Email Update Unix Users Feb 2006 Kevin Hill. Email Update Spam Cop (We’ve been busted!) Greylisting- Next Generation Spam Fighting.

Slides:



Advertisements
Similar presentations
1 Effective, secure and reliable hosted security and continuity solution.
Advertisements

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Fighting spam: the thin grey line Alun Jones,
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.
GrapevineCS-4513, D-Term Introduction to the Grapevine Distributed System CS-4513 Distributed Computing Systems.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
IP Routing: an Introduction. Quiz
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Introduction <Header Title> Last saved: YYYY-MM-DD
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Series DATA MANAGEMENT. 1 Why ? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.
TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
SMS Gateway OZEKI NG Document version: v Adding SMS functionality to SysAid.
Implementing High Availability
Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
SMS Gateway OZEKI NG Document version: v Adding SMS functionality to Sharepoint.
What’s New in WatchGuard XCS v9.1 Update 2. WatchGuard XCS v9.1 Update 2  Introduce New Features WatchGuard XCS Outlook Add-in Secur Encryption.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Combating Abuse Brian Nisbet NOC Manager HEAnet.
IT Update Faculty Senate September 1, 2004 University of Houston Information Technology.
Mail Services.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
PPD Computing “Business Continuity” Windows and Mac Kevin Dunford May 17 th 2012.
IT:Network:Applications.  How messaging servers work  Initial tips for success Exchange management  Server roles  Exchange Server Management  Message.
Phones and fieldTask. Session Objective Be familiar with: – selecting smart phones for a survey, – configuring them – and using them – fieldTask (c) Smap.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama.
Vantage Report 3.0 Product Sales Guide
Week 7 Objectives Installing a DHCP Server Role Configuring DHCP Scopes Managing a DHCP Database Securing and Monitoring DHCP.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Types of Electronic Infection
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.
Module 7: Managing Message Transport. Overview Introduction to Message Transport Implementing Message Transport.
Data Communications and Networks Chapter 5 – Network Services DNS, DHCP, FTP and SMTP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.
Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.
Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
Created by Ed, VE7ED.  For a Winlink user to receive a message, the sender's address must be listed in the recipient's whitelist (the accept list)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
3 rd Party Registration & Account Management SMT Update To AMWG February 23, 2016.
CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.
PROXY SERVER Kalyani Ravi. A proxy server is essentially an electronic gatekeeper, residing between an organization's internal network and the Internet,
554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.
[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.
Monitoring Dynamic IOC Installations Using the alive Record Dohn Arms Beamline Controls & Data Acquisition Group Advanced Photon Source.
PC Manager Meeting February 22, Today Updates Next Meeting Windows Policy Licensing/Training Security Tool Of The Month DOE Microsoft Tech.
FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL .
Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.
Network System Security - Task 2. Russell Johnston.
TYPES OF SERVER. TYPES OF SERVER What is a server.
Fix AOL Mail Error Code 554 Call for Help
Fix Yahoo Mail Box Error 550 Call for Help
Information Security Session October 24, 2005
Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.
This is the Sign In page for the Dashboard
Pavel Dobrý Engineering Director
LO3 – Understand Business IT Systems
Presentation transcript:

Update Unix Users Feb 2006 Kevin Hill

Update Spam Cop (We’ve been busted!) Greylisting- Next Generation Spam Fighting

Spam Cop Spam Cop started blacklisting the gateways on 2/14/06. –We complained. No response was given on why we were blacklisted but we were removed on 2/16/06 –We were added again on 2/17/06! –A few sites had us blacklisted for “back- scatter” What we are doing is RFC compliant but that doesn’t always help!

Spam Cop Back-scatter –Backscatter occurs when an system accepts a message for delivery and then the system determines that the message can not be delivered and sends an undeliverable mail notification. What to do? –Request that fnal.gov be added to the white list at remote site. –CD changing system to prevent back-scatter (enabled 2/21) –CD Implementing greylisting soon!

Greylisting

What It Does Requires all from unknown servers to retry sending their message a short time later. Virus infected computers spewing spam (and viruses) won’t retry. (yet). Many system administrators report up to 90% spam reduction.

How Messages Go Remote IP: smtp42.somelab.org Env Sender: Env Recpient: Combination unseen before – Temprarily Reject Message Remote Server retries delivery at a later time, at least 5 minutes later. Remote IP: smtp42.somelab.org Env Sender: Env Recpient: Combination in Database – Message Accepted

Who uses it University of Bergen - the Norwegian university of Bergen is using greylisting on their mail server. Texas A&M University - This Texas university is using greylisting: Leibniz Rechen Zentrum - LRZ is a major German internet hub for academic institutions in southern Germany. They started using greylisting as a method of limiting spam a couple of months ago: APNIC (Asia Pacific Network Information Centre) - This organisation, one of the five major internet registries of the world, is also using greylisting: RWTH - RWTH is a large German University. They have a page on their greylisting (german) here: aachen.de/infodienste/ /greylisting.php

How It Works Records a triplet consisting of remote server ip address, envelope sender, and envelope recipient. If that triplet hasn’t been seen before, enter it in the database and reject the message with a temporary failure code. If the triplet has been seen more than 5 minutes before, and less than the expire time for entries, accept the message.

Possible Fallout Some people will see a delay getting from someone new. This will be between 5 minutes and however long the remote server takes to retry delivery. Generally not more than 1 hour. A few sites won’t retry. They are broken, but need to be dealt with.

Solutions Most greylist packages provide downloadable whitelists of known broken/good servers. Local whitelists are maintainable. Greylisting package we are looking at has Automatic Whitelists. We can maintain an ‘opt-out’ list, for people who prefer to get more spam.

Our recommended Implementation Use SQLGREY for Postfix. Uses Mysql for storage of greylist triplets, auto whitelist tables, and opt-out lists. Initial greylist retry wait time is 5 minutes. Message must be resent within 24 hours or new 5 minute wait will be instituted. After 2 successful s from a Server/Sender Domain pair, that pair is added to the Auto-Whitelist. Auto-whitelist entries expire after 60 days without mail from that server/sender domain.

Rollout Timeline Upgrade Hepa machines version of Postfix and install local mysql server. 1 day (Done) Install sqlgrey Greylisting service. Configure postfix to warn only (in the mail logs) to prebuild databases days Monitor Logs for legit mail that isn’t getting through. Ongoing Turn greylisting on “for real”. Hepa machines currently have enough capacity to upgrade/install one while the other handles all incoming mail, so no downtime required.