jeff on 8 Dec 2007 04:23:33 -0000 |
I'm curious as to what we all use on servers (not at home).My ISP uses Postini and I called them today for a quote for work. Their accuracy is frightening. Once a week I log in to clean out the junk box. This week there were about 500, of which 3 were false positives. At work, there's a lot of whining (isn't there always) about the filter. It has more false positives than I'd like, causing us to have to whitelist aggressively. It's human nature to ignore the 300 pieces of spam the filter caught but to bitch about the 1 email you didn't get. So I'm curious about what others are using. I'm very curious about the balance between filtering and user-interaction. My users are extremely unhappy about missing emails, yet if I were to employ a solution whereby they received *every* piece of email in a junk box and had to go through it, they'd never do it (we can't get them to empty their deleted items folder). I guess I'm simply asking for a 100% perfect spam filter that can operate sans end-user input. And a six-figure salary to operate it from the comfort of my home in a state with warm temperatures and very little humidity. Please let me introduce you to my secretary, Adriana Lima. The server is (ack.... pbthlllllt) Exchange 2003. ========================================================================= Random work stories follow. Not on topic.The CIO got pissed about offsite storage costs, specifically email. A brief bit of math showed that we could save tons by simply having people empty their deleted boxes, clear sent items, and delete a few of the four thousand personal joke virus emails in their inbox. Said CIO asked nicely for everyone to perform said operations. And nothing happened. Ok, I exaggerated: four people complied. So we *educated* people about what to do and why. A few more did so.Last month the CIO realized it was time to send out his quarterly reminder to empty the deleted box. And nothing happened. I am not exaggerating this time.[What the CIO failed to realize is that each one of his messages arrives with the Auto-Ignore flag on. I stopped sending out emails two years ago for this very reason.] SOMETHING had to be done, obviously. We had no choice but to implement limits. Being the mean-spirited, fun-killing ogres we are, we put into effect the draconian limit of 500megs per user. Yes, 500megs. You'd have thought we killed their puppies from the collective howl that arose. One genius actually exploded in our office, screaming bloody murder about only having 33,000 messages in her inbox and why were we picking on her. Another did not pass GO and ran straight to the COO. His whining was curtailed rather quickly by the COO's admission that limits were *her* idea. No, we still did not force deleted items to empty on closing (even though we're basically heartless clods). When we mentioned this to the lady with 6,000 deleted items, she begged us not to delete them because `that's where she files stuff.' Then there was the Great Password Change Debacle of 2004. One day I hear an announcement over the p.a. for the meeting of the IT Password Change Committee. I was most intrigued, especially as I had never heard of the IT Password Change Committee, nor had my boss, who had just that moment found out he was ON the committee. The name of the committee should pretty much say it all, but allow me to set the stage.... somebody put together this group, consisting of dept heads and others (janitors, presumably) for the express purpose of *discussing* whether there *should* be password changes and possibly how frequently. Pick ten random coworkers of yours who aren't involved with computers and ask yourself if any sane person would put them in charge of IT policy. [Stop that. Get up off the floor. I can hear you snickering all the way over here.] I hear the meeting degenerated into my boss being asked who we were really defending against with these proposed password changes. Finally it was decided, no doubt after a year of committee meetings, voting, catered meetings, and enough Krispy Kreme donuts to sink the USS Harry Truman (would that be four or five?) that the password changes would occur quarterly. I asked my boss if we should pull the plug on the firewall too, while we were at it. Mind you, this was all without my boss' input. He would just sit there, in total shock, shaking his head until he developed repetitive stress injury in his neck and got fired because he enjoyed the pain meds a little too much. We knew we were in for it regardless but there's no way we could have predicted how bad it was going to be. Two weeks before the mandatory password change, everyone was notified they had 14 days to change their password, and would they like to change it today. Invariably everybody waited til they couldn't log in anymore before they changed it. The entire next day was spent resetting passwords because they forgot them overnight. Some would say that this isn't a problem. It just proves that we have nothing but highly motivated, energetic coworkers who leap right on forgetting things instead of waiting a day or more to forget them. To those people, I say that this kind of optimism should require hospitalization. And the administration of lots of those medicines that make you drive like Ted Kennedy, speak like George Bush, and shake like Ozzy Osbourne. After about two password change cycles, my dept longed for the safety and serenity of someplace quiet, like Iraq. Fortunately the entire topic was made moot by the Extreme High Muckity Mucks, who found the entire experience way too mentally taxing and decreed that password changes would henceforth occur twice a year. If you're still with me, you'll be happy to know that network password changes require Treo password changes. When I explained this to a VP who was complaining that her Treo wouldn't get email, she said that all this security nonsense was really a pain in the ass and she didn't see the need for it. If you need me, I'll be in the server room, hanging from a CAT5 cable. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|