[sniffer] Sniffer Helper App?
Hello, I run iMail 9.0 and would like a program that can do GeoIP to screen foreign countries before they even get to iMail. I used to use MXGuard (still have an active license) but my server could not handle the CPU draw. I moved to eWall which really has some great potential as it is a nice light gateway client that works with Sniffer but it also crashes and has a few other problems (this program also introduced me to GeoIP). Any other suggestions as I am beat after trying to get some decent spam relief as well as relief from an aging server. My server is an AMD 2.0 with Raid and 2 gigs of Ram It's faired well over the last couple years but the spam levels ramping up are starting to take their toll and I don't want to move to a new server just yet. eWalls got me spoiled on the GeoIP feature where it polls a DB for country info based on the incoming IP and can delete emails before they reach iMail. Any suggestions on what I should consider to help with spam and also use Sniffer. Is Declude worth while? Some other light gateway like eWall ? Thanks in advance for any suggestions, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Sniffer Helper App?
Steve Guluk wrote: snip Any suggestions on what I should consider to help with spam and also use Sniffer. Steve, Do you have the ability to add into your current filtering additional RBLs and/or URI blacklists? I have some good suggestions there! Rob McEwen # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Sniffer Helper App?
On Jul 1, 2008, at 12:25 PM, Rob McEwen wrote: Steve, Do you have the ability to add into your current filtering additional RBLs and/or URI blacklists? I have some good suggestions there! Rob McEwen Rob, If I move away from eWall I will be left with just iMail till I find something else (purpose of my email). iMail has URL blacklists. eWall has URI Blacklists but I'm still looking for that perfect client to put in-front of my mail server (software based). So you probably have some good suggestions but I still need to get that program that can appreciate them. Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Sniffer Helper App?
Steve, What I'm getting is this... the ultimate in low resource spam protection is blocking based on the sending IP using a prolific DNSBL like zen.spamhaus.org that, like zen, has extreme low FPs. Because the message is blocked at the perimeter using just a single lookup on the sender's ip. The incoming spams are swatted down very quickly. To extend this further, if that DNSBL is locally served via rbldnsd, that is even better since the dns lookup times can then go from about 30-60ms to 1ms. (but Zen doesn't catch everything and spamhaus data feeds are expensive! But I have some related suggestions along these lines that my interest you and accomplish all of this and more!) By implementing such a strategy, you might find that your iMail server is suddenly able to handle the load. (really... please don't doubt me on this... hear me out...) I'll contact you off-list with more specifics since this is getting very off-topic to sniffer... and some of my suggestions are free, and disclaimerothers involve a product I sell/disclaimer. So I should probably stop here and quit before I get further behind! Rob McEwen # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Sniffer Helper App?
Steve; Declude works well, but any comprehensive set of filters will take some horsepower to run. Declude will do the country filtering I think you wanted. Herb Steve Guluk wrote: On Jul 1, 2008, at 12:25 PM, Rob McEwen wrote: Steve, Do you have the ability to add into your current filtering additional RBLs and/or URI blacklists? I have some good suggestions there! Rob McEwen Rob, If I move away from eWall I will be left with just iMail till I find something else (purpose of my email). iMail has URL blacklists. eWall has URI Blacklists but I'm still looking for that perfect client to put in-front of my mail server (software based). So you probably have some good suggestions but I still need to get that program that can appreciate them. Regards, *Steve Guluk* SGDesign (949) 661-9333 ICQ: 7230769 -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Cell (off hours or if out of office) This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way.
[sniffer] Re: Sniffer Helper App?
If I move away from eWall I will be left with just iMail till I find something else (purpose of my email). iMail has URL blacklists. eWall has URI Blacklists but I'm still looking for that perfect client to put in-front of my mail server (software based). So you probably have some good suggestions but I still need to get that program that can appreciate them. (aside from my other thoughts) here are two free software packages to look at: http://assp.sourceforge.net/ http://www.untangle.com/ Rob McEwen # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Sniffer Helper App?
Steve, If at all possible, I recommend blocking based on unknown user BEFORE doing ANY content filtering of the message. But, if you must, it is also a good strategy to block based on the sender's IP first. (I'm figuring that you might need to do that since you are trying to reduce mail to your iMail server and only your iMail server knows which recipient addresses are legit and which are dictionary attack spams) here are the dnsbls I recommend for outright blocking based on the sender's IP: zen.spamhaus.org bl.spamcop.net psbl.surriel.com After RBL checking of the sender's IP, try to NOT do ANY content filtering until AFTER spams sent to non-existent users are blocked. This probably means that you should probably abandon using EWALL to call sniffer and only use EWALL to block based on these RBLs... then send all that is left to your iMail server. You should then see if you can get iMail to call sniffer (even if through another app... or another instance of eWall)... so that this could be done AFTER the unknown users are eliminated by iMail. The idea is that the first run EWall.. ONLY checking against RBLs.. but not running sniffer or URI lookups or any other content filtering until AFTER iMail has eliminated spams sent to unknown users. ...THEN see if you can get iMail to call a second instance of eWall (or something else) to THEN use sniffer and URI lookups. Rob McEwen # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Sniffer Helper App?
