[OT] Mail servers

[Steven Burn]

Okay, first of all, I know this is going to make me look completely looney
but, if I don't get it off my chest, I'm going to go nuts.

Basically I'm know the MOD (Ministry of Defence) (and most likely,
government's/military in other country's) logs every single e-mail that is
sent from one person to the next, which means the e-mails obviously have to
be going through a central server, then are transfered to whichever mail
server they are destined to go to. This has me wondering, would it be
possible to set something up thats along the same lines, only instead of
logging e-mails (or aswell as), actually scans e-mails for viruses and
deletes them there and then?.

My reason for asking is simply because,. over the past few months, I've been
getting alot of e-mail that people have told me they've sent, but I've not
received it. As I use my own private mail server for my mail, instead of my
ISP, I cannot blame my ISP. The main one's that are not getting through seem
to be Yahoo, Hotmail, AOL etc (basically, those used by the most people).

With all of the viruses etc floating round atm, the mail server's are
obviously having one heck of a time coping with them, so something that can
scan and delete as necessary, during transit, rather than at the mail server
end, would be extremely useful, and save alot of time...... and money (both
for the user, and the mail server hosts themselves).

If I've completely lost you with the above, feel free to shoot me, if not,
I'd love to hear opinions........?

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Randy Bard]

Steven Burn wrote:
/snip/

My reason for asking is simply because,. over the past few months, I've been
getting alot of e-mail that people have told me they've sent, but I've not
received it. As I use my own private mail server for my mail, instead of my
ISP, I cannot blame my ISP. The main one's that are not getting through seem
to be Yahoo, Hotmail, AOL etc (basically, those used by the most people).

Fred Langa recently did a test study of several thousand emails and
found that, I believe, 40% failed to reach their destination.

/snip/

 

[Steven Burn]

Fred Langa recently did a test study of several thousand emails and
found that, I believe, 40% failed to reach their destination.

</snip>

I read about that....... it's extremely annoying, especially when I receive
e-mails later on with people having a go at me for not replying to an e-mail
that I did not receive \

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Susan Bugher]

Fred Langa recently did a test study of several thousand emails and
found that, I believe, 40% failed to reach their destination.

That is *not* his finding . . . IMO his title (E-Mail--Hideously
Unreliable) is hideously misleading. Spam filters - Hideously Unreliable
would be more to the point of the article . . . Spam filters can be a
nuisance - no argument there . . . but I deplore the way Langa's article
was written . . .

40 percent is the number of people who did not *return* a reply . . .
which is not the same as the number of people who did not *receive* his
email . . .

emails were sent from an address that was *blacklisted* at one time . . .

FWIW I trash unread *ALL* emails that look like the ones he sent -
obviously fake from: name (bogus mail spelled backward)- generic subject
heading . . . half of the emails were sent showing an erroneous to:
email address . . . Of course I wasn't a volunteer in his project - if
I had been I *might* have looked . . .

<quote>
The E-mails were sent from a name and E-mail account the volunteers had
not seen before: Liam Sugob, or (e-mail address removed) (a temporarily valid
personal and E-mail address I set up at my Freetune.Com domain).
</quote>

Group 1 - 1,500 messages

To: [volunteer's address]
From: Liam Sugob <[email protected]>
Subject: Hello

group 2 - 2,497 recipients

To: [volunteer's address]
From: Liam Sugob <[email protected]>
Subject: follow up

group 3 - 5,432 recipients.
Group 4 - 1,550 recipients.

To: (e-mail address removed)
From: Liam Sugob <[email protected]>
Subject: follow up

From the end of the article:

<quote>
I have to conclude that many of these messages never made it to human
eyeballs. Something ate the E-mails before the recipients ever saw them.
The most likely candidate is a blacklist/blocklist that may have
incorrectly picked up the "freetune.com" address, falsely listing it as
a spam source for a while. Blacklists are notoriously stupid and cause
huge amounts of collateral damage (incorrectly blocking valid E-mails).
</quote>

To read the full article go here:
http://www.informationweek.com/story/showArticle.jhtml?articleID=17300016&pgno=1

Susan

 

[mike ring]

. .

FWIW I trash unread *ALL* emails that look like the ones he sent -
obviously fake from: name (bogus mail spelled backward)- generic
subject heading . . . half of the emails were sent showing an
erroneous to: email address . . . Of course I wasn't a volunteer in
his project - if I had been I *might* have looked . . .

I do too, and only this evening I got a genuine email (a thing that happens
once in a blue moon - ok, I'm a recluse) from a college buddy of 40+ years
ago.

The fact that he merged his and his wife's (who her?!) forenames and posted
from cwgsy.net which looked to me like a dodgy address enraged my spam
filter and he was THAT close to being ditched with the other 35 mails.

It was just lucky I'm so curious about any contact I previewed it, in spite
of the fact I was sure it would only offer the usual goods/services.

It's very sad and high time someone found the will to stop it

mike r

 

[John Fitzsimons]

Okay, first of all, I know this is going to make me look completely looney
but, if I don't get it off my chest, I'm going to go nuts.

Basically I'm know the MOD (Ministry of Defence) (and most likely,
government's/military in other country's) logs every single e-mail that is
sent from one person to the next, which means the e-mails obviously have to
be going through a central server,

Many servers could be used that update a central log.

then are transfered to whichever mail
server they are destined to go to. This has me wondering, would it be
possible to set something up thats along the same lines, only instead of
logging e-mails (or aswell as), actually scans e-mails for viruses and
deletes them there and then?.

Not clear whether you want to scan incoming mail or outgoing mail. Or
both.

My reason for asking is simply because,. over the past few months, I've been
getting alot of e-mail that people have told me they've sent, but I've not
received it. As I use my own private mail server for my mail, instead of my
ISP, I cannot blame my ISP. The main one's that are not getting through seem
to be Yahoo, Hotmail, AOL etc (basically, those used by the most people).

Having filtering at your server will have no effect on mail that
doesn't get to you. If you want it outgoing then why are you posting
virus's ?

With all of the viruses etc floating round atm, the mail server's are
obviously having one heck of a time coping with them, so something that can
scan and delete as necessary, during transit, rather than at the mail server
end, would be extremely useful, and save alot of time...... and money (both
for the user, and the mail server hosts themselves).

If I've completely lost you with the above, feel free to shoot me, if not,
I'd love to hear opinions........?

Emails aren't usually deleted "in transit". They are deleted by the
originating ISP or the receiving ISP. Or the end user.

If you want server filtering then you might like to check out :

http://www.spamassassin.org/index.html

Though that of course will do nothing to increase mails getting to
you.

Regards, John.

--
****************************************************
,-._|\ (A.C.F FAQ) http://clients.net2000.com.au/~johnf/faq.html
/ Oz \ John Fitzsimons - Melbourne, Australia.
\_,--.x/ http://www.vicnet.net.au/~johnf/welcome.htm
v http://clients.net2000.com.au/~johnf/

 

[Steven Burn]

Not clear whether you want to scan incoming mail or outgoing mail. Or
both.

</snip>

Incoming would do, but outgoing aswell would obviously be better as most
viruses spread from infected computers, so scanning outgoing mail would be
good too. In saying that, when it is "in transit", it is neither incoming
nor outgoing ;o)

Having filtering at your server will have no effect on mail that
doesn't get to you. If you want it outgoing then why are you posting
virus's ?

</snip>

Filtering mail is neither here nor there, the problem is, the infected
mails/spam etc etc, are clogging down the mail servers themselves (and not
just mine either) and thus, the mail servers are having to work harder, and
are alot more inclined to reject e-mail's because either a: they are too
busy, b: they've got it mixed up with the infected mail/spam whatever.

Emails aren't usually deleted "in transit". They are deleted by the
originating ISP or the receiving ISP. Or the end user.

</snip>

I know that, what I'm asking is, would be possible to scan and delete
infected mail "in transit", thus elminating the need for the ISP or
recipient to do it....... There's got to be a way to do it (there's a way to
do everything).

If you want server filtering then you might like to check out :

http://www.spamassassin.org/index.html

</snip>

I wouldn't use them if you paid me (no offence)..... prefer K9 ;o)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[Suzanne]

I know that, what I'm asking is, would be possible to scan and delete
infected mail "in transit", thus elminating the need for the ISP or
recipient to do it....... There's got to be a way to do it (there's a way to
do everything).

No it is not possible unless you want to completely rewrite the
protocols the internet uses. At the application layer, there is no
"in transit". The sender's mail server connect directly to the
receiver's mail server. There may be additional hops between the
servers at the transport level but there is no practical way to scan
email for viruses at the transport layer.

Many ISP's do provide virus filtering for all messages incoming to
their system. Until virus writers begin providing a courtesy copy of
their viruses to the anti-virus definition writers, virus filtering
will never be a foolproof method.
_________
Suzanne

 

[REM]

No it is not possible unless you want to completely rewrite the
protocols the internet uses. At the application layer, there is no
"in transit". The sender's mail server connect directly to the
receiver's mail server. There may be additional hops between the
servers at the transport level but there is no practical way to scan
email for viruses at the transport layer.

Many ISP's do provide virus filtering for all messages incoming to
their system. Until virus writers begin providing a courtesy copy of
their viruses to the anti-virus definition writers, virus filtering
will never be a foolproof method.

I have had pretty good luck in removing these as soon as they download
by setting message filters in Thunderbird.

I set filters to delete any message with .pif, .doc, and all the other
sorted extensions used. I set attachments inline and the attachment
name must appear. As soon as they complete downloading they disappear.

I really don't know why ISP's don't do this. I wrote mine but they
never replied. They are convinced SOS will catch them, but it doesn't.

I'm not setup at the moment due to a new OS and machine. Does anyone
recall the page that lists all of the dangerous extensions?

 

[burnr]

I'm not setup at the moment due to a new OS and machine. Does anyone
recall the page that lists all of the dangerous extensions?

Here is one that I know of...
http://www.cknow.com/vtutor/vtextensions.htm

 

[REM]

Here is one that I know of...
http://www.cknow.com/vtutor/vtextensions.htm

Thanks. That is a larger list than the one I was thinking of. There
are quite a few ways to get to you!

 

[Suzanne]

I have had pretty good luck in removing these as soon as they download
by setting message filters in Thunderbird.

I set filters to delete any message with .pif, .doc, and all the other
sorted extensions used. I set attachments inline and the attachment
name must appear. As soon as they complete downloading they disappear.

I really don't know why ISP's don't do this. I wrote mine but they
never replied. They are convinced SOS will catch them, but it doesn't.

Many people have legitimate reasons to send executable attachments by
email. Just because a file is executable does not make it a virus.
There is no reason to punish the whole lot just because a few people
can't stop clicking on every link that says click here. If you don't
want attachments in your mail, why don't you use a mail client that
doesn't accept attachments? Popcorn is one such freeware client.


_________
Suzanne

 

[REM]

Many people have legitimate reasons to send executable attachments by
email. Just because a file is executable does not make it a virus.
There is no reason to punish the whole lot just because a few people
can't stop clicking on every link that says click here. If you don't
want attachments in your mail, why don't you use a mail client that
doesn't accept attachments? Popcorn is one such freeware client.

I get many attachments. Lets just say when I download 20-60 messages
I'm pretty sure that I don't care to see what someone that includes
".pif" within the message has to say. The filename is in the message
if it is displayed inline. There is no way around that and there is no
legitimate text that includes that string. The majority of worms use
this extension, or at least the majority that reach me. They are both
spam and dangerous spam.

This does not solve the original subject of deleting the stuff before
it gets to me. It's as close as I can get though and it works like a
charm.

I'm setting filters now. I move to another folder any message that has
".doc," ".zip," ".rtf," ,"xls," ".bat," ".exe,", etc. for scrutiny.
Each of these can potentially be a worm also. I get many legitimate
..exe and .zip files though. These are scanned and I have pause to
wonder why someone I don't know might sent one of these extensions.
That is explained in the message, or either it is not explained.

That is overkill to an extent, as Thunderbird will not allow execution
of an attachment. It must be saved to disk to be run. Clicking on it
will not execute it. This is more of a filing system. The spam and
..pif messages go as soon as downloaded, then I read the real stuff and
look for any non-spam attachments, marking spam as I go, so that
Thunderbird builds upon the experience in identifying spam.

Why? I've never been bitten by any of the attachment attacks and
prefer to keep it that way.

Way back in the day of the 486 I did get a virus from a program
extectable. I knew something was wrong, but all scanners said I was
clean. It was 8 months of updates before McAfee found it. Being
compromised is not a good way to be.

 

[Suzanne]

I get many attachments. Lets just say when I download 20-60 messages
I'm pretty sure that I don't care to see what someone that includes
".pif" within the message has to say. The filename is in the message
if it is displayed inline. There is no way around that and there is no
legitimate text that includes that string. The majority of worms use
this extension, or at least the majority that reach me. They are both
spam and dangerous spam.

<snip a long list of mail filtering stuff>

I was not questioning why you would want to remove attachments but
rather why you think that should be done by the ISP. Can you not
understand that an ISP needs to have one set of rules for the mail
server and not a variation for each customer?
_________
Suzanne