MPP and Beyond

The last few weeks have seen huge explosions in spam due to new techniques that have befuddled detectors once again. Of course the problems are only momentary but in a period of a few weeks we have seen all new types of attacks - pdf spam, followed by xls spam, and now text files in .zip archives. It presents all new challenges for spam detectors because now they have to venture even farther into the world of antivirus engines to provide adequate protection. It seems like we will need unpackers, code emulators and the like to fight spam, now that the spammers are exploiting user behavior in the same way as virus writers. As spam and viruses seem to be on a more rapidly convergent path, perhaps AV engines will have new found validity?

Technorati Tags: antispam, email security, text spam, pdf spam, xls spam

What follows is a Message Partners‘ podcast covering our improved archival feature, which gives companies streamlined, easy-to-use yet compliance-grade archival. To learn more about this feature listen to the podcast or simply read the transcript below.

 

 Standard Podcast [2:50m]: Play Now | Play in Popup | Download

Tell me about MPP’s Archival feature.

MPP has a very streamlined archival solution that can be applied to any of the supported email servers that we have like Postfix, Sendmail, Qmail, Exim, CommuniGate Pro, SurgeMail, or the Sun Java Systems Message Server. We can archive email to a few different formats. Either MIME files, or a MySQL database or to a standard Maildir format. Our database structure uses standard MySQL, which gives the end user access to lots of tools to scale and manage the database.

MPP has lots of macros so you can build very scalable directory infrastructures if you want to use file-based archival applications for compliance, or for just general cataloging of email. This is a big application that we’re seeing a lot of use for now, where lots of different business or school systems have very generic requirements for archival and need a very streamlined solution to perform that and MPP really fits that bill.

Most people know that once you have archival, email retrieval is also very important. Tell me about MPP’s retrieval capabilities.

MPP has a full retrieval system that is optimized for our MySQL quarantine, which we call qReview. qReview gives you access to full text searches, you can search by user, by date range, and once you have the results you can export the results to a standard MBox format which is ratable by any email client. Or you can save the email as files. But it’s a very streamlined web-based system that is very easy to use.

Compliance is clearly a major issue for email. Is MPP Archival compliance-grade and does it meet the requirements of Sarbanes-Oxley.

MPP meets the requirements of Sarbanes-Oxley and other international standards for small to medium sized organizations. The two main requirements you need to satisfy are to not delete email, to not allow users to delete email from the archive, and some organizations need to show that a certain percentage of email is actually reviewed. MPP can do both of those tasks very easily.

We can also easily search and retrieve email and export it in case of an investigation. MPP can also, by the way, archive Microsoft Exchange email, and is very useful for those environments. So, in conclusion, MPP is compliant for small to medium sized organizations for Sarbanes-Oxley and other critical international regulations.

Archival, Compliance Grade Archival, MySQL, Microsoft Exchange Archival, SMB Archival, streamlined archival, Sarbanes-Oxley, Email standards, email laws,  web-based archival, email macros, ISP, protect email, archive email

Technorati Tags: Archival, Compliance Grade Archival, MySQL, Microsoft Exchange Archival, SMB Archival, streamlined archival, Sarbanes-Oxley, Email standards, email laws,   web-based archival, email macros, ISP, protect email, archive email

We have a new beta with a completely re-written MySQL engine. DB’s are the same, but the client code is new. This will improve performance and fix potential threading issues that could lead to random crashes. If you are interested to test this please let me know. Files are in the usual beta directories, ftp://ftp.messagepartners.com/pub/mpp3/beta, version is 3.5.0 a3

It seems that they now send email pointing to a mirror site, http://yoemtr.com/

They are currently sending high volumes from the islammeanspeace.com domain which is privately registered.

Still pirated software used out of license terms. Is it worth the headache?

Technorati Tags: adobe spam, oem-os.com, yoemtr.com

Lepers Needs Bibles

Technorati Tags: spam humor

MPP’s business partner, Commtouch, reports some interesting stats on the explosion of pdf spam that has caught many spam vendors flat footed once again. The Commtouch Detection Center reported yesterday that PDF spam spiked during the previous 24 hours, making up 10-15% of all spam messages. Given the fact that these messages are nearly 4x bigger than ’standard’ spam messages, this increased overall global spam traffic by 30-40%.

The new technique of sending spam messages as a PDF attachment first appeared about 2 weeks ago and got some press as a ‘new and novel’ type of spam. Now we can confirm that is has been adopted by spammers on a wide scale.

The popularity of the PDF format for legitimate business communications makes it difficult for traditional anti-spam solutions to block effectively, without causing massive false positives. And the spammers have noticed how easy it is to bypass anti-spam engines, and for the most part have stopped trying to “hide” their messages with funky fonts and colors, and are sending what appears like standard business letters via PDF (until you notice that they are selling organ enhancers, or stock tips ;).

I refer you to the article published in yesterday’s Computerworld: Israeli security firm reports huge spike in PDF spam.

Technorati Tags: pdf spam, spam, mpp, commtouch, email security, email

One of the big arguments that I make for MPP versus Amavisd-new is that the GPL license restrictions that are inherent in Amavisd-new are too restrictive for email service providers, our core customers. What a shock I have had though when I started to drill down in the GPL as it has zero restrictions on offering modified GPL software as a service. Disclaimer, I am not a lawyer so I wouldn’t bank your business on my analysis, but I do think it is correct - or I wouldn’t write it in the first place

The original GPL was written in the late 80’s when most of the pioneers of both software as a service (SAS) and the Internet were either not born or hiding from the opposite sex in computer labs. The basic premise that GPL defined was that GPL software is free to use, if you changed it and distributed it you must offer the community your changes and keep the GPL license displayed. You also couldn’t embed GPL software into a commercial product. In these days distribute was analogue to download. There was not an idea of offering open source software for use in the Internet. Pretty quickly though, this changed.

With the Internet, open source software was no longer arcane things like kernels, c libraries and hardware drivers. It became email servers, web servers, databases and web browsers. Open source as a service was the backbone of the Internet and many businesses built profitable models by offering services based on open source.

This seems a little unfair if you ask me. A big company can take the work of some guy in his basement who had the good will to distribute his code to the world and use it for some profit generating business and never pay the original guy who wrote the code a cent. But in reality, this is quite fair for 2 reasons.

First of all, in the original GPL and even in GPLv3 there are zero provisions for software as a service and secondly, the idea of some benevolent guy writing open source code to better the world is truly bullshit.
Certainly Some open source projects were start that way, but few successful onesstay that way. Open source projects are largely funded by huge companies, rich schools, rich tech people or research groups. The companies that sponsor open source projects have either a long term or short term financial interest in the success of their project or open source ideals - either to sell hardware, to lower their own software licensing costs on the backs of cheap student labor, to generate support revenues or other similar ideas. But I digress….

GPLv3 replaces the idea of distribution with conveyance, however, the definition of convey has nothing to do with offering software as a service….

From http://www.gnu.org/licenses/gpl-3.0.txt

“To ‘convey’ a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.”

So there you have it, there are zero provisions for using GPL software in the software as a service model and it seems that you are entirely free to use GPL software in a service in any matter you choose, so long as you do not sell the service as a product.

In my opinion, this was a huge mistake by the GPL committees since some of the best modifications of open source software are in services and many could benefit from these developments, but, it is entirely understandable. The primary business interests in open source software are SAS companies and operating system vendors. OS vendors need to sell to SAS companies and SAS revenue models require very low cost software licenses to make money, considering their high infrastructure costs.

There are administrative issues at play as well. If SAS companies were required to submit their changes to the community it would inundate the resources to review them. If every person that has ever modified Postfix or Amavisd-new for their appliance submitted their changes to Wietse and Mark I can’t imagine how they could possibly review them all.

So bottom line is go ahead and build the most kick ass services you can with GPL software and rest-assured that Mike Katz says you have no licensing issues to be concerned with. Don’t sell the service as a product or you could have problems, assuming that anyone cared enough to bother with you. And if you are not rich enough to have your own open source project, like me, and your product competes with open source solutions, then make sure that your product is very good and offers a distinct value proposition over open source solutions. I think MPP does this, and slowly the market is agreeing.

Technorati Tags: sas, mpp, message partners, gpl, amavisd, software as a service, open source

What follows is a Message Partners‘ podcast covering our custom rejection feature introduced with MPP 3.4., which gives companies an easy-to-use yet powerful API interface. To learn more about this feature listen to the podcast or simply read the transcript below.

 

 Standard Podcast [2:50m]: Play Now | Play in Popup | Download

Tell me about MPP’s custom rejection feature.

With MPP 3.4 we’ve released a new feature called custom rejection notice. As the name implies, it allows the administrator to build template driven rejection messages that are sent in response to standard conditions like spam infection or virus infections or even clean messages. This was in response to requests from service providers to be able to give more specific information when they reject an email.

It turns out, though, we can also use the same feature as an API Interface to MPP.

Can you detail further how the custom rejection feature can be used as an API.

If you set all of the actions, including “on clean,” “on infection,” “on spam messages,” “on content violations,” every action to reject, then any script can send MPP a message via LMTP or SMTP and MPP will scan the message and then return the template response that you created from your rejection templates. Then the script will parse the response and do whatever it is instructed to do with the message.

The API interface is very simple to implement but very powerful. This gives any script access to all of the MPP scanning modules, as well as the MPP policy engine, which can make differentiated scanning decisions based on domain or email address, etc.

Can you give me an example how a customer would use something like this?

You can now use MPP within Procmail scripts, so say you have on local delivery a Procmail script that says ‘scan all messages,’ this gives you access to all our scanning modules such as Cloudmark or Commtouch. So say you have Procmail script send us the messages, we scan it, send the result back to Promail, then Procmail takes the appropriate action.

This would save a lot of time for the customer because if they want to use Cloudmark in a Procmail script they would have to license the Cloudmark engine, do the development work, and that can very time consuming from a business perspective and a technical perspective.

So we’ve greatly simplified the ability to use the MPP scanning engines and scripts by giving them a very streamlined API to use.

API, Cloudmark, Procmail, API Interface, Commtouch, LMTP, SMTP, custom rejection notice, scanning modules, template response, stop spam, protect email

Technorati Tags: API, Cloudmark, Procmail, API Interface, Commtouch, LMTP, SMTP, custom rejection notice, scanning modules, template response, stop spam, protect email

We have been flooded with spam that offers Adobe Create Suite for $269, as I’m sure you are and I did a modicum of research on this. Here are my observations. Before I start, I will say that our email filter, MPP, can stop this type of spam dead in it’s track, http://messagepartners.com.

1) This spam is being sent out in mega high volumes and it is obviously selling well. It arrives as image spam and there are no links in the email, just some cut and past est for oem-os.com. It is sent from hijacked PC’s or proxies as can be clearly seen in the headers that point to dial-up, dsl and home oriented networks.

2) There are several evasion tactics that they successfully use. These spams are hit and miss with all of the spam engines that we support. It is skillfully varied and slight variations are evading consistent detection. There is slight noise in the picture sometimes, other times it is clear. The link is never a true link, it must be copied into a browser window. There is some great spam wisdom to fool archaic bayes filters. Some of the images are jpegs, some pdf’s and some png’s. The PDF’s and PNG’s seem to be harder to detect.

3) The domain that the spam advertises, www.oem-os.com, is registered in China, but servers seem to be all over the world - in China and Russia, and sometimes hijacked servers in the US. Mostly, they appear to be in Russia. The software that is being offered is for download only, I really have no idea about the legitimacy of the software, but rest assured it violates copyrights, it works and most of all - people are buying it in droves.

Technorati Tags: spam, antispam, adobe cs

Old men are fond of giving good advice to console themselves for their inability to give bad examples.
When handling a customers complaint, remember: If you can’t fix it, don’t drop it.
Our true destiny is not to be ministered unto but to minister to ourselves and to our fellow men.
When anything goes, it’s women who lose.
Either he’s dead or my watch has stopped.
You’re never s good as everyone tells you when you win, and you’re never as bad as they say when you lose.
God is always on the side of the heaviest battalions.
To do nothing is also a good remedy.
As the births of living creatures, at first, are ill-shapen: so are all Innovations, which are the births of time.
The facts fairly and honestly presented truth will take care of itself.
The way you think, the way you behave, the way you eat, can influence your life by 30 to 50 years.
It is easy to perform a good action, but not easy to acquire a settled habit of performing such actions.
Humor is an affirmation of dignity, a declaration of man’s superiority to all that befalls him.

Technorati Tags: spam humor, spam wisdoom