Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pablo Almido Sent: Wednesday, December 19, 2007 9:15 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp You could buy appliances from Cisco Ironport. I heard that the largest ISP's in the world use it. I don't believe that is true. The largest e-mail handing ISP in the world is AOL and I know they use a custom-written in-house solution. The top postmaster there has written and spoken many times about anti-spam measures. From a cost standpoint for the largest ISP's it would be cheaper to hire a programmer to write a spam solution than to pay a software company the licensing fee for a commercial product. The expensive commercial spamfiltering solutions only make sense for mid-tier ISPs, that is, the ISPs that have networks too big for a single admin to do everything, but are not large enough to be capitalized to the extent that they can hire a programming team to just chase spam. They have enough money to pay a commercial firm to do it, but not enough money to hire a warm body and put them on staff to do it. Keep in mind also that ISPs like AOL also file lawsuits - chasing spammers is a profit center for them. Thus the need for inhouse staff for expert testimoney and working with law enforcement and such. Ted ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp
On Thu, 20 Dec 2007, Ted Mittelstaedt wrote: The expensive commercial spamfiltering solutions only make sense for mid-tier ISPs, that is, the ISPs that have networks too big for a single admin to do everything, but are not large enough to be capitalized to the extent that they can hire a programming team to just chase spam. They have enough money to pay a commercial firm to do it, but not enough money to hire a warm body and put them on staff to do it. Our solution: FreeBSD boxes running postfix interfacing with amavisd-new, which scans the mail with ClamAV (with the additional 3rd party dbs), and also with spamassassin (with DCC, RAZOR, FuzzyOCR). L4 switch on the front, MySQL and NFS on the back...private DCC as well as DNS mirroring of the RBLs. Custom web interface for the customers to enable individual management of filter settings and white/black lists. Tools to monitor the queue sizes. I would consider this a very commonly used solution, it's not like we're doing anything special. While installing, configuring, and tweaking everything from scratch does take every bit of 5 hours, perhaps several days if you aren't familiar with the process, implementing additional servers to accomodate the increasing load takes us less than 30 minutes, as they are implemented by booting the FreeBSD install disk, going into a fixit shell, mounting a fileserver, and restoring from a dump (changing a couple of config files). Takes about 30 minutes total, most of which is waiting for the restore to complete. I don't think the amount of time required to manage the actual mail infrastructure (the abuse mail being a seperate issue) scales with volume, unless you implement a solution that doesn't scale. I would assume most of the companies using a commercial mail product are companies without technical talent. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp
-Original Message- From: Andy Dills [mailto:[EMAIL PROTECTED] Sent: Thursday, December 20, 2007 2:37 AM To: Ted Mittelstaedt Cc: Pablo Almido; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp On Thu, 20 Dec 2007, Ted Mittelstaedt wrote: The expensive commercial spamfiltering solutions only make sense for mid-tier ISPs, that is, the ISPs that have networks too big for a single admin to do everything, but are not large enough to be capitalized to the extent that they can hire a programming team to just chase spam. They have enough money to pay a commercial firm to do it, but not enough money to hire a warm body and put them on staff to do it. Our solution: FreeBSD boxes running postfix interfacing with amavisd-new, which scans the mail with ClamAV (with the additional 3rd party dbs), and also with spamassassin (with DCC, RAZOR, FuzzyOCR). L4 switch on the front, MySQL and NFS on the back...private DCC as well as DNS mirroring of the RBLs. Custom web interface for the customers to enable individual management of filter settings and white/black lists. Tools to monitor the queue sizes. I would consider this a very commonly used solution, it's not like we're doing anything special. You can also use mailscanner instead of amavisd-new, and you can use sendmail instead of postfix Another option is dspam. I've run all of these. You did forgot one piece though - the hookup to have the BSD box query the exchange server via ldap to see if an incoming recipient actually exists on the exchange server, and bounce it if the userID doesen't. While installing, configuring, and tweaking everything from scratch does take every bit of 5 hours, perhaps several days if you aren't familiar with the process, implementing additional servers to accomodate the increasing load takes us less than 30 minutes, as they are implemented by booting the FreeBSD install disk, going into a fixit shell, mounting a fileserver, and restoring from a dump (changing a couple of config files). Takes about 30 minutes total, most of which is waiting for the restore to complete. Until a new version of FreeBSD comes out in which case you have to spend the 5 hours again loading everything to create your image server. You also need to use identical hardware for your servers. The Windows people do this with Symantec ghost. Novell also used to have a utility that imaged disks. You can just use dd you don't need to use restore. Yes, there's lots of ways to skin the cat. I don't think the amount of time required to manage the actual mail infrastructure (the abuse mail being a seperate issue) scales with volume, unless you implement a solution that doesn't scale. I would assume most of the companies using a commercial mail product are companies without technical talent. I don't agree. I think most of them have technical talent but they are regarding mail as a nuisance. Their talents are in other areas. For sure, cable providers (comcast, etc.) are like this. Their main money is selling TV shows. The Internet is a sideline they run to get people hooked on the TV content. If they have the technical talent in the ISP side they might use it, but I would guess when they are hiring, they are looking for technical people that know how to deliver television shows first, Internet last. We definitely make far more money building, installing and selling mailservers to corporations, than selling mailboxes to ISP customers. If we didn't have revenue coming in for building corporate mailservers, I cannot imagine how it would be possible to justify spending money on decent technical talent for ISP mail. The economic return on it just stinks. Ted ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp
+1 We run a Barracuda 400 in front of our Exchange server and see essentially nothing in the way of SPAM. The price point on their hardware is great, updates are frequent and reflect community demand, and their support is better than most. To say it's 98% effective would be low-balling :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Fronk Sent: Wednesday, December 19, 2007 11:19 AM To: Felix Nkansah; groupstudy; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OT: How do you fight spam in your enterprise? I needhelp BARRACUDA. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felix Nkansah Sent: Wednesday, December 19, 2007 2:13 PM To: groupstudy; cisco-nsp@puck.nether.net Subject: [c-nsp] OT: How do you fight spam in your enterprise? I need help Hello, I know this aint necessarily cisco stuff, but please help me out. I've been having persistent problems with spam in my network. Email users (from my CEO to everyone) are complaining each day about the spam. We use Exchange server 2003. I should be glad that you share with me on how you manage and fight spam in your corporate networks. Is there a particular technology, software, appliance, etc you have deployed that has proven to be 98% effective? Are there any settings or features on Exchange I also need to enable or disable? Please share your experiences with me. Thanks, Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Davis H. Elliot Company company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
