Category: Blog


Security router 3.5 based on OpenBSD 5.7

Image by OpenBSD

We’ve just released 3.5 (codename “star”), based on OpenBSD 5.7 which was released a few weeks ago. It comes with many improvements such as full SNMP and source-hashing of L3 traffic in the load balancer, TCP/TLS/IPv6 support in syslogd and support for new hardware.

A few things have been deprecated, such as BIND (which is replaced by Unbound), nginx (replaced by OpenBSD’s own httpd) and sendmail. These are however available as packages (requires Perl). If you are updating a system, read the release notes carefully.

Installation images for new system are available for download as we speak!


Free hotel and conference – WorldHostingDays USA

World Hosting Days USA is not far off. Have you not registered yet? Good, because we would like to treat you! Halon invites you to attend the on the 19th – 20th of May in Seven Spring Ski & Mountain Resort outside Pittsburgh, Pennsylvania.

We will simply pick up you hotel accommodation cost for 1 night and your conference fee at a value of approx $600. All you have to do is to get in touch for your unique voucher code, register online and travel.

  1. Email us
    Get your unique voucher code for your free (1) night at the conference hotel
  2. Register online
    Use our unique link to visit WHD registration page or simply add Halon voucher code LXX88BQ upon registering to get your conference fee for free.
  3. Use your hotel voucher code
    Add your details to register and don’t forget to use the code we gave you when you book your hotel – it’s unique and works only once.

All set! Oh, and don’t forget to book your travels.

WHD has the tendency to choose the most fantastic venues and the conference is as always packed with tremendous varieties of networking activities, social gatherings and educational sessions with top industry leaders. Well worth the travels – we promise!

Don’t miss out the social gatherings in the evenings, which starts already on the 18th of May. Halon Security is the proud sponsors of the bar for the whole event at the Bavarian Lounge. Step by and have a drink with us! During the day you’ll find us in our booth #17

We are looking forward to seeing you!


Fight outbound spam and increase deliverability

Many email providers such as web hosts, ESPs and even VPS providers are familiar with the consequences of being blacklisted; angry customers calling the support because of delayed or reject email, countless of hours tracking down abusive users and patiently trying to get of the blacklists.

Unlike many other anti-spam products marketing themselves as “turn-key” solutions, Halon provides a scriptable email gateway that works as a toolbox for hosting providers. It enables them to tailor the system to fit them perfectly using our high-level scripting language. For example, you can in a programmable fashion create rate limits of anything you like. If you can identify customers based on their sender domain (enforced by the sending email server), you can defer messages based on the customer’s current deliverability statistics such as script such as

if (rate("delivery-failures", $senderdomain, 0, 3600) > 999)
    Defer("$senderdomain has more than 1000 failed deliveries during the last hour");
if (GetMailQueueMetric(["filter" => [ "senderdomain" => $senderdomain ]]) > 500)
    Defer("$senderdomain has exeeded the max queue limit of 500 messages");

Although quite different from inbound spam, filtering outbound spam can be extremely effective with the right tools, because you know who the sender is. In order to create a maintenance-free system, you can even allow a low rate of spam (per customer) sail through, to minimise the impact of false positives.

There are however many other factors that can be weighted into the equation. We have compiled a short list of the most common and effective methods to combat outbound spam which includes (but isn’t limited to);

Most of what we’ve discussed here works equally good in a fully transparent proxy installation, suitable for VPS providers that (for whatever reason) have chosen not to enforce the usage of an SMTP relay.