Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread Eric Merkel (Mail Lists)
To resolve this issue, most webmails have the ability to limit how many 
emails are sent within a certain period of time or use captcha to make it a 
PITA to send out mass spams.

-Eric
- Original Message - 
From: David E. Smith d...@mvn.net
To: WISPA General List wireless@wispa.org
Sent: 2009-01-08 16:31
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?


 os10ru...@gmail.com wrote:
 It sounds like what you really have to do is tighten up your webmail.
 It's better to fix that than to put a band-aid on it. Though a good
 smtp spam filter is never a bad idea.

 The problem is that the Web mail isn't broken, as such. The attackers
 are using legitimate credentials to log in and send mail.

 Unfortunately, the mail software in question doesn't have rate-limits on
 a per-sender basis. I know, I should join the rest of you in the early
 21st century.

 Anyone know of a reliable IIS geolocation filter? That'd solve the
 problem in an even more crazy roundabout way.

 David Smith
 MVN.net


 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
 




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread David E. Smith
Kurt Fankhauser wrote:
 According to the website one box is capable of running as either/or. (I
 thought)

But not both at the same time :(

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread David E. Smith
Mike Hammett wrote:
 What about forcing those accounts to change paswords?

I've been doing that - again, I'm trying to be proactive rather than 
reactive. If I told my boss yeah, we need to change everyone's 
password he'd laugh at me. And not in a funny-ha-ha way.

The computer belonging to the most recent compromised account is on our 
workbench right now. My PC-cleanup-guy says he thinks it may have set a 
new record for number of viruses and spyware on one machine; we're not 
even sure we can clean it up. We may have to give it back and tell them 
it needs a full reformat.

Given that lots of customers have computers that are screwed-up in that 
same way, even changing everyone's passwords is of questionable value - 
they'll still have the same keyloggers on their computers, sending these 
passwords off to Nigeria or wherever. This isn't a college campus; I 
can't force my users to have current AV software, or else deny them 
access. Sometimes I wish I could, but...

There will be compromises. I accept this as fact. It's effectively 
impossible to keep thousands of end-user PCs perfectly clean, especially 
given our largely-residential, largely-rural, largely-non-techie 
customer base. I'm just trying to minimize the damage in a proactive way.

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread Jeff Broadwick
I didn't think they needed a password to spoof your email addy? 

-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Mike Hammett
Sent: Friday, January 09, 2009 12:52 AM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

What about forcing those accounts to change paswords?


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



--
From: David E. Smith d...@mvn.net
Sent: Thursday, January 08, 2009 3:31 PM
To: WISPA General List wireless@wispa.org
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 os10ru...@gmail.com wrote:
 It sounds like what you really have to do is tighten up your webmail.
 It's better to fix that than to put a band-aid on it. Though a good 
 smtp spam filter is never a bad idea.

 The problem is that the Web mail isn't broken, as such. The attackers
 are using legitimate credentials to log in and send mail.

 Unfortunately, the mail software in question doesn't have rate-limits 
 on a per-sender basis. I know, I should join the rest of you in the 
 early 21st century.

 Anyone know of a reliable IIS geolocation filter? That'd solve the 
 problem in an even more crazy roundabout way.

 David Smith
 MVN.net


 --
 --
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 --
 --

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
 




WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread Scott Lambert
On Fri, Jan 09, 2009 at 11:35:57AM -0600, David E. Smith wrote:
 Mike Hammett wrote:
  What about forcing those accounts to change paswords?
 
 I've been doing that - again, I'm trying to be proactive rather than 
 reactive. If I told my boss yeah, we need to change everyone's 
 password he'd laugh at me. And not in a funny-ha-ha way.

Have your techs look at each cutomer's password every time they talk
to a customer.  The customer is already on the phone, Dang, forgot my
password again.  Help them to choose a better password.

We are gradually correcting years of allowing horrible passwords here.
Who thought it was a good idea to let users' passwords be exactly the
same as their username?

Query your database for things like the above and force those customers
to change their passwords *now*.

At this point, I'm becoming more amenable to asking the customer to tape
their password to the bottom of their keyboard, or write it on a card in
their wallet rather than trying to get them to remember anything.  Their
keyboard/wallet is likely physicaly more secure than any password they
will choose for themselves.

If they are compromised, blackhole them.  Make them call you to find out
that their private information has been shared with one or more thugs in
Russia, or China, or Milwalkee (no offense intended to anyone from any
of these locations).  Scare the bejeebers out of them.  They need it if
they are going to be even remotely safe online.

Sign up for all the e-mail feedback loops you can.  Those will get you
the original spam messages with full headers so you can accurately
identify your compromised customer.  People don't bother reporting the
spam they recieve to the originating ISP anymore.  A feedback loop may
provide you with your first indication that one of your customers'
account has been compromised.  That will let you kill them sooner to
lessen the damage.

If your mail/webmail server doesn't include the submitting IP for each
message in the headers or at least something that ties it to a log entry
which does contain the IP and timestamp, get new software.

There are many other things you can find to do with a little time on
Google.

-- 
Scott LambertKC5MLE   Unix SysAdmin
lamb...@lambertfam.org




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread Kurt Fankhauser
Thanks for the advice, are you a Ham radio operator?

Kurt Fankhauser
WAVELINC
P.O. Box 126
Bucyrus, OH 44820
419-562-6405
www.wavelinc.com
 
 
-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Scott Lambert
Sent: Friday, January 09, 2009 2:08 PM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

On Fri, Jan 09, 2009 at 11:35:57AM -0600, David E. Smith wrote:
 Mike Hammett wrote:
  What about forcing those accounts to change paswords?
 
 I've been doing that - again, I'm trying to be proactive rather than 
 reactive. If I told my boss yeah, we need to change everyone's 
 password he'd laugh at me. And not in a funny-ha-ha way.

Have your techs look at each cutomer's password every time they talk
to a customer.  The customer is already on the phone, Dang, forgot my
password again.  Help them to choose a better password.

We are gradually correcting years of allowing horrible passwords here.
Who thought it was a good idea to let users' passwords be exactly the
same as their username?

Query your database for things like the above and force those customers
to change their passwords *now*.

At this point, I'm becoming more amenable to asking the customer to tape
their password to the bottom of their keyboard, or write it on a card in
their wallet rather than trying to get them to remember anything.  Their
keyboard/wallet is likely physicaly more secure than any password they
will choose for themselves.

If they are compromised, blackhole them.  Make them call you to find out
that their private information has been shared with one or more thugs in
Russia, or China, or Milwalkee (no offense intended to anyone from any
of these locations).  Scare the bejeebers out of them.  They need it if
they are going to be even remotely safe online.

Sign up for all the e-mail feedback loops you can.  Those will get you
the original spam messages with full headers so you can accurately
identify your compromised customer.  People don't bother reporting the
spam they recieve to the originating ISP anymore.  A feedback loop may
provide you with your first indication that one of your customers'
account has been compromised.  That will let you kill them sooner to
lessen the damage.

If your mail/webmail server doesn't include the submitting IP for each
message in the headers or at least something that ties it to a log entry
which does contain the IP and timestamp, get new software.

There are many other things you can find to do with a little time on
Google.

-- 
Scott LambertKC5MLE   Unix SysAdmin
lamb...@lambertfam.org





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread David E. Smith
Scott Lambert wrote:


 Have your techs look at each cutomer's password every time they talk
 to a customer.  The customer is already on the phone, Dang, forgot my
 password again.  Help them to choose a better password.

Doesn't help, when the problem is their PC has keylogger software on it 
that sends their new password off to Lower Elbonia.

 Sign up for all the e-mail feedback loops you can.

I'm on the AOL and Hotmail ones; does Yahoo! operate anything similar, 
that you know of?

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread Scott Lambert
On Fri, Jan 09, 2009 at 01:42:15PM -0600, David E. Smith wrote:
 Scott Lambert wrote:
  Have your techs look at each cutomer's password every time they talk
  to a customer.  The customer is already on the phone, Dang, forgot my
  password again.  Help them to choose a better password.
 
 Doesn't help, when the problem is their PC has keylogger software on it 
 that sends their new password off to Lower Elbonia.

It does help with the compromises.  If the account is compromised twice,
the customer has to bring in a Doctor's note saying that the system
has been certified clean by some local, reputable, computer store,
FOR THEIR PROTECTION, and yours.  If a customer with a dirty computer
refuses to clean it up and you don't remove their access, your mail
servers will be blacklisted and all of your customers will be, hmm,
let's call it slightly peeved?  It can cost less to fire the customer.

Customers often think they are good with computers and can use Windows
Anti-Virus 2008/2009 to clean their own computer.  We give them one
chance to take care of it themselves.  Then they have to have it done by
a professional.

After paying to have the computer cleaned a few times, they begin to
believe us when we say that buying good anti-virus/spyware software,
yearly, is cheap.

Most of the relays via webmail or SMTP AUTH we have seen have been for
users with stupid passwords, or users who fell for a phishing message.
The compromised computers tend to send mail from their computer either
directly or via our mail servers.  The preemptive changing of weak
passwords will head off a significant portion of successful relays.

-- 
Scott LambertKC5MLE   Unix SysAdmin
lamb...@lambertfam.org




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread John Thomas
If you have an inbound box, you can use it as an outbound relay. You 
don't get the full functionality as you would with a dedicated outbound 
box, but you do get some functionality, especially since you can see all 
inbound and outbound messages in the log.

John


Kurt Fankhauser wrote:
 According to the website one box is capable of running as either/or. (I
 thought)

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com
  
  

 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
 Behalf Of John Thomas
 Sent: Thursday, January 08, 2009 9:29 PM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Are you guys using the outbound feature on your inbound Barracudas? It 
 doesn't do as full a job as a outbound box, but it may help your problem.

 John


 Kurt Fankhauser wrote:
   
 Does anyone use the Barracuda's for outbound spam filtering and is it as
 good as the inbound version? I need to keep my mail server from getting
 blacklisted and am looking for a way to do it. Apparently someone is using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if you have
 outsourced email services, aka Jumpline ???

  

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com

  

  

  




 
 
 
   
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 
 
 
   
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



   
 



 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
 
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



   




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread John Thomas
In the Barracuda, under BasicAdministration at the bottom of the page, 
you choose the direction, inbound or outbound.

If you click on Advanced, you should have an Outbound/Relay tab. If you 
set this to allow your email server to relay through the Barracuda, it 
will log your messages and do some basic scrubbing on the outbound 
messages.

 From a message on the Barracuda Forum

There is some filtering which is done, mainly viruses, for outgoing 
email, but not all of the other filters are applied. We ended up getting 
a filter for outgoing to be able to limit what can be sent (ie. filter 
based on phishing attempts which make it through so that users can not 
reply).

The real question is what is the audit trying to correct. Once you know 
that, then you can determine (by perhaps asking) if using the Barracuda 
for outgoing will solve those issues.

In general, it is useful to have the mail routed through the Barracuda, 
as long as your box is fast enough to deal with all the email. It is 
quite helpful if email is reported as spam so that you can track it down 
(typically the debug header line is not removed). This is especially 
important if the message is not spam.

John


David E. Smith wrote:
 Kurt Fankhauser wrote:
   
 According to the website one box is capable of running as either/or. (I
 thought)
 

 But not both at the same time :(

 David Smith
 MVN.net


 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



   




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-09 Thread Mike Hammett
They don't to spoof an email, they do to log into your webmail account and 
send email as you.


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



--
From: Jeff Broadwick jeffl...@comcast.net
Sent: Friday, January 09, 2009 12:48 PM
To: 'WISPA General List' wireless@wispa.org
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 I didn't think they needed a password to spoof your email addy?

 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
 Behalf Of Mike Hammett
 Sent: Friday, January 09, 2009 12:52 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 What about forcing those accounts to change paswords?


 -
 Mike Hammett
 Intelligent Computing Solutions
 http://www.ics-il.com



 --
 From: David E. Smith d...@mvn.net
 Sent: Thursday, January 08, 2009 3:31 PM
 To: WISPA General List wireless@wispa.org
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 os10ru...@gmail.com wrote:
 It sounds like what you really have to do is tighten up your webmail.
 It's better to fix that than to put a band-aid on it. Though a good
 smtp spam filter is never a bad idea.

 The problem is that the Web mail isn't broken, as such. The attackers
 are using legitimate credentials to log in and send mail.

 Unfortunately, the mail software in question doesn't have rate-limits
 on a per-sender basis. I know, I should join the rest of you in the
 early 21st century.

 Anyone know of a reliable IIS geolocation filter? That'd solve the
 problem in an even more crazy roundabout way.

 David Smith
 MVN.net


 --
 --
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 --
 --

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
 



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread os10rules
Do you block smtp on non-standard ports? Is SSL filtering necessary  
(gmail smtp is over ssl for example)?

Greg

On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 Does anyone use the Barracuda's for outbound spam filtering and is  
 it as
 good as the inbound version? I need to keep my mail server from  
 getting
 blacklisted and am looking for a way to do it. Apparently someone is  
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if  
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com









 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Kurt Fankhauser
I block all outgoing port 25 except to my email server and a few other email
servers that my customers use. That stopped it for about 1-2 years now
someone is authorizing on my email server and then using it to relay because
I've been getting 400-800 mail delivery failures from their dictionary
spam attack to my postmaster account.

Kurt Fankhauser
WAVELINC
P.O. Box 126
Bucyrus, OH 44820
419-562-6405
www.wavelinc.com
 
 
-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of os10ru...@gmail.com
Sent: Thursday, January 08, 2009 8:34 AM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

Do you block smtp on non-standard ports? Is SSL filtering necessary  
(gmail smtp is over ssl for example)?

Greg

On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 Does anyone use the Barracuda's for outbound spam filtering and is  
 it as
 good as the inbound version? I need to keep my mail server from  
 getting
 blacklisted and am looking for a way to do it. Apparently someone is  
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if  
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com












 WISPA Wants You! Join today!
 http://signup.wispa.org/




 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread os10rules
That should be easy. I've never used Barracuda but I have used the  
Sonicwall and also open hardware based UTMs such as Astaro, Endian,  
Untangle and ClarkConnect. Any decent solution should work. Do you  
already own the Barracuda? If not you might want to consider using an  
old PC with Untangle on it since it's free.

Greg

On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote:

 I block all outgoing port 25 except to my email server and a few  
 other email
 servers that my customers use. That stopped it for about 1-2 years now
 someone is authorizing on my email server and then using it to relay  
 because
 I've been getting 400-800 mail delivery failures from their  
 dictionary
 spam attack to my postmaster account.

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]  
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 8:34 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Do you block smtp on non-standard ports? Is SSL filtering necessary
 (gmail smtp is over ssl for example)?

 Greg

 On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 Does anyone use the Barracuda's for outbound spam filtering and is
 it as
 good as the inbound version? I need to keep my mail server from
 getting
 blacklisted and am looking for a way to do it. Apparently someone is
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com










 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Kurt Fankhauser
Don't have the outbound barracuda yet, I do have an inbound. How do you
point your mail to go to the outbound? Do you have your firewall redirect
all port 25 to the outbound or do you tell you email server to relay to the
outbound?

Kurt Fankhauser
WAVELINC
P.O. Box 126
Bucyrus, OH 44820
419-562-6405
www.wavelinc.com
 
 
-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of os10ru...@gmail.com
Sent: Thursday, January 08, 2009 9:18 AM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

That should be easy. I've never used Barracuda but I have used the  
Sonicwall and also open hardware based UTMs such as Astaro, Endian,  
Untangle and ClarkConnect. Any decent solution should work. Do you  
already own the Barracuda? If not you might want to consider using an  
old PC with Untangle on it since it's free.

Greg

On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote:

 I block all outgoing port 25 except to my email server and a few  
 other email
 servers that my customers use. That stopped it for about 1-2 years now
 someone is authorizing on my email server and then using it to relay  
 because
 I've been getting 400-800 mail delivery failures from their  
 dictionary
 spam attack to my postmaster account.

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]  
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 8:34 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Do you block smtp on non-standard ports? Is SSL filtering necessary
 (gmail smtp is over ssl for example)?

 Greg

 On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 Does anyone use the Barracuda's for outbound spam filtering and is
 it as
 good as the inbound version? I need to keep my mail server from
 getting
 blacklisted and am looking for a way to do it. Apparently someone is
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com












 
 WISPA Wants You! Join today!
 http://signup.wispa.org/



 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/





 
 WISPA Wants You! Join today!
 http://signup.wispa.org/


 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/






 WISPA Wants You! Join today!
 http://signup.wispa.org/




 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Mike Hammett
It depends on the particular blacklist if it's actually true or not.

My server is blacklisted by my accountant's email service, yet doesn't say 
why and no other blacklist considers me a threat.  Attempts to remove me 
have been unsuccessful.


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



--
From: Kurt Fankhauser k...@wavelinc.com
Sent: Wednesday, January 07, 2009 11:11 PM
To: 'WISPA General List' wireless@wispa.org
Subject: [WISPA] Barracuda outbounds SPAM filter any good?

 Does anyone use the Barracuda's for outbound spam filtering and is it as
 good as the inbound version? I need to keep my mail server from getting
 blacklisted and am looking for a way to do it. Apparently someone is using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com









 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
 



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Portative Contact
Kurt, I use a Mikrotik router to check outbound mail - here are the 
rules I used.

add action=log chain=forward comment=BLOCK SPAMMERS OR INFECTED USERS 
disabled=no dst-port=25 log-prefix=DROPSPAM \
protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer 
address-list-timeout=1w chain=forward comment=\
Detect and add SMTP to spammer list connection-limit=90,32 
disabled=no dst-port=25 limit=50,3 protocol=tcp

It took me a few weeks to tune so my mail server didn't keep getting 
identified as a spammer. I didn't want it ignored as a potential for 
spam for the same issue you are having. I also use pop before smtp and  
got blacklisted last year as an infected customer sent out about 100K 
e-mails over a weekend. I logged first as above and then changed the 
action of the first rule to drop once I got it tuned.

Your mileage may vary.

Dave Hulsebus

Kurt Fankhauser wrote:
 Don't have the outbound barracuda yet, I do have an inbound. How do you
 point your mail to go to the outbound? Do you have your firewall redirect
 all port 25 to the outbound or do you tell you email server to relay to the
 outbound?

