Hello IMGators,
I've been out of the loop for while, but I'm back in the saddle again.
I've been developing and testing a major expansion of IMGate
Advanced, for immediate delivery, announced with this email.
IMGate.MEIway.com web site is being totally revised to reflect IMGate
Advanced 09 and will be on-line within by 1 Sep, which will also be
the date of the public announcement. IMGate.MEIway.com will be
retired, replaced by a new URL.
######################
IMGate Background
=================
The emphasis of IMgate has always been envelope rejection, before the
SMTP DATA command and avoiding expensive queuing to disk. This
approach has now become Postfix designer's own preference, that the
envelope stage is where defensive policies should be implemented.
Nearly all other commercial products must accept entire message
before deciding accept or reject. IMGate Advanced is vastly more
efficient, in bandwidth and machine resources, by exploiting
thoroughly the envelope information of PTR[IP], MAIL FROM:, RCPT TO:,
and HELO.
In addition to greatly enhanced envelope policies, the new IMGate
Advanced adds full content inspection to provide a complete
anti-spam/anti-virus mail firewall.
The major IMGate architectural feature is separation of mail defenses
from the mail box server to a another machine dedicated as MX
appliance, allowing the mailbox server to concentrate exclusively on
mailbox storage and mail user services. Adding IMGate as a separate
MX noticeably offloads the mailbox server and increases its responsiveness.
IMGate's interaction with mailbox servers is exclusively over the
SMTP protocol, so IMGate is compatible with any brand of mail box
server product.
All the software in IMGate is free, open source, meaning no software
purchases, no annual subscription fees, no software upgrade fees,
while providing total access to the system internals for monitoring,
modification, etc.
IMGate Advanced 09 Features
===========================
IMGate mail defenses are sequence of 4 layers, progressively removing
illegitimate mail and abusive IPs at each stage.
First Layer: Recipient Validation (unknown recipient rejection)
===============================================================
Nothing new here compared with the earlier IMGate Advanced. It should
be noted that some commercial anti-spam hardware MX products validate
recipients by probing the mailbox server, passing 100s of 1000s of
bad recipient SMTP sessions to the mailbox server, a straight-through
passage of a denial-of-service attack. IMGate Advanced installation
service includes the exporting of mailbox accounts from the mailbox
server to a database on the IMGate MX so bad recipients are rejected
independently of the mail box server, eliminating the IMGate MX as
source of backscatter.
Typical rejection rate for unknown recipients is about 50% of all msgs.
Second Layer: Selective Greylisting
===================================
While greylisting was available in the previous IMGate Advanced, the
new configuration of greylisting is highly selective, applied only to
suspicious messages, so that sending mail servers with correct PTR
and HELO are not greylisted. IPs sending messages with unsuspicious
PTR and HELO will still be subject to RBL queries.
IMGate Advanced greylist report:
3222 Pass new triplet from white listed IP
7075 Reject early retry
11752 Pass cached triplet
26612 Pass retry
77605 Pass and auto-whitelist IP
1178921 Reject new triplet
An IMGate Advanced option for sites with multiple MXs, rather than
have each MX run its own greylist database, is a single, shared
greylist SQL database server with greylist/SQL clients on each
MX. See optional IMGate installation services below.
Typical effective rejection rate for greylisting is about 90%+ of all
msgs to known recipients. In an actual IMgate greylist report above,
the ratio of:
( pass retry / reject new triplet + pass retry )
... is under 2%, giving a effective greylist reject rate of 98%.
3rd Layer: Envelope Policy Service
==================================
A major and totally new addition is an envelope policy server with a
set of custom IMGate rules that uses compound conditions, including
RBL queries, for making the reject/accept decision at envelope
stage. The IMGate policy server runs after greylisting.
Envelope policies are applied to all messages, having passed through
or bypassed greylisting.
An actual report of rejects of the envelope policy service (ACCNET is
ACCess NETworks):
IMGate Envelopy Policy Report
643 RBL HELO_IP
1359 RBL HELO_ACCNET
1622 RBL HELO_NOTFQDN
5693 RBL PTR_ACCNET
13343 PTR_ACCNET HELO_IP
18845 RBL MULTIPLE MAIN
21001 PTR_ACCNET HELO_NOTFQDN
24111 RBL PTRNUL
38933 RBL MULTIPLE
56244 PTRNUL HELO_NOTFQDN
84763 PTRNUL HELO_ACCNET
146429 PTRNUL HELO_IP
193523 PTR HELO ACCESS_NET
Note above that the IMGate envelope policy service performs RBL
queries, so the report shows RBL rejects for a) 1 RBL hit + condition
(eg, RBL PTRNUL), and b) 2 or more RBLs (eg, RBL MULTIPLE).
Typical envelope policies rejection rate at this layer for msgs to
known recipients is often is about 50%.
