This was a sample I whipped up to show one of the managers what we want for our website. At the moment, we are redoing the antispam porttion of the website, and that will have live stats.
sbl-xbl.spamhaus.org includes the CBL. bl.spamcop.net is prone to false positives, often blacklisting legit servers. mail-abuse.org is not free, and I haven't heard of it being really useful at blocking garbage. The duhl.dnsbl.sorbs.net is a far more effective DNSBL.
I would recommend a combination of Postfix, amavisd-new and clamav on the Linux box as a firewall.
Amavisd-new can use a whitelist/blacklist in a DBMS for easier web based management (inclding per user ones), and is quite effective at cacthing spam.
The best part is that except for the whitelist/blacklist management this is totally transparent to the user, who can use whatever folder sorting mechanisms they like on Exchange.
The problem with biometrics is what happens to the digitised information after the system is broken into. Your authentication design must be resilient against failure. Biometrics fail across a network, where the source must be trusted to have actually done the authentication, and not just replayed previous information.
Imagine a scenario where duplicating yor body, down to the DNA was feasible, and it was possible for an attacker to simply jump acros bodies into a new one. What would your authentication systems be in such a scenario.
Authentication and authorization would then have to be based on who you are, what you know, and a piece of hardware that you have. And this needs to be verifiable by every sysem you need to authenticate to.
And those 20 messages cost you in terms of server resources, sysadmin time, bandwidth. If it goes to 1000, even more of your resources are being consumed.
Stop spam at the source. Use DNSBLs instead, or even local access lists. Much cheaper and far more efficient.
You think we don't have filters on our border routers? This is stuff that comes in past the packets filters for the most abusive netblocks. And we block huge swathes of netblocks (smallest block I have ever applied is a/24) for spam runs. If > 25% of a/24 is found to be hitting our spamtraps, they get nullrouted.
Actually, no. Enron "invested" in a power project with some rather underhand dealings and the next government to take power put the project on hold. So Enron just couldn't get the returns they expected (they didn't get any).
This has absolutely nothing to do with their IT division.
It will be "user" friendly when it runs on the x86 platform. Most users find the cost of a Mac highly unfriendly. At the price/performance ratio they offer, x86 has them beat hands down.
The upgrade and maintainance costs are low on the physical medium itself. The only upgrades needed are for your routers, which you would upgrade anyway.
The money can be recovered over 5 to 10 years, after which it is purely profit (or savings in this case). With 5 years, you are looking at 500 USD/year, or about 40 USD/month.
Pretty cheap.
Double this to include maintainance costs, still about 80 USD/mth.
With fibre, its easy to go to 10 Mbit/sec, or even 100 Mbit/sec in the local network. Multiple gigabit backbones, and then you can shove tons of services on that backbone.
Sure, its not 10 Mbit to the Internet, but hook up a bunch of towns to the excess dark fibre that has already been laid and you have a *very large* network.
If the number of successful spam deliveries goes down by a factor of 10, the number of attempted spams sent out goes up by a factor of 10 or more usually 20 to 50.
Just for a sample of what we do at work, click here.
Its a personal page, not $ork, but the stats are real numbers.
Only about 10% of those are due to viruses hitting us. Most viruses hitting us go into a local BL that keeps all mail from them away. Works fine for us.
As for spammers deleting your email address, since when did spammers become that attentive?
About saving bandwidth for the user who uses POP3/IMAP to retrieve mail, discarding known viruses is a much better solution.
If a regular SMTP server ever realys a virus (we do get a few of those), then killing the connection in the middle is just asking to be sent the same crap repeatedly, because the break shows up as a bad connection.
Actually, once the data phase of the smtp transaction starts, You have to wait until it completes. It doesn't save you any bandwidth, just saves on the hitting delete.
Slashdot Mirror
http://nixcartel.org/~devdas/minute.png
August at Outblaze (real numbers).
This was a sample I whipped up to show one of the managers what we want for our website. At the moment, we are redoing the antispam porttion of the website, and that will have live stats.
sbl-xbl.spamhaus.org includes the CBL.
bl.spamcop.net is prone to false positives, often blacklisting legit servers.
mail-abuse.org is not free, and I haven't heard of it being really useful at blocking garbage.
The duhl.dnsbl.sorbs.net is a far more effective DNSBL.
Do all your company users have administrator access on their boxes? Does the company expect the users to patch and keep their own boxes updated?
That is roughly the case on a university network. Think ISP, not company.
Nineteen Eighty Four: George Orwell
:)
Brave New World: Aldous Huxley
Animal Farm: George Orwell
Get the facts right
Well, I was only using the computer for .... er,... research, thats right! Research!
I would recommend a combination of Postfix, amavisd-new and clamav on the Linux box as a firewall.
Amavisd-new can use a whitelist/blacklist in a DBMS for easier web based management (inclding per user ones), and is quite effective at cacthing spam.
The best part is that except for the whitelist/blacklist management this is totally transparent to the user, who can use whatever folder sorting mechanisms they like on Exchange.
The problem with biometrics is what happens to the digitised information after the system is broken into. Your authentication design must be resilient against failure. Biometrics fail across a network, where the source must be trusted to have actually done the authentication, and not just replayed previous information.
Imagine a scenario where duplicating yor body, down to the DNA was feasible, and it was possible for an attacker to simply jump acros bodies into a new one. What would your authentication systems be in such a scenario.
Authentication and authorization would then have to be based on who you are, what you know, and a piece of hardware that you have. And this needs to be verifiable by every sysem you need to authenticate to.
And those 20 messages cost you in terms of server resources, sysadmin time, bandwidth. If it goes to 1000, even more of your resources are being consumed.
Stop spam at the source. Use DNSBLs instead, or even local access lists. Much cheaper and far more efficient.
That is not a moon!
You think we don't have filters on our border routers? /24) for spam runs. If > 25% of a /24 is found to be hitting our spamtraps, they get nullrouted.
This is stuff that comes in past the packets filters for the most abusive netblocks.
And we block huge swathes of netblocks (smallest block I have ever applied is a
This is what $WORK rejects. Those numbers are culled from a random minute of log analysis, and are accurate.
Half of what spam slips through is caught by some more complex filters.
And about 20% of what gets through is still spam.
Do you really think that spam still isn't a problem? Or that *any* content filter will scale to that kind of load, on a reasonable budget?
The right point of stopping spam is before it hits your MX, not after it has been accepted.
Without having RTFA, your statement looks quite funny.
What if the kid's mother is not the wife?
Or they might just decide that sxi is their standard document format, and not MS Word.
That is what would really hit Microsoft hard.
Linux Certified laptops
Apple
Actually, no.
Enron "invested" in a power project with some rather underhand dealings and the next government to take power put the project on hold.
So Enron just couldn't get the returns they expected (they didn't get any).
This has absolutely nothing to do with their IT division.
It will be "user" friendly when it runs on the x86 platform. Most users find the cost of a Mac highly unfriendly. At the price/performance ratio they offer, x86 has them beat hands down.
Google Archive in HTML
Powerpoint format
Steve Atkins presentation to the ASRG: Google cache as HTML
Same as powerpoint
A graph of a random minute at a large email provider.
Each point is one host.
Those numbers are all very very real.
http://www.infrastructures.org
This is why the system won't collapse, and how to do the idea correctly.
The upgrade and maintainance costs are low on the physical medium itself.
The only upgrades needed are for your routers, which you would upgrade anyway.
The money can be recovered over 5 to 10 years, after which it is purely profit (or savings in this case).
With 5 years, you are looking at 500 USD/year, or about 40 USD/month.
Pretty cheap.
Double this to include maintainance costs, still about 80 USD/mth.
With fibre, its easy to go to 10 Mbit/sec, or even 100 Mbit/sec in the local network. Multiple gigabit backbones, and then you can shove tons of services on that backbone.
Sure, its not 10 Mbit to the Internet, but hook up a bunch of towns to the excess dark fibre that has already been laid and you have a *very large* network.
Wrong. The only spam problem is Unsolicited Bulk Email.
There is no such thing as illegitimate email. Any such thing would at most be a syntax error.
Spam is about consent, not content.
If the number of successful spam deliveries goes down by a factor of 10, the number of attempted spams sent out goes up by a factor of 10 or more usually 20 to 50.
Definitely not fine.
You would find this http://www.pathname.com/fhs/ a useful link to follow and read.
The FHS explains the why of the distribution of the various files tossed around the system by various packages.
As for the where were the files dumped, each package manager has a command to show you that.
rpm -ql package-name will list the files installed via the rpm for package-name
Just for a sample of what we do at work, click here.
Its a personal page, not $ork, but the stats are real numbers.
Only about 10% of those are due to viruses hitting us. Most viruses hitting us go into a local BL that keeps all mail from them away. Works fine for us.
As for spammers deleting your email address, since when did spammers become that attentive?
About saving bandwidth for the user who uses POP3/IMAP to retrieve mail, discarding known viruses is a much better solution.
If a regular SMTP server ever realys a virus (we do get a few of those), then killing the connection in the middle is just asking to be sent the same crap repeatedly, because the break shows up as a bad connection.
Actually, once the data phase of the smtp transaction starts, You have to wait until it completes. It doesn't save you any bandwidth, just saves on the hitting delete.
s/as .*//g