Version 3.8.4.23

Top  Previous  Next

Changes in version 3.8.4.23 (April 23, 2008)

 

New Features

 

Sender tracking. This is an internal counter mechanism that will maintain a running total of the number of times a sender emails a particular recipient over a 33 day period. It will create a log entry showing the number of times the recipient has received an email message during this time period. Currently, the only action that can be taken on this is to add some tarpit time for previously unknown senders.

 

By default, sender tracking is disabled. It can be turned on and an optional tarpit penalty for unknown senders be applied my changing the following registry values:

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\TrackSenders

Values:

0 = Disabled  (Default)

1 = Enabled

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\Grey\FlagNewSender_TPTime

Values:

0 = No tarpit penalty, log only (Default)

n = Where n = the number of seconds to tarpit connections new senders.

 

High ASCII character checking in the message subject. This will count the number of ASCII characters over ASCII 127 contained in the subject line of the message. If enabled, 1 point will be added to the message scan score for every high ASCII character. The number of points assigned can be changed in the registry. While this may not be useful for every Alligate installation, it can help identify foreign language spam for users who predominately receive email from English speaking countries.

 

By default, High ASCII checking is disabled. It can be activated and the point per character can be modified by editing the following registry values:

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\Scan\HiAsciiScore

Values:

0 = Disabled (Default)

1 = 1 penalty point (This can be any integer number)

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\Scan\MaxHiAsciiScore

Value:

25 = (Default) The maximum number of penalty points that can be assessed by the High ASCII check.

 

Country Tagging in Subject. This feature allows you to append or prepend the 2 letter country code of the sender to the subject line. For example:

 

Old subject: Your Paypal account has been suspended.

Appended subject: Your Paypal account has been suspended. (TH)

 

This would indicate that the message originated in Thailand. While not a bulletproof phishing stopper, it could help users better identify scams.

 

By default, country tagging is turned off. It can be activated by editing the following registry key:

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\Scan\SubjCountryTag

Values:

0 = Disabled (Default)

1 = Prepend tag (Beginning of subject)

2 = Append tag (End of subject)

 

You can also define countries to ignore tagging for. For example, if you are located in the US and only want the subject to be tagged for messages originating from outside of the US, you can achieve this by modifying the following registry key:

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\Scan\SubjHomeCountry

Value:

A semicolon delimited string with the 2 letter country codes you want to ignore. For example, adding the string US;CA would cause Alligate to NOT tag messages from the United States and Canada. By default, the US is specified to be ignored.

 

New Utility

 

Alligate Load Monitor This is a stand alone "Task Manager" style utility that lets you monitor Alligate load statistics in real time from any computer. Please click on the link for more information.

 

New Features

 

Some improvements were made in the way TCP/IP traffic is handled at the packet level to increase performance when small amounts of data are being sent. This improves performance with SMTP commands, recipient verification and greylist checking. There is a tremendous amount of overhead involved for the purpose intended.

 

Fixes

 

Some problems were found with the MIME decoding mechanism. There was difficulty decoding large message and it cause Alligate to consume large amounts of CPU time, and memory. This area of the code has been refactored to avoid using MIME decoding.

 

Important: In this release, file attachment blocking is disabled. It was necessary to do this because proper decoding of file attachment names normally requires MIME decoding. This part of the code needs to be entirely rewritten and we felt it better to release an interim version without this capability until  we can complete the full fix.