I’m no Microsoft Exchange guru, by any stretch of the imagination, but I’ve been working with our email provider for the past three weeks trying to get our spam filtering disabled on Exchange 2007 because we use a third party anti-spam service and wish to simplify the whole solution.

There seems to be some confusion for Email jockeys who are used to the 2003 IMF way of filtering emails as opposed to the 2007 CFA way. Below is a summary of what I’ve learned (more than I wanted) about Exchange’s anti-spam product.

More below the fold.

(more…)

Earlier this week I observed one of my laptops running World of Warcraft, which was accessing a *.torrent file. Today, I found another application, this time a screen saver called Electric Sheep is using it.

Electric Sheep is a similar concept to SETI@home; network several machines together to utilize processing cycles once the machine goes idle. Electric Sheep, instead of looking for ET, renders fractals which are intended to be analogous to computer dreams. Cool concept both as a screensaver and the fact that it utilizes the Bittorrent protocol for information sharing.

It’s obvious the Bittorrent protocol is gaining a foothold in mainstream computing. Now all that is needed is an authorization or identification bit in the TCP handshake that will ID the application. That way us network security apes can authorize certain Bittorrent applications to cross the gateway while blocking others.

One of my HIPS rules specifically blocks any access to a *.torrent file, for obvious reasons. Going through my HIPS logs today, I see the following event:

It’s fascinating to think that WoW uses bittorrent to manage itself, just not on one of my work machines, thank you very much.

I used to use Boxtrapper to control who could send email to an uber-secret email account, that Wordpress would check and post any email in that account.

For some reason my hosting service removed Boxtrapper and of course the spam found my inbox and was subsequently posted here on my blog.

To replace Boxtrapper, they’ve provided generic message control filters, so I set up a rule to allow email from my email accounts as the first rule and the second rule is this:

where from matches regex ‘.*’ bounce

So now if you aren’t on my approved list, you’ll get an NDR that simply states:

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

This will do the trick, at least until my provider decides to pull the plug on their message control filters.

Thanks again to every who notified me using Twitter, email, and my contact page on the blog and a big thanks to Martin McKeay for a very effective and creative way of getting the word to me. Good lookin’ out.

Belay on.

Thanks to everyone who let me know about the blog spam. I believe it is coming in through the post-from-email feature. I don’t have time right now to dig into it, I’m off to get belay certified, but I’ve disabled that feature. Hopefully that puts an end to it.

Thanks again.