Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010.

Slides:



Advertisements
Similar presentations
Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.
Advertisements

Justin Mason, SpamAssassin Project & Deersoft
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Course 201 – Administration, Content Inspection and SSL VPN Filtering
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Computer Networks IGCSE ICT Section 4.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.
POP Configuration Microsoft Outlook What is POP? Short for Post Office Protocol, a protocol used to retrieve from a mail server. Most.
CT NIKHEF Nov Mail NIKHEF CT system support.
IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.
Filtering with Open Source Software OLUG – June 7, 2005.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Introduction to Computer Administration System Administration
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
OCR Nationals – Unit 1 AO2 (Part 2) – s. Overview of AO2 (Part 2) To select and use tools and facilities to download files/information and to send.
The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
By: Bill Stevenson Jose Plancarte Erik Magsino. Overview Messaging and collaboration server Send and Receive electronic mail and other forms of interactive.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
ClamAV An Introduction PacNOG I Workshop June 21, 2005 Nadi, Fiji Hervey Allen.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Common Servers in a Workplace Environment Brandon Reynolds Computer Electronic Networking Dept. of Technology, Eastern Kentucky University.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.
Oxford University Computing Services IT Support Tracking with Request Tracker (RT) Katherine Craddock Oxford University Computing Services.
Module 5: Configuring Internet Explorer and Supporting Applications.
SpamAssassin Filter Rodney Weakly April 26, 2006.
銳擎智識股份有限公司 銳擎智識股份有限公司 Executive Vice President Richard Chuang
SpamAssassin An Introduction PacNOG I Workshop June 20, 2005 Nadi, Fiji Hervey Allen.
Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.
Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.
Quake Data Distribution System Alan Jones Stephen Jacobs David Oppenheimer.
NetTech Solutions Protecting the Computer Lesson 10.
A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
PINE. What is PINE? PINE is a light weight yet very powerful open source console based client developed by the University of Washington. It has.
[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.
Introduction to System Administration. System Administration  System Administration  Duties of System Administrator  Types of Administrators/Users.
Monitoring Dynamic IOC Installations Using the alive Record Dohn Arms Beamline Controls & Data Acquisition Group Advanced Photon Source.
Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.
Using Using Computers Safely, Effectively and Responsibly.
Telnet Media. Telnet Media Ltd Surfing the Web Secure Content Management Products Reasons to implement Agenda.
Network System Security - Task 2. Russell Johnston.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Anti-Spam Managing Spam with Kerio Connect
IT320 Operating System Concepts
BUILD SECURE PRODUCTS AND SERVICES
Web Server Administration
TMG Client Protection 6NPS – Session 7.
Top 5 Open Source Firewall Software for Linux User
ClamXav Antivirus Scanner: A Free Tool for Your Mac OS X
Advanced Security Architecture System Engineer Cisco: practice-questions.html.
Improving Digest-Based Collaborative Spam Detection
HmailServer Karam al-sofy & Faten alhasan.
Information Security Session October 24, 2005
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Chap 10 Malicious Software.
1/11/2019 7:04 AM Understanding, Configuring and Troubleshooting Protection Feature on Yuri Diogenes | blogs.technet.com/yuridiogenes Senior Technical.
Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.
Chap 10 Malicious Software.
Web Servers (IIS and Apache)
Presentation transcript:

Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010

Overview Scope Little bit about me Why I built the spamfilter Deployment environment Spamfilter details Tuning and maintainance Other resources

Scope Explanation of how and why I did this Show all software packages used Point towards resources to learn more

A little about me Compliance Test Compliance Worldwide 9 ½ years USAF installing CO and microwave relay stations Started tinkering w/ Linux ~ 2001 Not a professional Linux engineer No formal CS background/education

Why I built spamfilter I personally was getting > 500 spam mails /day Probably > 2000 to entire company Tried anti-spam plugins – not very effective Commercial solutions very expensive Couldn't find anything viable for our Exchange Server

Deployment environment Initially 100% MS in back office Windows NT Server MS Exchange Clients – MS Outlook Suggested minimum Pentium II 450 MHz w/ 512 Mbit RAM My setup Pentium II 350 w/ 256 Mbit RAM

Overview of spamfilter Found it initially through site written by Scott Henderson Built on RH 9.0 Scott stopped maintaining document ~ 2008 freespamfilter.org started to continue project Contains initial RH build as well as Debian, FreeBSD, OpenBSD, Gentoo, Fedora builds I use the Debian build

Overview of spamfilter

Software Packages Postfix Amavisd-new SpamAssassin Razor DCC Pyzor ClamAV

Postfix Mailer written by Wietse Venema that started life at IBM research as an alternative to the widely-used but difficult to configure Sendmail program. Key files are master.cf and main.cf A lot of values stored in lookup tables that are turned into hash tables using command: postmap foo Many settings stop mail from being accepted ”at the front door”

Amavisd-new amavisd-new is a high-performance interface between mailer and content checkers: virus scanners, and/or SpamAssassin. Settings used in online document are what might be used at small business (perfect for me). Many more settings that scale highly for larger deployments

SpamAssassin Apache project Assigns a score to each depending on how ”spammy” it calculates it to be. Called by amavisd-new Querys DCC, Pyzor, Razor servers to score mail Also queries real time blacklists (RBLs)

Pyzor Collaborative, networked system to detect and block spam using digests of messages. Pyzor queries similar to DNS requests - uses UDP port 24441

Razor Distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by clients to filter out known spam. Detection is done with statistical and randomized signatures User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

DCC Distributed Checksum Clearinghouse The basic logic in DCC is that most spam mails are sent to many recipients. The same message body appearing many times is therefore bulk . DCC identifies bulk by taking a checksum and sending that checksum to a Clearinghouse (server). Server responds with the number of times it has received that checksum. An individual will create a score of 1 each time it is processed. Bulk mail can be identified because the response number is high. Content is not examined. Uses UDP protocol and uses little bandwidth.

ClamAV Cross-platform antivirus software tool-kit capable of detecting many types of malicious software, including viruses. Used as a server-side virus scanner. Owned by Sourcefire, maker of Snort

Maintainance and Tuning ClamAV lets you know when new versions are available in /var/log/clamav/freshclam.log Since Postfix is run in a chroot jail it will complain about files differing. When this happens, we need to run a script that is supplied with the Postfix source code (called LINUX2) that will once again copy all the files that Postfix needs to where it needs them.

Maintainance and Tuning (more) Postfix has sections dealing with whitelisting and blacklisting. Amavisd also has sections dealing with whitelisting and blacklisting. Several scripts for updating, log checking, intrusion detection, etc.

Resources