(Note: After envelope policy layer, another layer of defense could be
SAV, sender address verification, due to the much reduced message
volume to be SAV'd, and to IMGate's excellent, caching SAV implementation.)
Fourth Layer: Content-Scanning
===============================
Another major addition to IMGate Advanced 09 is content-scanning
using the widely deployed and highly successful open source products
of Spamassassin anti-spam, and ClamAV anti-virus.
While content-scanning is an infamous consumer of machine resources,
IMGate Advanced's multi-stage filtering dramatically throttles the
traffic delivered to content scanning.
Spammassassin is configured with Bayes auto-learning, Razor, Pyzor,
and carefully selected rulesets updated automatically. Spam can be
tagged and passed, quarantined, or rejected.
ClamAV is configured with the Clam AV database plus 3rd party
databases, automatically updated several times per day.
Amavis Global Stats Report:
18 AMAVIS Blocked Spam
186 AMAVIS Blocked Infected
279 AMAVIS Passed Bad-Header
31776 AMAVIS Passed Clean
The 3 layers of envelope filtering preceding the content-filtering
layer deliver such clean traffic that:
(Blocked Spam+Infected) / (Passed Clean + Blocked Spam+Infected) < 1%
... is actually blocked by the content filtering.
For the above Amavis report, the specific infected messages blocked by ClamAV:
81 (HTML.Phishing.Bank-520),
39 (Worm.Mydoom.M),
22 (HTML.Phishing.Acc-4),
12 (HTML.Phishing.Auction-61),
7 (Trojan.Delf-5385),
6 (HTML.Phishing.Bank-1165),
4 (HTML.Phishing.Bank-89),
2 (Worm.W32.Agent-1),
2 (HTML.Phishing.Pay-35),
2 (HTML.Phishing.Pay-127),
2 (HTML.Phishing.Bank-863),
2 (HTML.Phishing.Bank-485),
1 (HTML.Phishing.Bank-573),
1 (HTML.Phishing.Bank-483),
1 (HTML.Phishing.Bank-362),
1 (HTML.Phishing.Bank-214),
1 (HTML.Phishing.Bank-213),
IMgate Advanced Service Monitoring
==================================
Another enhancement of IMGate Advanced is self-monitoring of services
that attempts to actively resolve service failures. The status of
monitored services and various critical parameters (mail queues,
number of mail processes, disk space, etc) are viewable via a secure
Web interface.
IMGate Advanced 09 Complementary Features
=========================================
Included in IMGate Advanced 09 installation or upgrade:
Hardening against brute force attacks on FTP and SSH ports using
reactive blocking. It is common to find 1000s of failed FTP/SSH
attempts in the daily security logs. IMGate Advanced's reactive
blocking keeps the security logs readably small, as well as
neutralizing the brute force attacks.
DNS/SMTP report for each domain for which IMGate accepts mail (relay domains).
Statistical analysis of network links adjacent to the IMGate Advanced machine.
IMGate Advanced 09 Requirements
===============================
FreeBSD 7 - IMGate's FreeBSD installation document provides fast and
easy setup using a bootable CDROM. After the FreeBSD is installed
and placed on line, the remote installation proceeds.
2.0+ GHz CPU
2 GB RAM
1 or 2 fast disks
Optional IMGate Configurations and Installation Services
========================================================
* Disk imaging/ghosting with image transferred to an ftp server.
* Multiple MXs with configuration mirroring
* Shared greylist database server supporting multiple MXs with one
greylist database so that an IP or subnet white listed on one MX is
white listed on all MXs, with greylist database backup.
* Private RBL Server - copy public RBL zones to your private RBL
server for increased RBL query performance and immunity from slowness
and blackouts of public RBL servers. One can create private blacklist
and whitelist RBL zones by harvesting good and bad behavior from mail logs.
* System Log Host - IMGate's mail logging to system log server to
simplify and unify reporting and log searching.
On most sites, the greylist database server, the private RBL server,
and the system log host can share the same machine.
* SMTP over TLS for encrypted server-to-server security.
* IMgate Support Service Agreement - for IMGate maintenance,
questions, problems, interventions, upgrades, and enhancements.
Prices
======
All IMGate Advanced configurations and options are remote
installation services including 30 days support.
IMGate Advanced 09 Installation or upgrade for 1 MX: $800
IMGate Advanced 09 Installation each additional MX mirroring primary MX: $600
IMgate Advanced 09 only with envelope policies (Layers 1 to 3 above)
but without content-scanning, for sites that have and want to retain
their content scanning. $400 per MX
IMGate Shared Greylist database server: $500 + $100 per MX
IMGate Private RBL server: $500
System Log Host: $500 + $100 per MX
IMgate Support Service Agreement: For 1 or 2 MXs, $300/month. Prices
for larger configurations based on agreed hours/month.
### END ###
