Re: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Matt 

It's definitely Alligate for this purpose.

Instead of using something like Postfix or IMgate which will mostly 
replicate functionality found in Declude, Alligate will end up blocking 
things using unique functionality and it runs on Windows and uses very 
little CPU.


The two main features of Alligate as a pre-scanning gateway are the 
selective greylisting functionality, where it will greylist senders only 
if they appear that they might be zombies (since greylisting is really 
only effective against zombie spam), and the other is the internal 
MXRate blacklist.


I rarely block messages with permanent errors with Alligate, but by 
greylisting effectively, you can avoid having 95% of your E-mail traffic 
hit your second layer of scanning.  It also does so selectively so that 
your legitimate E-mail will rarely hit it and cause any issues.


Matt



Bonno Bloksma wrote:

Hi,
 
With the amount of spam I have to throw away each day no reaching 
consistant levels of over 90%... I can of course get an even faster 
mailserver but I think I would be better of with an extra smtp server 
in front of my mailserver which filters the most blatant spam mail 
purly based on session info. What passes that server can go on to my 
IMail server and have more contect based filtering using Declude, 
Sniffer, InvURIBL etc.
 
What would be a good first step server? I have experience with 
(Debian) Linux so a Linux based solution is no problem.
 
Met vriendelijke groet,

Bonno Bloksma
senior systeembeheerder

*tio *
hogeschool hospitality en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.blok...@tio.nl   / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Colbeck, Andrew 
I'm another Alligate fan on the Windows platform. It is a very smart and
effective product.
 
I have conservative settings that stick close to the defaults and my
configuration rejects 80% of the inbound connections.Before I
implemented Alligate, my Declude was hurting because of my large filter
files. A combination of large filter files and large volumes meant heavy
CPU and Disk utilization and conflict.
 
I'm also a MessageSniffer fan, and know that you could be very happy
with Pete's recommended solution.
 
Implementing an MTA in front of your content scanner and mailserver is a
resource that is well spent; the two layers have very different
workloads, and I think you'll find that you need to upgrade the hardware
on the content scanner less if you have an MTA that is filtering the
connections first.
 
 
Andrew.



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
Bonno Bloksma
Sent: Wednesday, February 10, 2010 3:29 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] multistage filtering [OT]


Hi,
 
With the amount of spam I have to throw away each day no reaching
consistant levels of over 90%... I can of course get an even faster
mailserver but I think I would be better of with an extra smtp server in
front of my mailserver which filters the most blatant spam mail purly
based on session info. What passes that server can go on to my IMail
server and have more contect based filtering using Declude, Sniffer,
InvURIBL etc.
 
What would be a good first step server? I have experience with (Debian)
Linux so a Linux based solution is no problem.
 
Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl    / www.tio.nl
  



---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Ing. Andrés E. Gallo 
And, besides, Postfix is FREE.

I'm running 2.6 version, with Amavisd-new, SpamAssassin, Postgrey,
together with BindDNS, and SQUID on a cheap machine -P4, 2 Gb RAM, 80 Gb
HDD- under FreeBSD. In fact, 2 of them sharing loads.

Just my 2 cents.

Andres.-

Pete McNeil escribió:
> Bonno Bloksma wrote:
>> Hi,
>>  
>> With the amount of spam I have to throw away each day no reaching
>> consistant levels of over 90%... I can of course get an even faster
>> mailserver but I think I would be better of with an extra smtp server
>> in front of my mailserver which filters the most blatant spam mail
>> purly based on session info. What passes that server can go on to my
>> IMail server and have more contect based filtering using Declude,
>> Sniffer, InvURIBL etc.
>>  
>> What would be a good first step server? I have experience with
>> (Debian) Linux so a Linux based solution is no problem.
> A couple of things pop into my mind:
>
> eWall can live on your mail server and kill off most connections while
> being trained by SNF. (for example, block IP connections for an hour
> after an SNF hit).
>
> Postfix on a linux box makes a good front-end and can also run
> SNFMilter in real-time during SMTP.
>
> _M
>
>
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to imail...@declude.com, and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
>
>
>





---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Ncl Admin 
Alligate  Alligate Alligate

At 12:28 PM 2/10/2010 +0100, you wrote: 

Hi,


With the amount of spam I have to throw away each day no reaching consistant levels of over 90%... I can of course get an even faster mailserver but I think I would be better of with an extra smtp server in front of my mailserver which filters the most blatant spam mail purly based on session info. What passes that server can go on to my IMail server and have more contect based filtering using Declude, Sniffer, InvURIBL etc.


What would be a good first step server? I have experience with (Debian) Linux so a Linux based solution is no problem.


Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 
hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.blok...@tio.nl / www.tio.nl 



-
This information is intended only for the use of the individual or
entity named above. 

If you are not the intended recipient, you are hereby notified that
any disclosure, copying, distribution, or action taken in reliance
on the contents of these documents is strictly prohibited. If you
have received this information in error, please notify the sender
immediately and arrange for the return or destruction of the 
document(s).

Warning: All e-mail sent to or from this address will be received or
otherwise recorded by the Corporate e-mail system and is subject to 
archival, monitoring or review by, and/or disclosure to, someone other
than the recipient.

---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Pete McNeil 

Bonno Bloksma wrote:

Hi,
 
With the amount of spam I have to throw away each day no reaching 
consistant levels of over 90%... I can of course get an even faster 
mailserver but I think I would be better of with an extra smtp server 
in front of my mailserver which filters the most blatant spam mail 
purly based on session info. What passes that server can go on to my 
IMail server and have more contect based filtering using Declude, 
Sniffer, InvURIBL etc.
 
What would be a good first step server? I have experience with 
(Debian) Linux so a Linux based solution is no problem.

A couple of things pop into my mind:

eWall can live on your mail server and kill off most connections while 
being trained by SNF. (for example, block IP connections for an hour 
after an SNF hit).


Postfix on a linux box makes a good front-end and can also run SNFMilter 
in real-time during SMTP.


_M



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Scott Fisher 
A second vote for Alligate.

My Alligate Overall rejection rate for Feb 2010: 95%

 

-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Harry
Vanderzand
Sent: Wednesday, February 10, 2010 6:53 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] multistage filtering [OT]

 

I use Alligate

 

Thank you

 

Harry Vanderzand

Intown Internet

117 Ruskview Road

Kitchener, ON, N2M 4S1

519-741-1222

 

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying,or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you. 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Bonno
Bloksma
Sent: February-10-10 6:29 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] multistage filtering [OT]

 

Hi,

 

With the amount of spam I have to throw away each day no reaching consistant
levels of over 90%... I can of course get an even faster mailserver but I
think I would be better of with an extra smtp server in front of my
mailserver which filters the most blatant spam mail purly based on session
info. What passes that server can go on to my IMail server and have more
contect based filtering using Declude, Sniffer, InvURIBL etc.

 

What would be a good first step server? I have experience with (Debian)
Linux so a Linux based solution is no problem.

 

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

  b.blok...@tio.nl  /  
www.tio.nl 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] stop scanning after x points

2010-02-10 Thread Scott Fisher 
According to my notes:

 

RBL Tests Run 1st!

Declude base tests Run 2nd

External Tests Run 3rd

Fromfile and ipfiles run 4th

Filters Run last.

 

Invuribl has a built in skip process when you add the weight to the command
line:

"D:\IMAIL\DECLUDE\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%"

 

from invuribl.config:









 







 

 

 

For Filters there are 2 skipping mechanisms

SKIPIFWEIGHT 60

STOPATFIRSTHIT

 

You might want to consider the order of the external tests too. I run
sniffer before invuribl because sniffer is service based and faster.

 

-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Bonno
Bloksma
Sent: Wednesday, February 10, 2010 6:14 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] stop scanning after x points

 

Hi,

 

I use Declude with build-in Sniffer and InvURIbl. Other then that mostly the
default tests.

Using the new 4.10.42 version.

 

I would like Declude to examine the points scored so far before launching
Sniffer or InvURIbl as those are body tests and need more cpu.

I hold at 20 and delete at 30. I want Sniiffer and InvURI not called if
standard dns tests have allready scored 60+ points.

Is that possible?

 

I know I can do something like that in tests I create myself but I have no
such tests.

If there is not yet a way to tell Delcude to evaluate tests that can score
negative weights first maybe that would be a good idea as well to combine
with the conditional calling of more tests.

 

 

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

  b.blok...@tio.nl  /  
www.tio.nl 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] stop scanning after x points

2010-02-10 Thread Darin Cox 
Hi Bonno,

You can alter the InvURIBL and Sniffer test definitions in your config to use 
Pete McNeil's WeightGate utility to conditionally run those tests.

An example InvURIBL line is

INV-URIBL external weight "C:\IMail\Declude\WeightGate\WeightGate.exe -100 
%WEIGHT% 500 F:\IMail\Declude\INVURIBL\invURIBL.exe %WEIGHT% %REMOTEIP%" 0 0

It checks to see if the weight of the email is between -100 and 500.  If not it 
doesn't run InvURIBL

You can get it from Pete's website:
http://www.armresearch.com/tools/arm/weightGate.jsp

Hope this helps,

Darin.


- Original Message - 
From: Bonno Bloksma 
To: Declude.JunkMail@declude.com 
Sent: Wednesday, February 10, 2010 7:14 AM
Subject: [Declude.JunkMail] stop scanning after x points


Hi,

I use Declude with build-in Sniffer and InvURIbl. Other then that mostly the 
default tests.
Using the new 4.10.42 version.

I would like Declude to examine the points scored so far before launching 
Sniffer or InvURIbl as those are body tests and need more cpu.
I hold at 20 and delete at 30. I want Sniiffer and InvURI not called if 
standard dns tests have allready scored 60+ points.
Is that possible?

I know I can do something like that in tests I create myself but I have no such 
tests.
If there is not yet a way to tell Delcude to evaluate tests that can score 
negative weights first maybe that would be a good idea as well to combine with 
the conditional calling of more tests.


Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] stop scanning after x points

2010-02-10 Thread Bonno Bloksma 
Hi,

I use Declude with build-in Sniffer and InvURIbl. Other then that mostly the 
default tests.
Using the new 4.10.42 version.

I would like Declude to examine the points scored so far before launching 
Sniffer or InvURIbl as those are body tests and need more cpu.
I hold at 20 and delete at 30. I want Sniiffer and InvURI not called if 
standard dns tests have allready scored 60+ points.
Is that possible?

I know I can do something like that in tests I create myself but I have no such 
tests.
If there is not yet a way to tell Delcude to evaluate tests that can score 
negative weights first maybe that would be a good idea as well to combine with 
the conditional calling of more tests.


Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Harry Vanderzand 
I use Alligate

 

Thank you

 

Harry Vanderzand

Intown Internet

117 Ruskview Road

Kitchener, ON, N2M 4S1

519-741-1222

 

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying,or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you. 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Bonno
Bloksma
Sent: February-10-10 6:29 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] multistage filtering [OT]

 

Hi,

 

With the amount of spam I have to throw away each day no reaching consistant
levels of over 90%... I can of course get an even faster mailserver but I
think I would be better of with an extra smtp server in front of my
mailserver which filters the most blatant spam mail purly based on session
info. What passes that server can go on to my IMail server and have more
contect based filtering using Declude, Sniffer, InvURIBL etc.

 

What would be a good first step server? I have experience with (Debian)
Linux so a Linux based solution is no problem.

 

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

  b.blok...@tio.nl  /  
www.tio.nl 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Ing. Andrés E. Gallo 




Try IMgate ( postfix like MTA ).
Len's page is a good 'starting point'

Andres.-







--

Ing. Andrés E.
Gallo
    Cotel Ltda.
((02255)-46-1600
2  (02255)-46-0014
+    aga...@cotel.com.ar
   B7165 - Villa Gesell
    Bs. As. - Argentina
 http://www.gesell.com.ar
--



Bonno Bloksma escribió:

  
  
  
  Hi,
   
  With the amount of spam I have to
throw away each day no reaching consistant levels of over 90%... I can
of course get an even faster mailserver but I think I would be better
of with an extra smtp server in front of my mailserver which filters
the most blatant spam mail purly based on session info. What passes
that server can go on to my IMail server and have more contect based
filtering using Declude, Sniffer, InvURIBL etc.
   
  What would be a good first step
server? I have experience with (Debian) Linux so a Linux based solution
is no problem.
   
  
  
  Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder
  
  tio 
  hogeschool hospitality en
toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
  b.blok...@tio.nl 
/ www.tio.nl 
  
  
  
  
  
  
  
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.






---This E-mail came from the Declude.JunkMail mailing list.  Tounsubscribe, just send an E-mail to imail...@declude.com, andtype "unsubscribe Declude.JunkMail".  The archives can be foundat http://www.mail-archive.com.

[Declude.JunkMail] automated response

2010-02-10 Thread Troy D. Hilton 
Our office will be closed on Wednesday, Feb.10th due to inclement weather. We 
will reopen on Thursday, Feb. 11th. I will have access to emails and will 
respond as soon as I possibly can.

Thank you!

Troy Hilton
Serveon, Inc.
1401 Silverside Road
Wilmington, DE 19810
302-529-8640
thil...@serveon.net


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] multistage filtering [OT]

2010-02-10 Thread Bonno Bloksma 
Hi,

With the amount of spam I have to throw away each day no reaching consistant 
levels of over 90%... I can of course get an even faster mailserver but I think 
I would be better of with an extra smtp server in front of my mailserver which 
filters the most blatant spam mail purly based on session info. What passes 
that server can go on to my IMail server and have more contect based filtering 
using Declude, Sniffer, InvURIBL etc.

What would be a good first step server? I have experience with (Debian) Linux 
so a Linux based solution is no problem.

Met vriendelijke groet,
Bonno Bloksma
senior systeembeheerder

tio 

hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20

b.blok...@tio.nl  / www.tio.nl 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.