Www.TASK.to © Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

Slides:



Advertisements
Similar presentations
Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.
Advertisements

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Fighting spam: the thin grey line Alun Jones,
Methods for Stopping Spam James Lick
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Handling Spam in Postfix. Computer Center, CS, NCTU 2 Nature of Spam  Spam UBE – Unsolicited Bulk UCE – Unsolicited Commercial  Spam There.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Sender policy framework. Note: is a good reference source for SPFhttp://
Office 365 SMTP Relay June Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.
Spam Resources How can I help you? William Stearns
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Fighting Spam Enterprise Spam Filtering Using Open Source Tools.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.
TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
CT NIKHEF Nov Mail NIKHEF CT system support.
September 16, 2009 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache.
IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.
Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.
Technical Overview Qube 2. Presentation I. Solutions –A Gateway to the World –A Business Server –An Internet Server –An Server II. Concept –Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Anti-Spam & Anti-Virus WiscMail Implementation University of Wisconsin - Madison CSG Workshop September 21, 2004.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.
1 SMTP Transport Configuration SMTP Configurations and Virtual Servers Customizing the SMTP Service.
CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Botnets An Introduction Into the World of Botnets Tyler Hudak
May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.
Combating Abuse Brian Nisbet NOC Manager HEAnet.
1 Module 5 Securing SCOoffice Server. 2 3 Outlook 21 * 25 80/443* 110/ / /636 * Not used by Outlook Express External Firewall Configuration.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
Issues # 550 When receiving Yes What is the error message? Can you forward that to me? #553 Is the problem when sending or receiving? What kind of.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Security at NCAR David Mitchell February 20th, 2007.
Tired of Spam? The solution is MailWasher
SpamAssassin An Introduction PacNOG I Workshop June 20, 2005 Nadi, Fiji Hervey Allen.
Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.
Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.
GATEWAY WITH PER-USER SPAM BLOCKING AND VIRUS SCANNING Greg Woods National Center for Atmospheric Research Scientific Computing Division Boulder,
Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.
Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.
How a major ISP built a new anti-abuse platform Mike O’Reirdan Comcast Distinguished Engineer Internet Systems Engineering Comcast National Engineering.
LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
1 Copyright © 2015 Pexus LLC Patriot PS Personal Server How to configure as a Mail server.
1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Module 10: Windows Firewall and Caching Fundamentals.
NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.
Sender policy framework. Note: is a good reference source for SPFhttp://
CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.
[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.
Fighting Spam: Tools, Tips, and Techniques Brian Sebby Argonne National Laboratory National Laboratories Information Technology Summit ‘08.
Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.
FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL .
Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.
Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010.
28th March 2003 SPAM Presenter: Matthew Sullivan.
sender policy framework
Anti-Spam Managing Spam with Kerio Connect
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Information Security Session October 24, 2005
Working at a Small-to-Medium Business or ISP – Chapter 7
Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.
Presentation transcript:

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters

People still click on spam

So spammers spam harder! Total (personal) spam received until I had to stop counting: That is 38 hours straight at a rate of deleting 1 spam/second Or one fulltime work week But much more time then that is spend fixing mailservers

And harder... and harder...

It's all available online! Archive at: Webstats archive:

My archive “Collateral Damage” “United Freedom Front” demanded I remove entire archive They launched a few serious DDOS attacks... Sounded extremely childish... Why my archive? Two years later I found out why...

I published MegaMania spam

“Pump and Dump” scheme

Don't try this at home...

Spammers use viruses

The problem

DROP-in filter machine  Put filter machine in DNS  point domain to filter machine via MX But spammers are smart, so:  Add incoming port 25 filter on mail server  ACCEPT incoming port 25 TCP from spam filter to mail server  DROP other incoming port 25  ACCEPT outgoing port 25 TCP

Better placement for filter  Only give mail server an internal IP address  Fully transparent if you give filter machine the name and public IP of the real mail server

101 of the SMTP protocol

Envelope based filtering This will block >99% spam  Block known infected IP addresses for 24 hours  Block open relays / known spammers / Hacked webservers / Rogue ISP's  Block Misidentifying servers  Block RFC violating domains  Block non-existing Senders  Do not accept non-existing Receivers  Use SPF records to refuse forgeries  Refuse everyone for 15 minutes once per 3 days

Content based spam filtering  Filter readme.txt.scr  Filter *.exe, *.reg, etc.  Process zip / rar / gzip / arj  Drop password protected zips  Multiple Anti-virus scanners  Spamassassin rule for image spam works well  Update spamassassin via RulesDuJour  Use distributed resources from Pyzor, Razor and DCC

What not to do  Do not use Bayesian Filters: they cost too much CPU  Do not use CPU expensive spamassassin / RulesDuJour rules  BLACKLIST, BLACKLIST_URI, TRIPWIRE  Do not enable rules meant for older spamassassin versions (!!)  Do not add positive scores, only use negative scores  Don't run more then 1 Amavis thread per 512MB RAM  Be very careful when using port 25 forwarding - remote connections might appear to be “trusted local clients”  Remove all backup MX servers - It's not worth the trouble  Publish SPF records - It will greatly reduce your own bounces!  Do not leave real mail server port 25 open to the net. Spammers find it without MX records and you problem will be worse then before, because now you do not filter anything on the mail host!

Software and online resources  Linux OS (or equivalent)  Postfix Mail Server  Spamassassin / spamd  Amavis content filter  Clamav / Freshclam anti-4us  SPF Filter  MRTG / Apache  pflogsumm.cgi  updat stat  SpamHaus SBL list  VIRBL SBL at BIT.nl  RulesDuJour - Dynamic spamassassin rule updater  Pyzor - Digests Filtering  Razor - Collaborative Filtering  DCC - Distributed Checksums Clearinghouse  SORBS SBL list  RFC-Ignorant SBL list

cdc.xelerance.net example Partial Postfix configuration example: smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access, reject_rbl_client sbl- xbl.spamhaus.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client web.dnsbl.sorbs.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client psbl.surriel.com, check_policy_service unix:postgrey/socket smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender opm.blitzed.org smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender opm.blitzed.org, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rhsbl_sender rhsbl.sorbs.net smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, permit_mynetworks, reject_unauth_destination check_recipient_access = hash:/etc/postfix/recipient_access content_filter = smtp-amavis:[localhost]:10024

I get 0 to 1 spams per day ;-)

spams - 30GB/month

April 2004-March 2007: $4000

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.