tom’s blog

A graph to show you how many UCE-Mails are filtered per week.
This is a statistic from one of my company’s mailservers.
From about 3000 mails per hour -> more than 90% of all traffic is spam, UCE or virus-infected mail!



Explanation:
wrong-syntax: Somebody tried to fake a mail-programm
too-many-conn.: Anybody tried to send a mass-mail
faked-sender: Tried to spoof sender
virus: recognized virus (which was not blocked by other filters)
spam: recognized spam (which was not blocked by other filters)
known-dialup: known dialup notwork; normally no mail from here
dynamic ip: dialup network or forgot to set proper dns-reverse entry
no-reverse-dns: still allowed, but reverse dns should be set
greylisted: mail is rejected first time; after that it should be ok
zen.spamhaus.org: the most reliable dns blacklist
clean mail: passed through and should be ok

A bugfix-only-release:

See: http://up2date.astaro.com/2007/01/up2date_7001_released_high.html

Astaro has fixed some issues like
- Up2date is not working
- Reporting does not work / does not generate graphs
- …

Update was installed without problems. A Restart wasn’t necessary.

Yes, I know. It’s my own fault to use the first release of a software in a productive enviroment. But I just couldn’t wait.

Whatever, here are my first impressions:

• Installation went smooth, but I had to disconnect my second cd-rom-drive before I was able to finally finish the installation.
• The drag-and-drop gui is an nice idea, but I had some problems finding a browser to use it reasonable way.
• I had disconnects of almost every protocoll (ssh, rdp, ica) sporadically. Especially the VPN to my company was disturbed every 5 minutes so that I had to reconnect and reconnect ..
  -> Solution was quite simple: I had to disable the IPS-system because a lot of packets were dropped wrongly. You also have to pay attention to the Peer2Peer and Instant-Messaging settings, because if any of these is active, IntrusionProtecion is activated automatically and might drop your packets ..

PS: Astaro Security Gateway can be used free for use at home.

I found a (new) software that finally helps to ban spam that is not blocked by various dns blacklists, greylisting, etc …

Have a look at:
http://tanaya.net/DynaStop/
and the forum:
http://www.exim-users.org/forums/forumdisplay.php?f=36

2007/05/08: Update of my personal DynaStop Whitelist

Here you’ll find a great piece of software, that filters incoming mail on the basis of whether a dynamic IP address is used. This reduces system load and resources in processing unwanted mail because all legitimate mail from mainly all ISPs will be sent from a proper mail exchange server (respectively the dns name). Over 350 million IP addresses were used in testing DynaStop for integrity and stability in identifying dynamic addresses and cross checked false positives.

Although the software is still in beta status, I use it in my company to kick out the rest of unwanted connections that are not recognized by RBLs (i.e. zen.spamhaus.org) or those that “survive” greylisting.

Result:

• System load is massive reduced because of less work for spamassassin and antivirus-software
• Connections that come back multiple times and overwit greylisting are banned without scanning the message
• Combined with a daily-report (to control false positives) of blocked networks it’s really a powerful software