RE: anti-spam DNS requests
Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: anti-spam DNS requests
Spamtitan, like many open-source based appliances, queries a bunch of RBLs, like SURBL, Spamhaus, etc. Look at what RBLs are listed, there's going to be a bunch of lookups. I am not surprised that you saw a jump. Alex Alex Eckelberry General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, January 20, 2011 11:07 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: anti-spam DNS requests
Our previous Windows-based anti-spam queried the same 3 RBLs, so I don't understand the increase. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 20, 2011 10:31 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Spamtitan, like many open-source based appliances, queries a bunch of RBLs, like SURBL, Spamhaus, etc. Look at what RBLs are listed, there's going to be a bunch of lookups. I am not surprised that you saw a jump. Alex Alex Eckelberry General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, January 20, 2011 11:07 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: anti-spam DNS requests
It might be that SpamTitan caches DNS entries for a shorter time than Windows. Steve Hart Network Administrator 503.491.4343 -Direct | 503.492.8160 - Fax -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Thursday, January 20, 2011 8:37 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Our previous Windows-based anti-spam queried the same 3 RBLs, so I don't understand the increase. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 20, 2011 10:31 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Spamtitan, like many open-source based appliances, queries a bunch of RBLs, like SURBL, Spamhaus, etc. Look at what RBLs are listed, there's going to be a bunch of lookups. I am not surprised that you saw a jump. Alex Alex Eckelberry General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, January 20, 2011 11:07 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: anti-spam DNS requests
Perhaps it is doing other DNS lookups. For example it might be doing what I call a circular DNS check. Sending server connects to you from IP 10.55.1.1 and HELO's mail.fubar.com The spam appliance checks the A record for mail.fubar.com, and it better be 10.55.1.1 Then it checks the PTR record for 10.55.1.1 and it better be mail.fubar.com Not RFC required but very common and pretty effective. Just an example, there are other DNS lookups it could have added besides RBL's that your old unit did not do. Should it be moved out is a question for the firewall guy. If it is hurting the firewall's performance then he needs a new firewall or you need to move it. And that is the question, is the spike causing issues or just causing him worry? -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Thursday, January 20, 2011 11:37 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Our previous Windows-based anti-spam queried the same 3 RBLs, so I don't understand the increase. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 20, 2011 10:31 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Spamtitan, like many open-source based appliances, queries a bunch of RBLs, like SURBL, Spamhaus, etc. Look at what RBLs are listed, there's going to be a bunch of lookups. I am not surprised that you saw a jump. Alex Alex Eckelberry General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, January 20, 2011 11:07 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: anti-spam DNS requests
Or that SpamTitan's Use DNS Cache option has been turned off. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire Herefordshire CouncilĀ | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -Original Message- From: Steve Hart [mailto:sh...@wrightbg.com] Sent: 20 January 2011 16:39 To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests It might be that SpamTitan caches DNS entries for a shorter time than Windows. Steve Hart Network Administrator 503.491.4343 -Direct | 503.492.8160 - Fax -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Thursday, January 20, 2011 8:37 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Our previous Windows-based anti-spam queried the same 3 RBLs, so I don't understand the increase. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 20, 2011 10:31 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Spamtitan, like many open-source based appliances, queries a bunch of RBLs, like SURBL, Spamhaus, etc. Look at what RBLs are listed, there's going to be a bunch of lookups. I am not surprised that you saw a jump. Alex Alex Eckelberry General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, January 20, 2011 11:07 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files
RE: anti-spam DNS requests
Thanks everyone for the input. SpamTitan's DNS cache is on; I'm waiting for an answer from support about how long it caches lookups and whether that can be changed. My guess is that Steve's, Jim's, or Paul's ideas about DNS behavior being different between the two products is correct. Jim hit the nail on the head when he said is the spike causing issues or just causing him [my firewall guy] worry?. I suspect the latter. :) -Original Message- From: Randal, Phil [mailto:pran...@herefordshire.gov.uk] Sent: Thursday, January 20, 2011 10:59 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Or that SpamTitan's Use DNS Cache option has been turned off. Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire Herefordshire CouncilĀ | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 -Original Message- From: Steve Hart [mailto:sh...@wrightbg.com] Sent: 20 January 2011 16:39 To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests It might be that SpamTitan caches DNS entries for a shorter time than Windows. Steve Hart Network Administrator 503.491.4343 -Direct | 503.492.8160 - Fax -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Thursday, January 20, 2011 8:37 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Our previous Windows-based anti-spam queried the same 3 RBLs, so I don't understand the increase. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, January 20, 2011 10:31 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Spamtitan, like many open-source based appliances, queries a bunch of RBLs, like SURBL, Spamhaus, etc. Look at what RBLs are listed, there's going to be a bunch of lookups. I am not surprised that you saw a jump. Alex Alex Eckelberry General Manager, Security Business Unit GFI Software, Inc. (formerly Sunbelt Software) 33 N. Garden Avenue, Clearwater, FL 33755 p: 919-297-1347 f: 727-562-5199 e: al...@gfi.com MSN: alex...@hotmail.com Skype: alexeckelberry oovoo: alexeck w: www.sunbeltsoftware.com b: www.sunbeltblog.com -Original Message- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, January 20, 2011 11:07 AM To: MS-Exchange Admin Issues Subject: RE: anti-spam DNS requests Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage
Re: anti-spam DNS requests
Indeed. Perhaps look into cache settings for redundant lookups. -- ME2 On Thu, Jan 20, 2011 at 8:07 AM, Paul Hutchings paul.hutchi...@mira.co.ukwrote: Maybe it queries more RBLs, maybe it does root hint lookups rather than forwarders, it could be a lot of things depending on how it's configured vs. the old product. Paul -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: 20 January 2011 16:03 To: MS-Exchange Admin Issues Subject: anti-spam DNS requests Our anti-spam solution sits behind our firewall with the necessary ports open to the Internet. We recently changed from a Windows-based (Symantec Mail Security) to a Linux-based (SpamTitan) anti-spam system. My firewall guy is concerned that the number of DNS connections on the firewall (Checkpoint Firewall-1) has more than doubled. We saw the same behavior when we demo'ed Untangle (also Linux-based). Both anti-spam solutions use RBL's, so of course there will be a lot of DNS requests. Any ideas why the number has grown so much higher and whether it should be a concern? Should we just move our anti-spam server outside the firewall? Thanks. Richard Osborne Information Systems Jackson-Madison County General Hospital NOTICE: (1) The foregoing is not intended to be a legally binding or legally effective electronic signature. (2) This message may contain legally privileged or confidential information. If you are not the intended recipient of this message, please so notify me, disregard the foregoing message, and delete the message immediately. I apologize for any inconvenience this may have caused. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist