Re: [Declude.JunkMail] Spam box

[Matt]

Goran and Richard, There are two things that a gateway will do for you; address validation and pre-scanning the most obvious spam in order to reduce the load on an IMail/Declude setup. Address validation is an absolute requirement if you add a gateway, but adding a gateway for address validation is not necessary if all you do is host E-mail on your own IMail box.  Unfortunately if you gateway E-mail for other servers, the best way to do address validation is to add a gateway in front of IMail.  If you don't load addresses into your gateway, it will almost definitely increase your load on the IMail/Declude setup by many times over.  About 1 out of every 5 to 10 domains in my experience is actively being dictionary attacked, however there is hardly any load if you are doing address validation because these address attempts are very easily rejected prior to receiving the E-mail.  IMail does this on it's own for locally hosted domains so long as you don't have any nobody aliases. As far as pre-scanning goes, the best method is to do some simple RBL stuff in a weighted config similar to Declude.  Things like Len's Postfix config (IMgate) are only a white-black solution where any single hit will block a message (based on my understanding).  ORF also has similar functionality where it can do white-black blocking and address validation.  Both fall short as pre-scanning gateways IMO, though naturally some do use them.  The benefits of ORF is that you can run this on your IMail/Declude box so long as you can do some port redirection with a router since both can't run on port 25, but your router can redirect port 25 to some other port that you configure one or the other for.  I am preparing to move away from ORF as my gateway since it is a tad bit kludgey when it comes to maintaining the addresses for validation.  It works great however if you are only gatewaying for a few Exchange boxes since it knows ActiveDirectory. I'm going to move to Postfix and expand from just doing address validation to doing pre-scanning as well.  In a thread from last week under the title "OT: IMgate/Postfix", Dan Horne pointed to the availability of a Postfix add-on that does in fact give you weighting capabilities called policyd-weight (http://robtone.mine.nu/postfix/).  This tool was designed specifically as a pre-scanner in order to save processing power on the server(s) that do the heavy lifting.  My only issue is that I want to become a bit more comfortable with Linux and Postfix before I jump. Richard indicated that load was an issue and hence the query about gateways.  I would recommend first looking at how your server is configured and see if there is any way to improve efficiency.  I almost guarantee that there is, and I suspect that most systems running Declude Pro (i.e. filters and external tests) could save half or more of their CPU utilization by just simply optimizing their configs.  YMMV of course. Regarding Goran's question about getting addresses from Exchange; this was a big pain for me to figure out how to do so that I could get a text file with one address per line.  Basically what I did was use CSVDE.exe on the Exchange server to do an export to a comma delimited text file and then I parsed that file for addresses.  There also needed to be a separate file containing addresses that I wanted to exclude.  Then there is a whole system for uploading these when changes are detected, and then combining them into a single file, converting that file to the format that ORF likes, updating ORF's ini file and restarting ORF.  It's not pretty but it works.  The Postfix process is a bit easier since you can just dump the text file onto the server with one address per line.  Keep in mind the need for error detection and correction whenever you do this type of automation as an error can result in rejecting all E-mail for one or more domains.  Also, in IMail there is a tool called ExtractUsers.exe that was designed for use with IMgate and can be used for any of the three options that I have mentioned. Matt Goran Jovanovic wrote: I have a question about these boxes that go in front of Declude, be they IMGATE or ORF or whatever.   The way that I understand it from reading the threads here is that these front end boxes require the complete list of valid e-mail addresses for all domains that are being processed. Is that correct?   If that is correct, then perhaps someone who is gatewaying mail to clients could answer this. How do you get all the e-mail addresses on the front end box and how do you keep it updated?   I am doing gatewaying to various Exchange and other hosting providers and do not host any mail on my site. So am I correct in assuming that this solution will not work in my setup?   Thanx          Goran Jovanovic      The LAN Shoppe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick Hayer Sent: Thursday, August 04, 2005 1:43 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Spam box   Richard Farris wrote: Is there a box I can put in front of my Imail server that will help take some of the load off of the spam filtering that Declude is doing.... Hi Richard - One method is to put ORF in front of your IMail box and via its recipients blacklist feature refuse all mail that does not have a legit address on the imail box. It has really helped me kill huge dictionary attacks - like in the magnitude of 2 mill a day  .. -Nick   Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================