Re: OT: Attn Thor
- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 21 Jun 2005 08:54:04 +1000
So john what products do you use for spam and virus checking?
Greg Mulholland
Clear IT
Level 10, 530 Little Collins Street
Melbourne, VIC 3000
Ph: (03) 99097411 Fax: (03) 99097091
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, 20 June 2005 6:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: OT: Attn Thor
http://www.ISAserver.org
> I pay Spamarrest for my solution now, as it was the best thing I could
find
> for HoG at the time. It's not like it is my corporate domain or
anything--
> if your service can do that at 99%, then right on- I'd rather pay you
> than some stranger anyway. Can you provide a solution on an
> email-by-email basis, or does it have to be the entire domain?
While my pricing and configuration is based on per domain, it can be
done on an individual e-mail address basis by having all of the incoming
forwarded to an address on my service which you would then retrieve
e-mail from. Of course, that could then be configured to forward all to
a separate address somewhere (or even configured as an alias for a
separate address) in which that address would only accept e-mail from
the address on my server. (Whew, almost ran out of breath.)
For AV/Malicious content scanning, it works like this: A) Message and
attachments are scanned by 3 different AV scanners. If a virus is found,
the message is quarantined, appropriate notice(s) are sent, and it is
then auto deleted after 5 days. B) If no (suspected)virus is found then
the attachments are compared to a list of banned attachments. If a
banned attachment is found, appropriate notice is sent and message is
auto deleted after 5 days. C) If no banned attachment, the message is
checked for 12 different vulnerabilities. If one is found the message is
quarantined, an appropriate notice is sent, and the message is auto
deleted after 5 days.
The reason for the quarantine for 5 days is for a few different reasons.
One is as an example 2 major airlines that send out reservation notices
had vulnerabilities in the message. One of the airlines has stepped up
to the plate and fixed it. The other refuses to acknowledge the problem.
Additionally, some times you just have to get a message with a banned
attachment. What I tell my customers is when they receive their notice
about a problem message, they can follow the instructions to request to
have the message reviewed and requeued for delivery. If we get a number
of repeat or similar requests, we investigate as to the source of the
issue and how to resolve it.
For spam filtering, it works like this: There are currently 6 types of
tests run against each message: 1) Sender based. These are tests such as
does sending domain (domain portion of the from address) exist, accept
e-mail to postmaster and abuse, coming from listed server for domain,
accept e-mail to from address and so forth. 2) DNS based tests such as
is the HELO/EHOL, PTR, MX and A record checks. 3) 25 RBL/DNSBL type
tests. 4) Message formatting tests. 5) SPAM signature based tests. 6)
Filter tests such as looking for certain characters, groups of
characters, words or groups of words in certain places. 7) Combo tests
which add or remove weight depending upon groups of tests previously
failed/passed. All of these tests are weighted and contribute to a final
weight of the message. The action based on the weight is then taken
according to configuration. We have base actions, and also per domain
actions and even per user actions. Generally speaking, we PASS, HOLD or
DELETE. We can also COPY TO, modify the subject, send to a sub mail box
(such as a spam mail box instead of the main,) redirect or attach it to
a warning message. Messages held are generally reviewed daily unless
there is a problem occurring or when configuration changes are made
whereby we review hourly at first and work back towards normal reviews.
Additionally, when new clients are added, we at first hold more and only
delete the most blatant spam and review every 2 hours until we can
adjust our filters and configuration for them. Why, because no 2 clients
are like.
While a school wants clean e-mail, the HR dept of a major employer wants
and needs those e-mails about the latest sexual harassment laws.
John T
eServices For You
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this network has been scanned for viruses
Other related posts:
