XWall News...

CCS better than ever

	Increasingly smarter spamers causing problem for many spam filters. Not so for XWall. The Central Checksum Service which XWall offers for the past two years is not only an early warning system but it's a formidable defense against the ECARDS, PDF spam and all sorts of undesirable email. There is something all spamers have in common. It's quantity - the more spam they send the more profits they can expect. That's exactly where XWall CCS enters the picture. The CCS is based on a message body checksum. All XWalls with CCS send their checksums to the central server and it keeps track of the bad guys. Actually the more spam the better it gets. A year ago you may considered CCS to catch an other percent or two of your spam. Today it's getting to be a premier tool to catch spam. Take a look at the screenshots. Not only has CCS moved up in the ranks, it catches a lot of spam other filters will not. Best of all it stops new variant of spam without your intervention. CCS offers you ways to combat E-CARD and other virus outbreaks. The XWall CENTRAL CHECKSUM SERVICE is just the tool to take on the ecards. Some viruses and e-cards literally outrun the virus scanner but they do not escape this XWall service. CCS BASICS is an add-on to XWall. It is available based on a yearly subscription of 99.00 per XWall or XWall ISP license. Anytime there is a large scale mailing (Spam, Virues) your XWall server will start seeing these messages and so do thousands of other XWall installations. The XWall Central Checksum Server will log them and within minutes your XWall can protect your mail server from the virus or ecards. US customers click for a 1 year subscription $99.00 EU customers click for a 1 year subscription $118.00
Click thumbnails for larger screenshot.

XWall 3.41 is ready for the new spam season

• New: Improved support for x64 operating systems
  
• New: Detect mail traffic spikes from a domain or IP address using senderbase (http://www.senderbase.org ) ( Options->Spam->Senderbase )
  
• New: Block PDF spam in Options->Spam->Image
  
• New: Block RAR-ZIP spam in Options->Spam->Image
  
• New: Support delay between SMTP commands ( Throttling )
  
• New: Heuristic checks for stock offers
  
• New: Manage the White List by send a message with an e-mail in the subject ( Options->Global Exclude->White List )
  
• New: On startup XWall creates the directories for the statistic, the logfile and the history
  
• New: History can be limited to inbound or outbound messages
  
• New: History can be limited to specific e-mail addresses
  
• New: Multi line SMTP banner
  
• New: FQDN of the sender in the block statistic file
  
• New: Support for converting an Exchange IMCEAFAX address to a eFax SMTP address
  
• New: The logfile shows when processing a DomainKey or DKMI message
• New: Image spam allows user defined size
  
• New: SPF exclude can be limited to a list of e-mail addresses
  
• New: SMTP authentication using a custom application
  
• New: SMTP authentication proxy against the Exchange

Don't forget to check our ongoing developments in the Beta release section.

XWall fights current spam issues

ECARD VARIANT welcome letter.

The first variant of the Ecard Zombie showed up in my Inbox today. It thanks you for signing up and includes a link to a website .... bad news of course. But there is good news. Your current Xwall (3.29+) can block the ip address. Add a string http://#.#.#.# in admin-> option-> blocking-> html

ECARD greeting card spam is presenting new issues.

Some Ecard messages are downloading zombie viruses by just opening the message. What makes it worse currently the virus is undetectable by most virus scanner. We recommend that you add subject blocks in XWall for words like ecard, postcard, greetingcard, school-mate, familymember, class-mate and so on. Many of these fake ecard messages are caught already by the CCS, SLS and SURBL filters.

PDF the latest spam vehicle It seems the spamers figured out that you consider PDF as save to pass through your spam filter. You can't just block PDF's or you loose invoices, documents and other things typically emailed as PDF. The PDF issue is addresses in the current XWall beta releases and you find additional help in the forum under Image Spam.

Stock Spam here to stay?
We all see it. An image in a message telling you to buy that great stock. Don't try to block the symbols. They are part of the image. Is this spam working for the spammer? You be the judge. more...

New Site XWALL.NET
Ceratec has maintained the XWall.us sites for years. We were able to secure the XWall.net domain and are moving the site. However, it's not just a move - it's a brand new look.

XWall ISP
The new XWall product is designed for ISPs and enterprises with satellite offices. The standard XWall license only allows XWall to be used for a single exchange or mail server. If mail forwarding to another server is chosen, it will not filter the mail. However, XWall ISP will filter the mail and forward it to other mail servers.

New in XWall 3.40

• Block image spam (message with a background picture) in Options->Spam->Image

• Automatically block IP addresses that send spam messages ( Options->Blocking->Auto IP)

• Any on-access virus scanner can be used to scan the messages ( Options->Virus->On-Access Scan)

• Global White List shared among all customers
  ( Options->Global Exclude->White List->Global White List )

• French, Italian and Spanish are now available, together with the previous English and German

• XWall auto detects the language based on the language of Windows,
  but you can manually set it in Options->Advanced->Language

• Each incoming messages gets a unique ID and the logfile shows the ID when the message is processed and sent

• field UniqueID in SR*.csv

• Exe are now digitally signed

• XWall automatically disables ESMTP CHUNKING if the receiving server can't handle it

• SURBL can use multiply services

• Heuristic detects prose stock spam

• Heuristic checks for large paragraphs
  
  

New in XWall 3.38

• Block image spam (empty message with a picture) in Options->Spam->Image
  

• Approve the method and action using an external program (Options->Spam->Approve)
  

• Heuristic checks for a space in RCPT TO: command
  

• Suppress disclaimer on reply and forward
  (Options->Transit->Disclaimer->No disclaimer on reply or forward)
  

• At startup XWall checks if the name server can resolve a MX record
  

New in XWall 3.37

• New: heuristic method checks for empty messages with a picture
  

• New: Decoding of recursive encoded attachments like the one created by Nyxem-D, Generic Malware.a and MyWife.d virus
  

• New: Reject the SMTP session for a blocked IP address (Options->Blocking->IP)
  

• New: SPF blocks on softfail and, optionally, on neutral
  

• New: Limit the number of messages that are accepted in a single inbound connection
  

• New: Session timeout to prevent an infinite connection with a honey pot or a faulty TLS session
  

• New: ESMTP PRIO (priority) command
  

• New: XWall processes messages based on priority
  Chg: XWall no longer converts an invalid sender address to a NULL-address to revert to the previous behavior add

• New: InboundESMTPConvInvalidReturnPathToBlank=True to XWall.ini
  

• Chg: Auto detecting the DNS server is more reliable when using more than one adapter
  - Chg: Excluding non-delivery reports from SLS/RBL
  - Chg: Heuristic pays attention to SPF softfail and neutral
  - Chg: Using DNS server queries even when all messages are relayed to a smart host
  

• Fix: Get name of local IP addresses in Windows 2003 and XP
  

• Fix: CCS packets are blocked by a Cisco PIX with DNS fixup enabled
  

• Fix: Decoding of a corrupt TNEF attachment
  

• Fix: NDR for CTY and CCS had the wrong description
  

• Fix: A MX with a non-existing A record was incorrectly resolved
  

• Fix: Adding a message header to a binary message corrupted the binary data
  

• Fix: Unique file name in HIST folder
  

• Fix: If the MAIL FROM was blocked using a 4xx error, the DATA was blocked with a 5xx rather than a 4xx error
  

• Fix: Original-Envelope-Id in DSN
  

• Fix: Slow outbound SMTP scheduler under heavy load
  

• Fix: Orphaned txt files in MSG-OUT when restarting under heavy load
  

New in XWall 3.36

• New: S/MIME signing and/or encryption ( Options->Transit->S/MIME )

• New: Block messages by country ( Options->Blocking->Country )

• New: Limit the amount of recipients for an inbound message (Options->General->Connections)

• New: Optionally remove all characters from the subject that prevent OWA / IIS from opening the message (& % \ ./ ..)

• New: Start/stop/install/remove XWall service from MBAdmin View->Service

• New: Purging of invalid Outlook addresses like "user@domain.com" <'user@domain.com'>

• New: XWall immediately sends back a NDR in the case Exchange rejects the message with a 4xx error

• New: Deleting multiple entries in a list box in Admin

• New: postmaster@* is excluded from Greylisting, because Postfix uses this address to validate if a recipient exists

• New: CCS ignores Yahoo standard attachment mails

• New: Action "Forward to recipient" which does nothing more than to log; useful for testing a method or for different customer configuration in the ISP Edition

• Chg: a NDR is sent for a message that reaches the max attachment count (previously the message was discarded without an NDR )

• Chg: Faster queue scheduling when sending messages to Exchange

• Chg: Priority of CCS is now lower than the priority of attachment and exploit blocking

• Fix: Empty record in datauser.dat cause XWall to hang

• Fix: Faster importing of AdrOWL-A when the white list is full

• Fix: Rescheduling of a message after a timeout in RSET

• Fix: Decoding of a corrupt TNEF attachment

• Fix: Error description in the csv file for CTY

Changelog for older versions

New in ESAT 1.27

All you OWA users, here is good news. Version 1.27 of ESATInformer offers a web interface to request blocked messages. So, no matter whether your computer has an email client installed or not, you will be able to send a request.