Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
I should be glad that you share with me on how you manage and fight spam in your corporate networks. For a small on topic addition I will start by saying this: On any Cisco device between your smtp gateway and the Internet, be sure to save no fixup smtp to your config. fixup smtp is buggy and will cause heartache at some point Wow, I can't believe how many people are recommending the 'cuda! Definitely do some additional research into this company's quality of support and especially their technical competence, etc... before going with this one! 'nuff said ;) Hint: search the SPAM-L archives... Speaking of SPAM-L, it would be a good idea to join and lurk over there. You'll learn a lot and hey, your question would even be On Topic there. Control who accesses your SMTP infrastructure: 1. Use the BOGON list in your edge gateway/firewall device. 2. Selectively block IP ranges mentioned on SPAM-L as above 3. Use the Spamhaus ZEN RBL and 5xx reject anything matching at your public mail exchanger 4. Consider greylisting...although the Ironport will not do this as of yet, people report that it is still quite effective when properly implemented. 5. Get rid of any backup mail exchangers you might have. You will probably be rejecting close to 98-99% of spam just by doing the above 5 things with virtually no false positives. Content filtering on the remaining sludge will eliminate almost all the rest. Appliance type devices: I can personally vouch for the Ironport. We have found it to be extremely effective both in terms of %spam caught and low false positives. Once setup it requires very little administration. Unfortunately, it is also extremely expensive (starts somewhere around $7K USD with support) so may not be an option for many smaller shops. At the old plaice (where the budget was small to the point of being almost non-existent) I had rigged up an open source solution consisting of sendmail and a milter known as MIMEDefang which ran ClamAV and SpamAssassin and filtered SMTP according to certain rules. It was similarly effective to the Ironport here, but took a whole lot more admin hours to manage. The Coup de Gras of the mess was MIMEDefang. Unfortunately, like many powerful tools, it requires an extensive knowledge (in this case Perl, Sendmail, and SMTP, and the many delicate interactions in between) in order to get the best use out of it. I hear that some people now run MIMEDefang under Postfix, which must certainly be higher performance. The developer of MIMEDefang has a commercial product you may want to look at called CanIT Pro. Highly recommended and the company clue factor is high. The appliance version pricing is competitive with the bargain basement 'cuda. No matter what solution you choose, make sure it is capable of doing LDAP lookups into your active directory in order to 5xx reject (NOT NDR bounce!!!) mail to invalid users. The latter 3 solutions can all do that; I've no clue if the 'cuda can, though most don't. :( Politics: We here do not quarantine or drop spam. Instead we tag the subject line and have rules setup in the MUAs to filter the spam out of the Inbox. This way the user is responsible for purging the spam. Also, this way, false positives if any are found more often than not w/o a help desk call. As such, our primary I.T. burden with external mail is LARTing the innocent yet generally clueless senders out there who wish to communicate with us. We try to be friendly :) Finally: If you don't understand mail, retain the services of someone who does. ~JasonG -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
On Fri, 28 Dec 2007, Jason Gurtz wrote: I should be glad that you share with me on how you manage and fight spam in your corporate networks. For a small on topic addition I will start by saying this: On any Cisco device between your smtp gateway and the Internet, be sure to save no fixup smtp to your config. fixup smtp is buggy and will cause heartache at some point Yes, both the SMTP and ESMTP fixups have problems. We found some the hard way when an FWSM was accidentally deployed with the fixups enabled :( jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Felix Nkansah Sent: Wednesday, December 19, 2007 11:13 AM To: groupstudy; cisco-nsp@puck.nether.net Subject: [c-nsp] OT: How do you fight spam in your enterprise? I need help Hello, I know this aint necessarily cisco stuff, but please help me out. I've been having persistent problems with spam in my network. Email users (from my CEO to everyone) are complaining each day about the spam. We use Exchange server 2003. I should be glad that you share with me on how you manage and fight spam in your corporate networks. Is there a particular technology, software, appliance, etc you have deployed that has proven to be 98% effective? Are there any settings or features on Exchange I also need to enable or disable? Barracuda is fine if you are running a corporate network, but it's impossible if your an ISP, there's no possible way you can ever recoup the money needed for it from selling public mailboxes when people can go to gmail and yahoo and get free mailboxes. Most ISP's run mailservers to help contain customers. The idea is if you keep them off of gmail, they won't be pitched as often by your competitors. If you don't have the money for Barracuda then there are some lower cost answers. The obvious one is to run a Linux or FreeBSD server in front of the exchange server that is running Spamassassin and filters mail before it gets to the Exchange server. Ted ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
On 20/12/2007, at 7:32 PM, Ted Mittelstaedt wrote: Most ISP's run mailservers to help contain customers. The idea is if you keep them off of gmail, they won't be pitched as often by your competitors. And not just because offering customers a free mailbox with their internet connection is the standard thing that ISPs do? Ive worked for two ISPs over the past 4 years in varying roles from customer service to network engineer (one a wholesaler), and Ive never heard of an ISP offering free mailboxes simply to retain customers because they can be poached more easily if they use one of the other free email providers. One of the biggest reasons for offering a free mailbox has been advertising for the ISP in question. And apart from advertising, its convenient for customers, in particular those who are new to the Internet. Having something at their fingertips that they dont need to think about is most definitely something they appreciate. You seem to have a very interesting take on things. :-) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
Tom: So you don't think that an ISP-branded e-mail creates stickiness? I'll have you man our helpdesk after we send a letter to our new subscribers from acquisitions that they need to change their e-mail address. It's not 100%, but it's a significant and measureable quantity. We encourage our customers to use our e-mail account, but because we believe it reduces churn. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Storey Sent: Thursday, December 20, 2007 6:44 AM To: Ted Mittelstaedt Cc: groupstudy; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help On 20/12/2007, at 7:32 PM, Ted Mittelstaedt wrote: Most ISP's run mailservers to help contain customers. The idea is if you keep them off of gmail, they won't be pitched as often by your competitors. And not just because offering customers a free mailbox with their internet connection is the standard thing that ISPs do? Ive worked for two ISPs over the past 4 years in varying roles from customer service to network engineer (one a wholesaler), and Ive never heard of an ISP offering free mailboxes simply to retain customers because they can be poached more easily if they use one of the other free email providers. One of the biggest reasons for offering a free mailbox has been advertising for the ISP in question. And apart from advertising, its convenient for customers, in particular those who are new to the Internet. Having something at their fingertips that they dont need to think about is most definitely something they appreciate. You seem to have a very interesting take on things. :-) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
On 21/12/2007, at 6:26 AM, Frank Bulk wrote: Tom: So you don't think that an ISP-branded e-mail creates stickiness? I'll have you man our helpdesk after we send a letter to our new subscribers from acquisitions that they need to change their e-mail address. It's not 100%, but it's a significant and measureable quantity. We encourage our customers to use our e-mail account, but because we believe it reduces churn. Frank The first ISP I worked at acquired a number of small ISPs. Rather than make everyone change their email address we chose to continue their existing email address. We lost very few customers, and those that stayed were pleased that they were allowed to keep their old email address. Likewise we encourage everyone to use their ISP provided mailbox. But I am not of the impression that the free mailbox is what causes people to stick around, particularly with the ISP that I work for now. A free mailbox just doesnt seem to be a breakthrough product that makes or breaks an ISP. Its just something that they all do as a standard provision of Internet access. This is just my observation during my time in the ISP industry in Australia. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
BARRACUDA. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Nkansah Sent: Wednesday, December 19, 2007 2:13 PM To: groupstudy; cisco-nsp@puck.nether.net Subject: [c-nsp] OT: How do you fight spam in your enterprise? I need help Hello, I know this aint necessarily cisco stuff, but please help me out. I've been having persistent problems with spam in my network. Email users (from my CEO to everyone) are complaining each day about the spam. We use Exchange server 2003. I should be glad that you share with me on how you manage and fight spam in your corporate networks. Is there a particular technology, software, appliance, etc you have deployed that has proven to be 98% effective? Are there any settings or features on Exchange I also need to enable or disable? Please share your experiences with me. Thanks, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Davis H. Elliot Company company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
Steve Bertrand wrote: Bob Fronk wrote: BARRACUDA. Seconded. Which has the ability to create spam, but just not for the people who bought it, thus creating the illusion of making the world a better place. If you choose to use one, please don't spam the rest of us with its NDR's and other cruft. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
Hi, On Wed, Dec 19, 2007 at 07:13:04PM +, Felix Nkansah wrote: I know this aint necessarily cisco stuff, but please help me out. Well, since you're asking on a Cisco list, Ironport of course... But really - this is not the generic there are experts here, ask anything list. Otherwise the experts will go away, due to too much noise. gert, now waiting for the daily share of vacation autoreplies, thanks. -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgpEZih5sakch.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
On Dec 19, 2007, at 1:13 PM, Felix Nkansah wrote: Please share your experiences with me. There's a new list for people who run email services--mainly ISP oriented, but I don't see why a large enterprise couldn't benefit. Just be warned--Exchange and Barracuda are not well thought of on the list. mailop mailing list [EMAIL PROTECTED] http://chilli.nosignal.org/mailman/listinfo/mailop ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
You could buy appliances from Cisco Ironport. I heard that the largest ISP's in the world use it. Also, You can deploy a linux server with MailScanner + Antivirus + SpamAssassin as Gateway Antispam (installed IBM - xSeries 366), it works fine for me. Currently It blocks about 9 spams each day. Here a pic. 2007/12/19, Chris Boyd [EMAIL PROTECTED]: On Dec 19, 2007, at 1:13 PM, Felix Nkansah wrote: Please share your experiences with me. There's a new list for people who run email services--mainly ISP oriented, but I don't see why a large enterprise couldn't benefit. Just be warned--Exchange and Barracuda are not well thought of on the list. mailop mailing list [EMAIL PROTECTED] http://chilli.nosignal.org/mailman/listinfo/mailop ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
On 20/12/2007, at 4:15 PM, Pablo Almido wrote: You could buy appliances from Cisco Ironport. I heard that the largest ISP's in the world use it. IronPort may be owned by Cisco, but the IronPort appliances are not a Cisco product. One of the conditions negotiated by IronPort was that IronPort would remain independant of Cisco, i.e. they would not be renamed or merged into Cisco, and IronPort would continue to supply their own products and services. Therefore, if you buy an IronPort, you are buying an IronPort, not a Cisco. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I need help
-Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Felix Nkansah Sent: 19 December 2007 09:13 PM To: groupstudy; cisco-nsp@puck.nether.net Subject: [c-nsp] OT: How do you fight spam in your enterprise? I need help Hello, I know this aint necessarily cisco stuff, but please help me out. I've been having persistent problems with spam in my network. Email users (from my CEO to everyone) are complaining each day about the spam. We use Exchange server 2003. I should be glad that you share with me on how you manage and fight spam in your corporate networks. Is there a particular technology, software, appliance, etc you have deployed that has proven to be 98% effective? Are there any settings or features on Exchange I also need to enable or disable? Please share your experiences with me. We are an ISP and currently use PureMessage from Sophos, its and anti spam and antivirus solution its proved to be very effective and allows each users to also fine tune his or her spam filtering rules. We are also in the process of deploying an Ironport at some of the major internet exchange points as our primary MX like LINX and SAIX. One thing to note about the Ironport appliance is that its is expensive compared to most spam filtering solutions. HTH Cheers Peter Nyamukusa MCSE, MCSA:messaging, MCSA, MCP, CCIP, CCNA, A+, JNCIS, JNCIA Technical Manager Africa Online Swaziland Tel: +268 404 4705 Cell: +268 647 6448 Fax: +268 404 4783 Email: [EMAIL PROTECTED] AIM: petenya A member of the Telkom South Africa Group Thanks, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/