[IMGate] huge drop in mail after 12/5
I have noticed a huge drop in mail to my Imgate box, nothing has changed. In the week prior to December 5, average number of incoming messages was 22,000. After December 5 and continuing through today the average number of incoming mail was 8,000. Of course I am not complaining, but very very confused. Is anyone else seeing this drop. -- Andrew P. Kaplan www.cshore.com Computers are useless. They can only give you answers. - Pablo Picasso
[IMGate] Re: Spam declines after hosting company shut-down
I remember years ago I noticed a large drop in spam for a couple of weeks. Months later I saw a post about a fiber cut in Korea. IMHO spam would be reduced if; 1: ALL mail servers required .ptr records before accepting mail 2: ALL mail server refused to whitelist ANYONE Sure this draconian measures would interrupt a ton of legitimate mail. But it would force ISP to be more accountable for their mail. On Thu, 2008-11-13 at 08:42 -0600, Christopher Checca wrote: I hope too :) Christopher Checca Packard Transport, Inc. 24021 South Municipal Dr PO Box 380 Channahon, IL. 60410 815 467 9260 815 467 6939 Fax [EMAIL PROTECTED] www.packardtransport.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Thursday, November 13, 2008 7:50 AM To: imgate@mgw2.MEIway.com Subject: [IMGate] Spam declines after hosting company shut-down http://news.cnet.com/8301-1009_3-10095730-83.html?part=rsssubj=newstag=254 7-1_3-0-5 We'll see if this really holds up, or whether others step into the gap. Len __ IMGate OpenSource Mail Firewall www.IMGate.net -- Andrew P. Kaplan www.cshore.com Freedom is not free and your excuse for doing less than you could is leaving town in January. - Thomas L. Friedman
[IMGate] Re: new free, public RBL by Barracuda
Looks cool, but their end-game plan is off course to create a database of users (registration required) to which they can market their spam/virus box. Obviously you can't argue with the price and the list should be quite good. On Sun, 2008-09-21 at 13:44 -0500, Len Conrad wrote: http://www.barracudacentral.org/rbl AN IMGate clients has just started using this RBL. Feedback on your results appreciated Len -- Andrew P. Kaplan www.cshore.com Anyone who can solve the problems of water will be worthy of two Nobel prizes--one for peace and one for science. - John F. Kennedy
[IMGate] Re: Moving away from Imail
I agree, thank to the generosity of Len and others, many of us now have super stable mail platforms, that require very little human intervention. I remember years ago setting up my first imgate on a $50 pentium it kept on going and going like the energizer bunny (see attachment). I'm still subscribed to the list because I have a few iMail installs out there, as well as fondness for this list. -- Andrew P. Kaplan www.cshore.com i'm living so far beyond my income that we may almost be said to be living apart. -- e. e. cummings -- Binary/unsupported file stripped by Ecartis -- -- Type: image/jpeg -- File: postfixbunny.jpg
[IMGate] longer queue time for etrn domains
My current queue lifetime is 2hours, however, this is too short for ETRN customers when their box dies. Is there some way I can create a different transport section in master.cf and give it a longer queue time just for my etrn domains. TIA -- Andrew P. Kaplan www.cshore.com Success is not final, failure is not fatal: It is the courage to continue that counts. Winston Churchill
[IMGate] Re: Signed up for the spf stuff
Quoting Len Conrad [EMAIL PROTECTED]: Personally I'd like to see Marking Mail Transfer Agents in Reverse DNS with TXT RRs ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-stumpf-dns-mtamark-03.txt move forward and get adopted. Perhaps I misunderstood this RFC but it seems trivial for spammers to mark their ip's with a 1 or spam friendly providers to do the same. I agree it's effective against hijacked workstations, but then so is greylisting. Andrew P. Kaplan www.cshore.com This message was sent using IMP, the Internet Messaging Program.
[IMGate] Re: Migrating to new IMail server box and IP
Ten Forward Support wrote: We are currently in the process of migrating our IMail server over to a new server and IP address. Is there anything I need to change in IMGate to ensure that mail will be delivered to the new server once our DNS change takes place? I ran through the main.cf, master.cf, transport.map, relayed_domains.map and access_ok.map files and didn't see anything that specifically pointed to the old IP address. I am assuming it is delivering solely by dns entry. -Jerry Only one change is required. For speed you want to avoid DNS lookup and specify the IP in transport.map yourdomain.com smtp:[ip.ad.dr.es] don't forget to postmap afterwards. -- Andrew P. Kaplan www.cshore.com A fine is a tax for doing wrong. A tax is a fine for doing well. Anonymous -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005
[IMGate] Re: Greylisting
Len Conrad wrote: eg, 130K greyslist rejects, and only 30K were re-tried. I just started running greylisting this week and love it. My second box running SA and clamav is yawning. And yes Len you were correct, my dual box setup was SCREWY -- Andrew P. Kaplan www.cshore.com A fine is a tax for doing wrong. A tax is a fine for doing well. Anonymous -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005
[IMGate] Qmail ?
roger weiss wrote: Hi Len, I am using SmaterMail with IMGate and find SM to be a lot better mail server than IMail. The user interface is a lot cleaner and my customers are a lot happier. Hmmm, Roger your reply domain is qmail.com. So allow me to ask this question. Any response from anyone would be greatly appreciated. I am forced to work with Qmail (using PLESK) for about a year now. I have been spoiled by the ease of reading Postifix logs (not to mention the simplicity of blocking SPAM). I know about Qmailanalog, but still have difficutly reading Qmail logs, specfically, IP address of sending SMTP server, reason for bounce etc, message ID (since INODES # are resused the # is useless), etc. I have searched in vaid for more info TIA. -- Andrew P. Kaplan www.cshore.com We must build dikes of courage to hold back the flood of fear. Martin Luther King -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005
[IMGate] Dictionary attacker follows domain
I noticed that one of my domains was getting over 500 megs mail sent to non-existent users one a daily basis. The mail came from a variety of senders. I then moved the account to a different mail server and now this new mail server is getting all the traffic, with the similiar activity of random non-existent email addresses to his domain. My question is why is this one domain attracting all this spam. -- Andrew P. Kaplan www.cshore.com We must build dikes of courage to hold back the flood of fear. Martin Luther King -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005
[IMGate] Re: unknown user info lost when using multiple smtp servers
what a mess. I thought this was the best way to setup postfix with virusscanning. forget about unknown users. export the known users from the imail box to the MX. Some of the domains behind the virusscanner are not on Imail. -- Andrew P. Kaplan www.cshore.com We must build dikes of courage to hold back the flood of fear. Martin Luther King -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 2/7/2005
[IMGate] Re: rr getting smart about PTR reverse domains
NeoBlu wrote: SweetAlready starting to work here: # egrep -i res.rr.com /var/log/maillog | wc -l 727 # zgrep -i res.rr.com /var/log/maillog.[0-9].gz | wc -l 4155 I would double check your stats, as this figure counts email from/to res.rr.com -- Andrew P. Kaplan www.cshore.com We must build dikes of courage to hold back the flood of fear. Martin Luther King -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 2/7/2005
[IMGate] Re: MSN and Hotmail
Donald K. Yocum wrote: Is anyone having a problem with postfix (Imgate) not delivering Hotmail and MSN accounts? I notice the same thing in my logs, however most but not all is being delivered. I tried to telnet with no success. It looks like 64.4.50.179 is not responding but 64.4.50.239 is working. Feb 2 08:14:28 imgate1 postfix/smtp[46308]: connect to mx3.hotmail.com[64.4.50.179]: Operation timed out (port 25) Feb 2 08:15:17 imgate1 postfix/smtp[46248]: connect to mx3.hotmail.com[64.4.50.179]: Operation timed out (port 25) Feb 2 08:21:19 imgate1 postfix/smtp[46247]: connect to mx3.hotmail.com[64.4.50.179]: Operation timed out (port 25) Feb 2 08:26:20 imgate1 postfix/smtp[46308]: 5C066AC39: to=[EMAIL PROTECTED], relay=mx3.hotmail.com[65.54.167.5], delay=1, status=sent (250 [EMAIL PROTECTED] Queued mail for delivery) Feb 2 08:28:46 imgate1 postfix/smtp[46421]: connect to mx3.hotmail.com[64.4.50.179]: Operation timed out (port 25) Feb 2 08:31:52 imgate1 postfix/smtp[46388]: D8132ABCE: to=[EMAIL PROTECTED], relay=mx3.hotmail.com[64.4.50.239], delay=44, status=sent (250 [EMAIL PROTECTED] Queued mail for delivery) -- Andrew P. Kaplan www.cshore.com A New Year's resolution is something that goes in one year and out the other author unknown -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 1/28/2005
[IMGate] New Virus Attack Technique Bypasses Filters
Perhaps it's time to block .rar extensions. Does anyone ever email a .rar file ? http://www.eweek.com/article2/0,1759,1756636,00.asp?kc=ewnws013105dtx1k599 -- Andrew P. Kaplan www.cshore.com A New Year's resolution is something that goes in one year and out the other author unknown -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 1/28/2005
[IMGate] Re: concerning the new attack via ISP outbound relays
Quoting Len Conrad [EMAIL PROTECTED]: One short-term tactic would be for IMGate not to trust IMail's IP for relaying via mynetworks, but to run SAV/RAV before permit_mynetworks. Any suggestions for an ISP not running SAV/RAV due to high mail volume 250k/day Andrew P. Kaplan www.cshore.com This message was sent using IMP, the Internet Messaging Program.
[IMGate] Re: concerning the new attack via ISP outbound relays
Quoting Len Conrad [EMAIL PROTECTED]: You could set up a separate IMGate for outbound only and do SAV/RAV there. Thanks great idea. Andrew P. Kaplan www.cshore.com This message was sent using IMP, the Internet Messaging Program.
[IMGate] Re: making log searches readable
Len Conrad wrote: a stupid little script for piping your egrep searches into, so instead of Nice script, I am used to the postfix format and going crazy with the crappy log output of Qmail, so I love the simplicity of the postfix logs. All the best. -- Andrew P. Kaplan www.cshore.com A New Year's resolution is something that goes in one year and out the other author unknown -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.7.4 - Release Date: 1/25/2005
[IMGate] Spammers ordered to pay $1 billion
http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html Andrew P. Kaplan www.cshore.com To subdue the enemy without fighting is the highest skill - Gichin Funakoshi -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.0 - Release Date: 12/17/2004
[IMGate] time to update my RBL list
I am using the following RBL's. Just curious to see what others are using. reject_rbl_client sbl.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client opm.blitzed.org, reject_rbl_client bl.spamcop.net, reject_rbl_client korea.services.net, reject_rhsbl_client block.rhs.mailpolice.com, p.s. Len I removed visi and my average delivery time dropped 10 secs. (I realize this is a small sample set but . . . ) Andrew P. Kaplan www.cshore.com To subdue the enemy without fighting is the highest skill - Gichin Funakoshi -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004
[IMGate] Fw: Re: Fw: Re: who is responsible for slow mail
hard to say. need to look at top for memory usage/swapping, CPU load, and at the size of the incoming queue. last pid: 75780; load averages: 1.54, 2.30, 1.73 up 54+02:46:47 14:05:16 425 processes: 1 running, 424 sleeping CPU states: 21.7% user, 0.0% nice, 20.5% system, 1.2% interrupt, 56.6% idle Mem: 235M Active, 111M Inact, 99M Wired, 15M Cache, 60M Buf, 38M Free Swap: 256M Total, 40K Used, 256M Free The box is working hard, but the queue always seems to be small, around 10 to 20. 58 k delivered isn't very much. what about the avg smptd connection time, the avg dly to your mailbox server domains How do I check that. are your running visi? it's down and will slow all msg to 80 seconds No. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004
[IMGate] Re: problems sending to Verizon
Len, verizon mail is pretty screwed up in general. lotsa complaints on other lists. Thanks that's what I figured. I think Verizon does do some kind of SAV. Thanks, I was wondering if they were using greylisting. So I guess there's little I can do. Andrew P. Kaplan www.cshore.com To subdue the enemy without fighting is the highest skill - Gichin Funakoshi -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004
[IMGate] Re: user control interface
How are you currently tweaking their individual settings? I am not. Andrew P. Kaplan www.cshore.com Fashion is a form of ugliness so intolerable that we have to alter it every six months. -- Oscar Wilde -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.5 - Release Date: 12/3/2004
[IMGate] Re: user control interface
How are you currently tweaking their individual settings? I am not. However, I think the next step in offering customer the highest level of spam protection is to give them some control over the filters. However, it would need to be user specific since I wouldn't want someone to blacklist the aol mail server or open a spammer email address. Andrew P. Kaplan www.cshore.com Fashion is a form of ugliness so intolerable that we have to alter it every six months. -- Oscar Wilde -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.5 - Release Date: 12/3/2004
[IMGate] amavisd/f-secure not catching viruses
I am getting a bunch of I-Worm/Sober.I. Viruses found in the attached files. The file re_mail7621.eml.zip: Virus identified I-Worm/Sober.I. The attachment was moved to the virus vault. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.4 - Release Date: 11/30/2004 My updates are current on my virusscanner, I ran www.testvirus.org and the server caught all but the last virus Eicar virus within a ZIP file that has been manipulated to evade detection by some anti-virus software by changing the uncompressed size to zero within the ZIP file headers. this seems to be the problem. I tried adding the long lists of headers but that put too much strain on my server that process 250,000 messages a day. Any help would be appreciated. Andrew P. Kaplan www.cshore.com Fashion is a form of ugliness so intolerable that we have to alter it every six months. -- Oscar Wilde -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.4 - Release Date: 11/30/2004