RE: [Declude.JunkMail] Fine tuning Declude
Hi Michael, You're working too hard. Send a message to support @ Alligate.com and put ATTN: Brian in the subject. We'll figure out something. I usually don't see the license renewal things unless it is someone I deal with regularly, which includes a lot of members of this list. Believe it or not we get a fair number of people that say they haven't used the product yet and really just don't want to pay for it. Someone has to go back and do research in old update logs to try and find evidence or lack thereof, it and it can take half a day. It probably would have been a good idea to let us know if there were going to be deployment delays because we just make a note in the database and it saves everyone a lot of frustration. In your case, it sounds like we never heard anything until after the anniversary and the renewal reminder went out. Alligate is going to help you with a lot of this, and this is exactly what it is for. Brian Milburn From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Cummins Sent: Wednesday, May 12, 2010 12:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Fine tuning Declude That sounds like it would be fun to review, regardless. I can dig up my old script and post it, too. Mine is pretty primitive: spew and parse. Does it reach out to LDAP from the internet side of things, through a properly configured firewall, I imagine? Mine was a local script that uploaded. I like your idea better, if I am reading it right. With your idea, I provide minimum requirements instead of installation steps. Very Respectfully, Michael Cummins From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 3:07 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Fine tuning Declude Hi Michael: I have a Windows script that I use with a whole bunch of different Exchange customers to pull their email addresses from their servers and dump them into a small JET (.mdb = Access) Database. It does have a few input parameters where you configure the LDAP path to the mail domain (because many Exchange customers have different schemes), the LDAP user/pwd, and which alias domain names to generate. I uses that list in a SQL query that my ORF gateway uses to block invalid email address and outright terminate connections that have too many invalid email addresses. If you have any use for it, I'll be happy to let you have it. Instead of outputting database rows, you could certainly expand the script to output a flat file instead or add alias items to the IMAIL registry, etc. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Cummins Sent: Wednesday, May 12, 2010 2:14 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Fine tuning Declude I wrote a batch file once on a number of the exchange servers that used VBS and LDAP to generate a list of valid exchange recipients and then FTP them to the server where a CF script parsed it clean. I didn't quite know what to do with them when they got there though (I was originally going to use them in Alligate, but never got that up and going) and I don't have the full granular cooperation of all the Exchange network peeps, only most of them, so it was difficult to implement a one-size-fits-all policy regardless. I'll put my thinking cap on. Another one of the problems is that most all of my clients don't want to disable NDRs with whatever solution I come up with, which makes it fairly impossible to avoid backscatter. It goes in me one way, and out another :p Very Respectfully, Michael Cummins --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BackScatter
I might add that the Interceptor front end (Alligate) does have some capabilities in this area. I am not really familiar with Hijack myself, but Alligate tracks volume from every senders IP address regardless of whether the message is incoming or outgoing. You can, for example, limit messages from a particular client (or a user definable subnet range of that client) to 'x' number of messages in 'x' minutes. You can also limit the number of concurrent client connections to deal with multi-threaded spam blaster apps. These features are designed primarily for incoming mail, however they work equally well throttling outgoing email. In order for a message to be counted as one hit, it must be a separate connection. Messages with multiple CCs are only counted as a single hit. So you can basically set it to reject connections with a 550 error if they send more than 25 messages in 5 minutes, or whatever suits your needs. The client will not be able to send a message again until they cease activity for 5 minutes or whatever you have set the time limit to be. Specific IP addresses or ranges can also be excluded from volume metering if you like. Brian From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, May 18, 2009 1:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter That is correct, as Interceptor is a Gateway and runs outside the server as opposed to inside the mail server. Declude Hijack is not supported with Interceptor. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Robert Grosshandler Sent: Monday, May 18, 2009 4:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter From what I read, Interceptor (which we tried in its earlier incarnation, eons ago) doesn't include the Hijack functionality (the design wouldn't support it.) Rob From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dan Shadix Sent: Monday, May 18, 2009 3:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter We've been running Declude Interceptor for a few months now and I agree completely with David's comments. It has been great and the transition was very easy. Dan From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, May 18, 2009 1:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter Hi Todd, Alligate has way better greylisting capabilities than SmarterMail. SmarterMails implementation is somewhat dangerous. You need to be able to accurately qualify which messages should be greylisted. Alligate is the only greylisting implementation that does this. I don't believe you would have this problem if you were running Interceptor or the Alligate/Declude combination, and I am sure other Alligate/Declude users would agree with me. If you are interested, I can work with you to give you an upgrade path to Declude Interceptor from your current license. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com _ The information contained in this communication is privileged and confidential. If you have received this communication in error, please forward back to the sender and delete your copy immediately. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BackScatter
Hi Mike, I can help with this. Greylisting it tremendously effective however it can cause a lot of problems if it is not done selectively. We worked closely with Matt Bramble and a few other Declude power users to develop ways to apply greylisting only when it is most likely to be beneficial. Blanket greylisting is dangerous in that not everything plays well with greylisting. Also, you'll always have those users who are expecting an immediate email from someone, and greylisting is going to delay it if they have not successfully passed greylisting before. Rather than greylisting everyone (which you can do If you want), what we did is to allow you to specify a number of criteria that will trigger greylisting. In these cases, greylisting is not triggered until something suspicious is encountered. Because Interceptor/Alligate is designed from the ground up to examine every aspect of the SMTP conversation, there are several points in the transaction where greylisting can be invoked. These include the senders reputation based on our MXRate rating, the originating country, volume, recent history, suspicious HELOs, blacklist hits, and several other items. This provides a much more effective way to employ greylisting without inconveniencing most users or senders. In fact, most end users never realize greylisting is being used. The idea here is to determine if something is probably spam, and if we have reason to believe that it may be, then impose a greylist check. You do not have to educate your users this way, and you will have far less complaints. Hope this helps. Brian From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Graveen Sent: Monday, May 18, 2009 3:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter Hi David, Can you elaborate on why SmarterMail's greylisting is dangerous? In SmarterMail all mail gets greylisted until it passes. When it passes subsequent email get's whitelisted (for a period of time). There is a greylist exclusion list for mail server that are known not play well. How does this differ from the Alligate/Declude combination? Thanks, Mike _ Hi Todd, Alligate has way better greylisting capabilities than SmarterMail. SmarterMails implementation is somewhat dangerous. You need to be able to accurately qualify which messages should be greylisted. Alligate is the only greylisting implementation that does this. I don't believe you would have this problem if you were running Interceptor or the Alligate/Declude combination, and I am sure other Alligate/Declude users would agree with me. If you are interested, I can work with you to give you an upgrade path to Declude Interceptor from your current license. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd Richards Sent: Saturday, May 16, 2009 6:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter Thanks Craig. From all indications our server is tightened down pretty good right now. We moved from Imail to SM at the start of April, and I implemented grey listing at the start of May. So we did have a fair amount of backscatter in between until I really understood what greylisting could do. Unfortunately, I can't talk the bosses into dropping another $800 or so to try and fix the problem. I know others have used ASSP with success, so I might look at that. SmarterMail's greylisting seems to be a lot better than what the rules in Declude offer. I might look at implementing ASSP in front of SM. I've heard a lot of people talk about the advantages of running something in front of your mail server. So it might be time. Todd From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig Edmonds Sent: Saturday, May 16, 2009 1:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BackScatter Hi Todd, I think grey listing prevents backscatter coming INTO your mail server, it does not prevent you getting on blacklists. If you are on a blacklist then I think you need to figure out how your smtp server is configured because it would indicate an issue somewhere. Since using Alligate (www.alligate.com http://www.alligate.com/ ) as the first line of defence in front of declude, we have had zero black listings and all the backscatter has disappeared. The backscatter rules in declude really blow which is why I would highly recommend looking at Alligate as your smtp gateway. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com http://www.123marbella.com/ E : cr...@123marbella.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Graveen Sent: 16 May 2009 13:54 To: declude.junkmail@declude.com Subject: re:
Re: [Declude.JunkMail] Hard time with Drugs SPAM
Goran Jovanovic wrote: Hi, Are others out there having problems with this spate of SPAM that looks like Re: (75-31) Meddic.ations Re: (66-66) Phar.maaccy Re: [STL/79]-Medicattions Etc In the subject line. Some of these are getting caught by SNIFFER, some by invURIBL but nothing really consistently. So I get a lot tagged between 10 and 19 which meets the 10 is spam but nowhere close to delete 40. I have been adding SUBJECT filters but that is a losing battle. At one point I was monitoring what was coming through of this type of SPAM and it was 33% of the 10 - 39 mail. Anyone got some thoughts on killing this thing. They all seem to be missing a Message-ID and they all have X-Priority set, but no X-Mailer in the headers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMD external program
Hi John, yep just pluggin' away here trying to save the world from blasted spam! John Tolmachoff (Lists) wrote: Why Hello Brian. Long time no see/hear/talk. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of SpamManager Sent: Saturday, February 05, 2005 4:41 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] SPAMD external program Declude processes are created by an Imail service application. I assume it is the SMTP service, but can't remember for sure. By default all services are created under the SYSTEM account. The system account has no access rights to other machines. You need to change the service to Log on as: to an administrator account that has permissions to access the other machine.Unless there are some gotchas with Imail I am not aware of when doing this, this will probably resolve your problem. Nick wrote: Declude Scott - or anyone else.. I am having difficulty getting an external program to run within DJMP. What I am trying to do is to poll SPAMD on a box other than the one Declude is running on. From a command prompt on the declude box the external programs work fine. But from within Declude nada. Example - this works fine from from dos e:\spamc\winspamc.exe -d 12.152.254.xx -c sample.txt here is the command in DJM that fails: EXTERNAL.WINSPAMC external nonzero e:\spamc\winspamc.exe -d 12.152.254.xx -c 5 0 In the logs the program does run but always returns a '99' (fail) This fails with Sandy's spamc32.exe as well - which started all this... [And all works fine if all runs on the same box] Is this a permissions issue or otherwise can you give me any ideas to how to solve this? Thanks! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMD external program
Declude processes are created by an Imail service application. I assume it is the SMTP service, but can't remember for sure. By default all services are created under the SYSTEM account. The system account has no access rights to other machines. You need to change the service to Log on as: to an administrator account that has permissions to access the other machine.Unless there are some gotchas with Imail I am not aware of when doing this, this will probably resolve your problem. Nick wrote: Declude Scott - or anyone else.. I am having difficulty getting an external program to run within DJMP. What I am trying to do is to poll SPAMD on a box other than the one Declude is running on. From a command prompt on the declude box the external programs work fine. But from within Declude nada. Example - this works fine from from dos e:\spamc\winspamc.exe -d 12.152.254.xx -c sample.txt here is the command in DJM that fails: EXTERNAL.WINSPAMC external nonzero e:\spamc\winspamc.exe -d 12.152.254.xx -c 5 0 In the logs the program does run but always returns a '99' (fail) This fails with Sandy's spamc32.exe as well - which started all this... [And all works fine if all runs on the same box] Is this a permissions issue or otherwise can you give me any ideas to how to solve this? Thanks! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.