HEC Montréal: Follow-up on the Large-Scale Mail Installation
In order to produce valuable statistics, two tools were used: Spamity and pflogsumm. The former is a complete solution for extracting information from log files of a mail infrastructure based on Postfix and AMaViS. Spamity extracts all the relevant information and stores it in a database. A Web frontend is offered so users simply can log in to the Web application to see the mail rejected by the filtering policies. The nature of Spamity makes it a valuable tool to examine the spam and virus tendencies in order to tune the infrastructure over time to limit the delivery of UBEs and viruses. Spamity efficiently gathers the information related to the rejected messages and classifies it with regard to the following policies:
RBL: Message rejected by a real-time blackhole list.
RHSBL Client: Message rejected by a right-hand side block list.
Header Date: Message has a date from the distant past or future.
Header Subject: Message rejected by suspicious subject.
Header X-Mailer: Message rejected by suspicious mail user agent.
Header Content-Disposition: Message rejected by suspicious attachment.
Header Content-Type: Message rejected by suspicious attached file. The filter method specifies the file extension.
Body: Message rejected by suspicious body content.
Access Username: Message rejected by access username.
Virus: Message rejected by AMaViS together with the anti-virus solution used.
Spam: Message rejected by AMaViS together with SpamAssassin.
On the other hand, pflogsumm is a useful tool for providing a quick overview of Postfix activity. This allows an administrator to identify rapidly potential problems in a Postfix installation. Among the information reported by pflogsumm, we have:
Total number of received, delivered, forwarded, deferred, bounced and rejected messages
Per-day and per-hour message traffic and connection summaries
Various other summaries (warnings, fatal errors, panics) and more.
Using those two tools and some custom Perl scripts, we produced the different figures found in this article.
Figure 2 shows the weekly total number of mail considered to be UBE or containing viruses that were blocked since the beginning of 2004. The rules' efficiency also is shown in this figure.
As shown in Figure 2, the RBL policy is definitively the most effective one, followed by content analysis using SpamAssassin and message Subject header analysis. You also can note that the virus policy numbers are not as high as expected. This is easily understandable as the detection of viruses often is moved from AMaViS to Postfix's header checks (Content-Disposition, for example). This requires considerably less system resources, because we avoid both detailed analysis in SpamAssassin and a process fork, for each received message, for virus scanning using NAI VirusScan. The network analysts proceeded with such modifications after the 01-25 week for the MyDoom e-mail worm.
Furthermore, Figure 3 shows the usage of services offered by the mailstore, during the busiest week of the first three months (March 21-27).
As shown in Figure 3, POP3 is the most solicited service, followed by IMAP and the Web mail system, which also uses IMAP but was separated in the figure. During this week, peeks of 52 POP3 and 338 IMAP concurrent connections were observed coming from a total of 11,000 different users. The mailstore also is responsible for message deliveries in the user's mailboxes using the Local Mail Transfer Protocol (LMTP). Peaks of 75 concurrent delivery processes often were seen.
On the other hand, Figure 4 shows the amount of mail exchanged using the four SMTP servers for the entire month of March 2004.
As shown in Figure 4, 40 to 60% (55,000 messages per day, on average) of all received mail was rejected by various UBE and virus filtering techniques. This number actually is down from 80% in December 2003. At that time, HEC Montréal was receiving more than 125,000 spams per day. Currently, the average number of messages sent per day is 57,000, while the average number of received (from external servers) and delivered email per day is 35,000.
As you have seen from the different figures, the mail infrastructure certainly is a key component at HEC Montréal, as it is highly solicited. Overall, the mail infrastructure has been very fast and stable since it was deployed. Minor updates were performed by network analysts, mainly to keep up with the new e-mail worms.
- Chemistry on the Desktop
- Three EU Industries That Need HPC Now
- Preseeding Full Disk Encryption
- William Rothwell and Nick Garner's Certified Ethical Hacker Complete Video Course (Pearson IT Certification)
- Five HPC Cost Considerations to Maximize ROI
- FinTech and SAP HANA
- Hodge Podge
- Two Factors Are Better Than One
- GRUB Boot from ISO
- HOSTING Monitoring Insights
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide