Re: Re[4]: [Declude.JunkMail] OT: server monitoring
I personally prefer an ISO or the true OS when running something like this. Binaries, source, ISO's, and VMware are available here: http://www.groundworkopensource.com/downloads/full_download.html "GroundWork Monitor Open Source takes best-of-breed open source projects, including Nagios(r), Nmap, Sendpage, PHP, Apache, MySQL and more" FYI, Doug --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam gateway/proxy...
someone was touting ASSP but not sure how well that works. ASSP is just excellent at blocking or categorizing spam and its integration with ClamAV is great at catching those image only spams using sanesecurity sig files. It is a single threaded Perl application and as such probably has a functional ceiling in how many messages it can handle per day per server so may not be as efficient in extreme cases as a gateway machine like Imgate, but I have read of folks using it on one machine for fairly large amounts(100k a day) of email and they are running it on modern machinery. We are running it on a 7 year old dual P3 Dell server and it is handling 10k connections daily, and about 3.5k emails (we don't block spam, we send to each user's spam folder). We also run the email through 2 different AV gateways along the way, all on the same server, before Imail sees it, so lots of work being done and the only time we have a problem is when someone wants to send a 35MB PPT or DOC to people outside the company. Everything runs well, it just takes a while to crunch. In ASSP there are many different ways to handle the different types of spam, and spam can be blocked/rejected by failing connection tests, content tests, or any combination of tests and penalty score accrued. Setting it up is not for the weak hearted or those lacking in patience or a will to learn which shouldn't be a problem for anyone on this well informed list. :o) I highly suggest anyone in the email business set up a test server and put ASSP on it to learn about. The only downside to ASSP is it must be the first hop in your SMTP path in order for it's connection testing, delaying-greylisting, and auto-blacklisting to work. It only looks at the connecting SMTP server for the IP testing. If that happens to be your ISP or another computer in your network, then it can't do any useful connection based tests. Another free SMTP anti-spam proxy that will do recursive testing on all IP's found in the headers is SpamPal, but its developer has stopped working on it due to illness and the version that has migrated to a sourceforge project seems to have stalled. The last version is solid though and there is still an active forum. Yes SpamPal was conceived as a client side pop3 scanner, but it grew into and works well as a server smtp proxy. If you wanted to use it as an additional pop3 proxy on the server your users could connect to a port of your choosing for pop3, proxied by SpamPal, and their email would be anti-spam scanned at that time, maybe days after receiving the email allowing the spaming IP to get on those RBL's that missed it when it first came in because it was too new to be known. It will proxy IMAP too. These can both be used in concert with Declude, and Imail or Smartermail, and while ASSP will run on 'nix variants, SpamPal runs natively on Windows OS's only. Doug --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Image spam
I need an image spam solution. I followed this discussion, but I didn't see much talk about what people are actually using that currently works well for them. I would most appreciate it if you would share your method for dealing with image spam. We have on particular spam that comes through multiple times every day. Its getting tiring. There isn't enough other things wrong with the message to block it. As stated earlier in this thread, many are using clamAV with the SaneSecurity signature addition to catch the image spam with excellent results. My clamav service runs after a few others in the email stream but it still catches lots of crap: 10683 total emails blocked by clamd since Nov 1 2006 (4 months) 1220 by clamAV official sigs*: -- 966 malware infected emails tojan = 911 bagle = 55 247 phishing emails bank = 167 paypal = 55 auction = 18 acc (?) = 5 card = 2 7 policy failures encrypted zip = 4 Archive.ExceededRecursionLimit = 2 CAB.ExceededFileSize = 1 9459 by Sanesecurity signatures*: -- 8414 image spams 537 spam 219 malware 150 stk 72 phishing bank = 24 rock = 17 auction = 15 paypal = 10 cur = 3 azon = 2 card = 1 33 loan 17 dipl 14 scam 2 job 1 hdr * = descriptions are from clamd log. I do not know what all of them stand for. 4 by MSRBL image scam signatures (just started) Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Avast antivirus
Does anyone have experience with Avast as an Antivirus solution for the desktop. It also comes with a command line scanner. They have a server edition also. I use the home edition for my machines at home and it's a nice program. The Outlook Exchange plugin is a little slow to start up but doesn't seem to cause any problems like Symantec email scanning sometimes does. Definitions seem to get updated regularly (sometimes several times per day). I have used it for a long time with good results. I also use it to clean and repair virus infected machines as it flys under the radar of most AV killing viruses and will install where others will not. I have also used the free AOL Active Virus Shield based on the Kaspersky engine and like it too. Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] method for reducing CPU load
Anyway, this idea would probably help out a great deal. PirateFish sounds good, although it looks like you are just buying support and an ebook based on http://www.howtoforge.com/linux_spam_filter_mail_gateway "The Piratefish system is a set of instructions on how to construct an anti-spam gateway system using a free computer operating system called Linux. The instructions will walk you through downloading and creating a Linux OS installation CD, then using that CD to create an anti-spam, anti-virus email gateway system. As you build the Piratefish, you also learn about Linux, and about how all the various open-source programs work together to protect your network from spam." Len's IMGate is very good too if you have a spare machine and he can be contracted to configure it for you. The opensource ASSP can also be put on each of your existing Imail servers or on a spare machine running any *nix, Mac, or Windows OS. Putting any sort of gateway that rejects email to invalid addresses and employs greylisting (or delaying ala ASSP) will take a large chunk of the load off your Imail/Declude installations. Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] delete mails before processing / 100% CPU / per domain config
On 11/14/06, netsolution webmaster <[EMAIL PROTECTED]> wrote: Sounds good - do you have more details (short instructions) on how to set that up combined with declude/imail? Hah! Me? Short instructions? I can't give "short" instructions on how to tie a shoe! :o) Setting up ASSP/hMailserver/ClamAV/Imail/Declude will be a fairly long process with the good news that not much has to change for your Imail/Declude setup except the listen port and the SMTP delivery gateway:port. If you add hMailserver as a gateway and use Declude Junkmail to do connection based analysis (spf, rbl, helo, etc.) using the sending IP, you will be disappointed to find the the sending IP will now be your own server and unless you have the premium version of Declude Junkmail it will no longer be useful to compare the sending IP. I believe the premium version of Declude will look at all the IP's in the path and potentially exclude your servers. Not sure about that one. The good news is that with ASSP in front, you may not miss it. Using ASSP alone in front of Imail/Declude should allow Declude connection tests to continue to work. Since this is a Declude list I will spare the other members the horror of reading about another product's installation steps and send you a synopsis directly to your list address if that is OK. For those interested, I say check out the links in my earlier post for ASSP, www.hmailserver.com for that and http://www.sosdg.org/clamav-win32/ for ClamAV on Windows. and once installed, to integrate clamav with hmailserver; http://www.hmailserver.com/forum/viewtopic.php?t=2139 Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] delete mails before processing / 100% CPU / per domain config
On 11/14/06, Herb Guenther <[EMAIL PROTECTED]> wrote: Actually it would work with smartermail according to smartermail forum messages, but some of the comments on the smartermail forum state that folks had stability problems with it. The posts are 1 - 2 years old so may be better now. ASSP is a proxy. It sits in front of _any_ SMTP server service. It does _not_ do store and forward and is therefore not a gateway. It can work in concert with another SMTP server service to perform gateway service to an existing Imail site. I am using ASSP feeding hMailserver which then hands off to a couple of Imail servers. hMailserver is functioning as one of my SMTP antivirus scanners in that it integrates with SOSDG Clam AV clamd service and is very fast and does not have any domains defined in it except in the routing section. hMailserver then routes the email to one of my Imail servers based on recipient domain. In my experience, ASSP, hMailserver, and Imail together are completely stable and I have been using them for years. ASSP does not currently support SSL/TLS but will work with standard SMTP auth and can listen on multiple ports. Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] delete mails before processing / 100% CPU / per domain config
If your current box can't handle the load, than the ultimate solution is more processing power - either by upgrading the box, or by delegating some of the work to a gateway. ASSP is a great addition to an overworked Imail/Declude server and will reduce the amount of email that server has to cope with. It is free and will run on the same server as Imail/Declude or on another spare box under Windows or Linux. It will do envelope rejection of invalid recipients, invalid senders, invalid HELO, etc. It is very configurable, and will even do automatic blacklisting of IP's that misbehave. It also has an active development group. see: http://assp.sourceforge.net/ http://www.asspsmtp.org/wiki/Welcome http://en.wikipedia.org/wiki/Anti-Spam_SMTP_Proxy Doug Traylor --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.