RE: [Declude.JunkMail] Fine tuning Declude

[SpamManager]

Hi Michael,

 

You're working too hard. Send a message to support @ Alligate.com and put
ATTN: Brian in the subject. We'll figure out something. I usually don't
see the license renewal things unless it is someone I deal with regularly,
which includes a lot of members of this list. Believe it or not we get a
fair number of people that say they haven't  used the product yet and really
just don't want to pay for it. Someone has to go back and do research in old
update logs to try and find evidence or lack thereof,  it and it can take
half a day. It probably would have been a good idea to let us know if there
were going to be deployment delays because we just make a note in the
database and it saves everyone a lot of frustration. In your case, it sounds
like we never heard anything until after the anniversary and the renewal
reminder went out.

 

Alligate is going to help you with a lot of this, and this is exactly what
it is for. 

 

Brian Milburn

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 12:25 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

That sounds like it would be fun to review, regardless.  I can dig up my old
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a
properly configured firewall, I imagine?  Mine was a local script that
uploaded.  I like your idea better, if I am reading it right.  With your
idea, I provide minimum requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 3:07 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

Hi Michael:

 

I have a Windows script that I use with a whole bunch of different Exchange
customers to pull their email addresses from their servers and dump them
into a small JET (.mdb = Access) Database.  It does have a few input
parameters where you configure the LDAP path to the mail domain (because
many Exchange customers have different schemes), the LDAP user/pwd, and
which alias domain names to generate.

 

I uses that list in a SQL query that my ORF gateway uses to block invalid
email address and outright terminate connections that have too many invalid
email addresses. If you have any use for it, I'll be happy to let you have
it. Instead of outputting database rows, you could certainly expand the
script to output a flat file instead or add alias items to the IMAIL
registry, etc.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 2:14 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

I wrote a batch file once on a number of the exchange servers that used VBS
and LDAP to generate a list of valid exchange recipients and then FTP them
to the server where a CF script parsed it clean.  I didn't quite know what
to do with them when they got there though (I was originally going to use
them in Alligate, but never got that up and going) and I don't have the full
granular cooperation of all the Exchange network peeps, only most of them,
so it was difficult to implement a one-size-fits-all policy regardless.

 

I'll put my thinking cap on.  

 

Another one of the problems is that most all of my clients don't want to
disable NDRs with whatever solution I come up with, which makes it fairly
impossible to avoid backscatter.  It goes in me one way, and out another :p

 

 

Very Respectfully, 

 

Michael Cummins 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] BackScatter

[SpamManager]

I might add that the Interceptor front end (Alligate) does have some
capabilities in this area. I am not really familiar with Hijack myself, but
Alligate tracks volume from every senders IP address regardless of whether
the message is incoming or outgoing. You can, for example, limit messages
from a particular client (or a user definable subnet range of that client)
to 'x' number of messages in 'x' minutes. You can also limit the number of
concurrent client connections to deal with multi-threaded spam blaster apps.
These features are designed primarily for incoming mail, however they work
equally well throttling outgoing email.

 

In order for a message to be counted as one hit, it must be a separate
connection. Messages with multiple CCs are only counted as a single hit. So
you can basically set it to reject connections with a 550 error if they send
more than 25 messages in 5 minutes, or whatever suits your needs. The client
will not be able to send a message again until they cease activity for 5
minutes or whatever you have set the time limit to be.

 

Specific IP addresses or ranges can also be excluded from volume metering if
you like.

 

Brian

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, May 18, 2009 1:53 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

That is correct, as Interceptor is a Gateway and runs outside the server as
opposed to inside the mail server. Declude Hijack is not supported with
Interceptor.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Robert
Grosshandler
Sent: Monday, May 18, 2009 4:32 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

From what I read, Interceptor (which we tried in its earlier incarnation,
eons ago) doesn't include the Hijack functionality (the design wouldn't
support it.)

 

Rob

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dan
Shadix
Sent: Monday, May 18, 2009 3:15 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

We've been running Declude Interceptor for a few months now and I agree
completely with David's comments.  It has been great and the transition was
very easy.  

 

Dan

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Monday, May 18, 2009 1:04 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

Hi Todd,

 

Alligate has way better greylisting capabilities than SmarterMail.
SmarterMails implementation is somewhat dangerous. You need to be able to
accurately qualify which messages should be greylisted. Alligate is the only
greylisting implementation that does this. I don't believe you would have
this problem if you were running Interceptor or the Alligate/Declude
combination, and I am sure other Alligate/Declude users would agree with me.


 

If you are interested, I can work with you to give you an upgrade path to
Declude Interceptor from your current license.

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
 mailto:dbar...@declude.com dbar...@declude.com

 

  _  

The information contained in this communication is privileged and
confidential. If you have received this communication in error, please
forward back to the sender and delete your copy immediately. You are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited.


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] BackScatter

[SpamManager]

Hi Mike, I can help with this.

 

Greylisting it tremendously effective however it can cause a lot of problems
if it is not done selectively. We worked closely with Matt Bramble and a few
other Declude power users to develop ways to apply greylisting only when
it is most likely to be beneficial. Blanket greylisting is dangerous in that
not everything plays well with greylisting. Also, you'll always have those
users who are expecting an immediate email from someone, and greylisting is
going to delay it if they have not successfully passed greylisting before. 

 

Rather than greylisting everyone (which you can do If you want), what we did
is to allow you to specify a number of criteria that will trigger
greylisting. In these cases, greylisting is not triggered until something
suspicious is encountered. Because Interceptor/Alligate is designed from the
ground up to examine every aspect of the SMTP conversation, there are
several points in the transaction where greylisting can be invoked. These
include the senders reputation based on our MXRate rating, the originating
country, volume, recent history, suspicious HELOs, blacklist hits, and
several other items.

 

This provides a much more effective way to employ greylisting without
inconveniencing most users or senders. In fact, most end users never realize
greylisting is being used. The idea here is to determine if something is
probably spam, and if we have reason to believe that it may be, then impose
a greylist check. You do not have to educate your users this way, and you
will have far less complaints.

 

Hope this helps.

 

Brian

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Graveen
Sent: Monday, May 18, 2009 3:57 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

Hi David,
Can you elaborate on why SmarterMail's greylisting is dangerous?  In
SmarterMail all mail gets greylisted until it passes.  When it passes
subsequent email get's whitelisted (for a period of time).  There is a
greylist exclusion list for mail server that are known not play well.  How
does this differ from the Alligate/Declude combination?

Thanks,

Mike

  _  

Hi Todd,

 

Alligate has way better greylisting capabilities than SmarterMail.
SmarterMails implementation is somewhat dangerous. You need to be able to
accurately qualify which messages should be greylisted. Alligate is the only
greylisting implementation that does this. I don't believe you would have
this problem if you were running Interceptor or the Alligate/Declude
combination, and I am sure other Alligate/Declude users would agree with me.


 

If you are interested, I can work with you to give you an upgrade path to
Declude Interceptor from your current license.

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
 mailto:dbar...@declude.com dbar...@declude.com

 

 

 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Todd
Richards
Sent: Saturday, May 16, 2009 6:11 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

Thanks Craig.  From all indications our server is tightened down pretty good
right now.  We moved from Imail to SM at the start of April, and I
implemented grey listing at the start of May.  So we did have a fair amount
of backscatter in between until I really understood what greylisting could
do. 

 

Unfortunately, I can't talk the bosses into dropping another $800 or so to
try and fix the problem.  I know others have used ASSP with success, so I
might look at that.  SmarterMail's greylisting seems to be a lot better than
what the rules in Declude offer.  

 

I might look at implementing ASSP in front of SM.  I've heard a lot of
people talk about the advantages of running something in front of your mail
server.  So it might be time.

 

Todd

 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Craig
Edmonds
Sent: Saturday, May 16, 2009 1:53 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] BackScatter

 

Hi Todd,

 

I think grey listing prevents backscatter coming INTO your mail server, it
does not prevent you getting on blacklists.

If you are on a blacklist then I think you need to figure out how your smtp
server is configured because it would indicate an issue somewhere. 

