RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Since we are running IMail (ie Windows) what is the performance of the Windows DNS service? I know that it works but how good/fast is it? If you are going to run a Windows DNS server would you recommend running it on the IMail box or on another one? The performance isn't as important as the reliability, which isn't that high. I would recommend using BIND instead (we actually run BIND on our IMail server, and it works flawlessly). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Scott, The performance isn't as important as the reliability, which isn't that high. I would recommend using BIND instead (we actually run BIND on our IMail server, and it works flawlessly). I thought that BIND was the DNS that runs on *NIX. I guess they have ported it. Is BIND free? If so where do you download it from? Is it a purchased product? Goran --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
I thought that BIND was the DNS that runs on *NIX. I guess they have ported it. It's been available on Windows for quite some time -- it just isn't as popular on Windows. I don't know why, though. Is BIND free? If so where do you download it from? Is it a purchased product? It is free, from http://www.isc.org/ (they only supply the source code, though). You can go to http://bind8nt.meiway.com/ for help with BIND (it talks about BIND v8, but the BIND v9 works about the same way). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 7:10 AM Subject: RE: [Declude.JunkMail] Nameserver issues and Spam fighting Since we are running IMail (ie Windows) what is the performance of the Windows DNS service? I know that it works but how good/fast is it? If you are going to run a Windows DNS server would you recommend running it on the IMail box or on another one? The performance isn't as important as the reliability, which isn't that high. I would recommend using BIND instead (we actually run BIND on our IMail server, and it works flawlessly). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Scott: Is there any advantage performance wise to run the DNS on the same machine as Imail?? I am putting up a new mail server and we are looking at implemented a DNS server with a sole function of supporting mail. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 8:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Is there any advantage performance wise to run the DNS on the same machine as Imail?? I am putting up a new mail server and we are looking at implemented a DNS server with a sole function of supporting mail. With DNS running on the IMail server, there would be a slight performance hit, but it should not be noticeable. A single DNS server should be able to handle 1,000s of queries per second, whereas most mailservers would likely only have 10s of queries per second at most. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. The easy answer to this is to use your own DNS servers -- if you do (and they are decent DNS servers; BIND is preferred), you won't be subject to the restrictions of ATT, Sprint, and others that block spam database lookups. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Chuck, Your most efficient option would be to run your own DNS server. Then YOU control the query volumes, and no longer rely on ATT. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, April 22, 2004 11:16 AM To: Declude. JunkMail Subject: [Declude.JunkMail] Nameserver issues and Spam fighting With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more DNS timeouts which result in more spam getting through. Anyone else perceive this as a problem that will only get worse? Anyone have any suggestions to make the DNS lookup process more efficient? It would be nice feature if we could bypass some of the DNS lookups if the email scored over a certain amount which would allow some of the email to bypass the lookups thereby reducing the load. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
I guess I was not clear. I do not use ATT (for anything) but we have seen the load increase so much on our own name servers that we are adding more. I only use ATT as a reference point - they must have decided the load was too much to take such drastic action. Many desktop Spam filters are now incorporating blacklist lookups. It is one thing to have mail servers and gateways doing lookups but if end users start doing them it is only going to increase the congestion. The timeouts are from the blacklists not our name servers. I think this is going to be a bigger problem as time goes. We are probably going to do zone transfers on as many of the blacklists as possible and make our own nameservers authoritative for those zones within our network. Maybe I am the only one that sees this as an issue. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Sent: Thursday, April 22, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Nameserver issues and Spam fighting Chuck, Your most efficient option would be to run your own DNS server. Then YOU control the query volumes, and no longer rely on ATT. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, April 22, 2004 11:16 AM To: Declude. JunkMail Subject: [Declude.JunkMail] Nameserver issues and Spam fighting With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more DNS timeouts which result in more spam getting through. Anyone else perceive this as a problem that will only get worse? Anyone have any suggestions to make the DNS lookup process more efficient? It would be nice feature if we could bypass some of the DNS lookups if the email scored over a certain amount which would allow some of the email to bypass the lookups thereby reducing the load. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
I guess I was not clear. I do not use ATT (for anything) but we have seen the load increase so much on our own name servers that we are adding more. How many E-mails do you send/receive per day? How many spam databases do you query for each E-mail? At 100,000 E-mails/day and 20 DNS queries per E-mail, that's 2,000,000 DNS queries a day -- which sounds like a lot, but that's only 23 per second, less than 1% of the load that some DNS servers handle. We have a DNS server here that often handles 20+ queries per second, and the CPU load is negligible. I only use ATT as a reference point - they must have decided the load was too much to take such drastic action. Correct -- at 1,000 business customers with those 100,000 E-mails/day and 20 DNS queries each, you're talking 2 billion lookups a day, which starts to add up. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
