FNAL Central Email Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL Email.

Slides:

Advertisements

Similar presentations

Welcome to Middleware Joseph Amrithraj

Advertisements

Basic Communication on the Internet:

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Dealing With Spam The kind, not the Food product.

Introduction to push technology © 2009 Research In Motion Limited.

Lesson 7: Business, , & Personal Information Management

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Chapter 30 Electronic Mail Representation & Transfer

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Spam Reduction Techniques Using greylisting and SpamAssassin.

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

Overview of Exchange 2013 Architecture Transport components shipping with Exchange 2013 Mail Routing Scenarios Transport High Availability SMTP Client.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

CT NIKHEF Nov Mail NIKHEF CT system support.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Sun One IMAP & Microsoft Exchange Coexistence Dan Oberst Princeton University CSG 9/21/04.

The Linux Operating System Lecture 7: Tonga Institute of Higher Education.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

ProtectionProfiles. 2 Fortinet Technologies Protection Profiles Protection profiles control t the type of traffic protected t HTTP t FTP t IMAP t POP3.

Electronic Mail Originally –Memo sent from one user to another Now –Memo sent to one or more mailboxes Mailbox –Destination point for messages.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

Webmail. Agenda Why use webmail? Why use webmail? What is webmail What is webmail – basic » system MDA MDA MTA MTA MUA MUA »Protocol SMTP SMTP.

Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.

IT:Network:Applications.  How messaging servers work  Initial tips for success Exchange management  Server roles  Exchange Server Management  Message.

Chapter 6: Packet Filtering

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Module 9 Configuring Messaging Policy and Compliance.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Module 6 Planning and Deploying Messaging Security.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Mail Service Mail Service using Postfix Campus-Booster ID : **XXXXX

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

What is and How Does it Work?  Electronic mail ( ) is the most popular use of the Internet. It is a fast and inexpensive way of sending messages.

Content Control Stewart Duncan Technical Manager.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.

Module 9 Configuring Messaging Policy and Compliance.

Anti-Spam Tagging Al Lilianstrom. Spam Tagging The Computing Division is testing a Spam Tagging solution Based on SpamAssassin All incoming mail to the.

2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.

Update on  Mail Gateways  Servers  Spam Tagging  Anti-Virus  IMAP  Web Mail  LISTSERV  POP.

Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.

Module 7 Planning and Deploying Messaging Compliance.

GATEWAY WITH PER-USER SPAM BLOCKING AND VIRUS SCANNING Greg Woods National Center for Atmospheric Research Scientific Computing Division Boulder,

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,

1 Information Systems 2/26/03 Tom Coppeto Mark Silis MIT Mail System Update 26 February 2003.

Implementing Microsoft Exchange Online with Microsoft Office 365

A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.

INTRODUCTION Firewall is a concept which blocks unwanted traffic and passes desirable traffic to and from both sides of the network.

Linux Operations and Administration Chapter Twelve Configuring a Mail Server.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Outlook / Exchange Training. Outlook / Exchange: Agenda What Can Microsoft Exchange Do / How works at UST? and Inbox Mailbox Quota Archiving.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

SCS Infrastructure Upcoming Changes Topics Why we’re doing this Why we’re doing this Existing architecture Existing architecture Sendmail.

Project Management: Messages

has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There.

Presentation transcript:

FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL System is the primary point of entry for destined for an employee or user at Fermilab. This centrally supported system is designed for reliability and availability. It uses multiple layers of protection to help ensure that: 1) SPAM messages are tagged properly 2) All mail is inspected for viruses 3) Valid mail gets delivered This system employs numerous redundant subsystems to accomplish these tasks Services Software The centrally supported services use commercial software. The ‘UNIX Servers’ represent the various UNIX and Linux machines that choose to receive mail. IMAPSolaris 9 ( Sun Java Enterprise Server Mail Server POPSolaris 8 iPlanet Messaging Server ListServWindows Server 2003 ( ListServ ( Hardware SPAM TaggingDell 2650 ( MTASun E280 ( LDAPSun Netra Symantec AVDell 2650 IMAPSun E280 LSI FC SAN ( POPSun Netra LSI FC SAN ListServDell 2650 Gateway Software A combination of commercial and open source software is used to build what we consider the gateway system SPAM TaggingFermi Linux LTS 3.01 (www-oss.fnal.gov/projects/fermilinux/) PostFix ( Spam Assassin ( MTASolaris 9 ( SunONE Messaging Server Sophos AntiVirus ( LDAPSolaris 9 SunONE Directory Server Symantec AVWindows Server 2000 ( Symantec NAV for Gateways (

FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Incoming Mail Mail that is destined for a user at Fermilab can only enter the site through a small number of dedicated machines. The border router is configured to only allow incoming SMTP connections to these machines. All other attempts are rejected. By imposing this restriction all incoming mail can be evaluated by software designed to check the mail for SPAM indicators, for viral content using two different applications, and then deliver it as quickly as possible to the end user: on either one of the centrally supported servers or a personal Linux/UNIX machine. Mail that originates outside of Fermilab and addressed to Fermilab users should be addressed to If the mail is addressed to the external machine will first attempt to connect directly to machine.fnal.gov. When that fails a MX record is used to discover that the mail gateway system is the way in and it is then accepted for delivery. SPAM Tagging All incoming mail is routed through the SPAM tagging subsystem. Based on a combination of PostFix and SpamAssassin the mail is evaluated as potential SPAM using the rules defined inside SpamAssassin and the responses from DNS queries sent to public access RBLs (Real Time Blackhole Lists). Any mail that passes through SpamAssassin has X- Headers added to the message to shows its ‘score’. If the message is determined to be SPAM then a X-SPAM-Flag header is added with its value set to Yes. This flag can then be used by any client that supports filtering of messages based on headers to folder the mail for later reading rather than have a cluttered Inbox. While not 100% effective user response has been very positive. MTA Once the mail has been processed by the SPAM tagging system it is handed off to the MTA. At this point the delivery destination is determined by a LDAP lookup and then the message is checked with Sophos AntiVirus. Sophos stops approximately 95 to 98 percent of the viruses that get to Fermilab via . Any message that is determined to have viral content is not delivered. It is removed from processing. Neither the sender or the intended recipient is notified. The Sophos definitions are updated two ways: The first is via cron every other hour. The second is triggered by from Sophos that a new definition is available. The MTA is also used as the SMTP server for the desktop clients and as an authenticated SMTP server for users who travel to allow relaying of mail. The MTA processes an average of 800,000 to 1,200,000 messages per week. Symantec AV As mentioned in the MTA section Sophos is approximately 95 to 98 percent effective in removing viral content. In previous implementations of our IMAP and POP services we used Symantec AntiVirus for Gateways on the IMAP or POP server to catch any viruses that made it past Sophos. As we changed the design of the IMAP services we decided to implement Symantec AV as a service for all mail that comes through the gateways. This implementation has resulted in nearly all viruses being caught before they reach the users mailbox. The Symantec definitions are updated every other hour via a scheduled job. After being scanned the mail is returned to the MTA for delivery to the destination mailbox or list. IMAP Services IMAP is the preferred way for users at Fermilab to receive mail. It is a centrally managed and supported service. Users are not restricted to a particular client and a webmail interface is available for those who travel. All user information is stored in redundant LDAP servers and the users mail resides on storage available via two different paths. Users can request higher quotas for mail retention. Server side filters are also supported to help organize mail. We currently have approximately 3000 users with over 150GB of mail ListServ ListServ is used to manage over two thousand mailing lists used at Fermilab by our users and collaborators around the world. For lists that are archived a web interface is available to view the archives. Once created the lists are managed by the list owners. ListServ processes over 24,000 list messages weekly. These messages are distributed to over 325,000 addresses. UNIX/Linux Servers There is no restriction on users receiving mail on their personal UNIX/Linux desktop. Many users do this and are very happy with managing their own server. POP Services POP is still used at Fermilab but the number of active accounts is dwindling. User s are not restricted in the client that is used. Quotas are strictly enforced and a webmail interface is not available.