Since using Alligate (www.alligate.com http://www.alligate.com/ ) as the
first line of defence in front of declude, we have had zero black listings
and all the backscatter has disappeared. The backscatter rules in declude
really blow which is why I would highly recommend looking at Alligate as
your smtp gateway.

Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com http://www.123marbella.com/ 
E : cr...@123marbella.com

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Graveen
Sent: 16 May 2009 13:54
To: declude.junkmail@declude.com
Subject: re: 

Re: [Declude.JunkMail] Hard time with Drugs SPAM

[SpamManager]

Goran Jovanovic wrote:
Hi,
Are others out there having problems with this spate of SPAM that looks
like
Re: (75-31) Meddic.ations
Re: (66-66) Phar.maaccy
Re: [STL/79]-Medicattions
Etc
In the subject line.
Some of these are getting caught by SNIFFER, some by invURIBL but
nothing really consistently. So I get a lot tagged between 10 and 19
which meets the 10 is spam but nowhere close to delete 40.
I have been adding SUBJECT filters but that is a losing battle. At one
point I was monitoring what was coming through of this type of SPAM and
it was 33% of the 10 - 39 mail.
Anyone got some thoughts on killing this thing.
 

They all seem to be missing a Message-ID and they all have X-Priority 
set, but no X-Mailer in the headers.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SPAMD external program

[SpamManager]

Hi John, yep just pluggin' away here trying to save the world from 
blasted spam!

John Tolmachoff (Lists) wrote:
Why Hello Brian. Long time no see/hear/talk.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of SpamManager
Sent: Saturday, February 05, 2005 4:41 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] SPAMD external program
Declude processes are created by an Imail service application. I assume
it is the SMTP service, but can't remember for sure. By default all
services are created under the SYSTEM account. The system account has no
access rights to other machines. You need to change the service to Log
on as: to an administrator account that has permissions to access the
other machine.Unless there are some gotchas with Imail I am not aware
of when doing this, this will probably resolve your problem.
Nick wrote:
   

Declude Scott - or anyone else..
I am having difficulty getting an external program to run within
DJMP.
What I am trying to do is to poll SPAMD on a box other than the one
Declude is running on. From a command prompt on the declude box the
external programs work fine. But from within Declude nada.
Example -
this works fine from from dos
e:\spamc\winspamc.exe -d 12.152.254.xx -c   sample.txt
here is the  command in DJM that fails:
EXTERNAL.WINSPAMC external nonzero e:\spamc\winspamc.exe -d
12.152.254.xx -c  5   0
In the logs the program does run but always returns a '99' (fail)
This fails with Sandy's spamc32.exe as well - which started all
this... [And all works fine if all runs on the same box]
Is this a permissions issue or otherwise can you give me any ideas to
how to solve this?
Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus
 

(http://www.declude.com)]
 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

 

---
[This E-mail was scanned for viruses by Declude Virus
   

(http://www.declude.com)]
 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
   

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SPAMD external program

[SpamManager]

Declude processes are created by an Imail service application. I assume 
it is the SMTP service, but can't remember for sure. By default all 
services are created under the SYSTEM account. The system account has no 
access rights to other machines. You need to change the service to Log 
on as: to an administrator account that has permissions to access the 
other machine.Unless there are some gotchas with Imail I am not aware 
of when doing this, this will probably resolve your problem.

Nick wrote:
Declude Scott - or anyone else..
I am having difficulty getting an external program to run within 
DJMP.

What I am trying to do is to poll SPAMD on a box other than the one
Declude is running on. From a command prompt on the declude box the
external programs work fine. But from within Declude nada.
Example - 
this works fine from from dos
e:\spamc\winspamc.exe -d 12.152.254.xx -c 	sample.txt

here is the  command in DJM that fails:
EXTERNAL.WINSPAMC external nonzero e:\spamc\winspamc.exe -d 
12.152.254.xx -c 	5	0
In the logs the program does run but always returns a '99' (fail)

This fails with Sandy's spamc32.exe as well - which started all 
this... [And all works fine if all runs on the same box]

Is this a permissions issue or otherwise can you give me any ideas to
how to solve this? 

Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.