[ngw] Spam Filtering

David Gerisch DGerisch at co.tulare.ca.us
Mon Aug 26 18:03:11 UTC 2013


I had a similar experience.  I think that if you examine the IP addresses of the servers sending the spam, you will find they come from blocks of IP addresses from bulk mailing companies.

I went ahead and put those blocks of IP addresses in my quarantine-first-ask-questions-later rule.  A week later, only one user had released one message from the umpteen thousands of messages quarantined.

It kind of sucks that I had to essentially blacklist whole portions of the Internet.  But that was the only way I could stop the flood of spam that started getting through.

It was also a lot of typing.  I don't believe I can have GWAVA use a regex to identify those IP addresses, so I added each subnet one by one.  Some of those bulk mailing companies have 64 subnets.

But in the end, I did stop the flood of spam that happened when I went to GWAVA 6.

David Gerisch

>>> "Kenneth Etter" <kle at msktd.com> 2013-08-26 08:48 >>>
So I have been running the current version of GWAVA as an SMTP appliance for almost a month now.  Still finding lots of spam getting through.  GWAVA support was very helpful.  They assisted with setting up the appliance and switching over to it and they have bent over backward making sure everything is configured properly.  But it just isn't stopping the spam.  For example, on Friday I had 6 users report a total of 35 spam messages to me.  This is a typical day.  Here is the breakdown:
 
User 1 - 9 spam messages
User 2 - 7 spam messages
User 3 - 6 spam messages
User 4 - 5 spam messages
User 5 - 4 spam messages
User 6 - 4 spam messages
 
Most of those spam messages were duplicated across users - so it wasn't 35 unique spam messages.  And GWAVA does eventually block them.  Sometimes we will get hit with 7 or 8 identical spam messages and half will get through, but then GWAVA will stop the remaining.
 
So is this just the new normal for dealing with spam?  Or should I expect better results?  GWAVA is blocking a lot of junk, but it seems like many of you who responded to my question back in early July had better results than this.
 
Regards,
Ken
 
 
 


>>> "James Taylor" <James.Taylor at eastcobbgroup.com> 7/1/2013 2:35 PM >>>
There's a big difference in the filtering between the two installation types. I only have on installation left with the GWIA install, and that's only because they have one server.
Will remedying that soon.
-jt


>>> "Kenneth Etter" <kle at msktd.com> 7/1/2013   11:52 AM >>> 
6.5 with all updates.  Although I am using the GWIA install vs the SMTP install.  Maybe I need to consider a switch to that before going to a different product.

Ken


>>> "James Taylor" <James.Taylor at eastcobbgroup.com> 7/1/2013 11:43 AM >>>
I had a little bump in spam a few weeks ago, which happens occasionally due to new tactics, but I haven't seen any in since then.
Are you using the SMTP installation or the on-server GWIA installation?
The SMTP has more filtering capability, and is the way I go exclusively.
I assume you're on 6.5 with all updates?
-jt



James Taylor
678-697-9420
james.taylor at eastcobbgroup.com 



>>> "Kenneth Etter" <kle at msktd.com> 7/1/2013   11:33 AM >>> 
James,

What is your definition of "very little"?  I am also using GWAVA.  But when I used v4, the system performed much better.  And it had an easy method to train the system.  We made the jump from NetWare/GW8 to OES/GW12 a year ago.  At the same time we upgraded GWAVA 4 to GWAVA 6.  Initially results seemed comparable.  But the last few months we have more spam getting through and we aren't seeing any solution, so I'm looking into other options.

I love their Reload backup software.  But GWAVA 6 is getting frustrating.

Ken


>>> "James Taylor" <James.Taylor at eastcobbgroup.com> 7/1/2013 11:25 AM >>>
I am using GWAVA. I haven't seen any changes in volume.
Basically get very little to no spam with it.
I haven't had any reports of increased activity from clients using it.
-jt



James Taylor
678-697-9420
james.taylor at eastcobbgroup.com 



>>> "Kenneth Etter" <kle at msktd.com> 7/1/2013   11:22 AM >>> 
Bill,

What is your definition of "very little gets through"?  I used to see 0-2 per day per person.  Now I have people reporting 8-12 per day.  That is a big enough jump to annoy people here.

And as I type this message, notify pops up and I see another spam mail appear in my inbox.

Ken


>>> "Bill Neumann" <Bill.Neumann at willmarfab.com> 7/1/2013 11:10 AM >>>
We are using Barracuda. Very little gets through, but on occasion some does.
Very simple to administer.

Bill

>>> "Kenneth Etter" <kle at msktd.com> 7/1/2013 10:08 AM >>>
Lately we are seeing more spam getting into our system.  So I'm wondering...

What are people currently using for Spam Filtering?
How much if any spam gets through?
Do you have to spend much time managing the filter?

Thanks,
Ken

_______________________________________________
ngw mailing list
ngw at ngwlist.com 
http://ngwlist.com/mailman/listinfo/ngw 


_______________________________________________
ngw mailing list
ngw at ngwlist.com 
http://ngwlist.com/mailman/listinfo/ngw 


_______________________________________________
ngw mailing list
ngw at ngwlist.com 
http://ngwlist.com/mailman/listinfo/ngw 


_______________________________________________
ngw mailing list
ngw at ngwlist.com 
http://ngwlist.com/mailman/listinfo/ngw


More information about the ngw mailing list