Posted by on Nov 27, 2007 in General | 0 comments

So, the antispam device I mentioned sometime back has been installed and running.  And it is…interesting.  It is a Deep Six device from Tyrnstone systems, which is a consulting biz somewhere near the Great White North.  But, before you start waving your flags, they are an American company.  With very nice people.

Here is how it works.  You take this thing out of the box that is the size of a 8 port switch, plug it in, connect the handy Serial Cable (more on this later), and do about 5 minutes of configuration.  Boom.  Done.  And, for the most part it works.  It is certainly fast, and gives me hope for that flash-based boot OS some day down the road.  However, there is a bug-a-boo that keeps it from being perfect.

The basic premise is this:  Spammers lie.  So, if an email comes in, it checks the IP address against a blacklist.  Then it does a RDNS lookup to see if the IP address matches the domain name.  It comes up with a score based on this and other information, and if the score exceeds a certain level, the email is rejected.  It doesn’t get to the server, it doesn’t get to the users.  My current one is rejecting 72% of the emails it sees (which tells you the general level of spam).

Here is the problem.  If it rejects a legitimate email, you have to bless the IP address of the originating server for it to get through (or raise the score level that blocked it).  Not a problem for small companies that follow the rules, post SPF records and make it easy to find the IP address of the SMTP server.  But, do you have any idea how many SMTP servers Google has?  Yahoo?  Hotmail?  Network Solutions?  A lot.  And, while you can do a starting IP address and a CIDR value, things like this make my brain hurt.  And, the last thing I want to do is  bless all of Hotmail when all I want is a single address to get through.  But, you cannot add a single address (or a single domain).  Most of the domains that I want to let though are private domains.  But, since the users choose to use non-secure mail services (I’m looking at you, Network Solutions!), they get blocked.  Don’t get me started on Earthlink.

So, final score?  I like it.  But, my life is busy enough without having to track down SMTP server addresses just to let one person email another.

And using serial cables for configuring?  I can understand the security aspect, but geeze-Louise.  Get with the late 90’s and throw a web-based config on there!