ANNOUNCE: BarricadeMX is released

Stephen Swaney steve.swaney at fsl.com
Thu Jun 14 19:30:15 IST 2007 

> -----Original Message-----
> From: Rob Poe [mailto:rpoe at plattesheriff.org]
> Sent: Thursday, June 14, 2007 12:57 PM
> To: info at fsl.com; 'MailScanner discussion'
> Subject: RE: ANNOUNCE: BarricadeMX is released
> 
> So, I understand that Fort and Snert have partnered up to stop spam at
> the MTA ...... and obviously it will be a proprietary method, but
> inquiring minds still want to know .. Anyone have any kind of idea on
> the techniques?

I can send any who wants the full documentation which will give some clues
as to how the application works. Please contact me off list. Just knowing
the test that are run is however only a small part of the answer.

The process works by examining the behavior of the spammer during the
initial part of the SMTP conversation before the DATA phase of the
transmission. Bad guys are dropped or rejected as soon as we know they are a
spammer. Why waste time with spammers. Why run stuff that's obviously spam
through SpamAssassin. I'll take a 4MB multi-threaded C program over Perl any
time it does (most of) job :)

The tests are applied using branching logic. each test the sender passed or
fails affect their path through the rest of the tests (over 60 individual
tests) - thousands of different paths.
This is the true secret (proprietary) part of the application. They are
deadly accurate.

The idea here is to safely reject (with an NDR) as much of the junk as
possible and it does work. Most of the BarricadeMX sites are rejecting over
90% of all of the incoming traffic with very little with listing required
for required for the really clueless administrators out there. 

> 
> I have 2 clients.  One is a trucking firm.  They get a lot of trade
> industry magazines (which SpamAssassin hates) and a lot of people in
> the trucking industry who think it fine that they have a 400x400 inline
> .gif with their signature and other misc. stuff, in an email with a
> "Hey give me a call if you want me to service your loads" ... yeah SA
> hates that too..

No SpamAssassin types heuristic tests are used. Body checks for URLs / URIs
may be configured against different RBLs.

> 
> The other is a law firm.  They want Artificial Intelligence for their
> spam filter.  Everything that ISN'T SPAM gets delivered and everything
> that IS SPAM doesn't  -- no errors.

Everything that is rejected is sent a NDR (customizable by site) which can
let the blocked sender know who to contact to fix the problem.

> 
> Of course, if you go too strict on filtering you can lose emails, and
> if you go too lose you end up with horse sex in your inbox ... how does
> this product compare to current methods?

Less spam without more false positives. 
Reduced load on the gateways and mail hubs

And increased capacity for MailScanner systems. Most site that use multiple
gateways an turn off 1/2 of the gateways. (do leave two for redundancy ;)

Please note that this is not normally a standalone system. While it can run
SpamAssassin and ClamAV against each message, It's normally used in front of
MailScanner, DefenderMX or any spam detection / antivirus gateway. A good
MailScanner system can and will catch the last 6% to 10% of the spam that
gets through. It just won't be working very hard to catch it :)

> 
> Greylisting has helped tremendously, but there are still some seriously
> BRAIN DEAD admins running some seriously BRAIN DEAD email apps that
> don't ever retry.. So for the two above clients, it didn't work so
> well.
> 

We have some new grey listing techniques (patent pending) that are better
than those currently available. Brain dead sites (very few actually) are
easily white listed.

> (oh, and why do people make 10 outbound mail gateways, so a message
> that retries goes between the 10 different hosts, getting a greylist
> deny every time, but te delivery retry is > 1 minute) ???

Actually we fixed that problem too. 

Thanks for asking and I hope that I addressed your concerns. Free no
obligation demos are available for CentOS / RH 3 (no web interface) 4 and 5
on our web site. FreeBSD and OpenBSD versions are also available but please
contact me off list for these.

Best regards,

Steve 

Steve Swaney
steve at fsl.com
www.fsl.com

More information about the MailScanner mailing list