Advanced Mail. Greylisting mail/postgrey /usr/local/etc/postfix/postgrey_whitelist_clients /usr/local/etc/postfix/postgrey_whitelist_recipients.

Slides:



Advertisements
Similar presentations
Protocols and Troubleshooting Brandon Checketts.
Advertisements

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis
DKIM WG IETF-67 DKIM Originating Signing Policy Douglas Otis
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
SMTP – Simple Mail Transfer Protocol
(SMTP, MIME) Message transfer protocol (SMTP) vs message format protocols (RFC 822, Multipurpose Internet Mail Extensions or MIME) Message transfer.
Sender policy framework. Note: is a good reference source for SPFhttp://
ICS 101 Fall 2012 Networking and the Internet Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 9/4/20121Lipyeow.
Introduction to Internet Mail Noah Sematimba Based on Materials by Philip Hazel.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Electronic Mail (SMTP, POP, IMAP, MIME)
Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
1 Introduction AfNOG CHIX 2011 Blantyre, Malawi By Evelyn NAMARA.
Grover Kearns, PhD, CPA, CFE Class Videos 2 How works Spoofing
Electronic mail – protocol evolution. standards.
03/09/05Oregon State University X-Sig: An Signing Extension for the Simple Mail Transport Protocol (SMTP) Robert Rose 03/09/05.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
PRINCIPLES – DNS – ARCHITECTURES – SPAM
Intro to Computer Networks Bob Bradley The University of Tennessee at Martin.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
IST346 – Servies Agenda  What is ?  Policies  The technical side of  Components  Protocols  architecture  Security.
LIFECYCLE METADATA FOR DIGITAL OBJECTS Danielle Cunniff Plumer School of Information The University of Texas at Austin Summer 2014.
1999 Asian Women's Network Training Workshop 1 Technical Terms We Can’t Avoid.
DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.
Prof. John A. Copeland fax Office: Klaus
Advanced Topics of Mail Service
GCSC July FIRE – User downloaded various free and demo media converter programs (as local admin) and was rootkitted. Detected by machine.
Erik Kangas -
Introduction to Internet Mail Abridged & Updated by Hervey Allen Noah Sematimba Based on Materials by Philip Hazel.
A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.
Electronic mail – protocol evolution. standards.
1 Chinese . 2 Introduction  Support SMTP/POP3/IMAP4  On Unix platform  Provide Webmail –Functions: On line registration On line sending and receiving.
© 2009 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID© 2009 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID.
SPF/Sender-ID DNS & DDoS Threats Operations Analysis and Research Center for the Internet Douglas Otis November 3, 2007
Responsible Submitter An SMTP Service Extension IETF 60 San Diego, CA Harry Katz Microsoft Corp. 8/4/2004.
CAN SPAM and Your Marketing Best Practices for Senders By Lars Helgeson Cooler .
A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Accredited DomainKeys: A Service Architecture for Improved Validation Accredited DomainKeys: A Service Architecture for Improved Validation.
SPF/Sender-ID DNS & DDoS Threats Internet Security Operations and Intelligence II Douglas Otis
Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.
LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
Homework 04 Mail System. Computer Center, CS, NCTU 2 Architecture SMTP POP3/IMAP domain.tld Internet Users sub.domain.tld Mail Server.
SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.
Technical Awareness on Analysis of Headers.
Sender policy framework. Note: is a good reference source for SPFhttp://
SMTP - Simple Mail Transfer Protocol RFC 821
Advanced Mail. Computer Center, CS, NCTU 2 Introduction  SPAM vs. non-SPAM Mail sent by spammer vs. non-spammer  Problem of SPAM mail Over 99% of s.
X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT Electronic Mail.
Network Applications: DNS Y. Richard Yang 2/1/2016.
TLS, and SPF ITIS overview Transport Layer Security (TLS) Sending Simple Mail Transport Protocol (SMTP) A myriad of problems and a.
Sender Reputation in a Large Webmail Service by Bradley Taylor (2006) Presented by : Manoj Kumar & Harsha Vardhana.
درس مهندسی اینترنت – مهدی عمادی مهندسی اینترنت برنامه‌نویسی در اینترنت 1 SMTP, FTP.
Advanced Mail hyili.
sender policy framework
IETF 66 EAI WG Testing Report
Sender ID: An Overview for Registrars ICANN Vancouver December 1, 2005
Network Administration Practice Homework4 – Mail System
What Is DMARC Brian Reid Microsoft Office Servers and Services MVP
Advanced Mail.
This is the Sign In page for the Dashboard
Slides Credit: Sogand Sadrhaghighi
MASS BOF IETF63, Paris 4 August 2005
Presentation transcript:

