MagicSpam

[ro...@unrealstyle.com]

Does anybody have any experience with this product?

My company wants to replace SpamAssassin with this product, due to  
SpamAssassin being not being up to par other products.

My argument is that people we give SpamAssassin to have no clue how to  
use it and what it's designed to do, therefore they think it sucks.

Re: MagicSpam

[Jesse Stroik <js...@ssec.wisc.edu>]

Rob,

Spamassassin is more difficult to configure because commercial products 
don't have the luxury of requiring more sysadmin configuration.  They 
have to be easy or no one would buy them.  The disadvantage of them 
being easier is that they have less flexibility, less information and 
less site-specific configuration to work with.  They also tend to be 
less accurate, erring to the side of enforcement at the risk of 
discarding legitimate mail.

It is important to check spamassassin to see which plugins are installed 
properly and working.  Spamassassin will work with only a few plugins 
installed, but it will work much better if you install all plugins that 
make sense for your site.

To maintain spamassassin well, you also have to have very level-headed 
admins who are willing to drop even very effective plugins if they have 
the potential for false positives.  You have to evaluate the plugins 
yourself, to some extent, and you have to trust behavior that you 
observe.  I recently had to decrease the score of the BOTNET plugin 
significantly.  It's not the BOTNET plugin is doing something wrong -- 
it's simply that companies often configure their mail servers with mail 
gateways and have internal/private network Received lines that trigger 
the BOTNET plugin.

Commercial products tend to trap lots of spam, like a properly 
configured spamassassin installation, but they also tend to get a lot of 
false positives.  Consider that people complain a lot more about false 
negatives (spam that gets through) than false positives, especially if 
they don't see the false positives.  Because of this behavior pattern, 
commercial products will almost always err to the side of throwing away 
the baby with the bathwater.  And this is more dangerous to email than 
spam is.

Best,
Jesse

RE: MagicSpam

[Michael Hutchinson <mh...@manux.co.nz>]

Hello,

I really don't see how Spamassassin is not "up to par", considering many high end Net App's use Spamassassin and promote corporate level products that include it. Maybe it needs to be configured correctly?

In fact, I don't think I've seen any real rival to Spamassassin - except, maybe, for DSPAM (but I've never used it) - And I don't see how that is going to be any "easier to drive" than Spamassassin. The only good Spam tagging applications for Windows all seem to have Spamassassin inside them somewhere.

None of my users know how to use Spamassassin, in fact, none of my co-workers do either. I wouldn't even pretend to try and get them to do anything to it, apart from send Missed Spam back for Bayes training.
If it is other Admins you're giving the product to, and they don't/can't understand it, then they shouldn't be running it.

"no clue how to use it and what it's designed to do" - sounds like they need some education, these naïve people that you give Spamassassin to.

Cheers,
Mike


-----Original Message-----
From: robb@unrealstyle.com [mailto:robb@unrealstyle.com] 
Sent: Friday, 12 September 2008 5:12 a.m.
To: users@spamassassin.apache.org
Subject: MagicSpam

Does anybody have any experience with this product?

My company wants to replace SpamAssassin with this product, due to  
SpamAssassin being not being up to par other products.

My argument is that people we give SpamAssassin to have no clue how to  
use it and what it's designed to do, therefore they think it sucks.

Re: MagicSpam

[Robert Schetterer <ro...@schetterer.org>]

ram schrieb:
> On Thu, 2008-09-11 at 15:25 -0700, fchan wrote:
>> Hi,
>> Sorry I don't have experience with this product.
>> I do have limited experience with Barracuda Networks appliance and I 
>> think is a great product for an e-mail filter which I had experienced 
>> with my friend to set up on their network & email server. It is easy 
>> to set up, configure and maintain so for an alternative to 
>> spamassassin this is great alternative. Price a fairly good and since 
>> they were a educational institute they got an discount.
>> http://www.barracudanetworks.com/ns/products/spam_overview.php
> 
> Alternative to spamassassin ?? , AFAIK barracuda uses spamassassin. You
> just get their rules and DNS lists that makes it "better" than the
> default SA 
>  But to be honest ,Not everyone can keep managing SA boxes.
>  If some company wants to dump SA because of management issues , I would
> suggest just tie up with some commercial plugin for SA
> 
> No change to the user interfaces. Almost immediately  implementable on
> an existing setup and would be economical too
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
Hi ,
you may have a look to ironport now owned by cisco
it s one of the leading solutions in antispam
but very expensive

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: MagicSpam

[ram <ra...@netcore.co.in>]

On Thu, 2008-09-11 at 15:25 -0700, fchan wrote:
> Hi,
> Sorry I don't have experience with this product.
> I do have limited experience with Barracuda Networks appliance and I 
> think is a great product for an e-mail filter which I had experienced 
> with my friend to set up on their network & email server. It is easy 
> to set up, configure and maintain so for an alternative to 
> spamassassin this is great alternative. Price a fairly good and since 
> they were a educational institute they got an discount.
> http://www.barracudanetworks.com/ns/products/spam_overview.php

Alternative to spamassassin ?? , AFAIK barracuda uses spamassassin. You
just get their rules and DNS lists that makes it "better" than the
default SA 
 But to be honest ,Not everyone can keep managing SA boxes.
 If some company wants to dump SA because of management issues , I would
suggest just tie up with some commercial plugin for SA

No change to the user interfaces. Almost immediately  implementable on
an existing setup and would be economical too

RE: MagicSpam

[Brent Kennedy <br...@cfl.rr.com>]

 
I have heard that the sonicwall email security appliance is pretty good.  It
gets expensive per user, but they have desktop controls in outlook.

