SurGATE Messaging Suite will be generally available soon.

Published on 08/02/2012 in SurGATE. 0 Comments Tags: , , .

After building successful messaging gateway solution with SurGATE Messaging Gateway, we started to developing

Email messaging suite solution with many exciting features. The solution will be generally available at the beginning of March 2012.

Our m

Here is the main features:

 

  • LDAP based architecture:  The core MTA has LDAP support for high performance, scalability.
  • External Active Directory Support: In addition to LDAP feature, SurGATE Messaging Suite can authenticate users from external Active Directory or LDAP
  • Web Admin Panel:  User and group management, user based privileges, quotas, forwarder/alternative addressed,permissions. Multiple domains, Advanced configuration, Server statistics/reports, Mail diagnostics
  • End User Panel: Users can change the password, add/remove forwarding addresses and set vacation message from the GUI.
  • Mail Archiving Feature: All incoming/outgoing messages can be saved in another storage on the server. If needed, admin/user can resend mail the mailbox. This feature can be enabled per user/per domain.
  • Mobile Device support: Access email anywhere on web. PUSH email support for mobile devices

Hide IP address of authenticated user patch for qmail

Published on 13/09/2011 in Open Source. 0 Comments

As SurGATE Labs team, we created a small patch to hide ip address of authenticated user for qmail.

For easy configuration we defined HIDECLIENTIP environment variable to enable/disable this feature without re-compiling qmail source code.

Usage:

  1.  Copy the following patch lines into a file called qmail-hideip.patch Apply the following patch to netqmail
    # cd netqmail-version
    # patch < qmail-hideip.patch
    #make
  2. Stop qmail, take backup of qmail-smtpd and copy new qmail-smtpd binary to /var/qmail/bin
  3. Add HIDECLIENTIP variable into tcp.smtp(or any other tcprules file to create cdb file defined in qmail-smtpd/run) and run create new tcp.smtp.cdb file
    Example:
    Before:
    :allow
    After:
    :allow,HIDECLIENTIP=”"
# diff -ruN received.c.orig received.c
--- received.c.orig     2011-09-12 23:24:56.222336786 +0300
+++ received.c  2011-09-12 23:28:01.807343584 +0300
@@ -21,6 +21,9 @@
return 0;
}

+char *relayclient;
+char *hideip;
+
void safeput(qqt,s)
struct qmail *qqt;
char *s;
@@ -60,7 +63,17 @@
safeput(qqt,remoteinfo);
qmail_puts(qqt,"@");
}
+ hideip = env_get("HIDECLIENTIP");
+ if(hideip) {
+        relayclient = env_get("RELAYCLIENT");
+        if (relayclient)
+                 qmail_puts(qqt,"Authenticated User");
+         else
+               safeput(qqt,remoteip);
+}
+ else
safeput(qqt,remoteip);

Beware of Akbank Phishing!

Published on 05/09/2011 in Phishing, SPAM and SurGATE. 0 Comments

Recently, we are experiencing phishing mail claims that coming from Akbank.

If you receive an email like following, please simply delete!

If you are SurGATE  customer, no worry! SurGATE already catched the spam!

As SurGATE Labs team, we pushed additional spam signature for  this phishing attack for safety.

X-Sender-Info: <244794953@icpu1178.kundenserver.de>
Date: Mon, 05 Sep 2011 10:26:36 +0200
Message-Id: <4AgJk2-1R0UVo2CMt-00064w@icpu1178.kundenserver.de>
Precedence: bulk
To: myemail@domain.com
Subject: Hesabinizi dogrulamak
From: Akbank
 Lütfen buraya tıklayın

From SurGATE Labs Internal Trainings: Introduction to IPv6 Networking

Published on 27/07/2011 in SurGATE. 0 Comments

As part of preparing our development and IT systems for a migration to IPv6, our R&D team has gone through a company internal training session today at our R&D facility

The topics covered were basically introduction to Ipv6, IPv4 vs Ipv6 comparison, advancements offered by IPv6 protocol,SurGATE IPv6 network infrastructure, practical Ipv6 configuration for Linux and BSD Operating systems.

Some more advanced topics like Ipv6 header structure, extension headers and IPv6 security were also discussed.

SurGATE Messaging Gateway 3.0 New Features

Published on 12/05/2011 in SurGATE. 0 Comments

Surgate Labs, one of the leading solution providers in the e-mail security industry, has just come out with the new version 3.0. This version has many new innovations that cover all the needs of their customers.

SurGATE 3.0 was tested by Checkmark Anti-Spam gaining a total of 99% capture rate on malware and viruses giving it the Anti-Spam Premium Certificate, which is currently the highest achievable certificate. The Checkmark system is known to be a standard for quality testing and certification. They use solid and independent standards within their tests.

What’s New

Local User Database

With Surgate’s LDAP integration, e-mails send from non-existent users are blocked from SMTP. For customers that do not have an LDAP system, we have an alternative solution. Users can now be stored on the SurGATE Messaging Gateway in a local DB. This feature is for environments that currently don’t have LDAP servers. They too can now block emails from the SMTP level.

VMware Virtual Appliance

With the new version, customers can now utilize their VMware infrastructure to use Surgate VM version as a virtual appliance.

Advanced SPAM Engine

With the 99.7% spam and malware capture rate, Surgate is a great solution for small startups and also large Enterprises. With the new spam engine and the spam catching mechanism, eliminating spam has been brought to the next level. Both spam engines are now active for maximum protection.
LDAP Cache and Secondary LDAP Server

Surgate can keep common lookups from the LDAP server in its cache. This way it can quickly authenticate users without wasting time. The performance in user querying has increased greatly with this. Users can now configure a backup LDAP server. When the main LDAP server isn’t reachable for any reason, the backup LDAP server takes its place right away.

Domain and IP Based Greylist Ignore

With the new version, users can now set IP’s and domains that they trust so that they never fall in the Greylist.

Disclaimer

Disclaimers can now be added based on domains. With this companies with multiple domains can add texts at the end of their emails that are sent.

User Friendly

The new Surgate more user-friendly for the system administrators and also gives out detailed reporting. The new CLI is more flexible. Getting data from the console is now a very easy process. Getting hourly, daily, weekly, monthly, and yearly system statistics is possible.

Quarantine Webmail

Every user now has access to their quarantined email via webmail. With this users can see all their emails that have been filtered out and take actions upon them. For example if there is an email that was marked as spam by mistake, the user can resend that email to himself/herself.

SMTP IPS Improvements

SMTP IPS which takes SurGATE Messaging Gateway one step further from the competition has been improved in the release as well. The tarpitting method has been added to block mass email senders. This makes Surgate reply slowly so that the resources are saved for more important emails.

Besides tarpitting, the Early Talker Detection method has also been added for senders that don’t wait for the “220 Welcome” message.
IPv6 Ready Appliance

SurGATE Messaging Gateway, is now ready for IPv6 out of the box with its renewed MTA and OS.

Facebook Phishing Scam

Published on 12/04/2011 in Facebook, SPAM and SurGATE. 0 Comments Tags: , , .

Facebook is the most popular social-networking web site for people as well as spammers!

SurGATE Labs reports that attackers sending mail from facebook.com domains every minutes.  So double-check the mails claims that are coming from facebook. Here is some from address that used by spammers:

2011-04-12 11:19:15: [56837-1302596353-962595] remote ip 203.86.153.52 rejected by spf policy (sender: help@facebook.com)
2011-04-12 11:19:15: [56855-1302596355-73646] remote ip 213.198.237.105 rejected by spf policy (sender: support@facebook.com)
2011-04-12 11:19:26: [56940-1302596364-488172] remote ip 94.96.51.203 rejected by spf policy (sender: service@facebook.com)
2011-04-12 11:19:40: [57169-1302596379-943990] remote ip 83.54.100.245 rejected by spf policy (sender: helping@facebook.com)
2011-04-12 11:19:42: [57109-1302596379-712238] remote ip 77.44.103.7 rejected by spf policy (sender: manager@facebook.com)
2011-04-12 11:19:46: [57245-1302596385-926946] remote ip 173.21.215.231 rejected by spf policy (sender: service@facebook.com)
2011-04-12 11:19:52: [57307-1302596390-803589] remote ip 67.232.199.98 rejected by spf policy (sender: account@facebook.com)
2011-04-12 11:19:56: [57366-1302596396-48382] remote ip 203.86.153.52 rejected by spf policy (sender: helping@facebook.com)
2011-04-12 11:20:05: [57586-1302596404-934744] remote ip 203.86.153.52 rejected by spf policy (sender: account@facebook.com)
2011-04-12 11:20:14: [57798-1302596414-162892] remote ip 99.130.143.118 rejected by spf policy (sender: official@facebook.com)
2011-04-12 11:20:20: [57857-1302596417-600338] remote ip 203.86.153.52 rejected by spf policy (sender: account@facebook.com)
2011-04-12 11:20:32: [58033-1302596432-571331] remote ip 109.90.66.165 rejected by spf policy (sender: help@facebook.com)
2011-04-12 11:20:40: [57983-1302596429-56932] remote ip 123.231.251.118 rejected by spf policy (sender: Nichollet@rambler.ru)
2011-04-12 11:20:48: [58244-1302596448-288612] remote ip 66.206.126.182 rejected by spf policy (sender: sign@facebook.com)
2011-04-12 11:21:02: [58337-1302596460-899499] remote ip 79.121.187.116 rejected by spf policy (sender: information@facebook.com)
2011-04-12 11:21:04: [58555-1302596464-837367] remote ip 82.222.9.122 rejected by spf policy (sender: news@facebook.com)
2011-04-12 11:21:13: [58638-1302596473-285246] remote ip 69.137.180.173 rejected by spf policy (sender: official@facebook.com)
2011-04-12 11:21:18: [58713-1302596478-538290] remote ip 90.148.247.7 rejected by spf policy (sender: cevahirshipping@superonline.com)
2011-04-12 11:21:20: [58745-1302596480-427855] remote ip 82.222.9.122 rejected by spf policy (sender: account@facebook.com)
2011-04-12 11:21:23: [58754-1302596482-269801] remote ip 125.167.29.223 rejected by spf policy (sender: service@facebook.com)
2011-04-12 11:21:28: [58855-1302596488-134822] remote ip 76.103.235.97 rejected by spf policy (sender: helping@facebook.com)

Facebook Phishing Scam

“Gaddafi’s cousin” scam.

Published on 08/04/2011 in SPAM and SurGATE. 0 Comments

Spammers are abusing everything in the world!

New target of spammer is  “gaddafi’s cousin”!. Here is an example mail blocked by SurGATE Messaging Gateway

“From: “Ahmed Kaddaf Al-Dam” <ahmedkaddaf@eml.cc>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.22) Gecko/20090608 Thunderbird/2.0.0.22
MIME-Version: 1.0
To: “Webmaster” <core@domain.com>
Subject: [!! SPAM] CONFIDENTIAL

Greetings,

My name is Ahmed Kaddaf Al-Dam, Gaddafi’s cousin. I was a memeber of
Gaddafi’s inner cabinet until the international community began freezing
Libyan assets and of those considered to be Gaddafi’s associates. I have
lost nearly everything i have worked for all my life and now i am beign
hunted by Gaddafi’s special forces and sons who sees my defection as a
betrayal to their father.

My aim of contacting you, is to stand as a beneficiary for a multi-million
dollar stash i have overseas. I am taking this decision because it is my
last play. I have no other option but to source for a foreign silent partner
to recieive these funds. Trust is a very important issue here. Upon your
acceptance to my propsal, i will disclose the amount involved, whereabouts
and pick-up procedures of the money. Please kindly get back to me at my
private email address ahmed.kaddaf@safe-mail.net

Yours Sincerely
Ahmed Kaddaf

Below are a few links for verification
http://www.bbc.co.uk/news/world-africa-12860837
http://www.cbc.ca/news/business/story/2011/03/01/libya-cda-assets.html

The spammers are using Linux man pages in the spam to bypass bayesian

Published on 09/02/2011 in Quarantine, SPAM and SurGATE. 0 Comments Tags: , .

Hello,

Today, while we are testing quarantine webmail feature in our labs, I got a mail marked as a certainly spam in my SurGATE quarantine mailbox.

The funny part  is here, the  spammer puts the full bash man page to bypass or poison Bayesian database in html div area like below.

But he could not delivery the spam to our mailbox. It was matched by our spam signature database based on url and some other unique patterns in the mail.

</p><p align=”center”><em>YoshiBlade</em> is located at P.O Box 600991 San Diego, CA 92160.<br>
To be Removed from future YoshiBlade mailings, please Click Here!

<img src=”http://SPAMURL/images/a9a4f56d217106465337951325968172954699.gif” border=”0″>
</body>
</html>
<div style=”color:white; font-size:1%; line-height:1px”>

WeNeedYourConfirmationFor1500Deposit
WeNeedYourConfirmationFor1500Deposit
WeNeedYourConfirmationFor1500Deposit

Search

Linux
HomeComputing & TechnologyLinux

SharePrint
LinuxGet StartedExplore LinuxBecome a Guru
Filed In:Linux
Linux / Unix Command: bash

Command Library
NAME

bash – GNU Bourne-Again SHell
SYNOPSIS

….

</p><p align=”center”><em>YoshiBlade</em> is located at P.O Box 600991 San Diego, CA 92160.<br>
To be Removed from future YoshiBlade mailings, please Click Here!

<img src=”http://ihi219.just212011.info/images/a9a4f56d217106465337951325968172954699.gif” border=”0″>
</body>
</html>
<div style=”color:white; font-size:1%; line-height:1px”>

WeNeedYourConfirmationFor1500Deposit
WeNeedYourConfirmationFor1500Deposit
WeNeedYourConfirmationFor1500Deposit

Search

Linux
HomeComputing & TechnologyLinux

SharePrint
LinuxGet StartedExplore LinuxBecome a Guru
Filed In:Linux
Linux / Unix Command: bash

Command Library
NAME

bash – GNU Bourne-Again SHell
SYNOPSIS

Initial version of quarantine webmail feature committed on SurGATE trunk

Published on 07/02/2011 in Quarantine and SurGATE. 0 Comments Tags: , .

Hello,

Today, I am happy to announce that we completed initial version of quarantine webmail on SurGATE development branch.

We developed self account creation to access quarantine webmail by the users.  If the user domain is managed by SurGATE, we sent an  account activation URL to user’s email address. After the user click on the activation link, he can set his own password.

Then, he can access the his quarantine mailbox with this password. Here is the draft  welcome page. We will improve this page usability before the release!

New approach to SPF to stop receving spams from yourself!

Published on 28/01/2011 in SPR and SurGATE. 0 Comments Tags: .

Hello,

You probably have received  a spam from  your e-mail address  to yourself in the past. To stop this kind of abuse, people invested SPF technology.

A quick introduction to SPF

SPF(Sender Policy Framework)  allows administrators to specify which hosts  are allowed to send e-mail from the domain. To achieve this,  you  should create a TXT entry for you domain(s).

How it works

First of all, defining SPF record for your domains is not enough.  The receivers must also enable SPF query on the MTA or messaging gateway.

If SPF enabled on the remote box that receives email from you or spammers that use your domain,  the remote box issues a DNS TXT query to get your SPF records. It tries to match sender IP with the SPF records. If the sender remote IP does not match. It may accept the mail or not. It also depends on your SPF rule. If you create a rule ending with -all (deny does not match) the receiver will simply reject the mail during the SMTP session. If your rules have something else then -all (maybe ?all) , the receiver will continue the accept email from “your domain”.   You can visit http://www.openspf.org for details

The problem:

SPF sounds good but unfortunately, it has a problem!

SPF breaks SMTP forwarding case where an MTA forwards e-mail to someone. In this case SPF does not match the allowed host in SPF,even if the mail originated by your one of the allowed server.

Example. You send a mail to your friend’s Gmail account. But your friend forwards his mail at Gmail to his company email.

When your friend company email receives your email, it will try to match the sender IP (in this case it is Gmail IP address) with your SPF record(Because from is still your @domain). Hence you did not put  Gmail IPs to SPF records. The mail server will reject your legitimate mail.

If this rejected mail belongs to your boss,  it is inevitable to disable your SPF record immediately! So you will lose all functionality of the SPF. Also you will continue to receive spam from your domain! And again, your boss will not happy when he receives email from himself…

This scenario is vice-verse, your MTA/Gateway may reject someone’s mail because of forwarding issue.

What we did?

As SurGATE Labs R&D team, to stop receiving forgery mail from yourself, we did not want to create a solution by defining allowed hosts for your domains  in MTA/Gateway.

We changed behavior of SPF to work only for your own hosted domains on SurGATE. As you can see below, you can choose to SPF work only for your domains.  If you set SPF level 4(Reject mail when SPF resolves to softfail) and “Only for hosted domains”  your SurGATE will  not try SPF query for external domains. But If a spammer set from address to one of your domain, It will be rejected.

I believe that this is safer approach than native SPF. And your boss will not worry about issues mentioned above.

Ismail YENIGUL

SurGATE Labs CTO

method to prevent sender address forgery.