MPP Available on DOD Emall
Our partner, Aglow Technologies, a Woman owned small business has successfully placed MPP on the Department of Defense Emall site. This means that anyone in the Department of Defense can enjoy the outstanding antispam protection of MPP and purchase with convenience of online access. Kudow’s to Aglow.
New Antispam Options for Mac OS X
I want to let you know that we have just released MPP with new antispam technology never before seen on the Mac platform. It is only available for Intel Mac’s (10.4 or 10.5) for now but it is significantly better than anything offered on Mac to date. Please check it out here
Backscatter Problems Persist
Backscatter problems are persisting and seem to be the new scourge of spam. They expose a lot of weakness in antispam filtering algorithms and require new approaches to truly stop them. Here’s why:
- Many backscatter attacks do not contain any message content, only bounce notifications. Stopping all bounce notifications or messages from mailer-daemon is dangerous
- Many backscatter attacks come from legitimate email servers so you can block the offending servers at the SMTP level without blocking legit email.
- Backscatter attacks can be extremely high volume and can crush a spamassassin/amavisd installation that is not micromanaged.
At Message Partners we have been working on some approaches to backscatter problems for our customers. The most heavy handed approach, and one that I have been utilizing on our site, is to block all traffic that originates from Mailer-Daemon with this regular expression for header filters: ^From:.*Mailer.*$ . This is annoying because you can’t see legit bounces, but I have taken an analogy from the US Post Office. If you need acknowledged delivery then you must send with delivery notification service. If you send a letter to the wrong address it may take weeks before it comes back to you, if it comes back at all. Anything I really care about I send with some delivery notification. I have decided that this should apply to email as well. If I really care about the email then I should send it with some delivery confirmation, hence, I have rationalized filtering out all bounces. This has ended my backscatter problem for the most part, but many messages do not come from mailer-daemon so the problem still exists, but on a much smaller scale.
We have a more intelligent solution in beta that utilizes our auto black list feature. With this approach a threshold is set that if x amount of messages are received that violate a content rule then all messages from any IP that sends with the same subject will be temporarily blocked. For example, if gmail.com sends me 400 bounces in 2 minutes (which they’ve done), and they all have Undeliverable Mail in the subject, then any message with Undeliverable Mail will be blocked during the block period. This is working pretty well, but not a complete solution by any means.
Some of our engine partners are quickly improving their backscatter detection, but when there is no actual message content they all seem to stumble.
Conclusion — Backscatter remains a problem but MPP is helping with our customers with a solution. In the meantime, administrators should be really careful about the rejection notices that they sent.
Technorati Tags: backscatter, spam, email security, mpp
Even More Amazing OS X Experiences
It sure feels like we are on a roll with our improvements for Mac OS X system administrators, so why should we stop? After listening to complaint after complaint about the difficulty of installing MPP we finally took the advice of Frank Zappa, though applied to software - ’shut up and play yer guitar’. Instead of explaining why our customers were just not getting it we shut up and listened and have created something that has exceeded our expectations.
Phase 1 was to redesign our admin GUI to make things more apparent, remove cryptic techno speak and drop the assumption that everyone has enough time to figure our product out. This is an ongoing battle, but we have conquered the initial campaign and now we are in clean-up mode.
Phase 2 was to redo our installers so that it was no longer necessary to have a compiler installed or to install any perl modules. This was a monster task believe it or not, but this is conquered thanks to Ovidiu, our main technical guru. This was great, but it still required an admin to use the terminal to run our configure scripts.
Phase 3 which we have now delivered has expanded on phase 2 by removing the need to run our configure script from the command line. Since our OS X customers are either using Postfix or CommuniGate we detect which email server is in use and make all of the appropriate configurations automatically. The installer is one click and it installs MPP, MPP Manager and all dependencies, configures our email server to use MPP and launches Safari at the end with MPP Manager opened up. Pretty slick if you ask me. You still need to disable the Apple junk mail filtering from the admin control panel, but this may change in the future as well.
Phase 4 has some surprises and I am hoping to announce them soon.
Technorati Tags: Mac OS X, MPP, Email Security, Spam Filtering, Mac Email Security
Simplifying Antispam for Mac OS X Email Servers
MPP has long been a great antispam solution for Mac OS X email servers and gateways, but it has also been quite difficult to install for the busy admin. We have racked our brain on this for years and we have finally come up with a solution that goes a long way to fixing our installation issues. Further improvements are on the way, but I am really psyched about how far we have come.
Before I present the solution I want to give a little background to the problem. There are 2 components to MPP, MPP Core and MPP Manager. MPP Core has been easy to install for many years, it is just a matter of running the DMG installer for MPP and then a configure script. The configure script sets up the email server to work with MPP and sets basic settings in MPP’s configuration. The problems with getting MPP installed have mostly been related to MPP Manager or in previous iterations of our GUI (Webmin module, qReview).
The GUI controls for MPP have depenencies that we required users to install. The dependencies were a include Perl modules and 2 system libraries - expat, an XML browser, and GD, a graphing tool. Perl modules can generally be installed with CPAN, a menu driven command line utility and the libraries required source downloads a simple compiles. If your eyes are glossing over and you are ready to go back to check your favorite web site again then you are not alone. These tasks are foreign to many admins and frankly, Apple hasn’t made it any simpler. Typically a few Perl modules will fail compilation and the standard GD library won’t compile on OS X. Beyond that, unless you add a compiler on your server from XCODE, you will not be able to compile anything on OS X.
Fortunately for Apple users, there is a wonderful organization, Macports, that makes installing standard open source software easier for Mac OS X admins, but even this is too complicated for many to explore. Macports allows admins to install libraries and perl modules that have been tailored for Mac OS X. It is similar to yum or up2date on Linux and is an incredible resource. Any Mac OS X administrator that is not familiar with Macports should take a minute to explore it. I know that Apple wants to hide the terminal from you but you can really unlock the power of OS X on the terminal.
So finally, after years, we have gotten the message from our customers or potential customers and created a DMG installer for MPP Manager that installs all necessary libraries and perl modules pre-built. No more compiler, no more Macports, no more CPAN, no more nothing, just double click and install. When the installer is done Safari is automatically opened to the MPP admin link. It is the simplest installation of MPP GUI tools ever and I hope you will have the chance to check it out soon.
If you want to give it a try, please give it a try:
Mac OS X PPC
ftp://ftp.raeinternet.com/pub/mpp3/beta/mppmanager/mppmanager-1.1.1-osx.ppc.dmg
Mac OS X Intel
ftp://ftp.raeinternet.com/pub/mpp3/beta/mppmanager/mppmanager-1.1.1-osx.i386.dmg
Protagon - Partner Update
I am pleased to announce the new web site of our Portuguese partner, Protagon. Looking for MPP in Brasil?
http://www.messagepartners.com.br/
MPP - Easier to use than ever
With the release of MPP Manager 1.1.0 we have made MPP easier to use than ever. We have attempted to look at features in terms of functionality and usefulness and presented them in this manner. We have moved less frequently changed options to advanced sections, we have replaced obtuse configuration options with useful, plain descriptions and we have tried to simplify presentation as much as possible. We have removed the abundance of options that confuse and created more interpretive commands that set options for you so you don’t have the burden of understanding each and every MPP micro feature. I hope that you will check this out and give us your feedback. If you have tried MPP in the past and found it to be a lot to comprehend I hope that you will give us a second look. Having a powerful and versatile product is a blessing and a curse for the end-user, but I think we are more of the former now.
Backscatter Sucks
Yesterday seemed to be backscatter day for us and for a few of our customers so I thought I would write a little bit about it. First of all, a brief definition. Backscatter refers to bounce messages that come from spam that was bounced by some remote site. Hopefully, it stems from someone forging your email address as the original sender. The alternative is that some machine in your network was exploited, but mostly it is just simple forgery. The net result in either case is that you are flooded with bounce messages from all over the world from email that was sent to unknown email accounts or recognized as spam before it was accepted.
Backscatter is a major pain in the ass for many reasons. If your email server bounces the bounce messages, for example if the original bounces are going to unknown users, and the rate of bounces is high then your mailserver can be blacklisted as a spammer. For example, forged mail to stevewashedupbillionairecase@aol.com from wannabebillionaire@messagepartners.com is bounced by aol.com. Now message partners bounces wannabebillionaire@messagepartners.com since it is unknown. If you multiply this by 1000 as can happen in a backscatter deluge then you can imagine that AOL get’s pissed about all of our bounce messages and they will blacklist us for a while
Even more annoying is when the forged address is your real email address. Now your mobile email device is going nuts telling you about all of the bounce messages that were sent to invalid users in your name.
Here is an example of headers from backscatter:
Microsoft Mail Internet Headers Version 2.0
Received: from 68-185-134-174.dhcp.jcsn.tn.charter.com ([68.185.134.174]) by ppcwm.org with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 26 Mar 2008 18:37:03 -0400
Message-ID: <000501c88f92$0569e9fb$dcc2daaf@ilefylfs>
From: “hubert chanshin”
To:
Subject: Massive discounts for purchases in the month of March are available.
The problem is further exacerbated because most filters don’t bounce the message, the send a bounce message, hence spam gateways see the messages as legit bounces and don’t classify them as spam.
The problem is because of a major design flaw in the SMTP protocol that allows anyone to say that they are anyone when sending email. There have been a number of bandaids to fix this such as Sender Policy Framework, but they are mostly ineffective. I get a laugh looking at all of the bounce messages I see from the recent backscatter attack, many have SPF checks that show a violation, yet they still send me a bounce.
You can learn a lot from all of these bounce messages and to me, being geekish in the antispam industry, I find it interesting. I can see what types of email gateways are in use, how many people use home grown spamassassin based gateways, how different spam configurations are setup, how botnets work and more. But most of all, backscatter is just annoying.
So here are some tips to end it.
1) With MPP we were able to block many thousands of messages using our thresholds. Once we detect a certain amount of bounces from a remote server in a period of time we temporarily block the host.
2) With MPP we also blocked many using our contentfilter module and setting some very basic PCRE based filters to block based on content. This is not very dynamic, but pretty effective.
3) The Postfix site has some good tips, but it is a similar approach to using static content filters as described in step 2.
So in summary, backscatter sucks, MPP can help, but it is a problem endemic to a poorly designed sender verification protocol (i.e. none) in basic SMTP.
Its Never Been Easier
The number one complaint we hear about MPP is that it needs to be easier to install and manage. To this end we are pleased to release a redux of our VMWare virtual appliance.
It has never been easier to install MPP than now. With the MPP Virtual Appliance you can have a complete antispam and email archival gateway running in less than 10 minutes after download. You can install on Windows, Linux or Mac OS X and the user needs no knowledge of Linux to configure the system in a typical application.
We are continuing our efforts to improve the MPP user experience and I thank you all for your candid feedback.
Download from here:
http://www.messagepartners.com/wp-content/downloads/
Readme:
ftp://ftp.messagepartners.com/pub/appliance/README.txt
Technorati Tags: email security, antispam, spam, mpp, message partners
MPP Community Edition?
We’ve been getting a few questions about MPP Community edition so I thought I would give you a brief update on the product. First of all, it is alive here and you can download here. It was unintentionally orphaned during the move of the web site to our new platform.
More importantly though, I want to explain what MPP Community is. MPP Community (aka MPP Free Edition) was released to build the MPP user base and name recognition. It represented the first version of our product but was scaled down to only support free content scanners - clamav and spamassassin. It is easier to use than some of the open source apps that do something similar, like amavisd, but it is more streamlined in functionality.
In reality, MPP Community has turned out to be a mixed blessing. We do have many people using it, but few are interested in becoming paying customers. Furthermore, MPP Community is soooooo much less interesting and powerful than MPP that people get the wrong idea about MPP itself. There is virtually no resemblance between MPP Community and our commercial product from the perspective of the GUI, functionality and more.
So for now we will keep MPP Community going with no changes and we will see what the future holds.
Thank you for your continued support.