Page 1 of 1

few issues with the Enterprise version

Posted: Thu Aug 05, 2010 5:33 am
by triadgroup
I installed the enterprise edition, on linux using the milter function with sendmail.
It seemed to run OK for 2 or 3 weeks but I I had to stop using it.
Some of the filtering still missed, I purposely sent several blank bodied messages, all were delivered to my inbox, as well as an email I filled with explicit and vulgar words.
The final error I started to see was misqueueing of emails to another intermal email server; It would create 2 GB files in the /var/spool/mail directory of the other server.

The only messages being trapped are by the blacklists. What happened to the content filtering and will it return to the Enterprise edition? It worked so well in the OSS version(at least for us)
I prefer using the milter vs the proxy. Is the proxy more reliable?

Re: few issues with the Enterprise version

Posted: Thu Aug 05, 2010 6:26 am
by triadgroup
A few details on our setup that will help:
We have an edge MTA running postfix, graylist daemon and clamsmtp, that forwards to a sendmail milter box running spamassassin which forwards to Mailwasher. The 2GB queue files were creating on the spamassassin filter, they were binary format so I could not examine them for any text to provide clues on these errors.

Re: few issues with the Enterprise version

Posted: Thu Aug 05, 2010 10:58 am
by cliff
Hi There,

We no longer provide a milter option for MWES - it's not even available in the current version.
The proxy arrangement is easier to implement, support, and uses far less system resources. As a positive side effect - it also decreases the load on the MTA as well.

When using MWES please make sure you disable any other filtering software (SpamAssassin, Greylisting and RBL - MWES is designed to replace all these) - these could possibly interfere with the MWES process increasing the chance of false positives. ClamSMTP is fine however.

The concept of MWES is slightly different to the OSS version we offered in the past.
MWES main design goal was accurate, yet easy to configure protection. We concentrated on the spam prevention before adding features such as AD integration etc.
Now we are stoked with it's detection accuracy and ease of set-up, we are adding features - including full digests, mail tracking and Trusted IPs in the next release alone :)

The basis of MWES protection is "is this a legitimate sending SMTP" employing a series of checks to detect bad/poisoned/spam senders - which keeps false positive down to a minimum (less than 0.5% on most systems).
In addition to this, there is an algorithmic comparison of the mail body with our database (The First Alert service) - which contains trillions upon trillions of spam collected by our distributed honey pots around the world.

MWES is not a content/body scanning service (as per Spamassassin).
Research and expereince has shown that content/body scanning (or scoring) increases the chance of false positives 10-fold and can be complex to configure not to mention the ongoing requirement for training.
Spammers generally need to alter a few characters or re-form the body in a certain way to bypass content scanners easily.
For these reasons we have not incorporated it content scanning. (note: we may implement a similar feature at some point, but it will not be a 'first defence' directive)

That said, you can apply a word filter into the "custom filters" to trap undesired words/phrases - It's not something we recommend however as it had been found to trap a lot of 'real' mail due to someone putting in a key word innocently.

Your blank emails will pass through without issue because your address would have been sent from a legitimate origin.
When an email passes through MWES, it is 'tagged' with X-MWES headers in the email. These headers will tell you why it passed through.
An educated guess would be that the balnk emails will have the header : X-MWES-REASON: Greylisted Friend

We offer a installation service for MWES, it's free!
If you would like us to set it up for you, flick me an email on :)