Author: Yves Lacombe
Yves Lacombe
Yves Lacombe has been working on Internet Infrastructure products for over 15 years. He is an Internet Security expert and one of his company's gurus. He has forgotten more things about Email Security than most people will ever know. He runs numerous heavily secured email servers and is constantly getting in trouble while trying to hack into his company's products. Yves has two mottos that he lives by: “The buck stops here” and “Lets just get the
Articles by this author
Part 2: How to monitor application performance and send alerts on Windows Server 2008
In my previous article, I outlined how one could monitor a performance counter and send alerts to a pager or smartphone on a Windows 2003 server. This is how to do it on Windows Server 2008... (Nov 30, 2011)
How to monitor application performance and send alerts when a threshold is breached
Before investing in an expensive tool to monitor the performance of your various applications, it’s important to know that Windows is equipped with many of the tools you need. If the applications provide performance counters, the Performance Monitor utility makes it easy to keep track of dynamically changing statistics. (Sep 21, 2011)
Energy consumption by email (and the Internet)
Depending on who you listen to, it seems there's always a study indicating that energy consumption driven by the Internet is bad. If you add up the energy consumed in the construction of our computers and networks, the operation of our servers and the transmission, storage and retrieval of all this information, you get the equivalent of from 4 - 19 grams of CO2 generated per email. (Jul 22, 2011)
How to detect a spammer on your network? What to do about it?
The mechanics of detecting a spammer on your network is fairly straightforward. Spammers will spam via your network in two ways: (1) Via a compromised host on your network. An infected machine has become a bot in a botnet and is sending out spam directly to the internet. (2) Via a compromised mail account where the spammer will be using one of your user's mail accounts to broadcast spam via your own MTA. (May 31, 2011)
Facebook: Ceglia’s alleged Emails, fraud or not?
In the past few days, news have been soaring with a new episode of the Ceglia-Facebook-Zuckerberg saga. Are we at 'Facebook: A New Hope', 'Ceglia Strikes Back', 'The Return of The Face Book'? I've lost count. Evaluated at $50 Billion and with over 600 million users, the popular social media is an ideal target. (Apr 15, 2011)
Message Throttling Issues With Exchange and an Email Security Gateway
From time to time, you might find that messages get stuck in your email security gateway server and don’t get delivered to your Exchange server. This usually happens with new installations or when the system receives a sudden, high load of email. (Mar 23, 2011)
Keep Control of your Mailboxes in Microsoft Exchange
It’s always a good idea to keep control of how many mailboxes you have in Microsoft Exchange. Why? There are several types of objects in Exchange that have mailbox-like behaviors, so they can receive mail from the outside world. (Mar 16, 2011)
Email vs. Social Media: Email Is Still the Killer App
Every now and then someone offers up their opinion about why they think email is dying, and social media and other communication formats are taking over. (Feb 24, 2011)
The impact of IPv6 on message filtering systems
An interesting article was posted on Slashdot in December: "As public IPv4 addresses dwindle and carriers roll out IPv6, a new problem has surfaced.." In the short term, this is definitely going to be a problem for email security companies that rely strongly on DNSBLs or reputation-based systems. (Jan 19, 2011)
How To “Gently” Switch People to SMTP Authentication
There are still quite a few small and medium sized ISPs out there who use technology such as “POP before SMTP” to allow mail relaying. However as threats increase, it’s become standard operating procedure to require proper authentication from end-users to allow outbound mail relay. One of my customers came up with a fairly gentle way to ease their user base into using SMTP Authentication (SMTP AUTH). (Jan 04, 2011)
How to prep your email system for the holidays
About to leave for the Christmas and New Year's holidays? Don't forget about your holiday admin checklist! (Dec 22, 2010)
Short Story: UTMs Are Not a Panacea
One of my customers is an admin who works within a small portion of a larger institution. The main administrative group decided to overhaul their primary firewalls with UTM devices instead, which included spam and virus filtering for MTAs (Mail Transfer Agents). Can a UTM device replace a dedicated device? (Dec 10, 2010)
Quick and dirty database replication with MS-SQL
Microsoft SQL and SQL Express both provide a T-SQL (Transact SQL) command-line interpreter that you can use to automate backup and restore processes. It enables you to utilize publisher/publishee configurations for real-time or near real-time replication. Sometimes, though, all you may want to do is run a daily backup of the database on one SQL Server and restore it to a second SQL Server to keep a "warm standby" available. This can be done easily with a pair of simple batch files. Here’s how you do it: (Oct 18, 2010)
Cool Tool: IMAPCOPY
Have you ever had to migrate mailboxes from server X to server Y? Unfortunately, each type of MTA natively stores mailboxes and folders differently from other MTAs (Sep 08, 2010)
Who is Responsible for Internet Security: A Response
Basically you have the Australian courts who want to place the onus on the shoulders of end-users. Others want to put the responsibility on Operating System or Application vendors due to their security holes. Finally, you have the Mail System operators or Network connectivity providers (ISPs) who don't take sufficient measures to combat open relays or botnets where infected machines act like SMTP proxies. (Jul 26, 2010)
Interesting question from a customer: “Why should we block .EXEs?”
The majority of phishing attempts with drive-by-downloads try to entice you to download EXE files and run them locally. EXE files should always be blocked. You can open certain files on a case-by-case basis and in a very controlled fashion, but that’s the extent of it. (May 26, 2010)
Deep header inspection: use with caution
Some anti-spam tools will actually look at the reputation of IP addresses in each of the received headers of an email. Reputation mechanisms usually involve multiple sources, e.g., DNSBLs and Honeypot-driven reputation services. (Apr 19, 2010)
Simple Admin Tricks: Quick & Dirty Monitoring
From time to time, you’ll need to monitor a port to see if there's a problem brewing. For smaller companies, it can be quite a chore to deploy some sort of commercial or open-source monitoring solution (e.g., NAGIOS-based stuff), when all you want to do is do some quick and dirty monitoring. (Mar 26, 2010)
Cool Tool: WinSCP
I just wanted to share with you a very useful tool that’s been around for a while now, and it helped me solve a problem on a customer’s machine. To properly investigate, I had to extract several logs from the customer’s server on a scheduled basis and have them FTP'd here so that I could keep tabs on the server's behavior. (Feb 26, 2010)
Blocked by RFC-IGNORANT ... Now what?
From time to time, customers wind up getting blocked by a seldom seen blacklist called "RFC-Ignorant." Unlike classical blacklists that are usually honeypot driven, this one is driven by people who have manually reported you as violating RFC. (Jan 22, 2010)
Reverse DNS checking: Is it safe to use?
Every time I do a setup with a customer, the question always comes up: Should we use Reverse DNS checking or not when configuring connection-level blocking security measures? (Dec 04, 2009)
Country-Based Blocking
Is it good or bad? Well the answer is "it depends." If your organization only operates within North-America, for instance, blocking the more prolific spam sources by country may be a very good way to reduce the amount of traffic hitting your MTA. (Oct 30, 2009)
Email Security Gateway Deployment: Avoid These Common Mistakes
Don't declare your primary mail server (MTA) as a secondary MX. (Oct 02, 2009)
SPF woes with third party services … a workaround.
Many people use SPF (Sender Policy Framework) as an anti-spoofing measure. They create an SPF record in their DNS zone for their domain. From time to time though, some customers will do business or use third party services that will send out Email on their domain's behalf and unfortunately, this will cause recipient MTAs to hard-fail or soft-fail these messages. (Sep 04, 2009)
Security Back to Basics
You can use Windows Routing and Remote Access (RRAS) for firewalling purposes. It's fairly simple to setup as well. (Aug 21, 2009)
More Recent News
Recent Spam Survey Winners
We are extremely pleased with the tremendous response that we have received to this point from our Fight Email Spam survey. As promised we have randomly selected winners of our gift card prizes. (Jan 23, 2012)
New Year's Resolution
We spend 8 to 10 (or more) hours a day at work - more time than we spend anywhere else - and our desks/workspaces are becoming our kitchen tables. But, do you realize that our desks are covered in more bacteria... (Jan 20, 2012)
Email Usage Survey
We are currently conducting a market research on email usage at work. Thank you for filling our this very short survey. (Jan 12, 2012)
