Re: OT: Attn Thor

From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Mon, 20 Jun 2005 08:51:15 -0700

Wow. How much? Email me off line-- (I've manually added you to my list already.)

----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, June 20, 2005 1:25 AM Subject: [isalist] Re: OT: Attn Thor


http://www.ISAserver.org

I pay Spamarrest for my solution now, as it was the best thing I could

find

for HoG at the time. It's not like it is my corporate domain or

anything--

if your service can do that at 99%, then right on- I'd rather pay you than
some stranger anyway.  Can you provide a solution on an email-by-email
basis, or does it have to be the entire domain?


While my pricing and configuration is based on per domain, it can be done on
an individual e-mail address basis by having all of the incoming forwarded
to an address on my service which you would then retrieve e-mail from. Of
course, that could then be configured to forward all to a separate address
somewhere (or even configured as an alias for a separate address) in which
that address would only accept e-mail from the address on my server. (Whew,
almost ran out of breath.)

For AV/Malicious content scanning, it works like this: A) Message and
attachments are scanned by 3 different AV scanners. If a virus is found, the
message is quarantined, appropriate notice(s) are sent, and it is then auto
deleted after 5 days. B) If no (suspected)virus is found then the
attachments are compared to a list of banned attachments. If a banned
attachment is found, appropriate notice is sent and message is auto deleted
after 5 days. C) If no banned attachment, the message is checked for 12
different vulnerabilities. If one is found the message is quarantined, an
appropriate notice is sent, and the message is auto deleted after 5 days.
The reason for the quarantine for 5 days is for a few different reasons. One
is as an example 2 major airlines that send out reservation notices had
vulnerabilities in the message. One of the airlines has stepped up to the
plate and fixed it. The other refuses to acknowledge the problem.
Additionally, some times you just have to get a message with a banned
attachment. What I tell my customers is when they receive their notice about
a problem message, they can follow the instructions to request to have the
message reviewed and requeued for delivery. If we get a number of repeat or
similar requests, we investigate as to the source of the issue and how to
resolve it.

For spam filtering, it works like this: There are currently 6 types of tests
run against each message: 1) Sender based. These are tests such as does
sending domain (domain portion of the from address) exist, accept e-mail to
postmaster and abuse, coming from listed server for domain, accept e-mail to
from address and so forth. 2) DNS based tests such as is the HELO/EHOL, PTR,
MX and A record checks. 3) 25 RBL/DNSBL type tests. 4) Message formatting
tests. 5) SPAM signature based tests. 6) Filter tests such as looking for
certain characters, groups of characters, words or groups of words in
certain places. 7) Combo tests which add or remove weight depending upon
groups of tests previously failed/passed. All of these tests are weighted
and contribute to a final weight of the message. The action based on the
weight is then taken according to configuration. We have base actions, and
also per domain actions and even per user actions. Generally speaking, we
PASS, HOLD or DELETE. We can also COPY TO, modify the subject, send to a sub
mail box (such as a spam mail box instead of the main,) redirect or attach
it to a warning message. Messages held are generally reviewed daily unless
there is a problem occurring or when configuration changes are made whereby
we review hourly at first and work back towards normal reviews.
Additionally, when new clients are added, we at first hold more and only
delete the most blatant spam and review every 2 hours until we can adjust
our filters and configuration for them. Why, because no 2 clients are like.
While a school wants clean e-mail, the HR dept of a major employer wants and
needs those e-mails about the latest sexual harassment laws.

John T
eServices For You

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx

Re: OT: Attn Thor

Other related posts: