[Esa-l] Outgoing Mail
cparigge at utsi.edu
Wed Aug 15 09:02:22 PDT 2001
Great to hear that you are working on "outgoing" filtering.
I installed MIMEDefang in tandem with John's procmail and
all is going well for sendmail 12.0beta16. The use of two filters
can be of advantage, but it also may require a little tuning. Both
are in use on a single machine (RH7.1)
Personally, I envision to convert the procmail-scripts to an external
filter for use in MIMEDefang. This way only one set of rules will
have to be maintained. Do you know whether anybody has worked
on that? Also, MIMEDefang's default policies are slightly different
than John's procmail, and I would be happy to sustain a reasonable
constant error message. Our users have now accepted the procmail
rejection messages, "new" messages may subliminally imply a
switchover to something new or it may imply "messing" with mail.
Obviously, I am eager to hearing your solution of adapting the
procmail (John's) ruleset by use of MIMEDefang or otherwise.
----- Original Message -----
From: <Karl.Dunn at vmic.com>
To: Email Security Announce list <esa-l at spconnect.com>
Cc: Lee Howard <faxguy at deanox.com>
Sent: Wednesday, August 15, 2001 10:35 AM
Subject: RE: [Esa-l] Outgoing Mail
> Outgoing filtering does at least these beneficial things:
> Protects your outside recipients against bad stuff you send (and you
> will send some). This helps preserve your business.
> Helps reduce liability for any damage you may cause outside. This helps
> if you ever have to show that you made a "reasonable effort".
> Gives you an early warning of something bad happening inside. This one
> is self justifying.
> There are other benefits, of course, but the above are the main ones that
> convinced us to do it. We don't get many complaints about filtering in
> either direction, even from the "suits".
> Mail filtering does take some computing power:
> Outgoing case:
> We use a Sun Ultra 10 to do outgoing filtering. It's not anywhere near
> overloaded for our typical traffic, which averages about 3 outgoing
> messages per minute during Central US TZ business hours, peaking at around
> 20. About one in four has attachments. It looks as if the Ultra could
> easily handle more than a hundred times more.
> Incoming case:
> We use two load-sharing Sun IPX boxes (these bench out about like a
> 486-33) to do incoming filtering, and they don't often get overloaded.
> Our incoming traffic averages about 4 messages per minute 24 hours a day,
> with about one in eight having attachments. I can see one or the other of
> them get busy for about 30 sec/megabyte or so when they scan a big
> attachment. We limit message size to 5MB. If you believe in statistics,
> you can see that this is about adequate for us, but that it can get
> overloaded occasionally.
> I think it would be fair to estimate what you would need by scaling our
> compute power by your traffic versus ours.
> BTW: I'm still testing the generic outgoing filter setup I want to
> publish. Everybody please be patient (I'm a hardware designer first, and
> a net person second). I am also looking at doing filtering for both
> directions on the same host (I think that's a pretty complicated sendmail
> issue), in our own interest as well as everybody else's, but I'll show the
> separate host case first.
> Karl Dunn (KLD13)
> 12090 South Memorial Parkway
> Huntsville AL USA 35803
> VOICE: (256) 382-8211 or (800) 322-3616
> FAX: (256) 650-5472 or (256) 882-0859
> On Tue, 14 Aug 2001, Lee Howard wrote:
> > ....
> > I can't think of an instance, however, where an outgoing mail filter
> > have helped us at all. That's my point.
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
More information about the esd-l