Re: [WISPA] Barracuda outbounds SPAM filter any good?
I would like to note on this list as I did recently on another. The term IT professional is used too loosely. There are few true IT professionals anymore. There are many people who took a cert or two (or worse, got a degree) and know their way around Spybot. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "Scott Lambert" Sent: Friday, January 09, 2009 3:22 PM To: "WISPA General List" Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > On Fri, Jan 09, 2009 at 01:42:15PM -0600, David E. Smith wrote: >> Scott Lambert wrote: >> > Have your techs look at each cutomer's password every time they talk >> > to a customer. The customer is already on the phone, "Dang, forgot my >> > password again." Help them to choose a better password. >> >> Doesn't help, when the problem is their PC has keylogger software on it >> that sends their new password off to Lower Elbonia. > > It does help with the compromises. If the account is compromised twice, > the customer has to bring in a "Doctor's note" saying that the system > has been certified clean by some local, reputable, computer store, > FOR THEIR PROTECTION, and yours. If a customer with a dirty computer > refuses to clean it up and you don't remove their access, your mail > servers will be blacklisted and all of your customers will be, hmm, > let's call it slightly peeved? It can cost less to fire the customer. > > Customers often think they are "good with computers" and can use Windows > Anti-Virus 2008/2009 to clean their own computer. We give them one > chance to take care of it themselves. Then they have to have it done by > a professional. > > After paying to have the computer cleaned a few times, they begin to > believe us when we say that buying good anti-virus/spyware software, > yearly, is cheap. > > Most of the relays via webmail or SMTP AUTH we have seen have been for > users with stupid passwords, or users who fell for a phishing message. > The compromised computers tend to send mail from their computer either > directly or via our mail servers. The preemptive changing of weak > passwords will head off a significant portion of successful relays. > > -- > Scott LambertKC5MLE Unix > SysAdmin > lamb...@lambertfam.org > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
They don't to spoof an email, they do to log into your webmail account and send email as you. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "Jeff Broadwick" Sent: Friday, January 09, 2009 12:48 PM To: "'WISPA General List'" Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > I didn't think they needed a password to spoof your email addy? > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Mike Hammett > Sent: Friday, January 09, 2009 12:52 AM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > What about forcing those accounts to change paswords? > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > -- > From: "David E. Smith" > Sent: Thursday, January 08, 2009 3:31 PM > To: "WISPA General List" > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > >> os10ru...@gmail.com wrote: >>> It sounds like what you really have to do is tighten up your webmail. >>> It's better to fix that than to put a band-aid on it. Though a good >>> smtp spam filter is never a bad idea. >> >> The problem is that the Web mail isn't broken, as such. The "attackers" >> are using legitimate credentials to log in and send mail. >> >> Unfortunately, the mail software in question doesn't have rate-limits >> on a per-sender basis. I know, I should join the rest of you in the >> early 21st century. >> >> Anyone know of a reliable IIS geolocation filter? That'd solve the >> problem in an even more crazy roundabout way. >> >> David Smith >> MVN.net >> >> >> -- >> -- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -- >> -- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
In the Barracuda, under Basic>Administration at the bottom of the page, you choose the direction, inbound or outbound. If you click on Advanced, you should have an Outbound/Relay tab. If you set this to allow your email server to relay through the Barracuda, it will log your messages and do some basic scrubbing on the outbound messages. From a message on the Barracuda Forum There is some filtering which is done, mainly viruses, for outgoing email, but not all of the other filters are applied. We ended up getting a filter for outgoing to be able to limit what can be sent (ie. filter based on phishing attempts which make it through so that users can not reply). The real question is what is the audit trying to correct. Once you know that, then you can determine (by perhaps asking) if using the Barracuda for outgoing will solve those issues. In general, it is useful to have the mail routed through the Barracuda, as long as your box is fast enough to deal with all the email. It is quite helpful if email is reported as spam so that you can track it down (typically the debug header line is not removed). This is especially important if the message is not spam. John David E. Smith wrote: > Kurt Fankhauser wrote: > >> According to the website one box is capable of running as either/or. (I >> thought) >> > > But not both at the same time :( > > David Smith > MVN.net > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
If you have an inbound box, you can use it as an outbound relay. You don't get the full functionality as you would with a dedicated outbound box, but you do get some functionality, especially since you can see all inbound and outbound messages in the log. John Kurt Fankhauser wrote: > According to the website one box is capable of running as either/or. (I > thought) > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of John Thomas > Sent: Thursday, January 08, 2009 9:29 PM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > Are you guys using the outbound feature on your inbound Barracudas? It > doesn't do as full a job as a outbound box, but it may help your problem. > > John > > > Kurt Fankhauser wrote: > >> Does anyone use the Barracuda's for outbound spam filtering and is it as >> good as the inbound version? I need to keep my mail server from getting >> blacklisted and am looking for a way to do it. Apparently someone is using >> my server to relay spam, (I am using pop before smtp so they must be >> authenticating first.) Also is it possible to use the outbound if you have >> outsourced email services, aka "Jumpline" ??? >> >> >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> >> >> >> >> >> >> >> >> > > > >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> > > > >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
