Re: [Declude.JunkMail] Spam gateway/proxy...
Hi Chuck, I use Alligate. It does some very fancy stuff prior to the 'data' command [among other things afterward] that on my system block 95% of incoming traffic prior to receiving the email. And this is not done with ip blacklists.. -Nick Chuck Schick wrote: Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam gateway/proxy...
someone was touting ASSP but not sure how well that works. ASSP is just excellent at blocking or categorizing spam and its integration with ClamAV is great at catching those image only spams using sanesecurity sig files. It is a single threaded Perl application and as such probably has a functional ceiling in how many messages it can handle per day per server so may not be as efficient in extreme cases as a gateway machine like Imgate, but I have read of folks using it on one machine for fairly large amounts(100k a day) of email and they are running it on modern machinery. We are running it on a 7 year old dual P3 Dell server and it is handling 10k connections daily, and about 3.5k emails (we don't block spam, we send to each user's spam folder). We also run the email through 2 different AV gateways along the way, all on the same server, before Imail sees it, so lots of work being done and the only time we have a problem is when someone wants to send a 35MB PPT or DOC to people outside the company. Everything runs well, it just takes a while to crunch. In ASSP there are many different ways to handle the different types of spam, and spam can be blocked/rejected by failing connection tests, content tests, or any combination of tests and penalty score accrued. Setting it up is not for the weak hearted or those lacking in patience or a will to learn which shouldn't be a problem for anyone on this well informed list. :o) I highly suggest anyone in the email business set up a test server and put ASSP on it to learn about. The only downside to ASSP is it must be the first hop in your SMTP path in order for it's connection testing, delaying-greylisting, and auto-blacklisting to work. It only looks at the connecting SMTP server for the IP testing. If that happens to be your ISP or another computer in your network, then it can't do any useful connection based tests. Another free SMTP anti-spam proxy that will do recursive testing on all IP's found in the headers is SpamPal, but its developer has stopped working on it due to illness and the version that has migrated to a sourceforge project seems to have stalled. The last version is solid though and there is still an active forum. Yes SpamPal was conceived as a client side pop3 scanner, but it grew into and works well as a server smtp proxy. If you wanted to use it as an additional pop3 proxy on the server your users could connect to a port of your choosing for pop3, proxied by SpamPal, and their email would be anti-spam scanned at that time, maybe days after receiving the email allowing the spaming IP to get on those RBL's that missed it when it first came in because it was too new to be known. It will proxy IMAP too. These can both be used in concert with Declude, and Imail or Smartermail, and while ASSP will run on 'nix variants, SpamPal runs natively on Windows OS's only. Doug --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam gateway/proxy...
I understand, although because SM is so cheap many customers have migrated some of their customers off of their Imail onto a SM box to help reduce load on the Imail at the same time. Yes the cost is time, an additional server, SM and Declude. But I think you have had some good feedback, regarding Alligate and ORF at one point someone was touting ASSP but not sure how well that works. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 5:07 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Spam gateway/proxy... David: We have such an investment in Imail that it is not feasible for us to switch. Migration cost would be huge. We host several hundred domains. Actually we looked at switching about a year ago and we decided if we would switch it would be to Merak mail (at least based upon our evaluation at that time). Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 11, 2007 2:21 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Spam gateway/proxy... Chuck, Just FYI Some of these things can be achieved with SmarterMail they are able to block connects on the SMTP. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 3:27 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Spam gateway/proxy... Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam gateway/proxy...
David: We have such an investment in Imail that it is not feasible for us to switch. Migration cost would be huge. We host several hundred domains. Actually we looked at switching about a year ago and we decided if we would switch it would be to Merak mail (at least based upon our evaluation at that time). Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 11, 2007 2:21 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Spam gateway/proxy... Chuck, Just FYI Some of these things can be achieved with SmarterMail they are able to block connects on the SMTP. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 3:27 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Spam gateway/proxy... Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam gateway/proxy...
My Imail server is behind 3 Windows 2003 servers running IIS SMTP virtual server which are acting as a gateway. They all have ORF installed and ORF is blocking about 75% of the spam and viruses coming in purely by simple rules and policies. John T > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Chuck Schick > Sent: Wednesday, April 11, 2007 12:27 PM > To: Declude. JunkMail > Subject: [Declude.JunkMail] Spam gateway/proxy... > > Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front > of > declude. > > I am intrigued by the idea of using something that will reject the > messages > before accepting it for delivery and then scanning it. I would only > want to > use the gateway/proxy to perform graylisting, Sender Validation, tar > pitting. According to Len Conrad this could result in a 70 to 90 > percent > reduction in spam. > > Ultimately I would like our spam filtering to be where we reject the > message > before the data command and messages that we do accept for delivery we > scan > with declude and if it is identified as spam it will be delivered to a > junkmail folder in the users mailbox - which they can check via webmail > or > configure their mail clients to download it. I want to get out of the > business of holding or deleting spam. > > Any thoughts, comments, ...? what have others done. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam gateway/proxy...
Chuck, For ease of use and limited gateway functionality, you might want to try Alligate (www.getalligate.com or www.alligate.com). Alligate will apply greylisting 'selectively' if you want it to, and that will result in far fewer issues than full-on greylisting. Selective greylisting is at least 99.9% effective as full on greylisting as it is triggered by the behaviors that are associated with the type of spam that is vulnerable to it. I would recommend not using SAV. That will create some issues for you, and it is not appropriate to use other's servers to validate massive amounts of forged addresses. Greylisting will take care of the same problem anyway. Alligate supports either real-time querying of valid addresses from your server, or you can load it with a list of addresses just like IMGate using the same export tools. I run 4 MX records, and I reject about 80% of the connections to my MX1, while my MX2, MX3 and MX4 servers reject over 99% of the connections. Note that many of these connections would never reach Declude anyway as many are the result of dictionary attacks or backscatter which both often result in sending to bad addresses. You will however see a 50% or larger reduction in volume going to IMail/Declude as a result of just selective greylisting (which approximates the effect on legitimate addresses). Matt Chuck Schick wrote: Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam gateway/proxy...
Chuck, Just FYI Some of these things can be achieved with SmarterMail they are able to block connects on the SMTP. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 3:27 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Spam gateway/proxy... Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.