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com
  
  
 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 9:18 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 That should be easy. I've never used Barracuda but I have used the  
 Sonicwall and also open hardware based UTMs such as Astaro, Endian,  
 Untangle and ClarkConnect. Any decent solution should work. Do you  
 already own the Barracuda? If not you might want to consider using an  
 old PC with Untangle on it since it's free.

 Greg

 On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote:

   
 I block all outgoing port 25 except to my email server and a few  
 other email
 servers that my customers use. That stopped it for about 1-2 years now
 someone is authorizing on my email server and then using it to relay  
 because
 I've been getting 400-800 mail delivery failures from their  
 dictionary
 spam attack to my postmaster account.

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]  
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 8:34 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Do you block smtp on non-standard ports? Is SSL filtering necessary
 (gmail smtp is over ssl for example)?

 Greg

 On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 
 Does anyone use the Barracuda's for outbound spam filtering and is
 it as
 good as the inbound version? I need to keep my mail server from
 getting
 blacklisted and am looking for a way to do it. Apparently someone is
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com










   
 
   
 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/

   
 
   
 
 
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
   


 
 
   
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 
 
   
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




 
 
 
   
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 
 
 
   
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
 



 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
 
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org

Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread os10rules
Kurt,

Will getting the Barracuda outbound require more hardware or is it  
just a service you can turn on with the current hardware for a fee?

I'm not familiar with the Barracuda but I would assume there's  
nothing you have to set up as long as nobody is doing ssl. These boxes  
can watch the smtp traffic without needing to manually configured and  
without needing to configure the client to use the box as a proxy. It  
will just watch the traffic and kill it if it's bad. It's good to use  
a service that updates it's blacklist and virus defs often. I'm  
running the Astaro ASG here and it usually gets a few updates each day.

Greg
On Jan 8, 2009, at 10:06 AM, Kurt Fankhauser wrote:

 Don't have the outbound barracuda yet, I do have an inbound. How do  
 you
 point your mail to go to the outbound? Do you have your firewall  
 redirect
 all port 25 to the outbound or do you tell you email server to relay  
 to the
 outbound?

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]  
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 9:18 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 That should be easy. I've never used Barracuda but I have used the
 Sonicwall and also open hardware based UTMs such as Astaro, Endian,
 Untangle and ClarkConnect. Any decent solution should work. Do you
 already own the Barracuda? If not you might want to consider using an
 old PC with Untangle on it since it's free.

 Greg

 On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote:

 I block all outgoing port 25 except to my email server and a few
 other email
 servers that my customers use. That stopped it for about 1-2 years  
 now
 someone is authorizing on my email server and then using it to relay
 because
 I've been getting 400-800 mail delivery failures from their
 dictionary
 spam attack to my postmaster account.

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 8:34 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Do you block smtp on non-standard ports? Is SSL filtering necessary
 (gmail smtp is over ssl for example)?

 Greg

 On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 Does anyone use the Barracuda's for outbound spam filtering and is
 it as
 good as the inbound version? I need to keep my mail server from
 getting
 blacklisted and am looking for a way to do it. Apparently someone is
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com











 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/


 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/

 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http

Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Matt
 Does anyone use the Barracuda's for outbound spam filtering and is it as
 good as the inbound version? I need to keep my mail server from getting
 blacklisted and am looking for a way to do it. Apparently someone is using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if you have
 outsourced email services, aka Jumpline ???

Are you using Exim or what for an MTA?  With exim you can setup
rate-limit to end stuff like this.  I have exim setup to only allow a
given IP to send too 200 recipients in a 2 hour period.  Being
spammers need to send many thousand of messages to get any pay back it
makes your server of little use to them.  There is also a plugin for
Squirrelmail to limit how many messages per day each user can send
there.

I also have this in Mikrotik firewall.

/ip firewall filter
add action=add-src-to-address-list address-list=spammer
address-list-timeout=6h chain=smtp comment= connection-limit=15,32
disabled=no dst-port=25 \
protocol=tcp tcp-flags=syn
add action=tarpit chain=smtp comment= disabled=no dst-port=25
protocol=tcp src-address-list=spammer


Matt



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Kurt Fankhauser
No my email is hosted with jumpline and I don't see any where to set an MTA

Kurt Fankhauser
WAVELINC
P.O. Box 126
Bucyrus, OH 44820
419-562-6405
www.wavelinc.com
 
 
-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Matt
Sent: Thursday, January 08, 2009 12:57 PM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Does anyone use the Barracuda's for outbound spam filtering and is it as
 good as the inbound version? I need to keep my mail server from getting
 blacklisted and am looking for a way to do it. Apparently someone is using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if you have
 outsourced email services, aka Jumpline ???

Are you using Exim or what for an MTA?  With exim you can setup
rate-limit to end stuff like this.  I have exim setup to only allow a
given IP to send too 200 recipients in a 2 hour period.  Being
spammers need to send many thousand of messages to get any pay back it
makes your server of little use to them.  There is also a plugin for
Squirrelmail to limit how many messages per day each user can send
there.

I also have this in Mikrotik firewall.

/ip firewall filter
add action=add-src-to-address-list address-list=spammer
address-list-timeout=6h chain=smtp comment= connection-limit=15,32
disabled=no dst-port=25 \
protocol=tcp tcp-flags=syn
add action=tarpit chain=smtp comment= disabled=no dst-port=25
protocol=tcp src-address-list=spammer


Matt




WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Kurt Fankhauser
Its another hardware box.

Kurt Fankhauser
WAVELINC
P.O. Box 126
Bucyrus, OH 44820
419-562-6405
www.wavelinc.com
 
 

-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of os10ru...@gmail.com
Sent: Thursday, January 08, 2009 11:46 AM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

Kurt,

Will getting the Barracuda outbound require more hardware or is it  
just a service you can turn on with the current hardware for a fee?

I'm not familiar with the Barracuda but I would assume there's  
nothing you have to set up as long as nobody is doing ssl. These boxes  
can watch the smtp traffic without needing to manually configured and  
without needing to configure the client to use the box as a proxy. It  
will just watch the traffic and kill it if it's bad. It's good to use  
a service that updates it's blacklist and virus defs often. I'm  
running the Astaro ASG here and it usually gets a few updates each day.

Greg
On Jan 8, 2009, at 10:06 AM, Kurt Fankhauser wrote:

 Don't have the outbound barracuda yet, I do have an inbound. How do  
 you
 point your mail to go to the outbound? Do you have your firewall  
 redirect
 all port 25 to the outbound or do you tell you email server to relay  
 to the
 outbound?

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]  
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 9:18 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 That should be easy. I've never used Barracuda but I have used the
 Sonicwall and also open hardware based UTMs such as Astaro, Endian,
 Untangle and ClarkConnect. Any decent solution should work. Do you
 already own the Barracuda? If not you might want to consider using an
 old PC with Untangle on it since it's free.

 Greg

 On Jan 8, 2009, at 9:25 AM, Kurt Fankhauser wrote:

 I block all outgoing port 25 except to my email server and a few
 other email
 servers that my customers use. That stopped it for about 1-2 years  
 now
 someone is authorizing on my email server and then using it to relay
 because
 I've been getting 400-800 mail delivery failures from their
 dictionary
 spam attack to my postmaster account.

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com


 -Original Message-
 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]
 On
 Behalf Of os10ru...@gmail.com
 Sent: Thursday, January 08, 2009 8:34 AM
 To: WISPA General List
 Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 Do you block smtp on non-standard ports? Is SSL filtering necessary
 (gmail smtp is over ssl for example)?

 Greg

 On Jan 8, 2009, at 12:41 AM, Kurt Fankhauser wrote:

 Does anyone use the Barracuda's for outbound spam filtering and is
 it as
 good as the inbound version? I need to keep my mail server from
 getting
 blacklisted and am looking for a way to do it. Apparently someone is
 using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if
 you have
 outsourced email services, aka Jumpline ???



 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com













 
 WISPA Wants You! Join today!
 http://signup.wispa.org/




 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/






 
 WISPA Wants You! Join today!
 http://signup.wispa.org/



 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/






 
 WISPA Wants You! Join today!
 http://signup.wispa.org/



 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/





 
 WISPA Wants You! Join today!
 http://signup.wispa.org/


 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org

Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread David E. Smith
os10ru...@gmail.com wrote:

   Will getting the Barracuda outbound require more hardware or is it  
 just a service you can turn on with the current hardware for a fee?

It's the same hardware, but you can't use one Barracuda to do both jobs. 
You buy one, and you can switch the software from inbound to outbound 
(and back again).

I've been having similar issues to the OP. Several of my users' 
passwords have been compromised by horribly-screwed-up desktops, with 
spyware and viruses galore. The attackers (all of whom are coming from 
Nigerian IP space) log in via our Web site, and cut-and-paste spam that 
way. Since it comes from an authenticated user, it circumvents most of 
my normal spam filtering measures.

I've recently added SpamAssassin to my big all our outgoing mail goes 
through here server, set with very generous settings. I'm hoping that's 
sufficient, because I really don't want to buy a third Barracuda. (We 
already have two for inbound email, and they work quite well there; I 
assume one switched to outbound-scanning mode would work equally well.)

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Kurt Fankhauser
Are they using your webmail to send out the spam. Is there any way you can
tell what user's email address is compromised because all the mail delivery
errors I'm getting don't show one.

Kurt Fankhauser
WAVELINC
P.O. Box 126
Bucyrus, OH 44820
419-562-6405
www.wavelinc.com
 
 
-Original Message-
From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of David E. Smith
Sent: Thursday, January 08, 2009 2:02 PM
To: WISPA General List
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

os10ru...@gmail.com wrote:

   Will getting the Barracuda outbound require more hardware or is it  
 just a service you can turn on with the current hardware for a fee?

It's the same hardware, but you can't use one Barracuda to do both jobs. 
You buy one, and you can switch the software from inbound to outbound 
(and back again).

I've been having similar issues to the OP. Several of my users' 
passwords have been compromised by horribly-screwed-up desktops, with 
spyware and viruses galore. The attackers (all of whom are coming from 
Nigerian IP space) log in via our Web site, and cut-and-paste spam that 
way. Since it comes from an authenticated user, it circumvents most of 
my normal spam filtering measures.

I've recently added SpamAssassin to my big all our outgoing mail goes 
through here server, set with very generous settings. I'm hoping that's 
sufficient, because I really don't want to buy a third Barracuda. (We 
already have two for inbound email, and they work quite well there; I 
assume one switched to outbound-scanning mode would work equally well.)

David Smith
MVN.net




WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread David E. Smith
Kurt Fankhauser wrote:
 Are they using your webmail to send out the spam. Is there any way you can
 tell what user's email address is compromised because all the mail delivery
 errors I'm getting don't show one.

Yeah, my latest few problem children have been using our Web site, and 
cut-and-pasting in their spam, sending it out to just five or ten 
recipients at a time so as to avoid our you're not just a spammer but a 
dumb spammer trigger if you try to send to 1000 people at once.

How to track it down depends on the mail software you use, obviously. 
Mine (an older version of Ipswitch Imail) doesn't put any identifying 
information in the email as such (no originating IP or 
authenticated-user info). There are timestamps, though, which I can 
correlate against the Web server logs.

Right now, I'm torn between trying to stop it at the Web server using 
some sort of IP geolocation filter, or stop it before it leaves the 
network using a modified SpamAssassin installation. Both are giving me 
all kinds of fits that are way off-topic for this list.

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread os10rules
I agree, those dedicated boxes are expensive and then there's the  
annual fee as well correct?

I think I'd go with Endian on a PC. Is your spam assassin running  
native or as a virtual machine?

Greg
On Jan 8, 2009, at 2:32 PM, David E. Smith wrote:

 os10ru...@gmail.com wrote:

  Will getting the Barracuda outbound require more hardware or is it
 just a service you can turn on with the current hardware for a fee?

 It's the same hardware, but you can't use one Barracuda to do both  
 jobs.
 You buy one, and you can switch the software from inbound to outbound
 (and back again).

 I've been having similar issues to the OP. Several of my users'
 passwords have been compromised by horribly-screwed-up desktops, with
 spyware and viruses galore. The attackers (all of whom are coming from
 Nigerian IP space) log in via our Web site, and cut-and-paste spam  
 that
 way. Since it comes from an authenticated user, it circumvents most of
 my normal spam filtering measures.

 I've recently added SpamAssassin to my big all our outgoing mail goes
 through here server, set with very generous settings. I'm hoping  
 that's
 sufficient, because I really don't want to buy a third Barracuda. (We
 already have two for inbound email, and they work quite well there; I
 assume one switched to outbound-scanning mode would work equally  
 well.)

 David Smith
 MVN.net


 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread David E. Smith
os10ru...@gmail.com wrote:
 I agree, those dedicated boxes are expensive and then there's the  
 annual fee as well correct?

Yeah, you'd have to keep up the Barracuda subscription on your outgoing 
filter as well, if you want to block current viruses and such from 
leaving your network.

 I think I'd go with Endian on a PC. Is your spam assassin running  
 native or as a virtual machine?

My copy of SpamAssassin is on a (virtualized, but that shouldn't matter) 
CentOS Linux system. I've basically disabled all the per-user stuff, and 
used a fairly relaxed scoring setup. Since it'll be silently discarding 
mail, I want to be pretty darn sure it's not discarding false-positives. 
Aside from a few edge cases, the whole thing works pretty well and only 
took me a few hours to figure out.

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread os10rules
It sounds like what you really have to do is tighten up your webmail.  
It's better to fix that than to put a band-aid on it. Though a good  
smtp spam filter is never a bad idea.

Greg
On Jan 8, 2009, at 4:37 PM, David E. Smith wrote:

 os10ru...@gmail.com wrote:
 I agree, those dedicated boxes are expensive and then there's the
 annual fee as well correct?

 Yeah, you'd have to keep up the Barracuda subscription on your  
 outgoing
 filter as well, if you want to block current viruses and such from
 leaving your network.

