Email Filtering with Open Source Software OLUG – June 7, 2005.

Slides:

Advertisements

Similar presentations

Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.

Advertisements

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

1 Effective, secure and reliable hosted security and continuity solution.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

Dealing With Spam The kind, not the Food product.

AVG Internet Security 7.5 Product presentation.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? Intelligent Message Filter provides server-side message filtering,

Remote mailbox access gateway Software lab project.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

Guide to Operating System Security Chapter 10 Security.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Fighting Spam Enterprise Spam Filtering Using Open Source Tools.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

No. 1 anti-spam solution for Exchange/SMTP/Lotus.

Filter Services. Advantages of Using Spam Filters Effective Filter Bigger Bandwidth Space Easy Interface Accurate Results.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

CT NIKHEF Nov Mail NIKHEF CT system support.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

AND SPAM BY OLUWATOBI BAKARE

Stop Spam by using SpamAssassin and Procmail ! Mark Kushinsky – MDS Computer Solutions

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

Security and Messaging Matthew Smith Systems Consultant Raven Computers Ltd Security and Messaging Matthew Smith Systems Consultant Raven Computers Ltd.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Module 6 Planning and Deploying Messaging Security.

Norman Protection Powerful and flexible Protection Gateway.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

V 1.0 May 16,2011 Audience: Staff Outlook Agent For the latest version of this document please go to:

1 SCOoffice Server for OpenServer Technical Overview.

ClamAV An Introduction PacNOG I Workshop June 21, 2005 Nadi, Fiji Hervey Allen.

Common Servers in a Workplace Environment Brandon Reynolds Computer Electronic Networking Dept. of Technology, Eastern Kentucky University.

SpamAssassin Filter Rodney Weakly April 26, 2006.

1 Adding Secure and Collaboration to Your Business with SCOoffice Server 4.1.

銳擎智識股份有限公司銳擎智識股份有限公司 Executive Vice President Richard Chuang

SpamAssassin An Introduction PacNOG I Workshop June 20, 2005 Nadi, Fiji Hervey Allen.

GATEWAY WITH PER-USER SPAM BLOCKING AND VIRUS SCANNING Greg Woods National Center for Atmospheric Research Scientific Computing Division Boulder,

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

Module 8 : Configuration II Jong S. Bok

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

K-12 Web & Content Filtering Michael I. DeBakey Network and Systems Administrator Lester S. Stoltzfus Director of.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Security fundamentals Topic 9 Securing internet messaging.

NetTech Solutions Protecting the Computer Lesson 10.

1 Adding Secure and Collaboration to Your Business with SCOoffice Server 4.1 Marc Modersitzki.

Do Now: Describe the steps used to access the comments tool in MS Word. ( review your notes for the answer) Ex: Step 1. Select the text or item you want.

TOPIC 7.0 LINUX SERVICES AND CONFIGURATION. ROOT USER Root user is called “super user” because it has power far beyond those of mortal user. As root,

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

Linux Security Tools Keeping your servers safe Ubuntu NY Local Community Team Carl Schmidtmann Faultline Network Solutions, Inc.

Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010.

Managing Windows Security

TMG Client Protection 6NPS – Session 7.

Internet Business Associate v2.0

Top 5 Open Source Firewall Software for Linux User

Configuring Windows Firewall with Advanced Security

ClamXav Antivirus Scanner: A Free Tool for Your Mac OS X

Information Security Session October 24, 2005

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Presentation transcript:

Filtering with Open Source Software OLUG – June 7, 2005

Presenter Bio Undergraduate Education – Nebraska Wesleyan University B.A. Business Administration Minor Computer Science Professional Experience – 3 years experience as Software Engineer Vertical Market Software Application Development – 5 years as Network Engineer VAR / Consulting Industry

This Presentation Will be ‘High Level’ – the proposed solution is simple to install and configure by anyone with Basic to Intermediate Linux skills Presenter not an experienced speaker Please ask questions or elaborations at any time! Handout with resources available

Spam/Virus in – Well Known Problem Spam, virus, worms, spyware, phishing attacks on the rise. Problem increasing for companies, both large and small.

Commercial Solutions Expensive Many do not work very well Customization tricky in some areas Stability

Open Source – A better solution using Best of Breed Tools Sendmail – Ubiquitous open source mailer MimeDefang – Open source framework for filtering ClamAV – Open source virus scanner SpamAssassin – Open source spam filter.

Overview of Solution Sendmail ‘Bastion’ host filters mail for a Microsoft Exchange Server Mail ‘tagged-and-forwarded’ for processing by the MUA (Outlook) Benefits – Exchange Server not on the Internet – Mail will store if Exchange server not available

Solution Diagram

Overview of Solution - continued Mail scanned for – Virus – Phishing Attacks – Real-time blacklist listing (RBL) – Exploit blacklist listing (XBL) – Spam content – Un-allowed file extensions in Attachments Inside Zip files – Malformed MIME Takes advantage of flaws in the MUA (Outlook mainly) – Spam fingerprint/checksum check Razor, DCC

Disadvantages of Solution Not tightly integrated with destination MTA (Microsoft Exchange in this case) – Users can’t self-manage whitelists, blacklists – Can’t auto-whitelist based on users address book May actually be seen as a benefit by reducing complexity

Sendmail Configuration 8.13.X – needed for milter support Configured with Milter support to allow MimeDefang to interface with Sendmail Configured with mailertable support which allows direction of scanned mail to internal Exchange Server Other then this, standard install – refer to MimeDefang howto

MimeDefang Overview Combination of Perl and C ‘Filter’ written entirely in Perl which allows for complete and easy control and customization over the entire process. – Uses common Perl Modules found on CPAN Mime decoding Zip decompressing Syslog Etc – Uses other well-written modules Razor, DCC Well written and documented with an active mailing list –

MimeDefang Configuration Compile, install, add to init scripts Stock Filter – very good start Enable different set of allowed extensions inside Zip archive Enable DCC and Razor spam fingerprint check Enable filter_recipient code to check for recipient in target organization – Entry in mimedefang-filter

ClamAV Overview Premier open source virus scanner Fast definition updates Support for blended threats such as recent Microsoft JPEG exploit and Icon overflow Support for blocking major Phishing attempts

ClamAV Configuration Compile and install Start clamd in init scripts Configure Freshclam – Runs via cron to keep virus database up to date New scanning engines require manual compilation and installation

SpamAssassin Overview Open source spam identification system Utilizes a scoring system – Tokens, scores, thresholds Can use Bayesian scoring to customize itself to the business Very easy to write your own ‘tests’ – Ex: German spam from recent Sober Virus – Other 3 rd party tests available

SpamAssassin Configuration Compile and install as outlined in the MimeDefang howto Not currently using Bayes features due to multi-business approach MimeDefang does not use spamd (SpamAssassin Daemon), but instead calls the Perl modules itself

Exchange Server Configuration Enable Recipient Filtering to allow Exchange to refuse non-existent users – Available in 2003, not on by default Could also use Sendmail’s Access features or integrate LDAP lookups into the MimeDefang code

MUA Configuration - Outlook Create a server-side rule – Will run even when Outlook is closed Examine header – X-Spam-Status: Yes Send mail to ‘Junk Mail’ folder We do this to allow users to inspect their own junk mail. Another option would be a central quarantine

Testing Test MimeDefang – Send test banned attachments Test SpamAssassin – GTUBE – Generic test for unsolicited bulk Test ClamAV – Harmless Eicar Virus – detected by most AV scanners – Worm.Sobig.F – Found at ClamAV Howto – TestVirus.org – Sends over 30 kinds of virus Put into production and watch logs!

Other Ideas Central Quarantine Bayes Scanning Scan outgoing (ISP) Disclaimer Boilerplate Compliance Processing Rate Limiting/GreetPause Per user settings (whitelists, Bayes, blacklists, spam thresholds) – SQL Database – Web Front-end

Results 100% Uptime in 8 months service Easily deflected recent Sober.P outbreak Estimated 98% Spam catch Almost non-existent false positive rate Has deflected many JPEG, Icon, Phishing, and other non-virus threats

Resources The MimeDefang Howto – Using MimeDefang with ClamAV – SpamAssassin WIKI – Me: – – Andrew Embury

Questions Open for questions