Entwicklung Eines Spam-Filter Gateways Basierend Auf Open-Source-Projekten
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Anti-Spam Software
СПАМ и системи за защита от спам Стефка Великова Маринова ф.н. 43217 Иглика Валентинова Мишева ф.н. 43175 - 0 - Всички потребители на Internet навярно някога в своя живот са се сблъсквали с понятие като СПАМ. То може да се определи не само като “нежелана поща”, но и като генериране на никому ненужен трафик. Любопитно е от къде произлиза думичката "spam" . За първи път подобен термин се е появил преди години в скеч на Monty Python (група актьори от Великобритания), когато викинги нападнали някаква гостилница, чието меню се състояло единствено от "spam" (Spiced Pork and hAM), и келнерът започнал ентусиазирано да обяснява: "имаме спам, спам и яйца, яйца и спам, спам-спам и яйца, спам спам и спам...” и нищо не можело да се яде поотделно без спам. Има няколко вида спам, според това каква услуга е решил да използва спамера, като всеки вид създава различни проблеми на потребителите на Интернет или просто на локалната мрежа. Услугите използвани от спамерите са mail, Usenet, IRC даже и FTP . Общоизвестно е, че протокола FTP осигурява предаването на двоични и текстови файлове от и на FTP-сървъри. FTP-сървър може да бъде както компютър с Unix (Linux), така и компютър под Windows NT, на който работи FTP-сървър. Няма се предвид взлом на FTP-сървъри и всичко по-долу казано е в следствие на работа на възможностите на протокола FTP за предаване на файлове непряко между сървъри. Давайки на анонмни потребители на сървъра правото за запис ние правим своя сървър потенциално уязвим. В такава ситуация е напълно възможно някакъв шегаджия от мрежата да генерира значителен трафик от някакъв достатъчно мощен сървър към нашия злочест FTP-сървър. -
SPF, MTA-K És SRS
Szaktekintély SPF, MTA-k és SRS Az elõzõ cikkben áttekintettük, hogy DNS segítségével hogyan jelölhetjük meg eredetiként kimenõ elektronikus leveleinket. Most eljött az ideje annak, hogy a bejövõ levelek ellenõrzésérõl is gondoskodjunk, és megvédjük felhasználóinkat a hamisított, kéretlen levelektõl és a férgektõl. © Kiskapu Kft. Minden jog fenntartva Sender Policy Framework (SPF, küldõ házirend-ke- Ha kissé mértéktartóbbak akarunk lenni, akkor elutasítás he- retrendszer) a válaszútvonal hamisítása ellen segít lyett a Received-SPF: fail sorral is bõvíthetjük a fejlécet. Ezt A védekezni – amit általában férgek, vírusok és le- a lehetõséget a beépülõ modulok leírása ismerteti bõvebben. vélszemét terjesztõk alkalmaznak. Az SPF életre hívása két szakaszból áll. Elõször a rendszergazdák SPF-bejegyzéseket Sendmail tesznek közzé a DNS-ben. Ezek a bejegyzések az egyes tar- A Sendmail beépülõ modulok fogadására szolgáló felületét tományok által a kimenõ levelek kezelésére használt kiszol- Milternek nevezzük. (Lásd az internetes forrásokat.) Az gálókat adják meg. Az SPFre képes MTA-k (mail transport újabb Sendmail-változatok alapesetben is támogatják a agent, levéltovábbító ügynök) késõbb ellenõrzik a bejegyzé- Milter használatát. A Sendmail foglalat alapú felületen ke- seket. Ha egy levél nem az SPF-ben megadott kiszolgálóról resztül tartja a kapcsolatot a Milterrel. Értesíti azt a befelé érkezik, akkor bátran hamisnak nyilváníthatjuk. irányuló SMTP-tranzakciókról, a Milter pedig megmondja A továbbiakban – kapcsolódva elõzõ írásomhoz – felvázolom, a Sendmailnek, hogy mit kell tennie. A Milter démonként hogyan ruházhatjuk fel SPF képességekkel a levélkiszolgálón- fut, indítása is külön történik. Az SPF weboldalon két Milter kat. Szó lesz arról is, hogy az elektronikus leveleket továbbító, érhetõ el, egy Perl és egy C alapú. A Perl alapú változat kifi- vagy weben elõállító szolgáltatások a küldõ módosításával nomultabb, ha viszont gyorsabb mûködést szeretnénk, ak- hogyan mûködtethetõk tovább az SPF bevezetése után is. -
Elektronikuslevél-Beépítés
Kovácsmûhely Elektronikuslevél-beépítés Tartsuk ébren weboldalunk felhasználóinak az érdeklõdését: figyelmeztessük õket elektronikus levélben a számukra érdekes hírekre és vitákra! öbb mint húsz éve használom a számítógépemet az nem is olyan nagyon bonyolult, embertársaimmal való kapcsolattartásra. Kezdetben csak de a fejlesztésre és hibakeresésre szánt idõt és erõfeszítéseket alkalmanként írogattam a helyi hirdetõtáblára, mindez sokkal érdemesebb egy létezõ csomag megtanulására fordítani. Tmára személyes és szakmai életem elválaszthatatlan részévé vált. Akinek azonban van egy kis tapasztalata a web és az adatbá- Ebben a hónapban – miközben folytatom a kicsomagolást új zisok témában, az tudja, hogy egy webfórumcsomag létre- © Kiskapu Kft. Minden jog fenntartva chicagói otthonomban, és küzdök a felmerülõ hibákkal, hozása nemigen áll másból, mint hogy összepakol néhány amelyek megnehezítik, hogy folytassam a Bricolage-ról szóló táblát (felhasználók, üzenetek és a hírcsoportok), majd megadja cikksorozatomat – a jelenkor néhány, az elektronikus levelekkel a jogosultságot az embereknek, hogy bejegyzéseket (küldemé- kapcsolatos kérdésébe pillantok bele. Írásomban a web-, illetve nyek) helyezhessenek el az egyes hírcsoportokban. a levelezésegyesítésrõl, illetve a levelezés és az adatbázis Ezek a rendszerek több mint elégségesek egy kis vagy közepes egyesítésérõl, sõt még az SMTP-szintû levélszemét elleni méretû weboldal számára; de ha idõközben hatalmasra duz- harcról is szó esik. zadna is a rendszerünk, az elküldött üzenetek ezreivel és fel- használók százaival birkózva is valószínûtlen, hogy komoly A web és az elektronikus levél egyesítése hatása lenne ezekre a rendszerekre. Ugyanis valamennyi rend- Ma már valóban nehéz olyan nagy és korszerû weblapot szer relációs adatbázisokat használ az adattárolásra, márpedig találni, amelyen nincs megoldva felhasználói visszajelzések még a legkisebb és legegyszerûbb korszerû adatbázisrendszer és jelentkezések kérdése. -
IFIP AICT 394, Pp
A Scalable Spam Filtering Architecture Nuno Ferreira1, Gracinda Carvalho1, and Paulo Rogério Pereira2 1 Universidade Aberta, Portugal 2 INESC-ID, Instituto Superior Técnico, Technical University of Lisbon, Portugal [email protected], [email protected], [email protected] Abstract. The proposed spam filtering architecture for MTA1 servers is a component based architecture that allows distributed processing and centralized knowledge. This architecture allows heterogeneous systems to coexist and benefit from a centralized knowledge source and filtering rules. MTA servers in the infrastructure contribute to a common knowledge, allowing for a more rational resource usage. The architecture is fully scalable, ranging from all-in- one system with minimal components instances, to multiple components instances distributed across multiple systems. Filtering rules can be implemented as independent modules that can be added, removed or modified without impact on MTA servers operation. A proof-of-concept solution was developed. Most of spam is filtered due to a grey-listing effect from the architecture itself. Using simple filters as Domain Name System black and white lists, and Sender Policy Framework validation, it is possible to guarantee a spam filtering effective, efficient and virtually without false positives. Keywords: spam filtering, distributed architecture, component based, centralized knowledge, heterogeneous system, scalable deployment, dynamic rules, modular implementation. 1 Introduction Internet mail spam2 is a problem for most organizations and individuals. Receiving spam on mobile devices, and on other connected appliances, is yet a bigger problem, as these platforms are not the most appropriate for spam filtering. Spam can be seen as belonging to one of two major categories: Fraud and Commercial. -
Administrator's Guide for Synology Mailplus Server