The other one is the service offered by mcaffee enterprise... I don't
remember the name, but its essentially a service they host and your mail
server only receives mail from them.  Its underlying system is spamassassin,
but theirs is on steroids.  I think the one of the developers of
spamassassin actually works for them.

Both systems use Bayesian filtering, but they have different types of input
that allow millions of indicators to be used and updated minute by minute,
thus allowing maximum spam detection.  Basically input from many places is
always better than input from one place.. The more data you have to look at
the more obvious the trends thus making it easier to spot spam and rule out
false positives on a minute by minute basis.

-Brent

Re: MagicSpam

[Duane Hill <d....@yournetplus.com>]

On Fri, 12 Sep 2008, Karl Pearson wrote:

> On Thu, 11 Sep 2008, fchan wrote:
>
>> Hi,
>> Sorry I don't have experience with this product.
>> I do have limited experience with Barracuda Networks appliance and I think 
>> is a great product for an e-mail filter which I had experienced with my 
>> friend to set up on their network & email server. It is easy to set up, 
>> configure and maintain so for an alternative to spamassassin this is great 
>> alternative. Price a fairly good and since they were a educational 
>> institute they got an discount.
>> http://www.barracudanetworks.com/ns/products/spam_overview.php
>
> I have to violently disagree. As an administrator of a system with 184 email 
> groups and over 7000 subscribers on it, I absolutely hate Barracuda products. 
> Out of the box, they specialize in creating huge amounts of backscatter (see 
> http://en.wikipedia.org/wiki/Backscatter_(e-mail) for more info) which is 
> SPAM.
>
> Ease of setup and use are not the primary reason for purchasing any product, 
> IMO.

One of the other things I've seen in recent weeks with Barracuda, is how 
wrong they have their default reputation system set up (I assume it's the 
default). I've had to speak with a number of admins about why the 
reputation should ONLY reject messages where the source IP is found. As it 
was, the appliance was rejecting if ANY IP in the received headers was 
found.

-d

Re: MagicSpam

[Michael Scheidell <sc...@secnap.net>]

> At 09:44 12-09-2008, Jesse Stroik wrote:
 
> There is SpamAssassin the project and SpamAssassin the software.  The
> project, under the aegis of the Apache Software Foundation, provides
> a framework to support open source software development to deliver an
> enterprise-grade, freely available software product for the public benefit.
> 
> SpamAssassin, the software, is a mail filter to identify spam.  It is
> designed for easy integration into any email system.  The cost to
> develop such a software is estimated to be around US $1.1 million.

And many, if not the large majority of commercial systems use it somewhere.
A commercial product that does not understand spam, or if their team has not
had lots of experience with spam, will make those mistakes.

As the maintainer of the freebsd port of Spamassassin, I have to look at any
user contributed 'fixes' or scripts to see if they are keeping with the
overall SA design, or if they are freebsd only, do they cover, or will they
work with ALL freebsd users (commercial systems, hobby, or home grown).

As the maintainer, I have rejected several scripts that are mostly site or
company specific, reminding the author that SA has to be made generic, and
the Freebsd port of SA has to remain generic.  I also remind them 'this is
open source', you are ENCOURAGED to make custom, site specific changes.

That said, as my second role as the CTO of one of the many companies that
uses SA, thanks to the team, community, and users for creating a generic,
'one site fits all' system, but, it does need lots of work to make it a
viable system to be used by 'users'.  Remember users ;-)?  If SA is used by
YOU, and YOU are totally in charge of what gets whitelisted, blacklisted,
etc, then YOU can maintain all the cf files and you can (eventually) get a
pretty stable, accurate system.

If, however, you are trying to create something easy to set up, and easy for
users to use without your constant tweaking, yes, its VERY hard.

As much time as our engineers spend on optimizations and minor customer
custom requests, I think most of their time is spend trying to balance the
spam capture rate and the false positive rate.

(you really need a team :-).
Examples of problems include ISP's who have clients that actually subscribe
to those 'free crap in your email box', vs commercial companies who don't
want their users using their email address for 'free porn' and such.

Take one of the reputation filters as an example: DCC.
DCC is great for identifying sources of BULK EMAIL.  The commercial version
also lets you get a bulk/non bulk percentage value on the sending IP.  The
free system allows you to take checksums of the spam and get a 'bulk/non
bulk' judgment on the email.  Remember, this is BULK EMAIL, not spam.  It
would trigger FP's on every truly double opt-in mailing list.

Bayes:  if you are an ISP, and not using user based bayes, then your plastic
surgeons will be sending and receiving enlargement type emails that are
legit, but that a mortgage company would want to block.

HABEAS/SENDERBASE, more examples:  for ISP/ generic use, maybe letting in
commercial bulk email from companies who pay to certify their bulk email is
he right thing to do.  For a commercial business, maybe not.

However, that said, it is possible to build a commercial system that is easy
to install, will (out of the box) be about 99% accurate, allows users and it
administrators access to reporting and configs, without creating a burden.
(no, we don't allow individuals access to ~user/local.cf files ;-), but we
do allow admins to turn on and off specific plugins, and users to set their
own spam threshold values.

Bottom line:  same argument for any commercial vs custom system.

A 'drop in place, open source' product isn't a product, its a framework.  It
will be less accurate, because it wasn't tweaked.

A custom product will harder to build, but will be (eventually) what the
company needs (for 1.1mm ;-).  Also, consider the ongoing need to continue
to track spam, new spam types and upgrades.

A COTS product should offer good support, enough customizations that it will
work for your company.

I support SA efforts and will continue to since I understand the value of
building and working with an open source community.  That is why I volunteer
my time to maintain the freebsd SA port.  If you are trying to block spam
for one server, or one company, and you don't want to spend a large amount
of time, get a pre-build, supported product.  Not a framework.  If however,
your needs are so unique that a COTS product won't work, then hire a team,
build a custom solution.

