General discussion


Stop spam from flooding your network

By debate ·
How big an issue is spam for your organization? What solutions have you implemented to fight spam on your network? How effective have your efforts been? Share your comments about winning the war on spam, as discussed in the Jan. 30 Security Solutions e-newsletter.

If you haven't subscribed to our free Security Solutions e-newsletter, sign up today!

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Anti-Spam : The Open Source Way

by In reply to Stop spam from flooding y ...

We shall fight them on the beaches... we shall fight them with open source!

My organisation was having an increasing problem with spam, due to the increased use of newsgroups and the internet in general. I didn;t have the budget for any of the large vendor anti-spam solutions, so i spent a little time googling for an answer.

There is a veritable army of anti-spam solutions availible for Linux, all of which are in my opinion more configurable and have better support from the user community than the vendor solutions. To this end I downloaded FreeBSD, Postfix and got them running on a dusty old P166. Using the configuration files for Postfix supplied by Len Conrad for his IMGate project, I am now blocking 99% of spam, have anti-virus running on the same box, and a lot of happy users.

The moral of the story, effective anti-spam can be acquired for free, my bosses like things that are free, and my users are happy with their inboxes being free from spam.

Do sleep well..........

Collapse -

Excellent Solution

by Mike Mullins In reply to Anti-Spam : The Open Sour ...

An excellent example of finding a free solution that doesn't put the burden on the end user.

Collapse -


by Roger99a In reply to Stop spam from flooding y ...

We already use Symantec Enterprise Anti-Virus and it comes with a pretty good anti-spam gateway, too. Besides using public DNSBL lists it allows you to tailor the settings to filter certain words in the subject line, filter out domain names and delete attachments by file extension. I'm filtering about 85% of spam and 95% of viruses before they reach the mail server. Those numbers could be better if I were able to be more aggressive with the settings, but certain situations prohibit that.

Collapse -

DNSBL Servers

by Roger99a In reply to Stop spam from flooding y ...

I would like to hear opinions on the available DNS Blocklists that others have used. I have to be fairly liberal in allowing private ISP domains access to send mail so I only use Spamhaus and Spamcop for filtering. Under my real world testing they seem to be pretty good. I would like to see comments from others about this.
What I would like to do is set up a private DNSBL box to allow me to customize blocking for my specific needs. has anyone seen or have instructions for doing this using Linux or BSD?

Collapse -

Not specifically with Linux

by Oz_Media In reply to DNSBL Servers

I don't work in a Linux environment anymore, I usedto in my Python programming days but have slipped into a Netware world lately.

RBL lists alone are awful. Almost ALL companies will be on SOMEONE's RBL list and they need to be constantly cheched and updated as RBL lists are privately managed and very rarely up to date.

I used RBL only blocks to find that yes it blocked SPAM but also at least 300 false positives daily! The protection I use now incorporates RBL blocking but only as a weight that is added to the Heuristic scan total. IE. My heuristic scanner will delete any mail that weighs more than a value of 4.0 (Each keyword, address line etc has a weight added to it, once the threshold 'score' for the mail exceeds the preset threshold of 4.0 it is considered SPAM). I therefor tell my RBL check to add a score of 3.0 to the email, if all the other checks raise the score above 4, it is spam. This means that if a customers address is RBL blocked, the mail isn't considered spam unless other triggers such as "remove from list +1, Viagra+1.5 etc. puch it over the threshold of 4.0.

It is so efficient and accurate.

Mind you, a few days a a simple Python script and a 486 would do all this but creating heuristic firing rules takes a while and the overall maintenance and updating would reduce the ROI.

Collapse -

All gone, no more SPAM, no court cases

by Oz_Media In reply to Stop spam from flooding y ...

I have implemeted EXPENSIVE Spam protection on two sites.

THe first uses GWGuardian ($3,000 Cda with $4,000 USD dual processor server). Spam=0 over last three weeks with 1 (questionsable)false positive.

The other location uses GWAVA ($ 1,900 USD with upgrade protection and 1 yr support).

MAYBE two or three spam get through each day but about 98% blocked with only two or three (at most) false positives each WEEK.

SPAM is GONE, it is no longer an issue for these companies at all, done deal.

The initial cost for these products is high, especially Guardian which requires a separate dual processor server as it runs OUTSIDE the MTA.
Nothing gets TO the network before being scanned though. This also stops Internet Mail viruses by scanning ALL mail coming into the server regardless if processed by the GWIA or not.

Both of these products have multiple scanning systems that all work together to reduce spam. GWAVA incorporates with your own AV protection (or comes with it's own if needed)and extends your AV systems scanning abilities for scanning compressed and HTML mail OUTSIDE the server.

Header and compressed scans, Mime scanning, heuristic weighting, RBL blocking that can be weighted with heuristics for a second approval (removes most false positives this way)Virus and attachment scanning, Address and content filtering etc. It has a very good viewer to sort through locked mail and easily recover/resend false positives if found. Full notification options, exception lists,OUTBOUND and internal mail scans; eg. anything a 'flagged' user sends or sends to a specified address (competition) can be flagged and sent to administrator for review before leaving the network. This way if someone is communicating with the competition, the company knows ahead of time without the user knowing his mail is being intercepted before sending.

Good protection works VERY well, it costs good money. Shortcuts, cheap solutions usually offer only one or two of the tools needed to successfully kill ALL Spam. RBL list blocks will block hundreds of legitimate mail addresses without being further scanned for content.

The numbers show the success.
Off the top of my head, one user used to average over 300 emils daily, now receives less than 50 with NO Spam and NO false positives recovered.

The ROI is intense and the cost is immediately irrelevant. I used GWAVA on a 30 day trial for one client who was VERY reluctant to dish out a couple of grand. The minute the trial ended, SPAM mail started flooding in. Within fifteen minutes (no exaggeration) the owner had sent me an activation code to be installed. People become accustomed to hundresds of SPAM,remove it for a while and then let it start again, they will act so fast it'll make your head spin.

LEGAL NOTE: Failure by your company to deploy SOME form of Spam protection can result in your company being sued by the employees. If people are offended by subject lines referring to larger ***** size, Jillian wants to do it all night long etc. They can sue your company for not attempting to remove such offensive email and subjecting them to these titles each day as it is considered a form of sexual harrassment.

Your company isn't responsible for the sending of the email but IS responsible for allowing it to be distributed within your network and to a users mailbox.
YOU are responsible for what is sent to your employees while in the workplace.

Collapse -

Managed Spam & Virus Filtering Service?

by sneakysnake In reply to All gone, no more SPAM, n ...

I have been tasked to look at the pro & cons of going for a Managed Spam & Virus Filtering Service, we have talked to message Labs but I get the feeling that they are expensive?

Any ideas?

Collapse -

Notta, Zip, Zero

by dwdino In reply to Stop spam from flooding y ...

I have not had any spam in 30 days now.

I walked in the the telecommunications bank, directly to the primary edge router, and unplugged the sucker.

Gave all persons, envelopes and bought an auto postage machine.

I have no spam, no viruses, no intrusion, no hacks, no respect, no pay-check, and no job.


Back to Security Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums