The Anti-SPAM service from Forskningsnettet - What is new about it? TF-MSP meeting 4/ Martin Bech, UNI-C
Fighting SPAM A well-known problem Well-known solutions We all deal with spam Lots of home-built solutions Even more commercial services Is there anything more for us as an NREN to do in this field?
Motivation for a common Anti- spam service All universities are centralizing mail handling All Universities are using considerable resources fighting spam Maybe some kind of economy of scale may be achieved And we may even have a few new ideas to make the whole service better and innovative…
The basic idea Make the storage of spam mail the sender’s problem While still preserving the benefits of having received the mails
RFC 2821 SMTP client required to wait 10 minutes before timeout for DATA completion After we have received the final “.” in the mail we scan it while keeping the connection open. If scanning is succesful, we return the “250 OK” message otherwise the “550” message is issued Our “550” message contains a URL that a “human” sender may use to push his through
Standard reception flow Sender MTA HELO local.domain MAIL FROM: RCPT TO: DATA Subject: bla bla More bla bla Immediately reject mail: 550 Mail delivery rejected Open TCP connection Greylisting In a blocking list? Yes Immediately accept mail: 250 Message accepted for delivery No And give the mail the standard filter treatment Bayesian filtering …and whatever Virus scan Non-delivery mail to “sender” Standard delivery
Our approach Sender MTA HELO local.domain MAIL FROM: RCPT TO: DATA Subject: bla bla More bla bla Reject mail: 550 Mail delivery rejected Open TCP connection Greylisting In a blocking list? Yes Immediately accept mail: 250 Message accepted for delivery No Bayesian filtering …and whatever Virus scan Standard delivery Apply filtering while TCP connection from MTA open
Advantages in our approach It is the obligation of the sender to store the rejected mail We don’t issue any non-delivery messages – they are the obligation of the sending MTA Blocked and rejected mails may still be stored as desired by the user
Ability to rescue all important mails from deletion Honest (or at least human) senders may push their mails through – provided they don’t contain virus Users may rescue rejected mails because we can configure the system to keep a copy even when it is the responsibility of the sender to store the rejected mail For instance: You want a mail from a robot whose MTA is on a blocking list
Several ways of recipient validation LDAP Radius AD “SMTP Interruptus” which means sending RCTP To: user to the mail-server and breaking the connection
Configurable on domain and user level
Anti-SPAM production configuration This figure is not very fancy, but the aim is to transmit the message that we have designed this with scalability in mind
Would a similar service be relevant in your NREN? A tremendous interest from the users All built using open-source components No licences – only costs are our developers and the operations of the servers We could help you build a similar setup – call me!
Hvis du arbejder med mailscanning (Anti-SPAM) Så vil du være glad for at vide at der er en Mail-scan erfa-gruppe Mail-scan mailliste (som man tilmelder sig på Nyhed om dette som kommer i Forskningsnettets e-nyhedsbrev (som man tilmelder sig på