidth that IMail naturally attempts to deliver ASAP. I've also noted that IMail doesn't do well with response times under heavy bandwidth load even if the CPU is fine while other services on the same box have far less latency. This affects the quality of service to my customers, and I like things to be responsive. So what I am really looking for is some way to protect Web hosting clients from another Web hosting client's issue, protect POP3 service from having the bandwidth bogarted by some SMTP loop, or FTP, or HTTP, etc. Since everyone shares the same MX records, and the same outgoing SMTP and POP3, it's hard to find decent separation unless I get down to the IP level and start limiting things based on at least the destination IP if not the source IP also. To do anything less would seem to be somewhat futile because I would continue to have sporadic issues with the most problematic things which can be long-lived to the point that they are resolved/blocked (DOS or loops for instance). I kind of get the feeling that a hardware based solution living in a switch or firewall of some sort might not be appropriate because it would be too expensive for me to justify. It seems that a Linux solution such as Bandwidth Arbitrator/NetEqualizer would need to be added in order to properly achieve the level of granularity that I desire without enormous cost. I have another qualification for this. I wish to spend less that $1,000 and have my network be survivable with a failure of this device. If I was using a switch based solution, I would need two switches for redundancy (though maybe a backup cheap switch). A firewall/router would likely be prohibitively expensive if you went for redundancy. An in-line Linux solution could however be simply bypassed in the event of an outage, though it would need to
Re[2]: [Declude.JunkMail] Phishing
Hello Scott, Wednesday, February 16, 2005, 2:52:43 PM, you wrote: SF> 1. Prescan off in Declude Virus and use clamav as a scanner. This caught 656 SF> in January. It's a beast on your CPU utilization as almost every mail will SF> need to be virus scanned. I already run PRESCAN OFF but I'm only running F-prot right now. SF> 2. A MINWEIGHTTOFAIL filter that means the filter must match 4 or more lines SF> to take affect. SF> This helps cut down on the false positives in the filter. SF> It uses other tests like a spamdomains test for Phish, Matt's IP-Linked SF> filter and a another filter that looks for bank domain names. SF> It's all posted at SF> http://it.farmprogress.com/declude/Multiline.htm Thanks, I'll take a look. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Phishing
I use two things to 2 things use to combat phish. 1. Prescan off in Declude Virus and use clamav as a scanner. This caught 656 in January. It's a beast on your CPU utilization as almost every mail will need to be virus scanned. 2. A MINWEIGHTTOFAIL filter that means the filter must match 4 or more lines to take affect. This helps cut down on the false positives in the filter. It uses other tests like a spamdomains test for Phish, Matt's IP-Linked filter and a another filter that looks for bank domain names. It's all posted at http://it.farmprogress.com/declude/Multiline.htm I still get occasional phish, but they are pretty rare. - Original Message - From: "David Sullivan" <[EMAIL PROTECTED]> To: Sent: Wednesday, February 16, 2005 1:23 PM Subject: [Declude.JunkMail] Phishing > We're running JM+Sniffer and still having some problems with phishes. > Here's the headers of a message that passed through and didn't trip a > single test. Our user got 140 of these in a period of a few hours. He > always seems to be on the front end of these things. > > I'm running spf so it didn't fail that. Notice the envelope from and > the from though. Any ideas on how to combat this? What about some type > of combo test or something that could look at the "from" the user sees > and compares against known good IPs for companies like ebay, paypal, > citibank, etc? > > If anybody has a good way of catching these your input would be > greatly appreciated. > > Received: from outbound3.example.net (outbound2.example.net > [16.45.66.4]) by email_server.ourcustomerdomain.