Security UPDATE--Speed Up Mail Processing with Filter Order Adjustments--December 22, 2004

You might be able to reduce mail processing time by performing blacklist queries after other, simpler mail filtering has taken place. Also, read about the latest corporate mergers in the security space.

ITPro Today

December 21, 2004

10 Min Read
ITPro Today logo in a gray background | ITPro Today

===============

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE. Earn A Free Year of Web Filtering -- Limited Time Offer http://www.stbernard.com/src/iptools.asp?utm_campaign=ip&utm_source=winnetsu_122204_9A&utm_medium=sponsorship The Key to Stopping Email Attacks: Sender ID Can't Do It http://www.windowsitpro.com/whitepapers/postini/unwantedemail/index.cfm?code=1222sec_s

==========

==========

==== Sponsor: St. Bernard Software ==== Earn A Free Year of Web Filtering -- Limited Time Offer If you're using a software product to filter Internet access for your organization, there is a better way. With iPrism from St. Bernard, you get a true appliance solution requiring no extra hardware or software. Security is assured with automatic updates sent daily. The superior interoperability of iPrism means a seamless interface on any network. Download 5 Free Web Tools and find out how you can add a free year to your subscription. Act now to qualify for this limited time offer! http://www.stbernard.com/src/iptools.asp?utm_campaign=ip&utm_source=winnetsu_122204_9A&utm_medium=sponsorship

==========

==== 1. In Focus: Speed Up Mail Processing with Filter Order Adjustments ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net I've discussed spam filtering, and in particular the use of blacklist services, in the recent past. I've been testing spam filtering mechanisms and want to share some insights. Although blacklist services do help reduce the amount of unwanted email your users might receive in their inboxes, they also introduce some amount of processing overhead. Blacklist filters rely on DNS lookups, so message processing time is increased by the number of DNS lookups per message along with any network lag time involved in those lookups. Heavily used blacklist services sometimes take up to 1 second or longer to respond to queries. The order in which your mail filters are used can make a performance difference. You might be able to reduce processing lag time by performing blacklist queries after other, simpler processing has taken place. For example, you might have filters that use whitelists or look for foreign languages, various countries of origin, various character sets, banned word lists, nonstandard message formatting, malformed HTML, banned scripts, file attachments, etc. These types of filters can typically process mail much faster than filters that rely on network communication to outsourced services such as blacklist providers. These types of filters can also process mail much faster than typical Bayesian filtering systems, especially Bayesian filters that have accumulated a big database of tokens (a database that probably grows larger by the hour). Whether you use Bayesian filters before or after blacklist service filters probably depends on how much mail your server processes and what kind of processing power your server has as compared to the sum of network lag time between your network and the blacklist service providers. Another thing I've found, which is probably to be expected, is that blacklist services tend to respond to DNS queries much faster at night (in the US) than they do during the day. This phenomenon is undoubtedly due to far more people picking up mail during the day then at night. Most server-based filtering solutions are probably on dedicated connections and therefore process mail any time of day or night. But when you factor in the millions of individual computer users who run desktop-based mail filtering solutions, it stands to reason that there is a much greater load on blacklist services during daytime hours. If your mail filtering solution lets you adjust the priority or processing order of the various filtering mechanisms that it uses, consider testing to see which priority or order works best for your needs. You might find that the out-of-the-box configuration works better after some tweaking. Until next time, have a great week.

==========

==== Sponsor: Postini ==== The Key to Stopping Email Attacks: Sender ID Can't Do It "Going nowhere fast," is how the media described recent efforts to develop an industry-wide email sender authentication standard. Even if some form of Sender ID is eventually adopted, spammers and hackers may be able to exploit the registration of IP addresses with Sender ID to improve their delivery of junk email. Effective real time IP address analysis and filtering is necessary — not sender authentication. This white paper explains why enterprises do not need to rely on Sender ID and discusses better, proven email intrusion prevention solutions that already work today to stop spam, viruses and email attacks. Get answers now! http://www.windowsitpro.com/whitepapers/postini/unwantedemail/index.cfm?code=1222sec_s

==========

==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html Mega Merger: Symantec and VERITAS Security solutions provider Symantec and storage solutions provider VERITAS Software announced their intention to merge. The merger would create one of the largest vendors in the computing industry. http://www.windowsitpro.com/Article/ArticleID/44859/44859.html Critical Update for Windows Firewall Flies Under the Radar As it turns out, Microsoft issued not five, but six security updates in December. A critical update for Windows Firewall was not announced to the public through expected channels. http://www.windowsitpro.com/Article/ArticleID/44834/44834.html Microsoft Purchases GIANT Company Software for Antispyware Solution Microsoft purchased GIANT Company Software, including all of GIANT's products, technology, and staff. Microsoft will soon launch a beta of an upcoming version of Giant AntiSpyware, which will likely be branded a Microsoft product, and will present the solution as the ultimate security companion to Windows XP Service Pack 2 (SP2). http://www.windowsitpro.com/Article/ArticleID/44829/44829.html 3Com Buys TippingPoint for $430 Million 3Com announced that it has reached an agreement to acquire intrusion prevention solution maker TippingPoint. http://www.windowsitpro.com/Article/ArticleID/44811/44811.html Cisco to Acquire BCN, Symantec Acquires Platform Logic Symantec has acquired Platform Logic, maker of AppFire - a host protection suite, and Cisco announced that it has finalized an agreement to acquire BCN, provider of software design and developer of application routing architecture. http://www.windowsitpro.com/Article/ArticleID/44796/44796.html

==========

==== Announcements ==== (from Windows IT Pro and its partners) Are You "Getting By" Using Fax Machines or Relying on a Less Savvy Solution That Doesn't Offer Truly Integrated Faxing from Within User Applications? Attend this free on-demand Web seminar and learn what questions to ask when selecting an integrated fax solution, discover how an integrated fax solution is more efficient than traditional faxing methods, and learn how to select the fax technology that's right for your organization. Register now! http://www.windowsitpro.com/seminars/faxsolutions/index.cfm?code=1220emailannc Harness the Power of Active Directory Provisioning Join Active Directory expert Jeremy Moskowitz for this on-demand Web seminar. Discover the power of using Group Policy to efficiently configure and manage computers within your company to reduce administration and maximize productivity. You'll learn how to leverage Group Policy to provision desktops, manage the provisioning process, and more. Register now! http://www.windowsitpro.com/seminars/activedirectoryprovisioning2/index.cfm?code=1220emailannc Best Practices for Systems Management In this free on-demand Web seminar, you'll discover the most effective practices to monitor and manage your OSs and how they can be put into practice in your environment. Our expert panel will deliver the tips and techniques you need to improve service levels and maximize the use of your IT staff. Register now! http://www.windowsitpro.com/seminars/systemsmanagement/index.cfm?code=1220emailannc Get the Entire Exchange 2003 eBook This free eBook will educate Exchange administrators and systems managers on how to best approach the migration and overall management of an Exchange Server 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management. Get the entire eBook now! http://www.windowsitlibrary.com/ebooks/exchangeserver2003/Index.cfm?code=1220emailannc

==========

==========

==== Events Central ==== (A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events ) Stop the "Silent Killer" Unleashed by Spammers You're under attack from the "silent killer" trying to steal your email directory addresses through directory harvest attacks. Symptoms include sudden bursts of email activity that last only a few minutes and server deferral queues that are constantly full slowing your server performance. Register now for this free on-demand Web seminar and learn how to stop the "silent killer" in its tracks! http://www.windowsitpro.com/seminars/emailspam/index.cfm?code=1220emailannc

==========

==========

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

===============

This email newsletter is brought to you by Security Administrator, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

http://www.secadministrator.com/rd.cfm?code=00ep254xeb

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like