On Fri, Jan 09, 2009 at 01:42:15PM -0600, David E. Smith wrote: > Scott Lambert wrote: > > Have your techs look at each cutomer's password every time they talk > > to a customer. The customer is already on the phone, "Dang, forgot my > > password again." Help them to choose a better password. > > Doesn't help, when the problem is their PC has keylogger software on it > that sends their new password off to Lower Elbonia. It does help with the compromises. If the account is compromised twice, the customer has to bring in a "Doctor's note" saying that the system has been certified clean by some local, reputable, computer store, FOR THEIR PROTECTION, and yours. If a customer with a dirty computer refuses to clean it up and you don't remove their access, your mail servers will be blacklisted and all of your customers will be, hmm, let's call it slightly peeved? It can cost less to fire the customer. Customers often think they are "good with computers" and can use Windows Anti-Virus 2008/2009 to clean their own computer. We give them one chance to take care of it themselves. Then they have to have it done by a professional. After paying to have the computer cleaned a few times, they begin to believe us when we say that buying good anti-virus/spyware software, yearly, is cheap. Most of the relays via webmail or SMTP AUTH we have seen have been for users with stupid passwords, or users who fell for a phishing message. The compromised computers tend to send mail from their computer either directly or via our mail servers. The preemptive changing of weak passwords will head off a significant portion of successful relays. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Great points. We also found that if we allowed a portal for the end user to change their password, that they'd chang it back to something easy, like the same thing as their user name. Custoemrs don;t worry about security, as much as they worry about forgetting their passwords. We found a policy had to be put in place, to make sure end users could not use/select to easy to guess/hack passwords. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Scott Lambert" To: "WISPA General List" Sent: Friday, January 09, 2009 2:08 PM Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > On Fri, Jan 09, 2009 at 11:35:57AM -0600, David E. Smith wrote: >> Mike Hammett wrote: >> > What about forcing those accounts to change paswords? >> >> I've been doing that - again, I'm trying to be proactive rather than >> reactive. If I told my boss "yeah, we need to change everyone's >> password" he'd laugh at me. And not in a funny-ha-ha way. > > Have your techs look at each cutomer's password every time they talk > to a customer. The customer is already on the phone, "Dang, forgot my > password again." Help them to choose a better password. > > We are gradually correcting years of allowing horrible passwords here. > Who thought it was a good idea to let users' passwords be exactly the > same as their username? > > Query your database for things like the above and force those customers > to change their passwords *now*. > > At this point, I'm becoming more amenable to asking the customer to tape > their password to the bottom of their keyboard, or write it on a card in > their wallet rather than trying to get them to remember anything. Their > keyboard/wallet is likely physicaly more secure than any password they > will choose for themselves. > > If they are compromised, blackhole them. Make them call you to find out > that their private information has been shared with one or more thugs in > Russia, or China, or Milwalkee (no offense intended to anyone from any > of these locations). Scare the bejeebers out of them. They need it if > they are going to be even remotely safe online. > > Sign up for all the e-mail feedback loops you can. Those will get you > the original spam messages with full headers so you can accurately > identify your compromised customer. People don't bother reporting the > spam they recieve to the originating ISP anymore. A feedback loop may > provide you with your first indication that one of your customers' > account has been compromised. That will let you kill them sooner to > lessen the damage. > > If your mail/webmail server doesn't include the submitting IP for each > message in the headers or at least something that ties it to a log entry > which does contain the IP and timestamp, get new software. > > There are many other things you can find to do with a little time on > Google. > > -- > Scott LambertKC5MLE Unix > SysAdmin > lamb...@lambertfam.org > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -- > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.552 / Virus Database: 270.10.5/1884 - Release Date: 1/9/2009 > 8:38 AM > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Scott Lambert wrote: > Have your techs look at each cutomer's password every time they talk > to a customer. The customer is already on the phone, "Dang, forgot my > password again." Help them to choose a better password. Doesn't help, when the problem is their PC has keylogger software on it that sends their new password off to Lower Elbonia. > Sign up for all the e-mail feedback loops you can. I'm on the AOL and Hotmail ones; does Yahoo! operate anything similar, that you know of? David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Thanks for the advice, are you a Ham radio operator? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Scott Lambert Sent: Friday, January 09, 2009 2:08 PM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? On Fri, Jan 09, 2009 at 11:35:57AM -0600, David E. Smith wrote: > Mike Hammett wrote: > > What about forcing those accounts to change paswords? > > I've been doing that - again, I'm trying to be proactive rather than > reactive. If I told my boss "yeah, we need to change everyone's > password" he'd laugh at me. And not in a funny-ha-ha way. Have your techs look at each cutomer's password every time they talk to a customer. The customer is already on the phone, "Dang, forgot my password again." Help them to choose a better password. We are gradually correcting years of allowing horrible passwords here. Who thought it was a good idea to let users' passwords be exactly the same as their username? Query your database for things like the above and force those customers to change their passwords *now*. At this point, I'm becoming more amenable to asking the customer to tape their password to the bottom of their keyboard, or write it on a card in their wallet rather than trying to get them to remember anything. Their keyboard/wallet is likely physicaly more