Steve, Since this hasn't yet been mentioned, try Alligate (www.alligate.com). It does selective greylisting (only greylists things that look spammy), and also will validate your users' addresses and do things like country blocking/tarpitting/greylisting. Only one zombie spammer survives greylisting, and after you dump all of that plus validate addresses, you will reduce your traffic down to a point where it is only 1/3 spam. If you only reject bad addresses and clear abuse (many bad addresses in one connection for instance), you can do this with 99.% accuracy. I'm not lying about that either. The only things that fail selective greylisting will be black boxes that don't spool E-mail, and if you give a wide retry time, you will likely allow future attempts from a black box that happens to get greylisted. Selective greylisting is far superior to regular greylisting since it is rarely triggered against legitimate E-mail. I dump around 93% of all connections to my servers and I don't need to falsely trust a single source of data such as SpamCop to achieve those results. I then leave the heavy lifting to a secondary filtering system where the heavy lifting is performed. Alligate requires almost no resources, though you should dedicate a box to it so that other things don't step on it's feet. Matt Steve Guluk wrote: Hello, I run iMail 9.0 and would like a program that can do GeoIP to screen foreign countries before they even get to iMail. I used to use MXGuard (still have an active license) but my server could not handle the CPU draw. I moved to eWall which really has some great potential as it is a nice light gateway client that works with Sniffer but it also crashes and has a few other problems (this program also introduced me to GeoIP). Any other suggestions as I am beat after trying to get some decent spam relief as well as relief from an aging server. My server is an AMD 2.0 with Raid and 2 gigs of Ram It's faired well over the last couple years but the spam levels ramping up are starting to take their toll and I don't want to move to a new server just yet. eWalls got me spoiled on the GeoIP feature where it polls a DB for country info based on the incoming IP and can delete emails before they reach iMail. Any suggestions on what I should consider to help with spam and also use Sniffer. Is Declude worth while? Some other light gateway like eWall ? Thanks in advance for any suggestions, *Steve Guluk* SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Sniffer Helper App?
I will have to second this. I've moved off Imail to other Windows based Email servers (MailEnable and Smartermail) and no regrets in the past. If you are looking to block based on countries you can still use the Reverse DNSBLs that are country specific. However, this will only work well if you selectively block a few countries because if you have a long list of countries to block it would add to your overall processing time Cheers -Matt From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of David Moore Sent: Wednesday, July 02, 2008 7:03 AM To: Message Sniffer Community Subject: [sniffer] Re: Sniffer Helper App? I MOVED FROM Imail 8 to SmarterMail 4.3 and then 5.1, best thing I ever did ( the cost of an Imail maintenance contract for Enterprise unlimited users / domains). SmarterMail has grey listing built in so 90-95% spam gets killed at source the other spam is handled out of the box by SpamAssassin. I do have mXGuard and Sniffer full licences but as yet I haven't had to enable them. (mainly because I have only just installed SmarterMail v5.1) Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve Guluk Sent: Wednesday, 2 July 2008 5:18 AM To: Message Sniffer Community Subject: [sniffer] Sniffer Helper App? Hello, I run iMail 9.0 and would like a program that can do GeoIP to screen foreign countries before they even get to iMail. I used to use MXGuard (still have an active license) but my server could not handle the CPU draw. I moved to eWall which really has some great potential as it is a nice light gateway client that works with Sniffer but it also crashes and has a few other problems (this program also introduced me to GeoIP). Any other suggestions as I am beat after trying to get some decent spam relief as well as relief from an aging server. My server is an AMD 2.0 with Raid and 2 gigs of Ram It's faired well over the last couple years but the spam levels ramping up are starting to take their toll and I don't want to move to a new server just yet. eWalls got me spoiled on the GeoIP feature where it polls a DB for country info based on the incoming IP and can delete emails before they reach iMail. Any suggestions on what I should consider to help with spam and also use Sniffer. Is Declude worth while? Some other light gateway like eWall ? Thanks in advance for any suggestions, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