Your choice.
(sorry, off my soap box now)

-- 
Michael Scheidell, CTO
>|SECNAP Network Security

Re: MagicSpam

[SM <sm...@resistor.net>]

At 09:44 12-09-2008, Jesse Stroik wrote:
>setups if they want the largest possible customer base.  Consider 
>the difference between the primary goals of spamassassin and 
>arbitrary commercial anti-spam solution:
>
>Spamassassin: To facilitate a community effort with the primary goal 
>of accurate reduction of spam.

There is SpamAssassin the project and SpamAssassin the software.  The 
project, under the aegis of the Apache Software Foundation, provides 
a framework to support open source software development to deliver an 
enterprise-grade, freely available software product for the public benefit.

SpamAssassin, the software, is a mail filter to identify spam.  It is 
designed for easy integration into any email system.  The cost to 
develop such a software is estimated to be around US $1.1 million.

Regards,
-sm 

Re: MagicSpam

[Karl Pearson <ka...@ourldsfamily.com>]

Excellent points. I'm glad I'm not a 'common user'...

KLP

On Fri, 12 Sep 2008, Jesse Stroik wrote:

> Karl,
>
>
>> Ease of setup and use are not the primary reason for purchasing any 
>> product, IMO.
>
>
> Yes, but you aren't the common user.  Many commercial products *must* have 
> oversimplified setups if they want the largest possible customer base. 
> Consider the difference between the primary goals of spamassassin and 
> arbitrary commercial anti-spam solution:
>
> Spamassassin: To facilitate a community effort with the primary goal of 
> accurate reduction of spam.
>
> Commercial Product: to sell as much commercial product as possible, with the 
> goal being either short term profits or long term profits.
>
> A few years ago I bought a groupware that was configured as an open relay out 
> of the box.  When I contacted support about changing the default behavior, 
> they said that they would lose customers if they configured it securely out 
> of the box, so they didn't do it.
>
> Is spamassassin the best I've seen and worked with?  Absolutely.  Does 
> spamassassin cost more in sysadmin time and require a more competent sysadmin 
> to properly configure and maintain it?  Yes.  I've noticed in my own work 
> with spamassassin, especially under solaris, that more time spent configuring 
> it resulted in significantly better results.
>
> Best,
> Jesse
>

---
      _/  _/      _/      _/_/_/       ____________   __o
     _/ _/       _/      _/    _/     ____________  _-\<._
    _/_/        _/      _/_/_/                     (_)/ (_)
   _/ _/       _/      _/           ......................
  _/   _/ arl _/_/_/  _/ earson    KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---

Re: MagicSpam

[Jesse Stroik <js...@ssec.wisc.edu>]

Mouss,

mouss wrote:
> It's more than a "common user" question. while I can build an 
> *BSD/Debian/Centos box to do what I want, I did buy "COTS" firewalls, 
> backup servers, ... etc.


You're not talking about ease of setup, you're talking about quality and 
reliability of product.  Spamassassin doesn't require constant 
attention.  It has never caused a problem for me.  But if you are wiling 
to ensure your rulesets are updating properly and plugins are working, 
(in addition to occasionally evaluating new plugins), you can keep your 
performance remarkably high.

But that's the name of the game in this particular world.  Spammers 
change tactics.



> I personally don't like being called when on vacation, and more 
> importantly, I don't want a company to "rely" on me. Not only for 
> "loyalty", but also because I want to be able to quit when I want.


I don't know how to respond to his other than "well, duh."  No sysadmin 
worth his or her salt will throw a poor solution in place that would be 
either:

(1) difficult for future admins to maintain or
(2) cause an unreasonable amount of unexpected maintenance.

That's why you document the work you do and you stick with known, proven 
solutions where possible.  Spamassassin happens to be the best, most 
reliable anti-spam solution I've come across, which is why I use it. 
And I've clashed with an awful lot of poor spam solutions.

I will agree with you that you have to spend real money to do a lot of 
things well -- backups are a perfect example of this -- and in many 
cases you can compress time and effort with money.  But in the case of 
spam tagging/filtering, you're often not getting what you think you're 
getting with commercial anti-spam solutions.  Choose carefully.


> there's a common misconception about tools (software or hardware): the 
> out of the box syndrom. some people think that they will "put it in and 
> everything will go on" <words cut> 


I suggested that commercial software is often misconfigured out of the 
box and even provided a concrete example.  Where did I say it would just 
work?

Best,
Jesse

Re: MagicSpam

[mouss <mo...@netoyen.net>]

Jesse Stroik wrote:
> Karl,
> 
> 
>> Ease of setup and use are not the primary reason for purchasing any 
>> product, IMO.
> 
> 
> Yes, but you aren't the common user.  Many commercial products *must* 
> have oversimplified setups if they want the largest possible customer 
> base.  

It's more than a "common user" question. while I can build an 
*BSD/Debian/Centos box to do what I want, I did buy "COTS" firewalls, 
backup servers, ... etc.

I personally don't like being called when on vacation, and more 
importantly, I don't want a company to "rely" on me. Not only for 
"loyalty", but also because I want to be able to quit when I want.

This is probably because when I quitted my first employer, I had to help 
them for some time. and at the time, I and my ego did like it. but since 
then, I learned that it was bad for me and my employer.

> Consider the difference between the primary goals of spamassassin 
> and arbitrary commercial anti-spam solution:
> 
> Spamassassin: To facilitate a community effort with the primary goal of 
> accurate reduction of spam.
> 
> Commercial Product: to sell as much commercial product as possible, with 
> the goal being either short term profits or long term profits.
> 
> A few years ago I bought a groupware that was configured as an open 
> relay out of the box.  When I contacted support about changing the 
> default behavior, they said that they would lose customers if they 
> configured it securely out of the box, so they didn't do it.
> 
> Is spamassassin the best I've seen and worked with?  Absolutely.  Does 
> spamassassin cost more in sysadmin time and require a more competent 
> sysadmin to properly configure and maintain it?  Yes.  I've noticed in 
> my own work with spamassassin, especially under solaris, that more time 
> spent configuring it resulted in significantly better results.

there's a common misconception about tools (software or hardware): the 
out of the box syndrom. some people think that they will "put it in and 
everything will go on". This is wrong, whether it's open source or not. 
Tools don't work by themselves. How many times did I hear a customer say 
"... but it doesn't work..." and when asking "how is your DNS resolution 
configured?" I get "sorry? what do you exactly mean...?" argh. and I 
think many here have heared the classical "it started to fail this 
morning, but nothing changed"...

anyway, if people have enough resources to run a product, let them. if 
they can't, they'll need help. they may go with a commercial product 
that "works out of the box and is easy to administer" and/or they can 
contract someone to help them setup and maintain whatever product is 
better for them.

and back to magicfoo, there's not much info about it on the network. 
this is not a good sign.

Re: MagicSpam

[Jesse Stroik <js...@ssec.wisc.edu>]

Karl,


> Ease of setup and use are not the primary reason for purchasing any 
> product, IMO.


Yes, but you aren't the common user.  Many commercial products *must* 
have oversimplified setups if they want the largest possible customer 
base.  Consider the difference between the primary goals of spamassassin 
and arbitrary commercial anti-spam solution:

Spamassassin: To facilitate a community effort with the primary goal of 
accurate reduction of spam.

Commercial Product: to sell as much commercial product as possible, with 
the goal being either short term profits or long term profits.

A few years ago I bought a groupware that was configured as an open 
relay out of the box.  When I contacted support about changing the 
default behavior, they said that they would lose customers if they 
configured it securely out of the box, so they didn't do it.

Is spamassassin the best I've seen and worked with?  Absolutely.  Does 
spamassassin cost more in sysadmin time and require a more competent 
sysadmin to properly configure and maintain it?  Yes.  I've noticed in 
my own work with spamassassin, especially under solaris, that more time 
spent configuring it resulted in significantly better results.

Best,
Jesse

Re: MagicSpam

[Karl Pearson <ka...@ourldsfamily.com>]

On Thu, 11 Sep 2008, fchan wrote:

> Hi,
> Sorry I don't have experience with this product.
> I do have limited experience with Barracuda Networks appliance and I think is 
> a great product for an e-mail filter which I had experienced with my friend 
> to set up on their network & email server. It is easy to set up, configure 
> and maintain so for an alternative to spamassassin this is great alternative. 
> Price a fairly good and since they were a educational institute they got an 
> discount.
> http://www.barracudanetworks.com/ns/products/spam_overview.php

I have to violently disagree. As an administrator of a system with 184 
email groups and over 7000 subscribers on it, I absolutely hate Barracuda 
products. Out of the box, they specialize in creating huge amounts of 
backscatter (see http://en.wikipedia.org/wiki/Backscatter_(e-mail) for 
more info) which is SPAM.

Ease of setup and use are not the primary reason for purchasing any 
product, IMO.

Karl

>
> Frank
>
>> Does anybody have any experience with this product?
>> 
>> My company wants to replace SpamAssassin with this product, due to 
>> SpamAssassin being not being up to par other products.
>> 
>> My argument is that people we give SpamAssassin to have no clue how to use 
>> it and what it's designed to do, therefore they think it sucks.
>

---
      _/  _/      _/      _/_/_/       ____________   __o
     _/ _/       _/      _/    _/     ____________  _-\<._
    _/_/        _/      _/_/_/                     (_)/ (_)
   _/ _/       _/      _/           ......................
  _/   _/ arl _/_/_/  _/ earson    KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---

Re: MagicSpam

[fchan <fc...@molsci.org>]

Hi,
Sorry I don't have experience with this product.
I do have limited experience with Barracuda Networks appliance and I 
think is a great product for an e-mail filter which I had experienced 
with my friend to set up on their network & email server. It is easy 
to set up, configure and maintain so for an alternative to 
spamassassin this is great alternative. Price a fairly good and since 
they were a educational institute they got an discount.
http://www.barracudanetworks.com/ns/products/spam_overview.php

Frank

>Does anybody have any experience with this product?
>
>My company wants to replace SpamAssassin with this product, due to 
>SpamAssassin being not being up to par other products.
>
>My argument is that people we give SpamAssassin to have no clue how 
>to use it and what it's designed to do, therefore they think it 
>sucks.

Re: [SA] MagicSpam

[Adam Katz <an...@khopis.com>]

Aaron Wolfe wrote:
>> Even given a server that has these things, I'm surprised they 
>> have invented technology that can analyze a postfix install to 
>> the degree needed for correct installation of their product with 
>> no more than a single click.  With tech like that, I can't 
>> believe they haven't taken the world by storm.  Maybe they're 
>> still working on single click world domination technology.

richard@buzzhost.co.uk wrote:
> I have to totally agree. Postfix is *so* configurable that a single
>  point & click installer is just nonsense. I don't think Postfix 
> 'installation' as it is could be any easier than Debian: apt-get 
> install postfix. That's the easy bit. It's the configuration that 
> takes the skill.

I disagree.

This depends on the product's nature.  I believe MailChannels Traffic
Control does exactly that.  The "one-click" would be an RPM/DEB
package (or an actual GUI installer like BitRock) for Windows-style
sysadmins who need a GUI while other sysadmins would be able to
install with rpm or dpkg (or an included install binary/script) with a
single command.  All Traffic Control does is sit in front of the mail
server and act as a discriminating proxy.

Having not read any of MagicSpam's documentation, I can only assume
that their product acts somewhat similarly, directly intercepting
incoming mail as if it were the server, then doing some kind of
hand-off to the real mail server.  For 90+% of the users out there, no
configuration options would be needed, and for a good number of the
rest, a few menus could handle the bits that can't be resolved themselves.

Traffic Control's selective tarpits are enough to stop almost all
incoming spam, and the rest can be handled by a filter-based program
like SpamAssassin.  MagicSpam might do something similar.
Milter-greylist (which is outgrowing its name -- it now supports SPF,
DKIM, SpamAssassin, ...) currently has tarpitting in development.

> Fair play to Linuxmagic if they can offer the support - which is 
> what corporates want. Selling cobbled together open source is 
> nothing new.

Of course, the key to any of this is good support.  I suspect
MagicSpam uses their own ("patented") technology too, but that really
has nothing to do with this since it's quite clear that a supported
F/OSS spam-fighting bundle is itself quite profitable.

-- 
Adam Katz
khopesh on irc://irc.freenode.net/#spamassassin
http://khopesh.com/Anti-spam

Re: MagicSpam

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Wed, 2009-09-23 at 19:45 -0400, Aaron Wolfe wrote:
> On Wed, Sep 23, 2009 at 1:40 PM, linuxmagic <sa...@linuxmagic.com> wrote:
....
> 
> I really like this quote from their sales web site:
> 
> "Now you can have MagicSpam spam protection for your Postfix (Linux)
> Mail Servers. Complete with one click install"...
You are lucky. I could not even get their website to load. It just kept
timing out. Not sure I would want my mail processing to match that.
> 
> I am quite interested to see this "one click install" on my Postfix
> (Linux) Mail Server, as like most postfix servers there is no mouse or
> gui. 
Be fair, there is *one* curses based screen on install :-) 
http://img294.yfrog.com/i/postfix1.png/


>  Even given a server that has these things, I'm surprised they
> have invented technology that can analyze a postfix install to the
> degree needed for correct installation of their product with no more
> than a single click.  With tech like that, I can't believe they
> haven't taken the world by storm.  Maybe they're still working on
> single click world domination technology.
I have to totally agree. Postfix is *so* configurable that a single
point & click installer is just nonsense. I don't think Postfix
'installation' as it is could be any easier than Debian: apt-get install
postfix. That's the easy bit. It's the configuration that takes the
skill.

Fair play to Linuxmagic if they can offer the support - which is what
corporates want. Selling cobbled together open source is nothing new.
Some even bundle it together in a low spec PC:

http://www.barracudanetworks.com/ns/products/spam_overview.php

But you *do* get support for it. Hence the sales.

Re: MagicSpam

[Aaron Wolfe <aa...@gmail.com>]

On Wed, Sep 23, 2009 at 1:40 PM, linuxmagic <sa...@linuxmagic.com> wrote:
>
> Slightly old thread, but we should clear any misconceptions.  MagicSpam is
> NOT anything like SpamAssassin.  LinuxMagic has been developing Anti-Spam
> solutions for the ISP and Telco markets for quite some time, focusing on the
> SMTP transaction layer.  This approach gives a more 'Zero Day' style
> protection, as it can identify spam sources prior to accepting the email,
> reducing backscatter and overhead.
>
> Mail Servers should have the protection during the SMTP transaction, and we
> have been porting our technology to other mail servers which do not have
> this ability.  Our first ports were to Qmail style mail servers, and since
> then we have ported to many others including Linux and Windows platforms.
>
> Just visit the forums, and see what customers have to say about this
> product, as it speaks for itself.  We have patent pending technology in
> place, to provide for an especially unique methodology, and more
> importantly, we make it very easy to install and operate.
>
> http://www.magicspam.com and http://forums.wizard.ca/viewforum.php?f=16
>


I really like this quote from their sales web site:

"Now you can have MagicSpam spam protection for your Postfix (Linux)
Mail Servers. Complete with one click install"...

I am quite interested to see this "one click install" on my Postfix
(Linux) Mail Server, as like most postfix servers there is no mouse or
gui.  Even given a server that has these things, I'm surprised they
have invented technology that can analyze a postfix install to the
degree needed for correct installation of their product with no more
than a single click.  With tech like that, I can't believe they
haven't taken the world by storm.  Maybe they're still working on
single click world domination technology.

Re: MagicSpam

[Ted Mittelstaedt <te...@ipinc.net>]

Matus UHLAR - fantomas wrote:
> On 23.09.09 10:40, linuxmagic wrote:
>> Slightly old thread, but we should clear any misconceptions.  MagicSpam is
>> NOT anything like SpamAssassin.  LinuxMagic has been developing Anti-Spam
>> solutions for the ISP and Telco markets for quite some time, focusing on the
>> SMTP transaction layer.  This approach gives a more 'Zero Day' style
>> protection, as it can identify spam sources prior to accepting the email,
>> reducing backscatter and overhead.  
>>
>> Mail Servers should have the protection during the SMTP transaction, and we
>> have been porting our technology to other mail servers which do not have
>> this ability.  Our first ports were to Qmail style mail servers, and since
>> then we have ported to many others including Linux and Windows platforms.
>>
>> Just visit the forums, and see what customers have to say about this
>> product, as it speaks for itself.  We have patent pending technology in
>> place, to provide for an especially unique methodology, and more
>> importantly, we make it very easy to install and operate.
>>
>> http://www.magicspam.com and http://forums.wizard.ca/viewforum.php?f=16
> 
> and where may I find some usefull info, except positive feedbacks in the
> forum and marketing bullsh*t on the page?
> 

Now, now.  It's been said many times that there's a whole host of 
corporate managers out there who are too incompetent/timid/whatever to
ever employ any solution in their enterprise that doesn't have a vendor
somewhere that they are paying money to.  This is a corporate mindset
thing, and IT managers with that mindset are not going to give a rat's
ass if there's community forums or not.

Those managers operate under the assumption that I'm going to bring
this vendor in and he's going to make his stuff work, and all I'm
going to do is pay him whatever he asks for with my employers money,
and by God if he makes me look bad by not getting his stuff to work, 
then I'll sue him for every penny I sent to him and then some.

If LinuxMagic wants to take a bunch of open source stuff and make it
work for those people, more power to them.  And if they kick some
development work back to the open source projects that they used as
a base, then fan tas-tilly-astic.

LM doesn't put pricing on their website for their stuff so that 
immediately puts them in the category of "if you have to ask you can't
afford it" just like those fancy French restaurants out there.

I don't dine there, and it sounds like you don't either, so why
waste your breath bitching at those who do?

Ted

Re: MagicSpam

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

On 23.09.09 10:40, linuxmagic wrote:
> Slightly old thread, but we should clear any misconceptions.  MagicSpam is
> NOT anything like SpamAssassin.  LinuxMagic has been developing Anti-Spam
> solutions for the ISP and Telco markets for quite some time, focusing on the
> SMTP transaction layer.  This approach gives a more 'Zero Day' style
> protection, as it can identify spam sources prior to accepting the email,
> reducing backscatter and overhead.  
> 
> Mail Servers should have the protection during the SMTP transaction, and we
> have been porting our technology to other mail servers which do not have
> this ability.  Our first ports were to Qmail style mail servers, and since
> then we have ported to many others including Linux and Windows platforms.
> 
> Just visit the forums, and see what customers have to say about this
> product, as it speaks for itself.  We have patent pending technology in
> place, to provide for an especially unique methodology, and more
> importantly, we make it very easy to install and operate.
> 
> http://www.magicspam.com and http://forums.wizard.ca/viewforum.php?f=16

and where may I find some usefull info, except positive feedbacks in the
forum and marketing bullsh*t on the page?

> Aaron Wolfe wrote:
> > 
> > On Thu, Sep 11, 2008 at 1:11 PM,  <ro...@unrealstyle.com> wrote:
> >> Does anybody have any experience with this product?
> >>
> > 
> > It appears *noone* has any experience with it... Google finds only 2
> > links and they are on the company's own homepage.
> > 
> >> My company wants to replace SpamAssassin with this product, due to
> >> SpamAssassin being not being up to par other products.
> > 
> > What is the evidence for this statement?  I move customers from
> > commercial solutions to my company's SA based filtering regularly and
> > they are typically very impressed with what we can do for them with
> > Spamassassin.
> > 
> >>
> >> My argument is that people we give SpamAssassin to have no clue how to
> >> use
> >> it and what it's designed to do, therefore they think it sucks.
> >>
> > 
> > Why would your users even need to know you are using SA?  How are they
> > supposed to "use" it?  Just configure it to make spam go away and they
> > should be OK with that.  You can set up some sort of quarantine or
> > tagging system but people generally aren't going to use it much.
> > 
> >>
> >>
> >>
> > 
> > From what I can find of the company behind this Magic thing, it looks
> > like their products are repackaged open source software.  (Their
> > "MagicMail" product appears to be qmail).  There's a pretty decent
> > change they are selling you Spamassassin anyway :)

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901

Re: MagicSpam

[RW <rw...@googlemail.com>]

On Thu, 24 Sep 2009 11:07:09 +1200
Jason Haar <Ja...@trimble.co.nz> wrote:

> On 09/24/2009 10:36 AM, RW wrote:
> >
> > None of that really distinguishes it from SpamAssassin, people have
> > been using SA that way for many years.
> >   
> This is turning into a "I don't understand why everyone doesn't do
> everything themselves" thread.

I think it's more of a  "I don't like marketing bullshit" thread.

Re: MagicSpam

[Jason Haar <Ja...@trimble.co.nz>]

On 09/24/2009 10:36 AM, RW wrote:
>
> None of that really distinguishes it from SpamAssassin, people have
> been using SA that way for many years.
>   
This is turning into a "I don't understand why everyone doesn't do
everything themselves" thread.

Face it: by being on this list we have all declared we are "do it
yourself" type people. Guess what - large chunks of the world aren't,
and those need to buy solutions from others. Running SA isn't "just" an
issue of installing it. It has to be integrated with a MTA for starters
- there goes 99.9% of your audience already ("what do you mean? I have
to run a mail server before I can get rid of the spam?!?"). Then you've
got to make decisions on what "addons" to use, bayes or not, OCR or not,
which RBLs (starting with: what is an RBL), wash, rinse, repeat.

Packaged products (commercial or otherwise) are in fact for most people.
SA is not for most people (directly).

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Re: MagicSpam

[RW <rw...@googlemail.com>]

On Thu, 24 Sep 2009 01:00:20 +0200
Karsten Bräckelmann <gu...@rudersport.de> wrote:

> On Wed, 2009-09-23 at 15:54 -0700, Ted Mittelstaedt wrote:
> > RW wrote:
> > > Incidently the point about backscatter is wrong. The traditional
> > > approach of classifying, and then discarding or filing to a spam
> > > folder, produces zero backscatter from spam. Backscatter is
> > > actually caused by rejecting at the SMTP level - when it's done
> > > on the wrong SMTP transaction.
> > 
> > Say what?!?!?
> > 
> > http://en.wikipedia.org/wiki/Backscatter_(e-mail)
> > 
> > "...The recipient mail servers then use the (potentially forged) 
> > sender's address to attempt a good-faith effort to report the
> > problem to the apparent sender...."
> > 
> > There's 2 separate and independent SMTP transactions here.
> > 
> > The first is the spammer to the recipient mailserver.
> > 
> > The second is the recipient mailserver to the apparent sender.
> > 
> > "rejecting at the SMTP level" makes no sense at all in your context.
> 
> It does.  What you just described, however, is *bouncing*, a.k.a.
> "rejecting after accepting". That's not rejecting -- by the MX, mind
> you.

It's not just straightforward bouncing, poorly set-up backup mx servers,
intermediate forwarding servers, open-relays etc can all contribute
to extra backscatter. If you compare it with the tradition delivery
approach which produces zero dsn backscatter the claim of reduced
backscatter seems bogus to me.

Re: MagicSpam

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2009-09-23 at 15:54 -0700, Ted Mittelstaedt wrote:
> RW wrote:
> > Incidently the point about backscatter is wrong. The traditional
> > approach of classifying, and then discarding or filing to a spam folder,
> > produces zero backscatter from spam. Backscatter is actually caused by
> > rejecting at the SMTP level - when it's done on the wrong
> > SMTP transaction.
> 
> Say what?!?!?
> 
> http://en.wikipedia.org/wiki/Backscatter_(e-mail)
> 
> "...The recipient mail servers then use the (potentially forged) 
> sender's address to attempt a good-faith effort to report the problem to 
> the apparent sender...."
> 
> There's 2 separate and independent SMTP transactions here.
> 
> The first is the spammer to the recipient mailserver.
> 
> The second is the recipient mailserver to the apparent sender.
> 
> "rejecting at the SMTP level" makes no sense at all in your context.

It does.  What you just described, however, is *bouncing*, a.k.a.
"rejecting after accepting". That's not rejecting -- by the MX, mind
you.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: MagicSpam

[Ted Mittelstaedt <te...@ipinc.net>]

RW wrote:
> On Wed, 23 Sep 2009 10:40:11 -0700 (PDT)
> linuxmagic <sa...@linuxmagic.com> wrote:
> 
>> Slightly old thread, but we should clear any misconceptions.
>> MagicSpam is NOT anything like SpamAssassin.  LinuxMagic has been
>> developing Anti-Spam solutions for the ISP and Telco markets for
>> quite some time, focusing on the SMTP transaction layer.  This
>> approach gives a more 'Zero Day' style protection, as it can identify
>> spam sources prior to accepting the email, reducing backscatter and
>> overhead.  
> 
> None of that really distinguishes it from SpamAssassin, people have
> been using SA that way for many years.
> 
> Incidently the point about backscatter is wrong. The traditional
> approach of classifying, and then discarding or filing to a spam folder,
> produces zero backscatter from spam. Backscatter is actually caused by
> rejecting at the SMTP level - when it's done on the wrong
> SMTP transaction.
>  

Say what?!?!?

http://en.wikipedia.org/wiki/Backscatter_(e-mail)

"...The recipient mail servers then use the (potentially forged) 
sender's address to attempt a good-faith effort to report the problem to 
the apparent sender...."

There's 2 separate and independent SMTP transactions here.

The first is the spammer to the recipient mailserver.

The second is the recipient mailserver to the apparent sender.

"rejecting at the SMTP level" makes no sense at all in your context.

Ted

Re: MagicSpam

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2009-09-23 at 23:36 +0100, RW wrote:
> On Wed, 23 Sep 2009 10:40:11 -0700 (PDT) <sa...@linuxmagic.com> wrote:
> 
> > Slightly old thread, but we should clear any misconceptions.

Indeed, it is. A *year* old.

> > MagicSpam is NOT anything like SpamAssassin.  LinuxMagic has been

Thanks for pointing that out. So you still need SA. ;)

> > developing Anti-Spam solutions for the ISP and Telco markets for
> > quite some time, focusing on the SMTP transaction layer.  This
> > approach gives a more 'Zero Day' style protection, as it can identify
> > spam sources prior to accepting the email, reducing backscatter and
> > overhead.  
> 
> None of that really distinguishes it from SpamAssassin, people have
> been using SA that way for many years.

What I like most is the quotes around the "zero day" used by sales. Yes,
indeed, sales! :)  Which eloquently points out the fact is has nothing,
really nada, to do with the term "zero day" as used by anyone into
security.

Thanks for highlighting the buzz-words.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: MagicSpam

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Thu, 2009-09-24 at 12:51 +0100, RW wrote:
> On Thu, 24 Sep 2009 06:46:42 +0100
> "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk> wrote:
> 
> > On Wed, 2009-09-23 at 23:36 +0100, RW wrote:
> > > On Wed, 23 Sep 2009 10:40:11 -0700 (PDT)
> > > linuxmagic <sa...@linuxmagic.com> wrote:
> > > 
> > 
> > > Incidently the point about backscatter is wrong. The traditional
> > > approach of classifying, and then discarding or filing to a spam
> > > folder, produces zero backscatter from spam. Backscatter is
> > > actually caused by rejecting at the SMTP level - when it's done on
> > > the wrong SMTP transaction.
> > 
> > That is *not* correct. 
>  
> I clarified what I meant by that well before you posted.  
Perhaps I missed a post? Can you remind me what you said?
Thanks.

Re: MagicSpam

[RW <rw...@googlemail.com>]

On Thu, 24 Sep 2009 06:46:42 +0100
"richard@buzzhost.co.uk" <ri...@buzzhost.co.uk> wrote:

> On Wed, 2009-09-23 at 23:36 +0100, RW wrote:
> > On Wed, 23 Sep 2009 10:40:11 -0700 (PDT)
> > linuxmagic <sa...@linuxmagic.com> wrote:
> > 
> 
> > Incidently the point about backscatter is wrong. The traditional
> > approach of classifying, and then discarding or filing to a spam
> > folder, produces zero backscatter from spam. Backscatter is
> > actually caused by rejecting at the SMTP level - when it's done on
> > the wrong SMTP transaction.
> 
> That is *not* correct. 
 
I clarified what I meant by that well before you posted.  

Re: MagicSpam

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Wed, 2009-09-23 at 23:36 +0100, RW wrote:
> On Wed, 23 Sep 2009 10:40:11 -0700 (PDT)
> linuxmagic <sa...@linuxmagic.com> wrote:
> 

> Incidently the point about backscatter is wrong. The traditional
> approach of classifying, and then discarding or filing to a spam folder,
> produces zero backscatter from spam. Backscatter is actually caused by
> rejecting at the SMTP level - when it's done on the wrong
> SMTP transaction.

That is *not* correct. It results when mail is accepted at the SMTP
level, but for some reason it cannot subsequentially be delivered.

Rejecting at the SMTP level results in a SMTP error, not a bounce.

Re: MagicSpam

[RW <rw...@googlemail.com>]

On Wed, 23 Sep 2009 10:40:11 -0700 (PDT)
linuxmagic <sa...@linuxmagic.com> wrote:

> 
> Slightly old thread, but we should clear any misconceptions.
> MagicSpam is NOT anything like SpamAssassin.  LinuxMagic has been
> developing Anti-Spam solutions for the ISP and Telco markets for
> quite some time, focusing on the SMTP transaction layer.  This
> approach gives a more 'Zero Day' style protection, as it can identify
> spam sources prior to accepting the email, reducing backscatter and
> overhead.  

None of that really distinguishes it from SpamAssassin, people have
been using SA that way for many years.

Incidently the point about backscatter is wrong. The traditional
approach of classifying, and then discarding or filing to a spam folder,
produces zero backscatter from spam. Backscatter is actually caused by
rejecting at the SMTP level - when it's done on the wrong
SMTP transaction.
 

Re: MagicSpam

[linuxmagic <sa...@linuxmagic.com>]

Slightly old thread, but we should clear any misconceptions.  MagicSpam is
NOT anything like SpamAssassin.  LinuxMagic has been developing Anti-Spam
solutions for the ISP and Telco markets for quite some time, focusing on the
SMTP transaction layer.  This approach gives a more 'Zero Day' style
protection, as it can identify spam sources prior to accepting the email,
reducing backscatter and overhead.  

Mail Servers should have the protection during the SMTP transaction, and we
have been porting our technology to other mail servers which do not have
this ability.  Our first ports were to Qmail style mail servers, and since
then we have ported to many others including Linux and Windows platforms.

Just visit the forums, and see what customers have to say about this
product, as it speaks for itself.  We have patent pending technology in
place, to provide for an especially unique methodology, and more
importantly, we make it very easy to install and operate.

http://www.magicspam.com and http://forums.wizard.ca/viewforum.php?f=16


Aaron Wolfe wrote:
> 
> On Thu, Sep 11, 2008 at 1:11 PM,  <ro...@unrealstyle.com> wrote:
>> Does anybody have any experience with this product?
>>
> 
> It appears *noone* has any experience with it... Google finds only 2
> links and they are on the company's own homepage.
> 
>> My company wants to replace SpamAssassin with this product, due to
>> SpamAssassin being not being up to par other products.
> 
> What is the evidence for this statement?  I move customers from
> commercial solutions to my company's SA based filtering regularly and
> they are typically very impressed with what we can do for them with
> Spamassassin.
> 
>>
>> My argument is that people we give SpamAssassin to have no clue how to
>> use
>> it and what it's designed to do, therefore they think it sucks.
>>
> 
> Why would your users even need to know you are using SA?  How are they
> supposed to "use" it?  Just configure it to make spam go away and they
> should be OK with that.  You can set up some sort of quarantine or
> tagging system but people generally aren't going to use it much.
> 
>>
>>
>>
> 
> From what I can find of the company behind this Magic thing, it looks
> like their products are repackaged open source software.  (Their
> "MagicMail" product appears to be qmail).  There's a pretty decent
> change they are selling you Spamassassin anyway :)
> 
> 

-- 
View this message in context: http://www.nabble.com/MagicSpam-tp19439845p25531228.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: MagicSpam

[Aaron Wolfe <aa...@gmail.com>]

On Thu, Sep 11, 2008 at 1:11 PM,  <ro...@unrealstyle.com> wrote:
> Does anybody have any experience with this product?
>

It appears *noone* has any experience with it... Google finds only 2
links and they are on the company's own homepage.

> My company wants to replace SpamAssassin with this product, due to
> SpamAssassin being not being up to par other products.

What is the evidence for this statement?  I move customers from
commercial solutions to my company's SA based filtering regularly and
they are typically very impressed with what we can do for them with
Spamassassin.

>
> My argument is that people we give SpamAssassin to have no clue how to use
> it and what it's designed to do, therefore they think it sucks.
>

Why would your users even need to know you are using SA?  How are they
supposed to "use" it?  Just configure it to make spam go away and they
should be OK with that.  You can set up some sort of quarantine or
tagging system but people generally aren't going to use it much.

>
>
>

>From what I can find of the company behind this Magic thing, it looks
like their products are repackaged open source software.  (Their
"MagicMail" product appears to be qmail).  There's a pretty decent
change they are selling you Spamassassin anyway :)

RE: MagicSpam

["Koopmann, Jan-Peter" <ja...@koopmann.eu>]

Well,

since many guys are recommending "what they use" (IronPort, Barracuda) I
thought I might bring BarricadeMX from Fort Systems into the game. Have
a look at them. It is _very_ efficient and can be configured to use
SpamAssassin as well. Comes with a very easy install for CentOS 5.2. 

Kind regards,
  JP