secure than any password they will choose for themselves. If they are compromised, blackhole them. Make them call you to find out that their private information has been shared with one or more thugs in Russia, or China, or Milwalkee (no offense intended to anyone from any of these locations). Scare the bejeebers out of them. They need it if they are going to be even remotely safe online. Sign up for all the e-mail feedback loops you can. Those will get you the original spam messages with full headers so you can accurately identify your compromised customer. People don't bother reporting the spam they recieve to the originating ISP anymore. A feedback loop may provide you with your first indication that one of your customers' account has been compromised. That will let you kill them sooner to lessen the damage. If your mail/webmail server doesn't include the submitting IP for each message in the headers or at least something that ties it to a log entry which does contain the IP and timestamp, get new software. There are many other things you can find to do with a little time on Google. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
On Fri, Jan 09, 2009 at 11:35:57AM -0600, David E. Smith wrote: > Mike Hammett wrote: > > What about forcing those accounts to change paswords? > > I've been doing that - again, I'm trying to be proactive rather than > reactive. If I told my boss "yeah, we need to change everyone's > password" he'd laugh at me. And not in a funny-ha-ha way. Have your techs look at each cutomer's password every time they talk to a customer. The customer is already on the phone, "Dang, forgot my password again." Help them to choose a better password. We are gradually correcting years of allowing horrible passwords here. Who thought it was a good idea to let users' passwords be exactly the same as their username? Query your database for things like the above and force those customers to change their passwords *now*. At this point, I'm becoming more amenable to asking the customer to tape their password to the bottom of their keyboard, or write it on a card in their wallet rather than trying to get them to remember anything. Their keyboard/wallet is likely physicaly more secure than any password they will choose for themselves. If they are compromised, blackhole them. Make them call you to find out that their private information has been shared with one or more thugs in Russia, or China, or Milwalkee (no offense intended to anyone from any of these locations). Scare the bejeebers out of them. They need it if they are going to be even remotely safe online. Sign up for all the e-mail feedback loops you can. Those will get you the original spam messages with full headers so you can accurately identify your compromised customer. People don't bother reporting the spam they recieve to the originating ISP anymore. A feedback loop may provide you with your first indication that one of your customers' account has been compromised. That will let you kill them sooner to lessen the damage. If your mail/webmail server doesn't include the submitting IP for each message in the headers or at least something that ties it to a log entry which does contain the IP and timestamp, get new software. There are many other things you can find to do with a little time on Google. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
I didn't think they needed a password to spoof your email addy? -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Mike Hammett Sent: Friday, January 09, 2009 12:52 AM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? What about forcing those accounts to change paswords? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "David E. Smith" Sent: Thursday, January 08, 2009 3:31 PM To: "WISPA General List" Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > os10ru...@gmail.com wrote: >> It sounds like what you really have to do is tighten up your webmail. >> It's better to fix that than to put a band-aid on it. Though a good >> smtp spam filter is never a bad idea. > > The problem is that the Web mail isn't broken, as such. The "attackers" > are using legitimate credentials to log in and send mail. > > Unfortunately, the mail software in question doesn't have rate-limits > on a per-sender basis. I know, I should join the rest of you in the > early 21st century. > > Anyone know of a reliable IIS geolocation filter? That'd solve the > problem in an even more crazy roundabout way. > > David Smith > MVN.net > > > -- > -- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -- > -- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Mike Hammett wrote: > What about forcing those accounts to change paswords? I've been doing that - again, I'm trying to be proactive rather than reactive. If I told my boss "yeah, we need to change everyone's password" he'd laugh at me. And not in a funny-ha-ha way. The computer belonging to the most recent compromised account is on our workbench right now. My PC-cleanup-guy says he thinks it may have set a new record for number of viruses and spyware on one machine; we're not even sure we can clean it up. We may have to give it back and tell them it needs a full reformat. Given that lots of customers have computers that are screwed-up in that same way, even changing everyone's passwords is of questionable value - they'll still have the same keyloggers on their computers, sending these passwords off to Nigeria or wherever. This isn't a college campus; I can't force my users to have current AV software, or else deny them access. Sometimes I wish I could, but... There will be compromises. I accept this as fact. It's effectively impossible to keep thousands of end-user PCs perfectly clean, especially given our largely-residential, largely-rural, largely-non-techie customer base. I'm just trying to minimize the damage in a proactive way. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Kurt Fankhauser wrote: > According to the website one box is capable of running as either/or. (I > thought) But not both at the same time :( David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
To resolve this issue, most webmails have the ability to limit how many emails are sent within a certain period of time or use captcha to make it a PITA to send out mass spams. -Eric - Original Message - From: "David E. Smith" To: "WISPA General List" Sent: 2009-01-08 16:31 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > os10ru...@gmail.com wrote: >> It sounds like what you really have to do is tighten up your webmail. >> It's better to fix that than to put a band-aid on it. Though a good >> smtp spam filter is never a bad idea. > > The problem is that the Web mail isn't broken, as such. The "attackers" > are using legitimate credentials to log in and send mail. > > Unfortunately, the mail software in question doesn't have rate-limits on > a per-sender basis. I know, I should join the rest of you in the early > 21st century. > > Anyone know of a reliable IIS geolocation filter? That'd solve the > problem in an even more crazy roundabout way. > > David Smith > MVN.net > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