Administrator's Guide for Synology MailPlus Server Based on Synology MailPlus Server 2.2 1 Table of Contents Introduction 01 Chapter 1: Deployment Guidelines 02 Select a Synology NAS Estimate RAM and Storage Requirements Running Multiple I/O Intensive Packages on the Same NAS Chapter 2: Getting Started with MailPlus Server 06 Connect Synology NAS to the Internet Set up DNS Set up MailPlus Server Set up MailPlus Client Run MailPlus Third-Party Email Clients Troubleshoot Chapter 3: Mail Migration 19 Create a Mail Migration Task in MailPlus Server Import System Configurations from Microsoft Exchange to MailPlus Server Chapter 4: User Licenses 27 Purchase Licenses Install Licenses Use Licenses Chapter 5: Account Settings 31 Account System Activate Accounts Manage Privileges Chapter 6: Protocol Settings 46 SMTPI MAP/POP3 Network Interface Chapter 7: SMTP Settings 50 Service Settings SMTP Secure Connection Mail Relay Chapter 8: Domain Settings 66 Domain Domain Management Chapter 9: Security Settings 83 Spam Antivirus Scan Authentication Content Protection Chapter 10: Monitor Settings 107 Monitor Server Status Monitor Mail Queue Monitor Mail Log Chapter 11: Disaster Recovery 127 High-Availability Cluster Back up and Restore Email Chapter 12: MailPlus Navigation 140 Basic Operations Advanced Settings Introduction Introduction The Synology MailPlus suite provides advanced and secure mail service with high usability. This suite consists of two packages: MailPlus Server and MailPlus. MailPlus Server is an administration console that offers diverse settings, while MailPlus is an email platform for client users. This administrator's guide will guide you through the MailPlus Server setup and give detailed configuration instructions including DNS settings, mail service migration, and other security adjustments. -
Untersuchung Von Verschlüsselter E-Mail- Kommunikation Nach Spam
JOHANNES KEPLER UNIVERSITAT¨ LINZ JKU Technisch-Naturwissenschaftliche Fakult¨at Untersuchung von verschl¨usselterE-Mail- Kommunikation nach Spam und Viren MASTERARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Masterstudium Netzwerke und Sicherheit Eingereicht von: Michael Grundmann Bakk.techn., 0656189 Angefertigt am: Institut f¨urInformationsverarbeitung und Mikroprozessortechnik Beurteilung: O.Univ.-Prof. Dr. J¨org R. M¨uhlbacher Assoz.Prof. Mag. iur. Dipl.-Ing. Dr. Michael Sonntag Mitwirkung: Dipl.-Ing. Dr. Rudolf H¨ormanseder Linz, September 2012 Kurzfassung Ohne eine Überprüfung von E-Mail-Nachrichten nach unerwünschten (Spam) oder gefährlichen Inhalten (Viren, Phishing) ist das Betreiben oder Benutzen eines Mail-Dienstes nicht mehr vorstellbar. Da immer mehr und sensiblere Daten übertragen werden, wird auch die Verschlüs- selung des Mail-Transports immer wichtiger. Diese Verschlüsselung ist sicherheitstechnisch eine sinnvolle Entwicklung, die aber der benötigten Überprüfung der Mails entgegenstehen kann, wenn die Mail-Analyse beim »Betreten« oder »Verlassen« des eigenen Netzwerkes erfolgen soll. Diese Arbeit zeigt eine Möglichkeit, eine solche Inhaltsanalyse auch bei Verwendung von Verschlüsselung vorzunehmen. Dabei wird trotz TLS-Verschlüsselung, die zwischen den Mailservern zur Absicherung des SMTP-Transportweges aufgebaut wird, die Inhaltsanalyse mit Hilfe einer vertrauenswürdigen Zertifizierungsstelle ermöglicht. Hierbei werden bestehende SMTP-Proxy-Lösungen auf solche Funktionalität hin untersucht und als Konsequenz der Untersuchung wird eine Eigenentwicklung vorgestellt. Dazu werden die Eigenheiten von SMTP vorgestellt, soweit diese bei der Implementierung eines Proxy und der Verwendung von TLS relevant sind. Bei der Realisierung wurde darauf Wert gelegt, dass der Proxy die Sicherheit erhöht, aber dabei in keinem Fall ein nicht vorhandenes Sicherheitsniveau vortäuscht. Auch soll die Funktionalität und das Verhalten, besonders in Fehlerfällen, genau der Kommunikation ohne Proxy entsprechen. -
Architectural Styles of Extensible REST-Based Applications
Institute for Software Research University of California, Irvine Architectural Styles of Extensible REST-based Applications Justin R. Erenkrantz University of California, Irvine [email protected] August 2006 ISR Technical Report # UCI-ISR-06-12 Institute for Software Research ICS2 110 University of California, Irvine Irvine, CA 92697-3455 www.isr.uci.edu www.isr.uci.edu/tech-reports.html Architectural Styles of Extensible REST-based Applications Justin R. Erenkrantz Institute for Software Research University of California, Irvine Irvine, CA 92697-3425 [email protected] ISR Technical Report # UCI-ISR-06-12 August 2006 Abstract: At the beginning of the World Wide Web (WWW or Web), there was no clear set of principles to guide the decisions being made by developers and architects. In these early days, a cacophony emerged without a clear direction to guide the evolution of the Web. If there was any direction during the inception of the Web, it was a weak focus on how communication might occur between machines on the Web and the content that was to be transferred. Within a matter of a few years, scalability and other design concerns threatened the future of the early Web - this led to the introduction of REpresentation State Transfer architectural style (REST). The REST style imposed constraints on the exchange of communication over the Web and provided guidance for further modifications to the underlying protocols. The introduction of REST, through the HTTP/1.1 protocol, restored order to the Web by articulating the necessary constraints required for participation. In this survey, we will characterize any environment that is governed by REST constraints to be in a RESTful world. -
Clam Antivirus 0.88.2 User Manual Contents 1
Clam AntiVirus 0.88.2 User Manual Contents 1 Contents 1 Introduction 6 1.1 Features.................................. 6 1.2 Mailinglists................................ 7 1.3 Virussubmitting.............................. 7 2 Base package 7 2.1 Supportedplatforms............................ 7 2.2 Binarypackages.............................. 8 2.3 Dailybuiltsnapshots ........................... 10 3 Installation 11 3.1 Requirements ............................... 11 3.2 Installingonashellaccount . 11 3.3 Addingnewsystemuserandgroup. 12 3.4 Compilationofbasepackage . 12 3.5 Compilationwithclamav-milterenabled . .... 12 4 Configuration 13 4.1 clamd ................................... 13 4.1.1 On-accessscanning. 13 4.2 clamav-milter ............................... 14 4.3 Testing................................... 14 4.4 Settingupauto-updating . 15 4.5 Closestmirrors .............................. 16 5 Usage 16 5.1 Clamdaemon ............................... 16 5.2 Clamdscan ................................ 17 5.3 Clamuko.................................. 17 5.4 Outputformat............................... 18 5.4.1 clamscan ............................. 18 5.4.2 clamd............................... 19 6 LibClamAV 20 6.1 Licence .................................. 20 6.2 Features.................................. 20 6.2.1 Archivesandcompressedfiles . 20 6.2.2 Mailfiles ............................. 21 Contents 2 6.3 API .................................... 21 6.3.1 Headerfile ............................ 21 6.3.2 Databaseloading . .. .. .. .. .. . -
Secure Email Storage 1/9 Typical Email System with Secure Storage
typical eMail System TLS unencrypted SMTP postfix exim TLS eMail Client IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus Mailserver my setup some alternatives byterazor Secure eMail Storage 1/9 typical eMail System with secure storage TLS SMTP postfix exim encrypted using TLS single symmetric key eMail Client IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus Mailserver my setup some alternatives byterazor Secure eMail Storage 2/9 qpsmtpd TLS qpsmtpd SMTP unencrypted SMTP postfix exim TLS eMail Client IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus Mailserver my setup some alternatives byterazor Secure eMail Storage 3/9 qpsmtpd Overview • easily extensible smtp server • written in Perl + Plugin System in Perl • good protection against spam + virusses • Backends: qmail, postfix, exim, smtp byterazor Secure eMail Storage 4/9 qpsmtp GPG Plugin TLS qpsmtpd encrypted with recipients pub SMTP + gpg encrypt key SMTP postfix exim TLS eMail Client IMAP/POP3 PC Mobile Storage Tablet Laptop courier cyrus perdition mysql filesystem TLS berkleydb cyrus Mailserver my setup some alternatives byterazor Secure eMail Storage 5/9 qpsmtp GPG Plugin Overview • written in Perl • uses GnuPG to encrypt non encrypted incoming eMails • PGP Mime standard • uses recipients PGP key if locally available + trusted byterazor Secure eMail Storage 6/9 Advantages • can be used with standard eMail clients with PGP -
How Is E-Mail Sender Authentication Used and Misused?
How is E-mail Sender Authentication Used and Misused? Tatsuya Mori Yousuke Takahashi NTT Service Integration Laboratories NTT Service Integration Laboratories 3-9-11 Midoricho Musashino 3-9-11 Midoricho Musashino Tokyo, Japan 180-8585 Tokyo, Japan 180-8585 [email protected] [email protected] Kazumichi Sato Keisuke Ishibashi NTT Service Integration Laboratories NTT Service Integration Laboratories 3-9-11 Midoricho Musashino 3-9-11 Midoricho Musashino Tokyo, Japan 180-8585 Tokyo, Japan 180-8585 [email protected] [email protected] ABSTRACT tive way of avoiding spam filtration. Thus, e-mail sender authen- E-mail sender authentication is a promising way of verifying the tication mechanisms have attracted attention as a promising way sources of e-mail messages. Since today’s primary e-mail sender of verifying sender identities. Large webmail service providers authentication mechanisms are designed as fully decentralized ar- such as Google have leveraged sender authentication mechanisms chitecture, it is crucial for e-mail operators to know how other or- to classify authenticated sending domains as either likely legit or ganizations are using and misusing them. This paper addresses the spammy [23]. question “How is the DNS Sender Policy Framework (SPF), which Of the several e-mail sender authentication mechanisms, we fo- is the most popular e-mail sender authentication mechanism, used cus on Sender Policy Framework (SPF) [28], which is the most and misused in the wild?” To the best of our knowledge, this is used sender authentication mechanism today [16, 26, 12, 23]. Ac- the first extensive study addressing the fundamental question. -
Contents in This Issue
MARCH 2005 The International Publication on Computer Virus Prevention, Recognition and Removal CONTENTS IN THIS ISSUE 2 COMMENT RATTLING THE Plenty of phish in the sea PERLY GATES Perl/Santy is, 3 NEWS essentially, a small piece of Perl code that Microsoft one step closer to AV spreads to vulnerable Errata: February 2005 Windows NT web servers located using the Google search engine. comparative review Frédéric Perriot describes Santy’s unusual replication strategy and explains why this worm 3 VIRUS PREVALENCE TABLE exemplifies the need for the ‘defence in depth’ approach. page 4 4 VIRUS ANALYSIS Black Perl HOME SWEET HOME FEATURES Randy Abrams looks at how the security support needs and behaviours of home users have changed 6 Protecting the home user over the years, and describes how Microsoft is 9 Virus outbreak protection: network-based adapting to maximise customer support now that detection consumers’ first port of call is their ISP. page 6 11 INSIGHT New kid on the block PRODUCT REVIEWS 13 VirusBuster 2005 Professional 17 Resolution Antivirus This month: anti-spam news & events; review of Fighting Spam for Dummies; MIT Spam 20 END NOTES & NEWS Conference report; ASRG summary. ISSN 0956-9979 COMMENT ‘The number to re-enter their user data. The email lures the recipient into clicking on a link that directs them straight to the of phishing spoofed website where they are asked to enter their attacks, and the personal information, providing the phishers with access to the victim’s bank details, credit card, or on-line associated costs, shopping account. are increasing.’ In any single scam, only a small proportion of recipients will be customers of the spoofed organization, and only a David Emm small proportion of these will ‘take the bait’. -
Phishing : Cutting the Identity Theft Line
01_584987 ffirs.qxd 3/30/05 7:12 PM Page iii Phishing Cutting the Identity Theft Line Rachael Lininger and Russell Dean Vines 01_584987 ffirs.qxd 3/30/05 7:12 PM Page ii 01_584987 ffirs.qxd 3/30/05 7:12 PM Page i Phishing Cutting the Identity Theft Line 01_584987 ffirs.qxd 3/30/05 7:12 PM Page ii 01_584987 ffirs.qxd 3/30/05 7:12 PM Page iii Phishing Cutting the Identity Theft Line Rachael Lininger and Russell Dean Vines 01_584987 ffirs.qxd 3/30/05 7:12 PM Page iv Phishing: Cutting the Identity Theft Line Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN 13: 978-07645-8498-5 ISBN 10: 0-7645-8498-7 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RZ/QU/QV/IN No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copy- right Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.