Fighting Spam Enterprise Spam Filtering Using Open Source Tools.

Slides:



Advertisements
Similar presentations
Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3
Advertisements

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Setting up and configuring BCO EE (BPA) Linux Console How I Learned to Stop Worrying and Love BCO EE Dima Seliverstov 3/3/2014.
Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.
1 Distributed File System, and Disk Quotas (Week 7, Thursday 2/21/2007) © Abdou Illia, Spring 2007.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Professional Informatics & Quality Assurance Software Lifecycle Manager „Tools that are more a help than a hindrance”
Filtering with Open Source Software OLUG – June 7, 2005.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.
Linux Operations and Administration
IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Module 4 - Networking MIS5122: Enterprise Architecture for the IT Auditor.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.
Chapter 9 Scripting RMAN. Background Authors felt that scripting was a topic not covered well Authors wanted to cover both Unix/Linux and Windows environments.
COLD FUSION Deepak Sethi. What is it…. Cold fusion is a complete web application server mainly used for developing e-business applications. It allows.
Learningcomputer.com SQL Server 2008 Configuration Manager.
DB-2: OpenEdge® Replication: How to get Home in Time … Brian Bowman Sr. Solutions Engineer Sandy Caiado Sr. Solutions Engineer.
1 © 2002, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Key differences between Cisco Unity Connection and Cisco Unity Manjit.
Suite zTPFGI Facilities. Suite Focus Three of zTPFGI’s facilities:  zAutomation  zTREX  Logger.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Installing and Using MySQL and phpMyAdmin. Last Time... Installing Apache server Installing PHP Running basic PHP scripts on the server Not necessary.
Deploying Oracle Names Jeff D’Abate Sr. Database Administrator Enterprise Application Services November 19, 2004.
1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.
Suite zTPFGI Facilities. Suite Focus Three of zTPFGI’s facilities:  zAutomation  zTREX  Logger.
1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Overview Managing a DHCP Database Monitoring DHCP
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
SpamAssassin Filter Rodney Weakly April 26, 2006.
SpamAssassin An Introduction PacNOG I Workshop June 20, 2005 Nadi, Fiji Hervey Allen.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
WEEK 11 – TOPOLOGIES, TCP/IP, SHARING & SECURITY IT1001- Personal Computer Hardware System & Operations.
1 Terminology. 2 Requirements for Network Printing Print server Sufficient RAM to process documents Sufficient disk space on the print server.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
TOPIC 7.0 LINUX SERVICES AND CONFIGURATION. ROOT USER Root user is called “super user” because it has power far beyond those of mortal user. As root,
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Active-HDL Server Farm Course 11. All materials updated on: September 30, 2004 Outline 1.Introduction 2.Advantages 3.Requirements 4.Installation 5.Architecture.
Page ADP Technology Training. 2 Page2 Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All.
Linux Security Tools Keeping your servers safe Ubuntu NY Local Community Team Carl Schmidtmann Faultline Network Solutions, Inc.
Welcome POS Synchronize Concept 08 Sept 2015.
Integrating ArcSight with Enterprise Ticketing Systems
Integrating ArcSight with Enterprise Ticketing Systems
Shared Services with Spotfire
Network Load Balancing
Michael Mast Senior Architect
Information Security Session October 24, 2005
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Configuration Of A Pull Network.
System Center Third Party Tools Ivanti Patch and RCT Recast April 2019.
Presentation transcript:

Fighting Spam Enterprise Spam Filtering Using Open Source Tools

Introduction  Newsflash: SPAM is a problem  Newsflash: SPAM is a problem  SRJC: 60-80% of mail received is Spam!  Commercial Solutions exist, but are expensive  Open Source tools are a powerful alternative

Tonight’s Agenda  SpamAssassin Overview  Additional Spam Rules (S.A.R.E.)  Integrating with Multiple Mail Servers  Bayesian Filtering