What about forcing those accounts to change paswords? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "David E. Smith" Sent: Thursday, January 08, 2009 3:31 PM To: "WISPA General List" Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > os10ru...@gmail.com wrote: >> It sounds like what you really have to do is tighten up your webmail. >> It's better to fix that than to put a band-aid on it. Though a good >> smtp spam filter is never a bad idea. > > The problem is that the Web mail isn't broken, as such. The "attackers" > are using legitimate credentials to log in and send mail. > > Unfortunately, the mail software in question doesn't have rate-limits on > a per-sender basis. I know, I should join the rest of you in the early > 21st century. > > Anyone know of a reliable IIS geolocation filter? That'd solve the > problem in an even more crazy roundabout way. > > David Smith > MVN.net > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Kurt, I regularly check the Barracuda message log, searching for allowed and white listed messages, with a subject that contains "return". If there are more than a few, I tell the customer they need to change their PW ASAP and I do it for them if it continues another day. Unfortunately, it only takes one outbreak to get blacklisted. Barracuda also has a setting that may help you - go to advanced, then click on "Sender Spoof Protection". I also regularly block the top rate controlled and senders at my core router, as to not allow them to even make it to the Barracuda. If you come up with anything else, please let us know.. The account hacking started being a problem for me too a few months back, but so far these controls seem to be helping a lot. Brad H On Thu, Jan 8, 2009 at 9:28 PM, John Thomas wrote: > Are you guys using the outbound feature on your inbound Barracudas? It > doesn't do as full a job as a outbound box, but it may help your problem. > > John > > > Kurt Fankhauser wrote: > > Does anyone use the Barracuda's for outbound spam filtering and is it as > > good as the inbound version? I need to keep my mail server from getting > > blacklisted and am looking for a way to do it. Apparently someone is > using > > my server to relay spam, (I am using pop before smtp so they must be > > authenticating first.) Also is it possible to use the outbound if you > have > > outsourced email services, aka "Jumpline" ??? > > > > > > > > Kurt Fankhauser > > WAVELINC > > P.O. Box 126 > > Bucyrus, OH 44820 > > 419-562-6405 > > www.wavelinc.com > > > > > > > > > > > > > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
According to the website one box is capable of running as either/or. (I thought) Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of John Thomas Sent: Thursday, January 08, 2009 9:29 PM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? Are you guys using the outbound feature on your inbound Barracudas? It doesn't do as full a job as a outbound box, but it may help your problem. John Kurt Fankhauser wrote: > Does anyone use the Barracuda's for outbound spam filtering and is it as > good as the inbound version? I need to keep my mail server from getting > blacklisted and am looking for a way to do it. Apparently someone is using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if you have > outsourced email services, aka "Jumpline" ??? > > > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
My webmail software is Squirrelmail, which does put the authenticated user in the header, but that didn't come back in the bounces (that I saw anyway) but I was able to find the compromised account by searching the "Sent" folders for some of the bounced recipient addresses. Picking an address that wasn't likely to be one that my customers would have sent to - such as in the .pl domain - quickly led me to a folder with lots of spam messages in it. Searching for a line in the body of the spam email would have been successful as well. :) John David E. Smith wrote: > Kurt Fankhauser wrote: > >> Are they using your webmail to send out the spam. Is there any way you can >> tell what user's email address is compromised because all the "mail delivery >> errors" I'm getting don't show one. >> > > Yeah, my latest few problem children have been using our Web site, and > cut-and-pasting in their spam, sending it out to just five or ten > recipients at a time so as to avoid our "you're not just a spammer but a > dumb spammer" trigger if you try to send to 1000 people at once. > > How to track it down depends on the mail software you use, obviously. > Mine (an older version of Ipswitch Imail) doesn't put any identifying > information in the email as such (no originating IP or > authenticated-user info). There are timestamps, though, which I can > correlate against the Web server logs. > > Right now, I'm torn between "trying to stop it at the Web server" using > some sort of IP geolocation filter, or "stop it before it leaves the > network" using a modified SpamAssassin installation. Both are giving me > all kinds of fits that are way off-topic for this list. > > David Smith > MVN.net > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > -- John Vogel - jvo...@vogent.net http://www.vogent.net 620-754-3907 Vogel Enterprises LLC Information Services Provider serving S.E. Kansas WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Are you guys using the outbound feature on your inbound Barracudas? It doesn't do as full a job as a outbound box, but it may help your problem. John Kurt Fankhauser wrote: > Does anyone use the Barracuda's for outbound spam filtering and is it as > good as the inbound version? I need to keep my mail server from getting > blacklisted and am looking for a way to do it. Apparently someone is using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if you have > outsourced email services, aka "Jumpline" ??? > > > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
os10ru...@gmail.com wrote: > It sounds like what you really have to do is tighten up your webmail. > It's better to fix that than to put a band-aid on it. Though a good > smtp spam filter is never a bad idea. The problem is that the Web mail isn't broken, as such. The "attackers" are using legitimate credentials to log in and send mail. Unfortunately, the mail software in question doesn't have rate-limits on a per-sender basis. I know, I should join the rest of you in the early 21st century. Anyone know of a reliable IIS geolocation filter? That'd solve the problem in an even more crazy roundabout way. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
It sounds like what you really have to do is tighten up your webmail. It's better to fix that than to put a band-aid on it. Though a good smtp spam filter is never a bad idea. Greg On Jan 8, 2009, at 4:37 PM, David E. Smith wrote: > os10ru...@gmail.com wrote: >> I agree, those dedicated boxes are expensive and then there's the >> annual fee as well correct? > > Yeah, you'd have to keep up the Barracuda subscription on your > outgoing > filter as well, if you want to block "current" viruses and such from > leaving your network. > >> I think I'd go with Endian on a PC. Is your spam assassin running >> native or as a virtual machine? > > My copy of SpamAssassin is on a (virtualized, but that shouldn't > matter) > CentOS Linux system. I've basically disabled all the per-user stuff, > and > used a fairly relaxed scoring setup. Since it'll be silently > discarding > mail, I want to be pretty darn sure it's not discarding false- > positives. > Aside from a few edge cases, the whole thing works pretty well and > only > took me a few hours to figure out. > > David Smith > MVN.net > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
os10ru...@gmail.com wrote: > I agree, those dedicated boxes are expensive and then there's the > annual fee as well correct? Yeah, you'd have to keep up the Barracuda subscription on your outgoing filter as well, if you want to block "current" viruses and such from leaving your network. > I think I'd go with Endian on a PC. Is your spam assassin running > native or as a virtual machine? My copy of SpamAssassin is on a (virtualized, but that shouldn't matter) CentOS Linux system. I've basically disabled all the per-user stuff, and used a fairly relaxed scoring setup. Since it'll be silently discarding mail, I want to be pretty darn sure it's not discarding false-positives. Aside from a few edge cases, the whole thing works pretty well and only took me a few hours to figure out. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
I agree, those dedicated boxes are expensive and then there's the annual fee as well correct? I think I'd go with Endian on a PC. Is your spam assassin running native or as a virtual machine? Greg On Jan 8, 2009, at 2:32 PM, David E. Smith wrote: > os10ru...@gmail.com wrote: > >> Will getting the Barracuda outbound require more hardware or is it >> just a service you can turn on with the current hardware for a fee? > > It's the same hardware, but you can't use one Barracuda to do both > jobs. > You buy one, and you can switch the software from inbound to outbound > (and back again). > > I've been having similar issues to the OP. Several of my users' > passwords have been compromised by horribly-screwed-up desktops, with > spyware and viruses galore. The attackers (all of whom are coming from > Nigerian IP space) log in via our Web site, and cut-and-paste spam > that > way. Since it comes from an authenticated user, it circumvents most of > my normal spam filtering measures. > > I've recently added SpamAssassin to my big "all our outgoing mail goes > through here" server, set with very generous settings. I'm hoping > that's > sufficient, because I really don't want to buy a third Barracuda. (We > already have two for inbound email, and they work quite well there; I > assume one switched to outbound-scanning mode would work equally > well.) > > David Smith > MVN.net > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Kurt Fankhauser wrote: > Are they using your webmail to send out the spam. Is there any way you can > tell what user's email address is compromised because all the "mail delivery > errors" I'm getting don't show one. Yeah, my latest few problem children have been using our Web site, and cut-and-pasting in their spam, sending it out to just five or ten recipients at a time so as to avoid our "you're not just a spammer but a dumb spammer" trigger if you try to send to 1000 people at once. How to track it down depends on the mail software you use, obviously. Mine (an older version of Ipswitch Imail) doesn't put any identifying information in the email as such (no originating IP or authenticated-user info). There are timestamps, though, which I can correlate against the Web server logs. Right now, I'm torn between "trying to stop it at the Web server" using some sort of IP geolocation filter, or "stop it before it leaves the network" using a modified SpamAssassin installation. Both are giving me all kinds of fits that are way off-topic for this list. David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Are they using your webmail to send out the spam. Is there any way you can tell what user's email address is compromised because all the "mail delivery errors" I'm getting don't show one. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of David E. Smith Sent: Thursday, January 08, 2009 2:02 PM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? os10ru...@gmail.com wrote: > Will getting the Barracuda outbound require more hardware or is it > just a service you can turn on with the current hardware for a fee? It's the same hardware, but you can't use one Barracuda to do both jobs. You buy one, and you can switch the software from inbound to outbound (and back again). I've been having similar issues to the OP. Several of my users' passwords have been compromised by horribly-screwed-up desktops, with spyware and viruses galore. The attackers (all of whom are coming from Nigerian IP space) log in via our Web site, and cut-and-paste spam that way. Since it comes from an authenticated user, it circumvents most of my normal spam filtering measures. I've recently added SpamAssassin to my big "all our outgoing mail goes through here" server, set with very generous settings. I'm hoping that's sufficient, because I really don't want to buy a third Barracuda. (We already have two for inbound email, and they work quite well there; I assume one switched to outbound-scanning mode would work equally well.) David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
os10ru...@gmail.com wrote: > Will getting the Barracuda outbound require more hardware or is it > just a service you can turn on with the current hardware for a fee? It's the same hardware, but you can't use one Barracuda to do both jobs. You buy one, and you can switch the software from inbound to outbound (and back again). I've been having similar issues to the OP. Several of my users' passwords have been compromised by horribly-screwed-up desktops, with spyware and viruses galore. The attackers (all of whom are coming from Nigerian IP space) log in via our Web site, and cut-and-paste spam that way. Since it comes from an authenticated user, it circumvents most of my normal spam filtering measures. I've recently added SpamAssassin to my big "all our outgoing mail goes through here" server, set with very generous settings. I'm hoping that's sufficient, because I really don't want to buy a third Barracuda. (We already have two for inbound email, and they work quite well there; I assume one switched to outbound-scanning mode would work equally well.) David Smith MVN.net WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Its another hardware box. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of os10ru...@gmail.com Sent: Thursday, January 08, 2009 11:46 AM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? Kurt, Will getting the Barracuda outbound require more hardware or is it just a service you can turn on with the current hardware for a fee? I'm not familiar with the Barracuda but I would assume there's nothing you have to set up as long as nobody is doing ssl. These boxes can watch the smtp traffic without needing to manually configured and without needing to configure the client to use the box as a proxy. It will just watch the traffic and kill it if it's bad. It's good to use a service that updates it's blacklist and virus defs often. I'm running the Astaro ASG here and it usually gets a few updates each day. Greg On Jan 8, 2009, at 10:06 AM, Kurt Fankhauser wrote: > Don't have the outbound barracuda yet, I do have an inbound. How do > you > point your mail to go to the outbound? Do you have your firewall > redirect > all port 25 to the outbound or do you tell you email server to relay > to the > outbound? > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] > On > Behalf Of os10ru...@gmail.com > Sent: Thursday, January 08, 2009 9:18 AM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > That should be easy. I've never used Barracuda but I have used the > Sonicwall and also open hardware based UTMs such as Astaro, Endian, > Untangle and ClarkConnect. Any decent solution should work. Do you > already own the Barracuda? If not you might want to consider using an > old PC with Untangle on it since it's free. > > Greg > > On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote: > >> I block all outgoing port 25 except to my email server and a few >> other email >> servers that my customers use. That stopped it for about 1-2 years >> now >> someone is authorizing on my email server and then using it to relay >> because >> I've been getting 400-800 "mail delivery failures" from their >> dictionary >> spam attack to my postmaster account. >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> -Original Message- >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] >> On >> Behalf Of os10ru...@gmail.com >> Sent: Thursday, January 08, 2009 8:34 AM >> To: WISPA General List >> Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? >> >> Do you block smtp on non-standard ports? Is SSL filtering necessary >> (gmail smtp is over ssl for example)? >> >> Greg >> >> On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: >> >>> Does anyone use the Barracuda's for outbound spam filtering and is >>> it as >>> good as the inbound version? I need to keep my mail server from >>> getting >>> blacklisted and am looking for a way to do it. Apparently someone is >>> using >>> my server to relay spam, (I am using pop before smtp so they must be >>> authenticating first.) Also is it possible to use the outbound if >>> you have >>> outsourced email services, aka "Jumpline" ??? >>> >>> >>> >>> Kurt Fankhauser >>> WAVELINC >>> P.O. Box 126 >>> Bucyrus, OH 44820 >>> 419-562-6405 >>> www.wavelinc.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> > >> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >> > >> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> > -
Re: [WISPA] Barracuda outbounds SPAM filter any good?
No my email is hosted with jumpline and I don't see any where to set an MTA Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Matt Sent: Thursday, January 08, 2009 12:57 PM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > Does anyone use the Barracuda's for outbound spam filtering and is it as > good as the inbound version? I need to keep my mail server from getting > blacklisted and am looking for a way to do it. Apparently someone is using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if you have > outsourced email services, aka "Jumpline" ??? Are you using Exim or what for an MTA? With exim you can setup rate-limit to end stuff like this. I have exim setup to only allow a given IP to send too 200 recipients in a 2 hour period. Being spammers need to send many thousand of messages to get any pay back it makes your server of little use to them. There is also a plugin for Squirrelmail to limit how many messages per day each user can send there. I also have this in Mikrotik firewall. /ip firewall filter add action=add-src-to-address-list address-list=spammer address-list-timeout=6h chain=smtp comment="" connection-limit=15,32 disabled=no dst-port=25 \ protocol=tcp tcp-flags=syn add action=tarpit chain=smtp comment="" disabled=no dst-port=25 protocol=tcp src-address-list=spammer Matt WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
> Does anyone use the Barracuda's for outbound spam filtering and is it as > good as the inbound version? I need to keep my mail server from getting > blacklisted and am looking for a way to do it. Apparently someone is using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if you have > outsourced email services, aka "Jumpline" ??? Are you using Exim or what for an MTA? With exim you can setup rate-limit to end stuff like this. I have exim setup to only allow a given IP to send too 200 recipients in a 2 hour period. Being spammers need to send many thousand of messages to get any pay back it makes your server of little use to them. There is also a plugin for Squirrelmail to limit how many messages per day each user can send there. I also have this in Mikrotik firewall. /ip firewall filter add action=add-src-to-address-list address-list=spammer address-list-timeout=6h chain=smtp comment="" connection-limit=15,32 disabled=no dst-port=25 \ protocol=tcp tcp-flags=syn add action=tarpit chain=smtp comment="" disabled=no dst-port=25 protocol=tcp src-address-list=spammer Matt WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Kurt, Will getting the Barracuda outbound require more hardware or is it just a service you can turn on with the current hardware for a fee? I'm not familiar with the Barracuda but I would assume there's nothing you have to set up as long as nobody is doing ssl. These boxes can watch the smtp traffic without needing to manually configured and without needing to configure the client to use the box as a proxy. It will just watch the traffic and kill it if it's bad. It's good to use a service that updates it's blacklist and virus defs often. I'm running the Astaro ASG here and it usually gets a few updates each day. Greg On Jan 8, 2009, at 10:06 AM, Kurt Fankhauser wrote: > Don't have the outbound barracuda yet, I do have an inbound. How do > you > point your mail to go to the outbound? Do you have your firewall > redirect > all port 25 to the outbound or do you tell you email server to relay > to the > outbound? > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] > On > Behalf Of os10ru...@gmail.com > Sent: Thursday, January 08, 2009 9:18 AM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > That should be easy. I've never used Barracuda but I have used the > Sonicwall and also open hardware based UTMs such as Astaro, Endian, > Untangle and ClarkConnect. Any decent solution should work. Do you > already own the Barracuda? If not you might want to consider using an > old PC with Untangle on it since it's free. > > Greg > > On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote: > >> I block all outgoing port 25 except to my email server and a few >> other email >> servers that my customers use. That stopped it for about 1-2 years >> now >> someone is authorizing on my email server and then using it to relay >> because >> I've been getting 400-800 "mail delivery failures" from their >> dictionary >> spam attack to my postmaster account. >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> -Original Message- >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] >> On >> Behalf Of os10ru...@gmail.com >> Sent: Thursday, January 08, 2009 8:34 AM >> To: WISPA General List >> Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? >> >> Do you block smtp on non-standard ports? Is SSL filtering necessary >> (gmail smtp is over ssl for example)? >> >> Greg >> >> On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: >> >>> Does anyone use the Barracuda's for outbound spam filtering and is >>> it as >>> good as the inbound version? I need to keep my mail server from >>> getting >>> blacklisted and am looking for a way to do it. Apparently someone is >>> using >>> my server to relay spam, (I am using pop before smtp so they must be >>> authenticating first.) Also is it possible to use the outbound if >>> you have >>> outsourced email services, aka "Jumpline" ??? >>> >>> >>> >>> Kurt Fankhauser >>> WAVELINC >>> P.O. Box 126 >>> Bucyrus, OH 44820 >>> 419-562-6405 >>> www.wavelinc.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> > >> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >> > >> >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> > >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Kurt, I use a Mikrotik router to check outbound mail - here are the rules I used. add action=log chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" disabled=no dst-port=25 log-prefix=DROPSPAM \ protocol=tcp src-address-list=spammer add action=add-src-to-address-list address-list=spammer address-list-timeout=1w chain=forward comment=\ "Detect and add SMTP to spammer list" connection-limit=90,32 disabled=no dst-port=25 limit=50,3 protocol=tcp It took me a few weeks to tune so my mail server didn't keep getting identified as a spammer. I didn't want it ignored as a potential for spam for the same issue you are having. I also use pop before smtp and got blacklisted last year as an infected customer sent out about 100K e-mails over a weekend. I logged first as above and then changed the action of the first rule to drop once I got it tuned. Your mileage may vary. Dave Hulsebus Kurt Fankhauser wrote: > Don't have the outbound barracuda yet, I do have an inbound. How do you > point your mail to go to the outbound? Do you have your firewall redirect > all port 25 to the outbound or do you tell you email server to relay to the > outbound? > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of os10ru...@gmail.com > Sent: Thursday, January 08, 2009 9:18 AM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > That should be easy. I've never used Barracuda but I have used the > Sonicwall and also open hardware based UTMs such as Astaro, Endian, > Untangle and ClarkConnect. Any decent solution should work. Do you > already own the Barracuda? If not you might want to consider using an > old PC with Untangle on it since it's free. > > Greg > > On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote: > > >> I block all outgoing port 25 except to my email server and a few >> other email >> servers that my customers use. That stopped it for about 1-2 years now >> someone is authorizing on my email server and then using it to relay >> because >> I've been getting 400-800 "mail delivery failures" from their >> dictionary >> spam attack to my postmaster account. >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> -Original Message- >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] >> On >> Behalf Of os10ru...@gmail.com >> Sent: Thursday, January 08, 2009 8:34 AM >> To: WISPA General List >> Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? >> >> Do you block smtp on non-standard ports? Is SSL filtering necessary >> (gmail smtp is over ssl for example)? >> >> Greg >> >> On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: >> >> >>> Does anyone use the Barracuda's for outbound spam filtering and is >>> it as >>> good as the inbound version? I need to keep my mail server from >>> getting >>> blacklisted and am looking for a way to do it. Apparently someone is >>> using >>> my server to relay spam, (I am using pop before smtp so they must be >>> authenticating first.) Also is it possible to use the outbound if >>> you have >>> outsourced email services, aka "Jumpline" ??? >>> >>> >>> >>> Kurt Fankhauser >>> WAVELINC >>> P.O. Box 126 >>> Bucyrus, OH 44820 >>> 419-562-6405 >>> www.wavelinc.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> > > >> >> >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> >>> > > >> >> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> > > >> &g
Re: [WISPA] Barracuda outbounds SPAM filter any good?
