Re: SPAM sudden increase

"] |_| (_] _['' _['' ]-" /_\ |/_ [. -=Biscuit=-:


> Could you let me know what you think after you've tested it out a
> while? I don't mind paying money, but I need something that does
> what it's suppose to do. SA seems to require a lot of tweaking.

I'm sure I could trap more spam if I wrote custom rules for SA. I suppose
this would work best if your .org, .com, or whatever is a uniform
organization - like the furniture shop example they give in the cfg docs.
If you don't expect home refinancing messages to be relevant, they are
easy to filter. If, on the other hand, you are serving as an ISP for
random people or organizations, it would be more difficult to write
effective rules.

For me, it is the time needed to check for FPs that kills
SA. I have a bunch of users internally that deal with an even larger
bunch of people externally, about a range of subjects (that technically
should be pretty well defined, but, as fate would have it, isn't). In a
smaller organization, it would be much more usable.

Also, these people have no sense of etiquette, and are sometimes
impractical. I mean, how is SA supposed to interpret an inbound message
with a single document attached, but without a body or subject? I have to
retrieve these all the time. How am I supposed to train SA on these
messages? I know - I know - I can whitelist them. Screw that - I am not
going to whitelist the home addresses of 850 people that are too busy to
write a real message or use a memory stick. 'Sides, they can bypass SA
completely by using our webmail, since they are just mailing to themselves...

Hey, isn't that a Billy Idol song?

//--------------------------------

On the floor of Tokyo
Or down in London town to go, go
With the record selection
With the mirror reflection
I'm mailing to myself

When there's no-one else in sight
In the crowded lonely night
Well I wait so long
For my love vibration
And I'm mailing to myself

...

//--------------------------------

Hrrrmmm, maybe not...

We block known external webmail sites, and known proxies, so
there is no other way to get around SA. Even FTP, SSH, and RDP out -
though now that I say that, I want to re-check the fw cfg - I had to open
up ssh for some sftp session and saw something odd...

Dude was on a tech call with f-secure and the tech asked, "So, are you
familiar with SSH?" To which the dude replied, "Yes." (Even though he
barely has a clue.) The tech said. "Good, because our FTP server is
secure [uses secure authentication/something like that/basically
implying sftp]. I'll go ahead and send you the login information.

So later, dude is trying to FTP to their server using WSFTP. I said, "Oh,
I think you need to use sftp." To which the dude replied, "Yeah, I'm
using WSFTP." To which I replied, "Uhhh, yeah, but I think he is talking
about sftp protocol - FTP via SSH, for which you might use the psftp
client instead." To which he replied, "Oh."

So, it turned out that we don't allow SSH out, and I had to tweak that.

Lemme tell you. Checkpoint rocks... It took like 2 seconds to allow
SSH out stateful from his subnet, and about 10 seconds to install the
policy, after which point, it took another 2 seconds to configure a filter
that would allow me to see his SSH session start on the tracker console.

Well, after that, it was butter, but still...

[I should, or perhaps shouldn't (alas, it is too late now), mention that
the dude is not exactly my boss, but is the senior department member
holding a position equivalent to mine. So he gets paid more than I do,
and I have to tell him over and over how to do things. He f***s with
trying to get an antivirus client rolled out for fully 6 months, after
months of running without any antivirus software (on more than 2000
stations, mind you!). I can't even remember how many things I've done in
that time. I guess I'm a little bitter right now...]

So, er, yeah - I'll post something here about Lightspeed. Getting ready
to make the change. I will be sad though...

Just FYI. Lightspeed runs on Windows 2000. The machine needs to have two
network interfaces, plus a failover card. It operates in bridge mode as
a passthrough device (special drivers, magic drivers!), so there is no IP
configuration necessary, and all traffic typically flows through it.
Because of the failover card, even power failures don't stop traffic
throughput - makes re-booting less of a hassle (though there is obviously
no filtering going on during the down-time).

It is possible to run in an IP mode, so you could route
specific traffic through it, but this isn't the recommended approach (for
some reason). It is possible to configure filter bypassing for traffic
to/from IP/subnet/protocol, so the routing method described can be done
through software. The initial setup is a bit confusing, but operation is
dead easy. The software uses the MSDE (MS SQL light) database, which is
fine for this app.

You need a fast machine, plenty of memory, and plenty of disk space. We
use an HP DL380 G4 server (dual Xeon foo), 3 GB RAM, and 5 or 6 72 GB
U320 SCSI disks, RAID 5, etc. So, the box itself was a phat chunk of
change. Could use less, but performance hits will be significant when
operating and querying the DB - a necessary day-to-day operation.

Licensing for us would have been ~ $15K, plus yearly maintenance - or some
such. Because we hesitated, stalled, put it off, talked with other
vendors, etc. their sales people dropped the bottom line and made it
easier for us. I don't recall how much it was in the end, as I don't pay
attention to such things, but it was still much more than I would pay for
my own use.

>>>> Yeah - Monday is gonna suck...
>>>
>>> Ummmm yeah...
>>
>> and Tuesday, and Wednesday, and Thursday too
>>
>> woo hoo!
>>
>
> ...and so it goes for the next 6 months of my life. Contract starts
> on Monday....I need a wife, or at the very least...a pool boy who
> can cook.

You have a pool? I can cook, and I like to swim. I am pretty dead set
against leaving this place though. Besides, you might not like my
tentacles...

.

Relevant Pages

  • Re: Batch job to perform sftp transfer
    ... It relies on copying datasets to temporary HFS files ... I used /bin/cat with ssh so that I could transfer the data and pipe it to ... The IBM version of sftp doesn't support datasets, ... Batch job to perform sftp transfer ...
    (bit.listserv.ibm-main)
  • Re: [opensuse] what networking file system to use for our home office?
    ... SSH server on Your "server" and from Your clients connect using SFTP or ... You can login using SSH ... certificates or just let clients' computers to remember passwords. ... I usually sit at university, so I have good connection, but even from home ...
    (SuSE)
  • Re: secure file transfer FROM z/OS
    ... FTPS. ... SSH SFTP. ... This is supported by z/OS Ported Tools - OpenSSH. ... better native z/OS features than Ported Tools SSH ...
    (bit.listserv.ibm-main)
  • Re: SFTP is not working
    ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ...
    (comp.security.ssh)
  • Ssh stalls on transfers
    ... hopefullt someone can help ... Before I upgraded ssh, there was no problem. ... w33n3r: Yeah. ... sysop: ...
    (comp.security.ssh)