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) > id 10628P6B; Tue, 15 Feb 2005 21:42:05 -0500 > Received: from mail2.example.net (unknown [10.1.16.2]) > by outbound3.example.net (Postfix) with ESMTP id BB00767835 > for <[EMAIL PROTECTED]>; Tue, 15 Feb 2005 21:44:12 -0500 (EST) > Received: from mx1.example.net [192.168.200.60] by mail2.example.net with ESMTP > (SMTPD32-8.15) id A36C16770102; Tue, 15 Feb 2005 21:43:56 -0500 > Received: from vps.parlori.net (vps.parlori.net [216.22.48.204]) > by mx1.example.net (Postfix) with ESMTP id BCFE143AC2 >for <[EMAIL PROTECTED]>; Tue, 15 Feb 2005 21:44:23 -0500 (EST) > (envelope-from [EMAIL PROTECTED]) > Received: from nobody by vps.parlori.net with local (Exim 4.44) > id 1D1FAQ-0001Yt-6Z > for [EMAIL PROTECTED]; Tue, 15 Feb 2005 20:43:54 -0600 > To: [EMAIL PROTECTED] > Subject: Security Validations > From: eBay <[EMAIL PROTECTED]> > Reply-To: > MIME-Version: 1.0 > Content-Type: text/html > Message-Id: <[EMAIL PROTECTED]> > Date: Tue, 15 Feb 2005 20:43:54 -0600 > X-Note: Spam Score: 0 > > > example.net is us > > -- > Best regards, > David mailto:[EMAIL PROTECTED] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Phishing
We're running JM+Sniffer and still having some problems with phishes. Here's the headers of a message that passed through and didn't trip a single test. Our user got 140 of these in a period of a few hours. He always seems to be on the front end of these things. I'm running spf so it didn't fail that. Notice the envelope from and the from though. Any ideas on how to combat this? What about some type of combo test or something that could look at the "from" the user sees and compares against known good IPs for companies like ebay, paypal, citibank, etc? If anybody has a good way of catching these your input would be greatly appreciated. Received: from outbound3.example.net (outbound2.example.net [16.45.66.4]) by email_server.ourcustomerdomain.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 10628P6B; Tue, 15 Feb 2005 21:42:05 -0500 Received: from mail2.example.net (unknown [10.1.16.2]) by outbound3.example.net (Postfix) with ESMTP id BB00767835 for <[EMAIL PROTECTED]>; Tue, 15 Feb 2005 21:44:12 -0500 (EST) Received: from mx1.example.net [192.168.200.60] by mail2.example.net with ESMTP (SMTPD32-8.15) id A36C16770102; Tue, 15 Feb 2005 21:43:56 -0500 Received: from vps.parlori.net (vps.parlori.net [216.22.48.204]) by mx1.example.net (Postfix) with ESMTP id BCFE143AC2 for <[EMAIL PROTECTED]>; Tue, 15 Feb 2005 21:44:23 -0500 (EST) (envelope-from [EMAIL PROTECTED]) Received: from nobody by vps.parlori.net with local (Exim 4.44) id 1D1FAQ-0001Yt-6Z for [EMAIL PROTECTED]; Tue, 15 Feb 2005 20:43:54 -0600 To: [EMAIL PROTECTED] Subject: Security Validations From: eBay <[EMAIL PROTECTED]> Reply-To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <[EMAIL PROTECTED]> Date: Tue, 15 Feb 2005 20:43:54 -0600 X-Note: Spam Score: 0 example.net is us -- Best regards, David mailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps
I have evaluated a Fortigate 60 unit in a few locations. I think List price is about $700, Support is $250/year and Content Filter is $250/year. The sales person told me they recommended that unit for up to 25 workstations, but the specs say up to 7 Mbps throughput and 50,000 concurrent connections. I tested it on a school network with 3Mbps Internet access and about 800 workstations and even under full utilization of the Internet connection there was no loss of performance. Support is a Required purchase, but with the support costs you get the AV updates, Intrusion Detection Updates, Firmware Updates, and I believe Hardware replacement as well as Tech Support. The only thing that costs extra is the Content Filter List. The price is based on the unit size, so the next step up Support and Content Filter price increase as well. The 60 also has dual WAN ports with Fail-over and load balancing. The one school I tested with 3Mbps throughput uses a Barracuda filter for mail. When testing the Fortinet for a week the Barracuda detected NO viruses infected messages. When I sent a test virus through Declude site through the Fortinet and the message was stopped before the mail server received the complete message! Grayware I had enabled and I can not confirm that it will catch all Spyware, it did stop a lot of stuff on my home network according to the logs. Intrusion Detection/Prevention will let you block Instant Message and p2p clients by signature so even if the apps port hop it still will block the communications. This function worked very well. As a small ISP, I have been thinking about adding one of the units to the Internet Gateway to block Viruses and Grayware for my clients. It can be setup in Transparent mode if you don't want to change any of your network settings or NAT mode with firewall functionality. _ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _ With over 50 cars already on sale here, the Japanese auto industry isn't likely to carve out a big slice of the U.S. market for itself. - Business Week magazine, 1968 _ - Original Message - From: "Patrick Childers" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 15, 2005 1:00 PM Subject: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps Sorry for the OT but... It seems we have a lot of goofing off during the work day around here! Therefore, I am looking for recommendations for software (or hardware) based solutions for internet monitoring/filtering in a corporate setting of less than 150 users. Any suggestions? Thanks, ~Patrick --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps
That is an interesting site; for hardening up a specific user's IE on a specific machine, I like: SpywareBlaster from http://www.javacoolsoftware.com It won't stop the user from going to a "bad website", but will help that IE from getting infected with junk. I believe SpywareBlaster is free for personal use, but $10 for corporate use also gets you automated updates. I also like on IE6 to go into the Advanced Options and turn off: - Enable Install On Demand (Internet Explorer) - Enable Install on Demand (Other) - Enable third-party browser extensions (requires restart) I find that most IE toolbars I find installed (which the third option stops from loading) have been put there by the user to block popups, which are in turn caused by spyware they've been infected with (or as part of a trojan they installed deliberately to get some 'feature'). That said, what I've describes is a one-by-one solution, so that doesn't scale. At some point, I'll get into the very rich Group Policies afforded with XP SP2, particularly the allowing/disallowing of specific CLSIDs. ... and fwiw, I find that this guy's website is the last word in antispyware and anti-banners and anti-surfing-bad-places: http://netfiles.uiuc.edu/ehowes/www/ Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc Catuogno Sent: Wednesday, February 16, 2005 8:22 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps Here is the site where we purchased some blocks (free for individual users) http://www.spywareguide.com/blockfile.php This was the file that my guy put together - just copy it into a text file and save as .reg, double click and integrate. I have tested it on XP ONLY. This file works to help me stop the agents from screwing up the machines too easily. It is a bit restrictive. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ex plor er] "DisallowRun"=dword:0001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ex plor er\DisallowRun] "1"="aim.exe" "2"="stcloader.exe" "3"="sahagent.exe" "4"="wsup.exe" "5"="wintoolsA.exe" "6"="wintoolsS.exe" "7"="datemanager.exe" "8"="precisiontime.exe" "9"="gmt.exe" "10"="ymsgr_tray.exe" "11"="ypager.exe" "12"="waol.exe" "13"="aol.exe" "14"="YServer.exe" "15"="Ymsgr_tray.exe" "16"="yupdater.exe" "17"="name of app here.exe" "18"="name of app here.exe" "19"="name of app here.exe" "20"="name of app here.exe" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 16, 2005 8:06 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps Marc, I would be interested in these keys for some of the workstaions here if you do not mind sharing them. Thanks Stu At 05:46 PM 2/15/2005 -0500, you wrote: >If these are machines that the company owns and you can install them... >I have some Reg Keys that a guy who works under me wrote for windows XP that >blocks AOL-IM download and some others. It also prevents certain >selected sites from being accessed and prevents things like "my bargain >buddy" from being installed. Will really frustrate you average user. If >you can get away >with limited accounts, I can't, I wish I could, but that really makes >it tough for them to screw around. If you want I can share them... > >Marc > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Patrick >Childers >Sent: Tuesday, February 15, 2005 2:00 PM >To: Declude.JunkMail@declude.com >Subject: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering >Apps > >Sorry for the OT but... > >It seems we have a lot of goofing off during the work day around here! > >Therefore, I am looking for recommendations for software (or hardware) based >solutions for internet monitoring/filtering in a corporate setting of >less than 150 users. Any suggestions? > >Thanks, >~Patrick > >--- >[This E-mail scanned for viruses by Declude/McAfee] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. >--- >[This E-mail scanned for viruses by Declude Virus] > > > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came fr
RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps
Here is the site where we purchased some blocks (free for individual users) http://www.spywareguide.com/blockfile.php This was the file that my guy put together - just copy it into a text file and save as .reg, double click and integrate. I have tested it on XP ONLY. This file works to help me stop the agents from screwing up the machines too easily. It is a bit restrictive. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor er] "DisallowRun"=dword:0001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor er\DisallowRun] "1"="aim.exe" "2"="stcloader.exe" "3"="sahagent.exe" "4"="wsup.exe" "5"="wintoolsA.exe" "6"="wintoolsS.exe" "7"="datemanager.exe" "8"="precisiontime.exe" "9"="gmt.exe" "10"="ymsgr_tray.exe" "11"="ypager.exe" "12"="waol.exe" "13"="aol.exe" "14"="YServer.exe" "15"="Ymsgr_tray.exe" "16"="yupdater.exe" "17"="name of app here.exe" "18"="name of app here.exe" "19"="name of app here.exe" "20"="name of app here.exe" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 16, 2005 8:06 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps Marc, I would be interested in these keys for some of the workstaions here if you do not mind sharing them. Thanks Stu At 05:46 PM 2/15/2005 -0500, you wrote: >If these are machines that the company owns and you can install them... >I have some Reg Keys that a guy who works under me wrote for windows XP that >blocks AOL-IM download and some others. It also prevents certain selected >sites from being accessed and prevents things like "my bargain buddy" from >being installed. Will really frustrate you average user. If you can get away >with limited accounts, I can't, I wish I could, but that really makes it >tough for them to screw around. If you want I can share them... > >Marc > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Patrick Childers >Sent: Tuesday, February 15, 2005 2:00 PM >To: Declude.JunkMail@declude.com >Subject: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering >Apps > >Sorry for the OT but... > >It seems we have a lot of goofing off during the work day around here! > >Therefore, I am looking for recommendations for software (or hardware) based >solutions for internet monitoring/filtering in a corporate setting of less >than 150 users. Any suggestions? > >Thanks, >~Patrick > >--- >[This E-mail scanned for viruses by Declude/McAfee] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. >--- >[This E-mail scanned for viruses by Declude Virus] > > > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps
Have you thought about using Group Policies to lock down the workstations? Darin. - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Wednesday, February 16, 2005 8:06 AM Subject: RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps Marc, I would be interested in these keys for some of the workstaions here if you do not mind sharing them. Thanks Stu At 05:46 PM 2/15/2005 -0500, you wrote: >If these are machines that the company owns and you can install them... >I have some Reg Keys that a guy who works under me wrote for windows XP that >blocks AOL-IM download and some others. It also prevents certain selected >sites from being accessed and prevents things like "my bargain buddy" from >being installed. Will really frustrate you average user. If you can get away >with limited accounts, I can't, I wish I could, but that really makes it >tough for them to screw around. If you want I can share them... > >Marc > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Patrick Childers >Sent: Tuesday, February 15, 2005 2:00 PM >To: Declude.JunkMail@declude.com >Subject: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering >Apps > >Sorry for the OT but... > >It seems we have a lot of goofing off during the work day around here! > >Therefore, I am looking for recommendations for software (or hardware) based >solutions for internet monitoring/filtering in a corporate setting of less >than 150 users. Any suggestions? > >Thanks, >~Patrick > >--- >[This E-mail scanned for viruses by Declude/McAfee] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. >--- >[This E-mail scanned for viruses by Declude Virus] > > > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering Apps
Marc, I would be interested in these keys for some of the workstaions here if you do not mind sharing them. Thanks Stu At 05:46 PM 2/15/2005 -0500, you wrote: >If these are machines that the company owns and you can install them... >I have some Reg Keys that a guy who works under me wrote for windows XP that >blocks AOL-IM download and some others. It also prevents certain selected >sites from being accessed and prevents things like "my bargain buddy" from >being installed. Will really frustrate you average user. If you can get away >with limited accounts, I can't, I wish I could, but that really makes it >tough for them to screw around. If you want I can share them... > >Marc > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Patrick Childers >Sent: Tuesday, February 15, 2005 2:00 PM >To: Declude.JunkMail@declude.com >Subject: [Declude.JunkMail] OT: Internet Usage - Monitoring and Filtering >Apps > >Sorry for the OT but... > >It seems we have a lot of goofing off during the work day around here! > >Therefore, I am looking for recommendations for software (or hardware) based >solutions for internet monitoring/filtering in a corporate setting of less >than 150 users. Any suggestions? > >Thanks, >~Patrick > >--- >[This E-mail scanned for viruses by Declude/McAfee] > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. >--- >[This E-mail scanned for viruses by Declude Virus] > > > >--- >[This E-mail scanned for viruses by Declude Virus] > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IMail's Relay for Addresses
For your configuration, you've got it exactly, Matt. Allow me to explain it a different way: The Relay for Addresses is to allow specific hosts to send mail to your IMail server and have that IMail server deliver the message to the Internet (i.e. addresses that are not on your IMail server). The hosts that are sending the mail to your IMail server would use an option in their MTA like "Forward all mail to [your IMail server] for delivery". The hosts. file entries are for that IMail server to gateway mail to specific domains. The domains have Internet MX records that point to your IMail server. The IP addresses in the hosts. file are SMTP servers of any type that actually host the mailboxes. And should be configured to accept mail from only your gateway IMail servers, and authenticated clients. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, February 15, 2005 9:06 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] IMail's Relay for Addresses I do a ton of gateway E-mail scanning using the HOSTS file and I was also entering the IP's in the Relay for Addresses screen. Formerly E-mail wouldn't be relayed unless it was in Relay for Addresses, but since a change to using MS SMTP for my MX gateways, and then having those gateways listed in Relay for Addresses, it appears that I no longer need to enter the IP's that I have in my HOSTS file. I discovered this by accident after forgetting to add an IP to Relay for Addresses, but it still worked. The documentation seems to indicate that Relay for Addresses works for where the E-mail is coming from. Seems that the check for where it is going to is the undocumented/poorly explained configuration. I guess I was confused when I first saw this was working and some of the documentation was not very helpful, but I found some KB stuff that suggested that this was in fact fine. I should have probably researched it more before posting, though I have learned that it is rarely safe to assume in the purest sense :) Thanks, Matt Andy Schmidt wrote: >Hi Matt: > >Not certain that I understand your question correctly. > >The reason why you have the HOSTS entry would be to override the DNS. >Normally, DNS would point to your Imail server (or now, to your inbound >gateway). If Imail were to try to deliver the mail, it would use DNS >to look up the MX - and loop back to itself (or now: your inbound >gateway). > >By adding the domain to your HOSTS file, you let Imail know NOT to use >DNS for resolution, but to deliver the mail to the IP address in your >HOSTS file. > >Of course, if all you mail is now coming through your inbound gateways, >then you could just define a mail route in THOSE gateways (e.g., IIS >let's you do that easily) and bypass Imail (and Declude) entirely, if >that should be desired. > > >Best Regards >Andy Schmidt > >Phone: +1 201 934-3414 x20 (Business) >Fax:+1 201 934-9206 > > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Matt >Sent: Tuesday, February 15, 2005 09:26 PM >To: Declude.JunkMail@declude.com >Subject: [Declude.JunkMail] IMail's Relay for Addresses > > >I just wanted to check here and make sure that I am not messing >something up. Prior to switching to separate MTA's for handling our >gatewayed domains instead of having things delivered directly to IMail, >I had to enter an IP of the gatewayed domain in the "Relay for >Addresses" part of the SMTP settings otherwise this stuff would get >bounced. Now it seems that so long as my gateway addresses are in >"Relay for Addresses", it doesn't seem to require me to enter the >customer's IP that we have configured in our HOSTS file for relaying >E-mail to. Am I correct in assuming that this setting is universal to >both outgoing IP's as well as incoming IP's or possibly just a fluke? > >Thanks, > >Matt > > > -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
