Author: Yves Lacombe
Yves Lacombe
Yves Lacombe has been working on Internet Infrastructure products for over 15 years. He is an Internet Security expert and one of his company's gurus. He has forgotten more things about Email Security than most people will ever know. He runs numerous heavily secured email servers and is constantly getting in trouble while trying to hack into his company's products. Yves has two mottos that he lives by: “The buck stops here” and “Lets just get the
Articles by this author
Who is Responsible for Internet Security: A Response
Basically you have the Australian courts who want to place the onus on the shoulders of end-users. Others want to put the responsibility on Operating System or Application vendors due to their security holes. Finally, you have the Mail System operators or Network connectivity providers (ISPs) who don't take sufficient measures to combat open relays or botnets where infected machines act like SMTP proxies. (Jul 26, 2010)
Interesting question from a customer: “Why should we block .EXEs?”
The majority of phishing attempts with drive-by-downloads try to entice you to download EXE files and run them locally. EXE files should always be blocked. You can open certain files on a case-by-case basis and in a very controlled fashion, but that’s the extent of it. (May 26, 2010)
Deep header inspection: use with caution
Some anti-spam tools will actually look at the reputation of IP addresses in each of the received headers of an email. Reputation mechanisms usually involve multiple sources, e.g., DNSBLs and Honeypot-driven reputation services. (Apr 19, 2010)
Simple Admin Tricks: Quick & Dirty Monitoring
From time to time, you’ll need to monitor a port to see if there's a problem brewing. For smaller companies, it can be quite a chore to deploy some sort of commercial or open-source monitoring solution (e.g., NAGIOS-based stuff), when all you want to do is do some quick and dirty monitoring. (Mar 26, 2010)
Cool Tool: WinSCP
I just wanted to share with you a very useful tool that’s been around for a while now, and it helped me solve a problem on a customer’s machine. To properly investigate, I had to extract several logs from the customer’s server on a scheduled basis and have them FTP'd here so that I could keep tabs on the server's behavior. (Feb 26, 2010)
Blocked by RFC-IGNORANT ... Now what?
From time to time, customers wind up getting blocked by a seldom seen blacklist called "RFC-Ignorant." Unlike classical blacklists that are usually honeypot driven, this one is driven by people who have manually reported you as violating RFC. (Jan 22, 2010)
Reverse DNS checking: Is it safe to use?
Every time I do a setup with a customer, the question always comes up: Should we use Reverse DNS checking or not when configuring connection-level blocking security measures? (Dec 04, 2009)
Country-Based Blocking
Is it good or bad? Well the answer is "it depends." If your organization only operates within North-America, for instance, blocking the more prolific spam sources by country may be a very good way to reduce the amount of traffic hitting your MTA. (Oct 30, 2009)
Email Security Gateway Deployment: Avoid These Common Mistakes
Don't declare your primary mail server (MTA) as a secondary MX. (Oct 02, 2009)
SPF woes with third party services … a workaround.
Many people use SPF (Sender Policy Framework) as an anti-spoofing measure. They create an SPF record in their DNS zone for their domain. From time to time though, some customers will do business or use third party services that will send out Email on their domain's behalf and unfortunately, this will cause recipient MTAs to hard-fail or soft-fail these messages. (Sep 04, 2009)
Security Back to Basics
You can use Windows Routing and Remote Access (RRAS) for firewalling purposes. It's fairly simple to setup as well. (Aug 21, 2009)