SpamAssassin – How It Works  Uses the combined score from multiple types of checks to determine if a given message is spam.  Header tests  Body phrase tests  Bayesian filtering  Automatic address whitelist/blacklist  Manual address whitelist/blacklist  Collaborative spam identification databases (DCC, Pyzor, Razor2)  DNS Blocklists ( "RBLs" )  Character sets and locales  Even though any one of these tests might, by themselves, mis-identify a Ham or Spam, their combined score is terribly difficult to fool. HamSpamHamSpam

SpamAssassin - Advantages  Wide-spectrum of different tests  Open Source and Free!  Flexible – works with many platforms and servers  Easy Configuration

SpamAssassin Rules Emporium   Popular Repository for Third Party SpamAssassin Rules  “Actively” Updated between SpamAssassin releases

SARE Usage Guidelines  Just download rules into SpamAssassin directory (i.e.: /etc/spamassassin)  Restart daemon if necessary  Most Popular Rules have “levels” (i.e.: 0 = conservative, 3 = aggressive)  Choose Rules you use carefully!

Rules Du Jour  RulesDuJour RulesDuJour RulesDuJour  Automates updating, downloading and installation of most popular SARE rules

Rules Du Jour  Install script in $PATH (i.e.: /usr/local/sbin) and make executable  Create a blank configuration file at /etc/rulesdujour/config  Add a TRUSTED_RULESETS line to your config file that contains the names of the rulesets you chose. i.e.:  TRUSTED_RULESETS="SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1"  Configure any local settings. Examples below:  SA_DIR="/etc/mail/spamassassin"   SA_RESTART="killall -HUP spamd"  Run this script periodically (manually or via crontab)

SpamAssassin Serving Multiple Servers  Problem:  How do you keep multiple mail servers syncronized?  Spam checking adds load to mail server

SpamAssassin Serving Multiple Servers  Solution: Use a single machine to manage spam sitewide!  Logs, Configuration unified on a single machine

SA/multi-server – set up server  Server must be running SpamAssassin as a daemon (spamd -d)  Server must accept outside connections (i.e.: spamd –A , , )  Make sure server can listen to port 783 (spamd’s default port)

SA/multi-server – set up client  Use “spamc” command instead of “spamassassin”  Use switch for remote server: spamc -d , and so forth …  Test:  spamc –d my.server.net < /path/to/sample/

Bayesian Filtering - Introduction   “Bayesian Filtering uses statistics from previously-classified messages to estimate the likelihood that a particular message is spam.”*   “This likelihood estimate is converted to a (possibly negative) weight which is added to the ad hoc spamminess score.”*   *GORDON V. CORMACK and THOMAS R. LYNAM, University of Waterloo

Bayes – Getting Started  Enable Bayes in Config: use_bayes 1  Put aside space for Bayes DB (either file- based or SQL)  bayes_path /var/local/spamassassin/bayes  or  bayes_store_module Mail::SpamAssassin::BayesStore::SQL

Bayes – Getting Started  Feed Bayes “ham” and “spam”  You MUST feed it samples of good and bad messages to start!  At least 200 samples of each, but use as much as possible  sa-learn --spam --dir /path/to/directory/full/of/spam/msgs  sa-learn --ham --dir /path/to/directory/full/of/ham/msgs

Bayes – Enhancing  Enable automated learning:  bayes_auto_learn 1  bayes_auto_learn_threshold_nonspam 0.1  bayes_auto_learn_threshold_spam 6.0  “Teach” Bayes  Create mailbox for “ham” and “spam” and scan periodically  Note: “Resend” , don’t forward!  You can’t overtrain the Bayes database!

Bayes – Enhancing  Give more “weight” to Bayesian Results  score BAYES_00 -4  score BAYES_05 -2  score BAYES_95 6  score BAYES_99 9

Conclusion  World-class Spam Prevention is Possible with Freely Available Tools!  SRJC Stats:  Process 30,000 – 60,000 messages per day with one dual-processor server  Most messages scanned < 10 seconds ( < 1 without network tests)  < 0.007% false positives/negatives

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.