Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Slides:

Advertisements

Similar presentations

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

Advertisements

A new Mailing List infrastructure at CERN Ruben Gaspar Aparicio Michel Christaller & Ruben Leivas Ledo IT - Internet Services Group CERN.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

The Natural way for Secure Mobile v.1.4

Secure Lync mobile Authentication

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? Intelligent Message Filter provides server-side message filtering,

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

Sender policy framework. Note: is a good reference source for SPFhttp://

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.

SIM334. Internet Comprehensive Protection Multi-Engine Antivirus and Multi layered continuously evolving Anti-spam In the Leader’s quadrant in the.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

Anti-Spam & Anti-Virus WiscMail Implementation University of Wisconsin - Madison CSG Workshop September 21, 2004.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Lecturer: Maxim Podlesny Sep CSE 473 File Transfer and Electronic in Internet.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Security and Messaging Matthew Smith Systems Consultant Raven Computers Ltd Security and Messaging Matthew Smith Systems Consultant Raven Computers Ltd.

Module 6: Manage and Configure Messaging. Configuring Internet Mail Using Small Business Server (SBS) 2008 Console Configuring Protection Configuring.

Microsoft Exchange in the College of Engineering Jerry Ciolkosz Senior Systems Analyst Electronic and Computing Services October 16, 2003.

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Exchange Online Protection. About Speaker Prabhat Nigam Microsoft MVP: Exchange Server MCSE: Messaging 2013, MCITP 2010/2007, MS Ex – Microsoft Exchange.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Module 6 Planning and Deploying Messaging Security.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-

What’s New in WatchGuard XCS v9.1 Update 1. WatchGuard XCS v9.1 Update 1  Enhancements that improve ease of use New Dashboard items  Mail Summary >

Update on  Mail Gateways  Servers  Spam Tagging  Anti-Virus  IMAP  Web Mail  LISTSERV  POP.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Understanding Microsoft Forefront Online Protection for Exchange Nathan Winters Microsoft Corporation EXL201.

LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,

1 Information Systems 2/26/03 Tom Coppeto Mark Silis MIT Mail System Update 26 February 2003.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Security fundamentals Topic 10 Securing the network perimeter.

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

Security fundamentals Topic 9 Securing internet messaging.

A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.

Sender policy framework. Note: is a good reference source for SPFhttp://

Enterprise Messaging & Collaboration. e-Interact Modules.

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL .

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

sender policy framework

Security fundamentals

Welcome To : Group 1 VC Presentation

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Pavel Dobrý Engineering Director

Presentation transcript:

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015

HEPiX meeting 2004 Rafal Otto (IT/IS) Agenda Exchange 2003 upgrade Mail Gateways upgrade Spam Fighting Evolution

HEPiX meeting 2004 Rafal Otto (IT/IS) Status of the update Update of server software started during summer ~2000 (15%) users moved to the new servers Migration should end this year Transparent: users warned by to close their client during the night

HEPiX meeting 2004 Rafal Otto (IT/IS) New Features Webmail: New interface, display and navigation speed was improved. New features, like creating server side filtering rules (useful for IMAP users). Mobile features: Pocket PC can synchronize directly with server. Cached mode: Download headers only (useful when slow connection). RPC over HTTP: Connect from outside CERN, without VPN or ISA Server. Using HTTP over SSL, secure connection.

HEPiX meeting 2004 Rafal Otto (IT/IS) Agenda Exchange 2003 upgrade Mail Gateways upgrade Spam Fighting Evolution

HEPiX meeting 2004 Rafal Otto (IT/IS) Why a new architecture ? Spam and virus attacks were dramatically increasing, something had to be done. Floods happened more and more often Detection of problems must be quick, and raise alarms when manual intervention is needed. Old architecture was very complex, any modification could create unexpected side effects. Running on old servers, new hardware was needed. The mail service was running since many years, was modified by many different teams, many different features were added, stores were migrated to MMM, giving this architecture…

HEPiX meeting 2004 Rafal Otto (IT/IS) Old architecture Listbox4 Exchange Back Ends smtp4 / mint smtp3 / smtpmail6 Other Sendmail mail3 Mmm (Front Ends) Outside CernUsers mail8mail7 Antivirus mail5

