SmarterMail Antispam Settings Document Updated
Problem reported by Bruce Barnes - September 20, 2014 at 12:14 PM
Not A Problem
The SmarterMail Antispam Settings document, originally published in September, 2009 has been significantly updated to include four new RBL tests.
 
These tests include a request from Steve Reid to add the RAZOR2 RBL to SmarterMail's list of usable RBLs.
 
The new tests, which have been included in this revision, are:

In addition to the new RBL tests listed above, the GREYLISTING timing has been adjusted as follows:

 

Greylisting Timing Adjustments made in latest revision of ChicagoNetTech Antispam Document - released 19 September, 2014
Greylisting Timing Adjustments made in latest revision of
ChicagoNetTech's Antispam Document - released 19 September, 2014

 

The newest revisions to the SmarterMail Antispam Settings document, which are also applicable to almost any other MX server setup, can be found at: SmarterMail Antispam Settings Document

PLEASE NOTE: THE EFFICACY OF THE SETTINGS IN THIS DOCUMENT ARE PREDICATED ON THE FACT THAT:

  • WHITELISTING IS MINIMIZED
  • HOSTED DOMAINS ARE NOT ABLE TO OVERRIDE SPAM SETTINGS
  • HOSTED DOMAINS ARE NOT ABLE TO OVERRIDE GREYLISTING SETTINGS
  • USERS ARE NOT ABLE TO OVERRIDE GREYLISTING SETTINGS
  • USERS ARE NOT ABLE TO OVERRIDE SPAM SETTINGS

This is a new KB article, and will always contain a link to the most recent revision of the document. 

Legacy links will be retired in one year.

Bruce Barnes
ChicagoNetTech

Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

44 Replies

Reply to Thread
0
Bruce, as always, thanks for the great contributions to the SM community. This is a great resource. Just a typo I would assume, but in the second paragraph of the preface, you're recommending to use ~all in the spf record indicating that email sent from a server outside of the spf record should soft fail. -all signifies that it should hard fail. 
 
Do you recommend to use ~all for soft fail or -all for hard fail?
0
Great catch, Robbie!  Thanks for pointing that out.  I will get that corrected and update the current document to show "-all" for hard fails.
 
With the exception of those domains who use Constant Contact for mass mailings, we are running -all for hard fail on all of our SPF records.    The only reason we've modified the settings for Constant Contact users is that they still have issues with domains who have DMARC records and make people jump through the hoops to make messages which originate from Constant Contact deliverable.
 
This not to say that Constant Contact doesn't have a solution, but their solution is extremely convoluted and difficult to implement for most small companies and not-for-profits who don't have dedicated IT people to troubleshoot and chase down issues which should, in my opinion, be much easier to implement.
 
As an FYI, the addition of the RAZOR2 and GBUdb RBLs have almost completely eliminated the remaining spam.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
I have been using your pdf doc for a long time to tweak my smartermail setup... gonna adjust for this new one... which in the file says Rev 4.0550: 22-Sep-2014 --------  The actual file name for the .pdf is....  Antispam Settings - SmarterMail - REV 4 - March 2013.pdf....  little confusing...
 
I will still implement these new settings because I see they are different...
 
Regards,
Mark L. Lee
0
The file name has never been changed because that's the name of the PDF which was used to make the file available and has been linked on the internet in more than 600 postings since 2009.
 
The new, permanent link, which will do away with any file names, is located at: SmarterMail Anti-Spam Settings Document and will always contain the most recent version of the document.
 
The last portion of the inside document title will always contain a REV number and DATE.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks again, Bruce. An invaluable resource. Totally minor nit: the screen shot for the RAZOR2 RBL on Page 24 shows the Enabled checkbox to be unchecked, I'm assuming that should be checked? (Told you it was a nit!)
0
Thanks for the compliment, Robert.
 
EDIT: Modified to reflect the removal of the RAZOR2 RBL

With regard to the RAZOR2 RBL: YES, the checkbox MUST be unchecked for that, and several other RBL tests.
 
I can usually justify the reason for this, but RAZOR2 is a group of Apache people and responses to questions are slow to flow back, so I cannot give you the justification at this time.
 
Additionally, you MUST USE LOCAL DNS SERVERS for these RBLs to work.  If you are using a DNS server, or servers, which make more than 100,000 to 200,000 queries per day to the individual RBLs you WILL experience false positives.
 