 I think I'd go with Endian on a PC. Is your spam assassin running
 native or as a virtual machine?

 My copy of SpamAssassin is on a (virtualized, but that shouldn't  
 matter)
 CentOS Linux system. I've basically disabled all the per-user stuff,  
 and
 used a fairly relaxed scoring setup. Since it'll be silently  
 discarding
 mail, I want to be pretty darn sure it's not discarding false- 
 positives.
 Aside from a few edge cases, the whole thing works pretty well and  
 only
 took me a few hours to figure out.

 David Smith
 MVN.net


 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread David E. Smith
os10ru...@gmail.com wrote:
 It sounds like what you really have to do is tighten up your webmail.  
 It's better to fix that than to put a band-aid on it. Though a good  
 smtp spam filter is never a bad idea.

The problem is that the Web mail isn't broken, as such. The attackers 
are using legitimate credentials to log in and send mail.

Unfortunately, the mail software in question doesn't have rate-limits on 
a per-sender basis. I know, I should join the rest of you in the early 
21st century.

Anyone know of a reliable IIS geolocation filter? That'd solve the 
problem in an even more crazy roundabout way.

David Smith
MVN.net



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread John Thomas
Are you guys using the outbound feature on your inbound Barracudas? It 
doesn't do as full a job as a outbound box, but it may help your problem.

John


Kurt Fankhauser wrote:
 Does anyone use the Barracuda's for outbound spam filtering and is it as
 good as the inbound version? I need to keep my mail server from getting
 blacklisted and am looking for a way to do it. Apparently someone is using
 my server to relay spam, (I am using pop before smtp so they must be
 authenticating first.) Also is it possible to use the outbound if you have
 outsourced email services, aka Jumpline ???

  

 Kurt Fankhauser
 WAVELINC
 P.O. Box 126
 Bucyrus, OH 44820
 419-562-6405
 www.wavelinc.com

  

  

  



 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/



   




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread J. Vogel
My webmail software is Squirrelmail, which does put the authenticated
user in the header, but that didn't come back in the bounces (that I saw
anyway) but I was able to find the compromised account by searching the
Sent folders for some of the bounced recipient addresses. Picking an
address that wasn't likely to be one that my customers would have sent
to - such as in the .pl domain - quickly led me to a folder with lots of
spam messages in it. Searching for a line in the body of the spam email
would have been successful as well.  :)

John

David E. Smith wrote:
 Kurt Fankhauser wrote:
   
 Are they using your webmail to send out the spam. Is there any way you can
 tell what user's email address is compromised because all the mail delivery
 errors I'm getting don't show one.
 

 Yeah, my latest few problem children have been using our Web site, and 
 cut-and-pasting in their spam, sending it out to just five or ten 
 recipients at a time so as to avoid our you're not just a spammer but a 
 dumb spammer trigger if you try to send to 1000 people at once.

 How to track it down depends on the mail software you use, obviously. 
 Mine (an older version of Ipswitch Imail) doesn't put any identifying 
 information in the email as such (no originating IP or 
 authenticated-user info). There are timestamps, though, which I can 
 correlate against the Web server logs.

 Right now, I'm torn between trying to stop it at the Web server using 
 some sort of IP geolocation filter, or stop it before it leaves the 
 network using a modified SpamAssassin installation. Both are giving me 
 all kinds of fits that are way off-topic for this list.

 David Smith
 MVN.net


 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
  
 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/

   


-- 

John Vogel - jvo...@vogent.net
http://www.vogent.net   620-754-3907
Vogel Enterprises LLC
Information Services Provider serving S.E. Kansas



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Barracuda outbounds SPAM filter any good?

2009-01-08 Thread Mike Hammett
What about forcing those accounts to change paswords?


-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



--
From: David E. Smith d...@mvn.net
Sent: Thursday, January 08, 2009 3:31 PM
To: WISPA General List wireless@wispa.org
Subject: Re: [WISPA] Barracuda outbounds SPAM filter any good?

 os10ru...@gmail.com wrote:
 It sounds like what you really have to do is tighten up your webmail.
 It's better to fix that than to put a band-aid on it. Though a good
 smtp spam filter is never a bad idea.

 The problem is that the Web mail isn't broken, as such. The attackers
 are using legitimate credentials to log in and send mail.

 Unfortunately, the mail software in question doesn't have rate-limits on
 a per-sender basis. I know, I should join the rest of you in the early
 21st century.

 Anyone know of a reliable IIS geolocation filter? That'd solve the
 problem in an even more crazy roundabout way.

 David Smith
 MVN.net


 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 

 WISPA Wireless List: wireless@wispa.org

 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless

 Archives: http://lists.wispa.org/pipermail/wireless/
 



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/