HEPiX meeting 2004 Rafal Otto (IT/IS) New architecture Listbox4 Exchange Back Ends Other Sendmail Outside CernUsers cernmxlb cernmx01 to 06, load balanced Antivirus, Antispam, Antiflood. Authenticated Trusted host Mmm (Front Ends)

HEPiX meeting 2004 Rafal Otto (IT/IS) Feature Overview Low level Spam Filter ESRE Evident Spam Rejection based on Envelope DNS checks Internal Blacklists Anti Flood System IFD Intelligent Flood Detection IPFromTo Reject If score too high Content Spam Filter SpamKiller Content based Intelligent Detection Add header with Spam Detection Score Reject Clean mail with Spam header Virus Scanning Symantec Symantec Antivirus for Exchange Clean viruses, remove un-cleanable files. Mail from Internet Exchange Back-Ends / Other CERN Mail Servers Internet / Outside CERN Reject If 500 mails in 10 minutes

HEPiX meeting 2004 Rafal Otto (IT/IS) Technical Overview Incoming Mail HELO / EHLO MAIL FROM RCPT TO _EOD Nothing done at this level, Sinks don’t provide information on sender’s IP. CommandEvent Sink action End Of Data If IP is Back-End server, abort checks. (currently all CERN IPs). IP checks: Reject if IP is listed in IPBadBoys. Reject if no Reverse DNS configured for IP. Reject if domain (given by reverse DNS) if listed in SpamDomains. Reject if IP is currently Flooding. From (envelope From) checks: Reject if From listed in Spammers. Reject if no MX configured for From domain. Reject if From is currently Flooding. Reject if no Reverse SMTP Connect. If IP is Back-End server, abort checks. To checks: Reject if domain not listed in RelayDomains. Reject if To listed in SpamDests. Reject if To is currently Flooding. If IP is Back-End server, abort checks, log outgoing message. From (real displayed From) checks: Reject if From listed in Spammers. Reject if no MX configured for From domain. Reject if From is currently Flooding. Add X-External header if IP not listed in Inside CERN IP. Send mail to SpamKiller servers: Write score in Keywords header. If Spam rewrite subject if recipient match configuration. If Spam change recipient if match configuration.

HEPiX meeting 2004 Rafal Otto (IT/IS) Benefits SMTP Gateways have a 100% uptime, due to load balancing. Floods (everyday!) are automatically detected and blocked. Automatic generated graphics and mail queues monitoring show quickly any problem. Configuration and log files can easily be checked by Helpdesk, if any problem is raised.

HEPiX meeting 2004 Rafal Otto (IT/IS) Gateways statistics 1 day statistics on SMTP gateways: CERN receives 84% of Spam (92% on Week Ends) ! But 81% is rejected. Huge increase of mails rejected due to forbidden attachments, from 15pm to 3am. This is a virus attack ! Classic day, ‘No Reverse DNS’ reject reason is number one, except when a flood is detected.

HEPiX meeting 2004 Rafal Otto (IT/IS) Agenda Exchange 2003 upgrade Mail Gateways upgrade Spam Fighting Evolution

HEPiX meeting 2004 Rafal Otto (IT/IS) Current Status Content based detection is not worth improving Increasing 1% requires lot of work, and may produce false positives. Focus on low level Spam Rejection Reverse DNS activated on 15th June: increase of Spam rejection from 55% to 85%. Reverse SMTP connect rule activated on 6th October. Next steps: Try and identify new techniques: SPF, SenderID, DomainKeys. Try to reject evident Spams, detected by SpamKiller, CERN Content based Spam detection engine.

HEPiX meeting 2004 Rafal Otto (IT/IS) Reverse SMTP Connect Reverse SMTP Connect process: CERN mail gateway receives a mail from CERN mail gateway will simulate a reply to the by trying to connect to the SMTP server responsible for domain.com (MX): If connection succeeds, the mail is accepted. If connection fails, mail is rejected with a temporary error, if the remote server has temporary problems, the mail will be resent. 25% of mails that we currently accept could be rejected with this rule. No false positives detected.

HEPiX meeting 2004 Rafal Otto (IT/IS) Future “Standards” Solutions being investigated SPF (Sender Policy Framework), Unified SPF evolution (main problem of SPF is that it does not support forwarding). SenderID: merge of SPF and MS Caller-ID. DomainKeys proposed by Yahoo Google put this idea into production TODAY! All these new standards allow to detect mail sender forgery They will not block Spam A validated check DOES NOT mean it is not a Spam.