At 12:16 PM 4/22/2004, you wrote: With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more DNS timeouts which result in more spam getting through. Anyone else perceive this as a problem that will only get worse? Anyone have any suggestions to make the DNS lookup process more efficient? We are working on an add-on to Message Sniffer called IPDB which will collaborate to generate statistics on IPs from multiple research points. In addition to collaborative data, local data for IPs can be added through alternate processes. One of those will be to scan a user defined list of DNS BLs to produce a local IPDB entry based on the combined results. With this arrangement local queries will always be very quick (sub 200ms including the heuristics scan). If an IP is unknown by the local group then the first query to IPDB may be indeterminate - but subsequent queries will have good statistics available based on the local rules and those results will be pushed to the local peer group as well. IPDB can afford to be patient with it's queries - and will make fewer of them since each IPDB node collaborates with a number of trusted peers. If the system catches on then IPDB protocols may provide an alternative publication method for black lists - but that's thinking too far ahead at this point. IPDB will also rank both negative and positive going IP data so that IPs not producing spam can be scored negatively to mitigate false positives. IPDB will also be able to make an educated guess on network blocks based on the data available at the time of the query - so that if 50% of the IPs in a network block are 100% spam and none of the others have been heard from, a new query to that block _may_ result in a strong spam probability. This will help to mitigate any delays in pending DNS queries. Finally a wave-front detection mechanism that can be built into IPDB will be able to detect new sources of spam/malware by aggregating announcements of new IP sources from local peers. In theory if a new machine gets zombied by spammers or a virus then that IP source will be new to a great number of servers in a short period. Each IPDB peer detecting the new IP source will announce the hit to it's neighbors. If enough neoghbors pick up on the new source within a given threshold then they will begin weighting the source negatively - if the source is very aggressive then it _may_ be blacklisted on a number of systems in the group - and that event also will be published. The result is that a newly infected machine or new spam source can be detected and effectively shut down before any ordinary BL process or even virus protection mechanism can respond. Tools can be added to alert researchers and system admins of new threats detected by the wave-front detection mechanism so that new virii worms might be researched more quickly - and in the case of a false positive an admin can intervene quickly (even before the end users are aware) to white the source... This event would also be propagated through the peer groups. Tools will be available to drive ACLs from the IPDB as well so that consistently bad sources might be blocked at gateway routers and/or servers. Those are some of the plans anyway... _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
Some very good ideas here. Thanks, Pete. Darin. - Original Message - From: Pete McNeil [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 22, 2004 1:49 PM Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting At 12:16 PM 4/22/2004, you wrote: With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more DNS timeouts which result in more spam getting through. Anyone else perceive this as a problem that will only get worse? Anyone have any suggestions to make the DNS lookup process more efficient? We are working on an add-on to Message Sniffer called IPDB which will collaborate to generate statistics on IPs from multiple research points. In addition to collaborative data, local data for IPs can be added through alternate processes. One of those will be to scan a user defined list of DNS BLs to produce a local IPDB entry based on the combined results. With this arrangement local queries will always be very quick (sub 200ms including the heuristics scan). If an IP is unknown by the local group then the first query to IPDB may be indeterminate - but subsequent queries will have good statistics available based on the local rules and those results will be pushed to the local peer group as well. IPDB can afford to be patient with it's queries - and will make fewer of them since each IPDB node collaborates with a number of trusted peers. If the system catches on then IPDB protocols may provide an alternative publication method for black lists - but that's thinking too far ahead at this point. IPDB will also rank both negative and positive going IP data so that IPs not producing spam can be scored negatively to mitigate false positives. IPDB will also be able to make an educated guess on network blocks based on the data available at the time of the query - so that if 50% of the IPs in a network block are 100% spam and none of the others have been heard from, a new query to that block _may_ result in a strong spam probability. This will help to mitigate any delays in pending DNS queries. Finally a wave-front detection mechanism that can be built into IPDB will be able to detect new sources of spam/malware by aggregating announcements of new IP sources from local peers. In theory if a new machine gets zombied by spammers or a virus then that IP source will be new to a great number of servers in a short period. Each IPDB peer detecting the new IP source will announce the hit to it's neighbors. If enough neoghbors pick up on the new source within a given threshold then they will begin weighting the source negatively - if the source is very aggressive then it _may_ be blacklisted on a number of systems in the group - and that event also will be published. The result is that a newly infected machine or new spam source can be detected and effectively shut down before any ordinary BL process or even virus protection mechanism can respond. Tools can be added to alert researchers and system admins of new threats detected by the wave-front detection mechanism so that new virii worms might be researched more quickly - and in the case of a false positive an admin can intervene quickly (even before the end users are aware) to white the source... This event would also be propagated through the peer groups. Tools will be available to drive ACLs from the IPDB as well so that consistently bad sources might be blocked at gateway routers and/or servers. Those are some of the plans anyway... _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Scott, The easy answer to this is to use your own DNS servers -- if you do (and they are decent DNS servers; BIND is preferred), you won't be subject to the restrictions of ATT, Sprint, and others that block spam database lookups. Since we are running IMail (ie Windows) what is the performance of the Windows DNS service? I know that it works but how good/fast is it? If you are going to run a Windows DNS server would you recommend running it on the IMail box or on another one? Goran --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