The RBL maintainers are beginning to enforce the number of queries allowed for any single DNS server in a 24 hour period because they want high-volume users to install locally cached RBLs, periodically download the databases, and query them locally.

The only way the RBL managers, with one or two exceptions, have come up with successfully enforcing their limits is by FAILING queries - which means you may encounter false positives if you are using GOOGLE DNS, COMCAST DNS, or other high-volume public DNS servers.
 
Again, thanks for bringing this to my attention.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks for all of your work...
 
 
I have implemented the related antispam settings in your document and now a lot of good mail is getting dumped...
 
Basically I see that any mail coming from cfl.rr.com (Roadrunner) is getting deleted because it is getting a 20 weight which is getting deleted because your new default to delete is 15 weight...
 
Here is one example of many... the cfl.rr.com domain itself passes all RBL checks but is still shows FAILED with some of the smartermail checks....
 
____________________________
 
[2014.09.23] 10:34:11 [95769] Delivery started for xxxxxxxx@cfl.rr.com at 10:34:11 AM
[2014.09.23] 10:34:15 [95769] Spam check results: [_SPF: Pass], [BARCUDA - BRBL: passed], [CBL - ABUSE SEAT: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - YELLOWLIST: failed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SMTP: passed], [SORBS - SOCKS: passed], [SPAMHAUS - CBL: passed], [SPAMHAUS - CSS: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [UCEPROTECT LEVEL 1: failed], [UCEPROTECT LEVEL 2: failed], [UCEPROTECT LEVEL 3: passed], [VIRUS RBL - MSRBL: passed], [_REVERSEDNSLOOKUP: passed], [_DK: None], [_DKIM: None], [HOSTKARMA - WHITELIST: passed], [SURBL - ABUSE BUSTER: passed], [SURBL - JWSPAMSPY: passed], [SURBL - MALWARE: passed], [SURBL - SPAMASSASSIN: passed], [SURBL - SPAMCOP: passed], [SURBL -PHISHING: passed], [URIBL - BLACK: passed], [URIBL - GREY: passed], [URIBL - MULTI: passed], [URIBL - RED: passed]
[2014.09.23] 10:34:17 [95769] Starting local delivery to xxxxx@xxxxxxxxx.com
[2014.09.23] 10:34:17 [95769] Delivery for xxxxxx@cfl.rr.com to xxxxx@xxxxxxxxx.com has completed (Deleted) Filter: Spam (Weight: 20)
[2014.09.23] 10:34:17 [95769] End delivery to xxxxx@xxxxxxxx.com
 
 
____________________________
 
I have changed my medium weight threshold to 25 to let the mail through...
 
 
Any ideas?
 
Regards,
Mark L. Lee
 
0
We've always used GBUDB and have been happy with it. Our Declude has always used the MailSpike RBLs. Nice to see all of those make the list.
 
However the Razor2 was a new one we tried today, but sadly we had to disable it as it failed **EVERYTHING**. Not a single piece of email passed the Razor2 RBL. That resulted in about 50K of false-negatives for us. And yes, we run our own NameServers used exclusively by our Mail service. I even triple-checked our settings with the one shown here and in your pdf and still no dice.
 
Nevertheless, thanks for the updated pdf.
0
I had the same issue as Scarab. Tow of my major clients are trusted senders and they got rejected when I implemented Razor2. Had to disable.
0
EDIT: Edited to reflect the removal of RAZOR2
 
RAZOR2 alleges to be extremely accurate. 
 
RAZOR2 does AGGRESSIVELY place anyone with invalid, or missing, rDNS on their RBL lists.  There is no way to request removal, when they see the issue corrected, listed domains/IP addresses will "fall off" a few days later.
 
We had another client, hosted on Google, with their own domain name, which was not properly setup in DNS and did not have rDNS setup on any of their IP addresses.
 
In cases of improperly configured DNS, or lack of rDNS, it is not the RBL's issue, but the domain owner's issue, and their responsibility to resolve the issues.
 
If you supply their domain names they can be checked externally to see if there are issues which caused them to be placed on the RAZOR2 list.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
BTW: Has anyone else seen a ridiculous amount of spam being sent from static.hostnoc.net? The IP address of the mail server is 209.124.95.85 and the sending address from a domain called funbent.com? Static.hostnoc.net is privately registered with Tucows. The IP address is assigned to an ISP in the UK called Dragon Networks (www.dragonnetwurx.com)  and funbent.com is registered through enom to a guy called Adam James in San Diego. I am receiving a connection from their mail server every second for five seconds and then a 15-20 minutes pause before repeating 5 new delivery attempts and repeating the cycle throughout the day - all day, every day. Very determined mail server!!!
0
Looks like someone may have hacked the network at HOSTNOC.NET, because the IP address posted by Robert Pinkerton does not match any of their MX servers:
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
I noticed an email this morning that was marked by the new Razor 2 RBL I added, but curiously it was not marked by the Razor 2 in my SpamAssassin in a box as Razor 2
0
The latest version of the document will be updated this week and RAZOR2 will be removed from the RBL test list.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hello Bruce and all,
 
I need to know how could setting Denial of Service (Dos) - POP 50 in 10 min effect the POP incoming service with a scenario like this one in my question (single dmain / client company network) ?

I've changed to Denial of Service (Dos) - POP 150 in 10 min and they are working fine .. does this change effect my Abuse detection efficiency ?
 
Thanks
3
The most recent version of my SmarterMail Antispam document is now available for download as a PDF.
 
This document includes both the changes listed in the previous postings of this thread; a clarification of the DNS entry for DOMAINKEY record format, when using Microsoft DNS, on page 62 of the document.
 
The link to the newly updated document is located at:https://www.chicagonettech.com/docs/pdf/Antispam%20Settings%20-%20SmarterMail.pdf [this will open a new window and the PDF can be saved to your local workstation].
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce,
 
Thank you so much, this is a huge asset.  Just getting around to making the updates from your '09 document which worked flawlessly for so long.
 
Chris
0
Thanks for the compliment, Chris.  Like spammers tactics, the document is a constant work in progress.
 
The new permalink will always contain the most recent updates.  Check it frequently, because I won't necessarily be posting a notice of every change here.
 
As a reference for others, here's the permalink - an up-to-date date reference will always be at the top of the document: 
 
 
this will open a new window and the PDF can be saved to your local workstation.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hi Bruce,
 
I have walked through your excellent document and applied all of the RBL/URIBL filtering you have outlined (along with greylisting etc) and have seen a dramatic drop in spam which is great news for us. My one question is that we currently also have the Cyren Premium Antispam enabled for filtering with a weight of 0-30, and when we are sending out some test email shots to multiple addresses internally they are getting flagged as :-
 
X-SmarterMail-Spam: SPF_Pass, Commtouch 30 [value: Bulk], ISpamAssassin 0 [raw: 0], DK_Pass, DKIM_Pass
 
Therefore I was wondering if having Cyren active is overkill on the spam filtering front (as I noticed you didn't have Commtouch enabled in your example list in your document) and whether there is much point in using that as it wasn't doing much in regards to blocking spam before I added your latest suggested settings?
 
Dave 
0
First, I took our portal down for a few weeks, and will re-post a new link later today.
 
Second, we use nothing but what's reflected in the document.
 
We enforce GreyListing, for egeryone, no exceptions: with a 1 minute retry time, and we do not allow any custom settings by users. There was some foot stomping and screaming at first, but when we implimented a "spam/virus/worm" charge of USD $50.00, for the first 15 minutes, the din got earily quite.
 
We also do not service XP operating systems any more.  All of the A/V scanners and software providers pulled support for XP, and we were getting swamped with "repeat cleanup requests" from clients who denanded the, work at no cost.  All it takes is opening one infected email, and Trend Micro's HouseCall must be liaded, and run, in safe mode.
 
Sorry, that's not my job. 2003 ends at the end of June, and so does our support for all 2003 products. It's a hard road to hoe, but when a product life cycle ends, so does our support.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
2
Here is the new link to the SmarterMail antispam document:
 
 
Remember, there are MAJOR CHANGES between this document and all previous versions.
 
Many RBLs shut down, others completely changed their RBL lookup servers.
 
The implementation of document is predicated on the fact that:
 
  • The entire document is READ, and UNDERSTOOD before implementing!
     
  • all control stays with the Smarter Admin;
     
  • domain admins and end-users only add additional problems to enforcement;
     
  • Greylisting is enforced for ALL USERS and ALL DOMAINS -- with a one-minute initial retry time, and 360 day listing in the database, to ensure that no additional lookups are required. - no exceptions;
     
  • SmarterMail is running under TLS and the SSL patches, do disable SSL, and enable all available TLS protocols, is enabled, based on the operating system.
     
  • TLS is properly tested against the tests at https://www.ssllabs.com/ssltest/index.html  to ensure that the server is operating with a grade of at least A-, or better.  Remember, Windows Server 2003 is depreciated, and all support ends, on 30 June, 2015.
     
  • PROPER setup of DomainKey, DKIM, and DMARC are implemented for each domain hosted.  This includes the configuration of both the necessary KEYS, and also the proper setup in DNS - again, required for EACH E-MAIL DOMAIN HOSTED by the SmarterMail server.
     
  • FEEDBACK LOOPS are properly setup with the 14 ISPs who now require them.
     
  • NO WHITELISTING - everyone must AUTHENTICATE!  If an outside server sends mass messages, they must be sent via a dedicated account on the SmarterMail server;
     
  • no customization is allowed by domains or end users;
     
  • no outside antispam tools are used;
     
  • There is NO GUARANTEE that 100% of the spam will be eliminated.  You will notice a drastic reduction, but some new spammers are fully compliant with all of the anti-spam tests and slip through for a day or two.
     
Sorry if this sounds "draconian" to a few of you, but our customers love the security,  It works, and it prevents worms, viruses, keystroke loggers and hackers from gaining access to our servers and data. 
 
We service several moderate sized law-enforcement agencies, a couple of good-sized hospitals, several law firms, and several accounting agencies, and pride ourselves in old-fashioned customer service - locally stored, not in a cloud, full backup, and all date and technical support is kept, 100%, in the United States.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
2
Hi Bruce,
 
Once again, thanks for your time, effort and expertise with the antispam settings guide.  Always so useful!
 
We have implemented the changes and will keep an eye on the impact.
 
To give a little feedback, when implementing the settings we found the following in the guide:
 
 - Page 23 - Duplication of 'RBL: SORBS 04 - MISC' - First one has incorrect config inc image
 - Page 31 - Duplication of 'RBL: SPAMHAUS - SBL 2'
 - Page 36 - Incorrect Config Image - 'RBL: SPAMHAUS-UCE PROTECT LEVEL 2'
 
Again, really appreciate the ongoing guide and updates....saves a HUGE amount of time!
1
Please remember:
  • this is a VOLUNTEER EFFORT;
     
  • the RBL / BRBL area is changing every day - with providers pulling the plug and other absorbing databases;
     
  • queries are LIMITED, and must be made by your LOCAL, PRIVATE DNS to be valid - too many from the same DNS server IP address in a single day will cause all to fail.
     
  • There is no regular update schedule, so check back at least once a month.
     
  • Individual questions and comments will not be responded to.
     
  • Anyone wanting personalized assistance will have to pay for it - my work is not free.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
3
I am sure I speak for a lot of people when I say I REALLY appreciate the work you put in to this and it REALLY helps.
0
Your portal link doesn't work for me.
 
So, I'm using the other link you posted on February 3 at 15:08.
 
The version of the document I have is 6.150119 and dated 19th Jan 2015.
 
Is this the latest?
0
Figured I'd try again.   We are still struggling with snowshoe spam, going back to June of last year.   My settings match Bruce's most recent document, but the spam that slips through are all formatted correctly with proper PTR and SPF records and can take awhile before they are caught by any of the blacklists.   Here is a portion of the header:
 
Return-Path: <lilalyons@larrykerilee.rexwoodwork.com>
Received: from larrykerilee.rexwoodwork.com (larrykerilee.rexwoodwork.com [207.188.184.40]) by mail.advantagetel.com with SMTP;
   Thu, 19 Feb 2015 13:32:33 -0500
 
I started checking mxtoolbox's blacklist tool and it it took an hour before 207.188.184.40 or rexwoodwork.com was picked up by any of the RBLs.
 
I've taken to blacklisting the /24 blocks as the spam comes in, which gives some relief for the rest of the day, but it is a never ending process.   Has anyone come up with any better tools for fighting this?
0
I have finally been able to stop 99% of spammers using the following setup.
 
First I implimented a 5 minute greylist
Then I setup a new website in IIS, and shared my SmarterMail Logs directory as a Virtual Folder.
I wrote a script that when run will read the SMTP logs and if it finds any lines that match specific search phrases, it will read the IP address from that line and then Add it to my Firewall.
I setup this script to run every 4 minutes. which gives it enough time for the spammer to try to send a message and be denied by the greylist, allowing the script to pickup the attempt by the spammer, before they are able to return the second time and get the message through the door.
 
I have stored a list of badwords in mysql that my script reads from.  Seems spammers are starting to use uncommon top level domains like ".click", ".biz", ".eu", ".in.net", ".us", ".work" as well as others.  So I am firewalling any requests that match these toplevel domains.  I do have a whitelist that will override these for clients that do need communication from specific domains at these toplevel domains.  Thus far I have over 1000 IPs firewalled and its only been 3 days.  Number of Spam that have gotten through 0.  
 
What would be great is if SmarterMail could be setup to return a "user Not found" message to the spammers which might encourage them to remove the email address from their lists.  That of course assumes they care about keeping their lists clean.  
WhiteSites.com
Blog.whitesites.com
0
https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx ; does not work, and, far as I can tell, hasn't been working for some time.
 
Indeed, no response either from simply https://portal.chicagonettech.com
 
I did try this from different parts of the Universe (from different computers at different physical locations and different ISPs).
 
 
 
 
 
0
Heman;
 
 Make certain you have the MOST RECENT VERSION of the document, which can be found at:
 
 
There were many changes to antispam database providers which took place in December, 2014 and January, 2015.
 
There will be more changes coming up in early April when I publish another revision of the document.
 
Bruce
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
And I posted the new URL in my response.  My signature also states that the portal is offline.  We had a SCSI card fail and are in the process of bidding new hardware to upgrade our 2003 servers and move everything to 2012 in our new data center.
 
The portal is on the bottom of the list and the url for the antispam was listed in my response to you.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Everything shown in the current document is in use on my, and several other SmarterMail servers.
 
There will be adjustments to the APRIL document, which will be pushed out sometime after the 15th - TAX DAY, but I will not discuss issues or changes between new document versions.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
No, we're doing a large build out and the hardware failure (and the hundreds of hours of free advice I gave away every month) are on hold until we are done with the bank and partners.
 
Remember, we donate all of our time, and I have hundreds of hours in the document you are unhappy with.
 
If this kind of intimidation continues, I will pull it completely and share it only with paying customers.
 
End of discussion.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0

Thanks, Scarab.

We finally approved the hardware and placed the order for the first round of servers today.  Our first round is coming in at about USD $28,000, and that doesn't count the Server 2012 licensing.  We found some pretty good deals on sealed licensing and that will help a lot.

It's amazing the number of our customers who have no concept of the fact that Server 2003 goes bye-bye on 30 June, 2015.    Based on what I am hearing from vendors, all of the antivirus support, and much of the support for other critical products will end simultaneously.

We still have customers using XP, and there is ZERO in the way of good antivirus solutions for them now - they're acquiring infections on machines still connected to the internet and it's a royal pain in the butt.  I've been carrying some of them, from a support standpoint, but pretty much pulled the plug on that as of yesterday, telling them they had to upgrade - the free ride was over:  it's time to move to Windows 7 and get the free upgrade to 10 when Microsoft pushes it out (see: http://rcpmag.com/articles/2015/01/21/windows-10-free-upgrade.aspx).

Sometime during the middle of this project we're also moving everything: - house, office, the whole works.  We've lived in the same house for 33 years, and we're literally leaving Chicago and moving out to the country. 

The taxes on our bandwidth infrastructure, telephones, cell phones, electricity and natural gas delivery went up an astounding $125.00 per month - collectively, across all of our billing, in February, adding $1,500.00 per year to our business operating costs, and it's only expected to get worse because of the City of Chicago, Cook county and State of Illinois' desperate financial situation.

Our internet vendor is working closely with us as we vet the areas we are looking at.  I have friends within the company who are doing analysis of bandwidth and the reliability of their services at each of the locations we're looking at.  This is driving the real estate agents crazy as they've never had someone make certain that the utilities are reliable before deciding on a property location.  One of the key locations is at a junction of three of the vendors fiber nodes, and we're seriously considering that location - literally 20 feet from the Illinois Wisconsin border -- near a small town, but, literally out in the middle of the country.  Reliable internet, electricity resources from two different states, and three fiber nodes from our current vendor - all right there.

This is a fun ride - better than anything I've ever been on at any amusement park!  We'll continue to support SmarterTools products and services: we love them, and I'm dedicated to their products.  I'll also continue to support the forums and SmarterTools users -- and that includes the antispam document, but I'm beginning to understand why people turn to drugs.  Pot's not legal in Illinois, like it is in Colorado, so, in addition to the support and kind words of the people in the SmarterTools forums, I'll stick to my supply of Jack Daniels and an occasional dark lager to tide me over.

Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
HI Bruce, Thank you for your continued work.
 
However, I highly recommend people (in the UK at least) DO NOT use Barracuda for Outgoing SMTP Blocking.
 
Turning this on has resulted in many many legitimate emails being blocked.
 
The UK ISPs BT and Virgin have a lot of dynamic addresses which are in the "Poor" listings on Barracuda, so are all being blocked - this of course is causing lots of hassle with my UK clients ;)
1
All of ChicagoNetTech's servers are on sstatic IP addresses. All are now, and always will be, located in the United States. None are in the cloud. Several of our HIPAA / HITECH contracts have very restrive location and personnel clauses in them
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
2
The ChicagoNetTech portal is back up and I will be working on the antispam settings document again next week.
 
The most recent version is here:
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
Mike: The response times are dependent on many different factors, so it's a bit hard to say what's "normal."
 
Having said that, 3,000 to 5,000 ms does sound a bit high, but we see times ranging between 24 and 870 ms on a daily basis.
 
Some of the factors include:  your circuit capacity; load on your hosting provider; the DNS servers you are using; the hardware that SmarterMail is running on; whether SmarterMail is running on a dedicated server or there are other services running on the SmarterMail server, etc.
 
So, without actually looking at your server, seeing the processes running, what resources they are consuming, and, most importantly, seeing the response times on your connection, including DNS lookup times, ping times, etc, it's a difficult call.
 
I would start with a good tracert to several known good locations, looking to see what happens to the timing on the individual hops between you and them.
 
Whether or not you are on Comcast, you can also go to http://speedtest.comcast.net and then test to various locations, beginning with the location closest to you, and see what the ping times are.    I suggest using the Comcast speed test because they upgraded their fiber backbone to an enterprise backbone about two years ago and you should see similar ping and speed test results to almost any of their testing locations - the caveat being that you will see some slowdown when testing to the side of the Rockies furthest from where you are located.
 
Then look at the upload and download times, and compare them to what your provider is supposed to be giving you at the server location.
 
As an FYI, I will have a new generation of the antispam settings out by the end of this month and will post a notification at that time.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Mike:  Glad to hear that the changing of your DNS servers helped to resolve the average query response time problem.  Based on both your posting, and feedback from several other users of my antispam settings, I will make my references to the fact that the use of a LOCAL DNS SERVER is very important when querying RBL and URIBL databases in my next antispam document update.
 
Remember that the RBL and URIBL databases are free to low volume users, EG: anyone who makes fewer than 100K queries per day via a particular DNS server.  A few allow as many as 200K queries per day.
 
That is why it is so important to use PRIVATE DNS SERVICES.  If you are using Google or Comcast DNS, then your RBL and URIBL queries are being added to the RBL and URIBL queries of everyone else who is using Google or Comcast DNS servers and, because of the volume limitations imposed by the RBL and URIBL providers, will begin to see slow (high response time) or even completely INVALID query results.
 
In our case, we have our primary DNS server located in our own network.  We use a secondary from a paid service called FreeDNS [https://freedns.afraid.org].  FreeDNS provides only secondary DNS services, at a cost of about $60.00 per year, no matter how many zones are configured, or how many queries are brought, and they are extremely reliable.  From the FreeDNS website:
If you already have a domain's DNS hosted somewhere, and you are only looking for backup-DNS hosting, then this service is for you.

 "If you already have a domain in afraid.org in the 'domains' area, then your domain is already using this feature.

 To use this, you must enter your domain, and your primary nameserver's hostname. In order for this to work, your domain must allow AXFR transfers from ns2.afraid.org, and be delegated to ns2.afraid.org at your parent DNS servers.

 AXFR transfers will originate from: 174.37.196.55 to your defined master

 Also note, you will NOT be able to edit hosts for your domain if you put it in here, this is ONLY for offsite backup-dns for your domain, and the changes you make on your primary nameserver will automatically be transferred to ns2.afraid.org.

 DNS NOTIFYs are accepted. If you are responsible for maintaining your primary DNS server, make sure when you update your DNS records to also update your zone's serial number. Upon doing so, any change should send ns2.afraid.org a notify (be sure to list ns2.afraid.org it in the primary nameserver's SOA records) alerting ns2.afraid.org to immediately download your latest changes."
 
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting