Our website would like to use cookies to store information on your computer. You may delete and block all cookies from this site, but parts of the site will not work as a result. Find out more about how we use cookies.
Novacaster Community Logo

Login or Register

Welcome!»
Latest Contributions»
Community Areas»
Blogging Areas»
Group Areas»
Business Areas»
Technical Areas»
 
Unknown Masterpiece»

Keyword Search:

Advanced Search
Powered by
Powered by Novacaster
 
Libelled by a mail filter?
by Simon at 13:53 16/08/04 (Blogs::Simon)
So this morning I get a request from someone who's having trouble registering on a site, claiming that despite registering twice they've never got a 'Welcome' mail with their account details.
Naturally, I want to help, so spend a few minutes going through the logs checking that indeed we did send the email and the remote mailserver accepted it. Good news - that means the problem's at the user's end.

Done and dusted? Nope. A while after sending my reply, including the relevant log lines to help the user track down what happened to the inbound email at his end, I get a message from them asking what was in my previous email because their system has quarantined it with the following message:

-----Original Message-----
From: Mailsweeper Mailer
Sent: 16 August 2004 10:37
To: ******, *****
Subject: Message Quarantined - Re:Fwd: RE: SUSIE

Mailsweeper has quarantined a possible virus attachment.

To: *****@****sman.co.uk

From: simon@shout**.com
Date: Mon, 16 Aug 2004 11:37:14 +0100
Subject: Re:Fwd: RE: SUSIE
Classification: Incoming Virus Attachment Detected

Reason: This email contains a suspect attachment such as a program, batch
file, screensaver or protected content most commonly associated with current
virus trends - hence this email has been quarantined.

There are two main problems with this:

1) There was no attachment.

and

2) There was no attachment.

Now, I realise that that's actually the same problem, but it's such a biggie I thought it needed saying twice.

Further investigation reveals that the filter at the other end quarantines *anything* that contains the pattern:

p*ssword

Shades of not allowing people from Scunthorpe to register on AOL...

Mailsweeper's site makes the bold claim:

MAILsweeper™ for Exchange

Bring the power of the #1 content security solution to internal mail

... sadly, it doesn't go on to say "... by preventing useful communication, and spewing out inaccurate Classifications willy-nilly."

Maybe I should sue...
--
simon

<< Secrets of the Pyramids Grokster decision >>
View Comments (Threaded Mode) Printer Version
Libelled by a mail filter? Simon - 13:53 16/08/04
Re: Libelled by a mail filter? Gordon Hundley - 15:31 18/08/04
The MIME/mailsweeper software is pretty ugly. It was once the only player in this market, but it has fallen seriously behind since newer products have come along. They also seem to have reached the point where when they fix something, they break something else that they had previously fixed.

The bulk of confguration consists of writing simple pattern matching rules, which are then weighted using an apparently inconsistent method to determine which queue to put the mail into. Certain things just can't be weighted and must be put top of the rule chain - having the F-bomb a dozen times in one message shouldn't drop it in the profanity queue if there is a known virus detected by the external virus scanner, etc.

The expression parsing laguage is truly awful, broken in places, and by its design woefully limited. Futhermore, the more restrictive a policy you make using simple expressions and applying Bayesian analysis of dubious prior distribution, the more likely you are to stop valid email. This results in the administrator spending long hours checking block queues to release business email.

At a certain businesss that I'm familiar with, a mail gateway is handling less email than a certain ISP that many of us here are familiar with. Despite using a comparatively recent Compaq 580 with buckets of memory, the proxy based mailsweeper regularly builds up a four hour processing backlog, due to the hundreds of regular expressions added to block major spammers, and profane or obscene content. Several staff collectively put in a dozen hours a day checking queues.

If you want to block spam, there's no killer app on the market, and you'll probably do better figuring out how to use spam assassin, mail-abuse.org, and vipul's razor. These open source tools are a good deal more customisable than the chunky bloatware available for a few grand, and since you're commiting to many, many hours of administration, you may as well put in some thought up front...

Just my 0.0162551 Euro.
--
DrGoon