Re: [SOGo] Antispam antivirus
On 21/08/13 22:49, Szládovics Péter wrote: For correct filtering you need to use the followings in order of importance: 1. RBL checking with few reliable lists (ip and domain based too) - you can eliminate the 90% percent of spams 2. Greylisting - you can eliminate the 90% of remain spams 3. virus filtering, attachment checking - you can eliminate phishing, and trojean mails 4. content checking for spams (e.g. spamassassin) - you can eliminate the almost all of remain spams 5. use sieve filters for sa spam marked headers (if you want) Valuable tactics missing from that list: 1. Load-balancing - each subsequent mail from the same host gets a slower response and things like that, stops one spammer hogging the CPU; 2. SMTP protocol enforcement - the SMTP RFC doesn't have many MUSTs, but lots of spammers don't even do those, like they don't wait for the greeting before starting trying to send their spam, or they try to put your mailserver hostname in the HELO; 3. Whitelisting - only allowing approved senders into your main INBOX while the rest go into further filtering and probably a grey INBOX. Only the third of those could be supported by SOGo (the first two are best done in the SMTP server software), but it would be nice if it was. Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
On Wed, Aug 21, 2013 at 11:49:04PM +0200, Szládovics Péter wrote: 2. Greylisting - you can eliminate the 90% of remain spams I know it is somewhat off-topic, but I cannot resist some advertising for milter-greylist: http://hcpnet.free.fr/milter-greylist/ It does greylisting, and much more thanks to its powerful ACL system that lets you choose what you whitelist/blacklist/greylist (and how long). Free both as in speech and as in beer. Used since 2006 by many organisation around the world. -- Emmanuel Dreyfus m...@netbsd.org -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
2013-08-28 14:26 keltezéssel, Emmanuel Dreyfus írta: On Wed, Aug 21, 2013 at 11:49:04PM +0200, Szládovics Péter wrote: 2. Greylisting - you can eliminate the 90% of remain spams I know it is somewhat off-topic, but I cannot resist some advertising for milter-greylist: http://hcpnet.free.fr/milter-greylist/ It does greylisting, and much more thanks to its powerful ACL system that lets you choose what you whitelist/blacklist/greylist (and how long). Free both as in speech and as in beer. Used since 2006 by many organisation around the world. Can you restrict the outgoing mails with it? e.g. - messages per day per user (as virtuser) by overall size and/or count - recipients per mail per user (as virtuser) - external/internal recipients, based on To:, Cc: and Bcc: fileds I think there are some scenarios, when it should be a powerful tool. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
2013-08-28 14:09 keltezéssel, MJ Ray írta: On 21/08/13 22:49, Szládovics Péter wrote: For correct filtering you need to use the followings in order of importance: 1. RBL checking with few reliable lists (ip and domain based too) - you can eliminate the 90% percent of spams 2. Greylisting - you can eliminate the 90% of remain spams 3. virus filtering, attachment checking - you can eliminate phishing, and trojean mails 4. content checking for spams (e.g. spamassassin) - you can eliminate the almost all of remain spams 5. use sieve filters for sa spam marked headers (if you want) Valuable tactics missing from that list: 1. Load-balancing - each subsequent mail from the same host gets a slower response and things like that, stops one spammer hogging the CPU; It's a good idea, if you have more SMTP - or SMTP proxy 2. SMTP protocol enforcement - the SMTP RFC doesn't have many MUSTs, but lots of spammers don't even do those, like they don't wait for the greeting before starting trying to send their spam, or they try to put your mailserver hostname in the HELO; It's a basic setting, but we need to use it carefully. Lots of exchange servers use the local hostname as HELO name. E.g. mail.somecorp.local 3. Whitelisting - only allowing approved senders into your main INBOX while the rest go into further filtering and probably a grey INBOX. Yes, postfix is handle it generally too. I forgot it. :) Only the third of those could be supported by SOGo (the first two are best done in the SMTP server software), but it would be nice if it was. Regards, -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
On Wed, Aug 21, 2013 at 11:49:04PM +0200, Szládovics Péter wrote: 2013-08-21 23:21 keltezéssel, Jan-Frode Myklebust írta: On Wed, Aug 21, 2013 at 01:23:45PM +0200, Szládovics Péter wrote: SOGo is not a mailserver. SOGo just an groupware extension for _any_ mailserver backend. So, the question is not the antivirus and antispam for SOGo. The question is antivirus and antispam for mailserver. Antispam has a place in SOGo too. I'd like to have an interface for the users to select how strict the spam-filter should be by integrating with sieve-spamtest/rfc5235. Maybe a block sender function, that pushes out a sieve script to the server to drop/move-to-Spam messages from a given sender. Also it would be nice if the SOGo webinterface had a Spam/not-spam button that would move messages to/from the Spam-folder. This could be used by http://wiki2.dovecot.org/Plugins/Antispam to train the filter. Block senders? How many senders need to block for correct spam filtering. One node of one zombie network sends about 100 thousand spam emails per day with randomly generated senders. Are you sure, you can stopped them with this feature? I don't think so. Blocking sender is a helpfull feature against other kinds of spam than zombie networks.. F.ex. real businesses that picked up your email address during a website registration, and thinks that that's an invitation to be put on their advertising list. Example. My mail host gets about 250-300 clean, real mails per day (total incoming mail traffic is about 2000 mails/day - yes, 80-90% of them are absolutely spam). We deliver about 500.000 supposedly clean mails/day to our users inboxes, after virus/spam/greylisting/etc has done it's thing. The SA drops 5-10 mails into the quarantine per day (newsletters, advertisements, badly formatted mail contents - really spams, very rarely few false positive good mails). On our scale, managing a single quarantine doesn't really work, so we rather deliver the suspect messages to the users Spam-folder and give them an opportunity to check for false positives. All of others are back off to senders. Be careful with that, so you don't get on the backscatter lists.. The successful fight with spams there is at the gate, not at the mailbox. At the gate we can do general filtering, but we can't train a general filter to suit 100K's of users. A spam-filter individually trained (and customized) by each user can be much more effective. Training can be done by moving messages to/from Spam-folders, customisations can include blocking senders, or tuning spam-score. -jf -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
2013-08-23 08:50 keltezéssel, Jan-Frode Myklebust írta: On Wed, Aug 21, 2013 at 11:49:04PM +0200, Szládovics Péter wrote: 2013-08-21 23:21 keltezéssel, Jan-Frode Myklebust írta: On Wed, Aug 21, 2013 at 01:23:45PM +0200, Szládovics Péter wrote: SOGo is not a mailserver. SOGo just an groupware extension for _any_ mailserver backend. So, the question is not the antivirus and antispam for SOGo. The question is antivirus and antispam for mailserver. Antispam has a place in SOGo too. I'd like to have an interface for the users to select how strict the spam-filter should be by integrating with sieve-spamtest/rfc5235. Maybe a block sender function, that pushes out a sieve script to the server to drop/move-to-Spam messages from a given sender. Also it would be nice if the SOGo webinterface had a Spam/not-spam button that would move messages to/from the Spam-folder. This could be used by http://wiki2.dovecot.org/Plugins/Antispam to train the filter. Block senders? How many senders need to block for correct spam filtering. One node of one zombie network sends about 100 thousand spam emails per day with randomly generated senders. Are you sure, you can stopped them with this feature? I don't think so. Blocking sender is a helpfull feature against other kinds of spam than zombie networks.. F.ex. real businesses that picked up your email address during a website registration, and thinks that that's an invitation to be put on their advertising list. Yes, it's true. Some senders can send unwanted advertisements to common email addresses (dom...@domain.tld, i...@domain.tld, etc.) as legal. These senders usually send emails with correct content, so filtering these we need to use 'Block Senders' like tools - eg. blacklists on postfix side, if we need to block them as systemwide. Example. My mail host gets about 250-300 clean, real mails per day (total incoming mail traffic is about 2000 mails/day - yes, 80-90% of them are absolutely spam). We deliver about 500.000 supposedly clean mails/day to our users inboxes, after virus/spam/greylisting/etc has done it's thing. This is the point. :) I thonk: you use _only_ 'block senders' tool for filtering spams. Apologize, I misunderstood your words. The SA drops 5-10 mails into the quarantine per day (newsletters, advertisements, badly formatted mail contents - really spams, very rarely few false positive good mails). On our scale, managing a single quarantine doesn't really work, so we rather deliver the suspect messages to the users Spam-folder and give them an opportunity to check for false positives. All of others are back off to senders. Be careful with that, so you don't get on the backscatter lists.. I mean - these mails are rejected not answered. The successful fight with spams there is at the gate, not at the mailbox. At the gate we can do general filtering, but we can't train a general filter to suit 100K's of users. A spam-filter individually trained (and customized) by each user can be much more effective. Training can be done by moving messages to/from Spam-folders, customisations can include blocking senders, or tuning spam-score. Ok, understood. I know my home system is little, it was just an example about rates. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
2013-08-21 23:21 keltezéssel, Jan-Frode Myklebust írta: On Wed, Aug 21, 2013 at 01:23:45PM +0200, Szládovics Péter wrote: SOGo is not a mailserver. SOGo just an groupware extension for _any_ mailserver backend. So, the question is not the antivirus and antispam for SOGo. The question is antivirus and antispam for mailserver. Antispam has a place in SOGo too. I'd like to have an interface for the users to select how strict the spam-filter should be by integrating with sieve-spamtest/rfc5235. Maybe a block sender function, that pushes out a sieve script to the server to drop/move-to-Spam messages from a given sender. Also it would be nice if the SOGo webinterface had a Spam/not-spam button that would move messages to/from the Spam-folder. This could be used by http://wiki2.dovecot.org/Plugins/Antispam to train the filter. Block senders? How many senders need to block for correct spam filtering. One node of one zombie network sends about 100 thousand spam emails per day with randomly generated senders. Are you sure, you can stopped them with this feature? I don't think so. For correct filtering you need to use the followings in order of importance: 1. RBL checking with few reliable lists (ip and domain based too) - you can eliminate the 90% percent of spams 2. Greylisting - you can eliminate the 90% of remain spams 3. virus filtering, attachment checking - you can eliminate phishing, and trojean mails 4. content checking for spams (e.g. spamassassin) - you can eliminate the almost all of remain spams 5. use sieve filters for sa spam marked headers (if you want) Example. My mail host gets about 250-300 clean, real mails per day (total incoming mail traffic is about 2000 mails/day - yes, 80-90% of them are absolutely spam). The SA drops 5-10 mails into the quarantine per day (newsletters, advertisements, badly formatted mail contents - really spams, very rarely few false positive good mails). All of others are back off to senders. So, not perfect, cause usually one spam per week falls into my inbox. Yes, not with only sieve filters. The successful fight with spams there is at the gate, not at the mailbox. -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Antispam antivirus
Hi!; I've looked around, and cannot find any information regarding antispam and antivirus for Sogo...? Can someone point me in the right direction? Thanks :) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
SOGo uses an existing IMAP/SMTP infrastructure. So you configure those just as without SOGo. On 21.08.2013 11:11, fra...@ray.org.nz wrote: Hi!; I've looked around, and cannot find any information regarding antispam and antivirus for Sogo...? Can someone point me in the right direction? Thanks :) -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at signature.asc Description: OpenPGP digital signature
Re: [SOGo] Antispam antivirus
2013-08-21 11:11 keltezéssel, fra...@ray.org.nz írta: Hi!; I've looked around, and cannot find any information regarding antispam and antivirus for Sogo...? Can someone point me in the right direction? Thanks :) SOGo is not a mailserver. SOGo just an groupware extension for _any_ mailserver backend. So, the question is not the antivirus and antispam for SOGo. The question is antivirus and antispam for mailserver. Look at these: spamassassin, clamav, rbl lists under postfix, greylisting (e.g. postgrey), postfix policy filters, etc. Complete solutions e.g. amavis, smtp filter gateways (endian firewall, proxmox mail security). Some is commercial, some is not. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
I have a product called Sophos Email Appliance. It runs on ESXi Server as a VM, works well Sits between the gateway (firewall) and the mail server. So there is no config or integration necessary on the mail server... Mail gets scanned and passed on to the mail server... Very easy to configure in a cluster... So any changes made to the Sophos config will be replicated... Check out the Email appliance at www.sophos.com Sent via my BlackBerry from Vodacom - let your email find you! -Original Message- From: Szládovics Péter p...@szladovics.hu Date: Wed, 21 Aug 2013 13:23:45 To: users@sogo.nu Reply-To: users@sogo.nu Subject: Re: [SOGo] Antispam antivirus 2013-08-21 11:11 keltezéssel, fra...@ray.org.nz írta: Hi!; I've looked around, and cannot find any information regarding antispam and antivirus for Sogo...? Can someone point me in the right direction? Thanks :) SOGo is not a mailserver. SOGo just an groupware extension for _any_ mailserver backend. So, the question is not the antivirus and antispam for SOGo. The question is antivirus and antispam for mailserver. Look at these: spamassassin, clamav, rbl lists under postfix, greylisting (e.g. postgrey), postfix policy filters, etc. Complete solutions e.g. amavis, smtp filter gateways (endian firewall, proxmox mail security). Some is commercial, some is not. -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Antispam antivirus
On Wed, Aug 21, 2013 at 01:23:45PM +0200, Szládovics Péter wrote: SOGo is not a mailserver. SOGo just an groupware extension for _any_ mailserver backend. So, the question is not the antivirus and antispam for SOGo. The question is antivirus and antispam for mailserver. Antispam has a place in SOGo too. I'd like to have an interface for the users to select how strict the spam-filter should be by integrating with sieve-spamtest/rfc5235. Maybe a block sender function, that pushes out a sieve script to the server to drop/move-to-Spam messages from a given sender. Also it would be nice if the SOGo webinterface had a Spam/not-spam button that would move messages to/from the Spam-folder. This could be used by http://wiki2.dovecot.org/Plugins/Antispam to train the filter. -jf -- users@sogo.nu https://inverse.ca/sogo/lists