It depends on the particular blacklist if it's actually true or not. My server is blacklisted by my accountant's email service, yet doesn't say why and no other blacklist considers me a threat. Attempts to remove me have been unsuccessful. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: "Kurt Fankhauser" Sent: Wednesday, January 07, 2009 11:11 PM To: "'WISPA General List'" Subject: [WISPA] Barracuda outbounds SPAM filter any good? > Does anyone use the Barracuda's for outbound spam filtering and is it as > good as the inbound version? I need to keep my mail server from getting > blacklisted and am looking for a way to do it. Apparently someone is using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if you have > outsourced email services, aka "Jumpline" ??? > > > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Don't have the outbound barracuda yet, I do have an inbound. How do you point your mail to go to the outbound? Do you have your firewall redirect all port 25 to the outbound or do you tell you email server to relay to the outbound? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of os10ru...@gmail.com Sent: Thursday, January 08, 2009 9:18 AM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? That should be easy. I've never used Barracuda but I have used the Sonicwall and also open hardware based UTMs such as Astaro, Endian, Untangle and ClarkConnect. Any decent solution should work. Do you already own the Barracuda? If not you might want to consider using an old PC with Untangle on it since it's free. Greg On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote: > I block all outgoing port 25 except to my email server and a few > other email > servers that my customers use. That stopped it for about 1-2 years now > someone is authorizing on my email server and then using it to relay > because > I've been getting 400-800 "mail delivery failures" from their > dictionary > spam attack to my postmaster account. > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] > On > Behalf Of os10ru...@gmail.com > Sent: Thursday, January 08, 2009 8:34 AM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > Do you block smtp on non-standard ports? Is SSL filtering necessary > (gmail smtp is over ssl for example)? > > Greg > > On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: > >> Does anyone use the Barracuda's for outbound spam filtering and is >> it as >> good as the inbound version? I need to keep my mail server from >> getting >> blacklisted and am looking for a way to do it. Apparently someone is >> using >> my server to relay spam, (I am using pop before smtp so they must be >> authenticating first.) Also is it possible to use the outbound if >> you have >> outsourced email services, aka "Jumpline" ??? >> >> >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> >> >> >> >> >> >> >> > > >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > > >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
That should be easy. I've never used Barracuda but I have used the Sonicwall and also open hardware based UTMs such as Astaro, Endian, Untangle and ClarkConnect. Any decent solution should work. Do you already own the Barracuda? If not you might want to consider using an old PC with Untangle on it since it's free. Greg On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote: > I block all outgoing port 25 except to my email server and a few > other email > servers that my customers use. That stopped it for about 1-2 years now > someone is authorizing on my email server and then using it to relay > because > I've been getting 400-800 "mail delivery failures" from their > dictionary > spam attack to my postmaster account. > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > -Original Message- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] > On > Behalf Of os10ru...@gmail.com > Sent: Thursday, January 08, 2009 8:34 AM > To: WISPA General List > Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? > > Do you block smtp on non-standard ports? Is SSL filtering necessary > (gmail smtp is over ssl for example)? > > Greg > > On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: > >> Does anyone use the Barracuda's for outbound spam filtering and is >> it as >> good as the inbound version? I need to keep my mail server from >> getting >> blacklisted and am looking for a way to do it. Apparently someone is >> using >> my server to relay spam, (I am using pop before smtp so they must be >> authenticating first.) Also is it possible to use the outbound if >> you have >> outsourced email services, aka "Jumpline" ??? >> >> >> >> Kurt Fankhauser >> WAVELINC >> P.O. Box 126 >> Bucyrus, OH 44820 >> 419-562-6405 >> www.wavelinc.com >> >> >> >> >> >> >> >> >> >> > > >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > > >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
I block all outgoing port 25 except to my email server and a few other email servers that my customers use. That stopped it for about 1-2 years now someone is authorizing on my email server and then using it to relay because I've been getting 400-800 "mail delivery failures" from their dictionary spam attack to my postmaster account. Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of os10ru...@gmail.com Sent: Thursday, January 08, 2009 8:34 AM To: WISPA General List Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good? Do you block smtp on non-standard ports? Is SSL filtering necessary (gmail smtp is over ssl for example)? Greg On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: > Does anyone use the Barracuda's for outbound spam filtering and is > it as > good as the inbound version? I need to keep my mail server from > getting > blacklisted and am looking for a way to do it. Apparently someone is > using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if > you have > outsourced email services, aka "Jumpline" ??? > > > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Barracuda outbounds SPAM filter any good?
Do you block smtp on non-standard ports? Is SSL filtering necessary (gmail smtp is over ssl for example)? Greg On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote: > Does anyone use the Barracuda's for outbound spam filtering and is > it as > good as the inbound version? I need to keep my mail server from > getting > blacklisted and am looking for a way to do it. Apparently someone is > using > my server to relay spam, (I am using pop before smtp so they must be > authenticating first.) Also is it possible to use the outbound if > you have > outsourced email services, aka "Jumpline" ??? > > > > Kurt Fankhauser > WAVELINC > P.O. Box 126 > Bucyrus, OH 44820 > 419-562-6405 > www.wavelinc.com > > > > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Barracuda outbounds SPAM filter any good?
Does anyone use the Barracuda's for outbound spam filtering and is it as good as the inbound version? I need to keep my mail server from getting blacklisted and am looking for a way to do it. Apparently someone is using my server to relay spam, (I am using pop before smtp so they must be authenticating first.) Also is it possible to use the outbound if you have outsourced email services, aka "Jumpline" ??? Kurt Fankhauser WAVELINC P.O. Box 126 Bucyrus, OH 44820 419-562-6405 www.wavelinc.com WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/