Advanced Mail

Greylisting mail/postgrey /usr/local/etc/postfix/postgrey_whitelist_clients /usr/local/etc/postfix/postgrey_whitelist_recipients 2

Sender Policy Framework (SPF) RFC 4408 cd /usr/ports/mail && make search key=spf 3

SPF in action 4 From Mon May 11 02:09: Return-Path: X-Original-To: Delivered-To: Received: from an-out-0708.google.com (an-out-0708.google.com [ ]) by knight.lwhsu.ckefgisc.org (Postfix) with ESMTP id D832B11431 for ; Mon, 11 May :09: (CST) Received: by an-out-0708.google.com with SMTP id d14so and.41 for ; Sun, 10 May :09: (PDT) Sender: Received: by with SMTP id v4mr anh ; Sun, 10 May :09: (PDT) Date: Mon, 11 May :09: Message-ID: Subject: test SPF From: Li-Wen Hsu To:

SPF in action 5

SPF Syntax Mechanisms + Pass - Fail ~ SoftFail ? Neutral Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is "Neutral" 6 The content of this page and following are from

SFP evaluation results ResultExplanationIntended action PassThe SPF record designates the host to be allowed to send Accept FailThe SPF record has designated the host as NOT being allowed to send Reject SoftFailThe SPF record has designated the host as NOT being allowed to send but is in transition Accept but mark NeutralThe SPF record specifies explicitly that nothing can be said about validity Accept NoneThe domain does not have an SPF record or the SPF record does not evaluate to a result Accept PermErrorA permanent error has occurred (eg. Badly formatted SPF record) Unspecified TempErrorA transient error has occurredAccept or reject 7

SPF record syntax (Mechanisms) all Always matches Usually at the end of the SPF record ip4 (NOT ipv4) ip4: ip4: / Ip6 (NOT ipv6) ip6: ip6: / a a/ a: a: / 8

SPF record syntax (Mechanisms) mx mx/ mx: mx: / ptr ptr: exists exists: include include: Warning: If the domain does not have a valid SPF record, the result is a permanent error. Some mail receivers will reject based on a PermError. 9

SPF record syntax (Modifiers) redirect redirect= The SPF record for domain replace the current record. The macro-expanded domain is also substituted for the current- domain in those look-ups. exp exp= If an SMTP receiver rejects a message, it can include an explanation. An SPF publisher can specify the explanation string that senders see. This way, an ISP can direct nonconforming users to a web page that provides further instructions about how to configure SASL. The domain is expanded; a TXT lookup is performed. The result of the TXT query is then macro-expanded and shown to the sender. Other macros can be used to provide an customized explanation. 10

On bsd2.cs.nctu.edu.tw From: To: 11

12 Delivered-To: Received: by with SMTP id e12cs464421aga; Sun, 10 May :12: (PDT) Received: by with SMTP id o17mr ebb ; Sun, 10 May :11: (PDT) Return-Path: Received: from csmailgate.cs.nctu.edu.tw (csmailgate2.cs.nctu.edu.tw [ ]) by mx.google.com with ESMTP id 10si eyz ; Sun, 10 May :11: (PDT) Received-SPF: pass (google.com: best guess record for domain of designates as permitted sender) client- ip= ; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of designates as permitted sender) Received: from bsd2.cs.nctu.edu.tw (bsd2 [ ]) by csmailgate.cs.nctu.edu.tw (Postfix) with ESMTP id 189DA3F65E for ; Mon, 11 May :11: (CST) Received: (from by bsd2.cs.nctu.edu.tw (8.14.3/8.14.2/Submit) id n4AJBuTM for Mon, 11 May :11: (CST) (envelope-from lwhsu) Date: Mon, 11 May :11: From: Li-Wen Hsu To: Subject: test if SPF record works

On gmail (lwhsu.tw’s account) From: To: On knight.lwhsu.org (lwhsu.org’s mx) ~lwhsu/.forward: 13

14 Delivered-To: Received: by with SMTP id v4cs221969qck; Sun, 10 May :09: (PDT) Received: by with SMTP id 62mr wee ; Sun, 10 May :09: (PDT) Return-Path: Received: from knight.lwhsu.ckefgisc.org (lwhsusvr.cs.nctu.edu.tw [ ]) by mx.google.com with ESMTP id 24si eyx ; Sun, 10 May :09: (PDT) Received-SPF: neutral (google.com: is neither permitted nor denied by domain of client-ip= ; Authentication-Results: mx.google.com; spf=neutral (google.com: is neither permitted nor denied by domain of Received: by knight.lwhsu.ckefgisc.org (Postfix) id 47F571143E; Mon, 11 May :09: (CST) Delivered-To: Received: from an-out-0708.google.com (an-out-0708.google.com [ ]) by knight.lwhsu.ckefgisc.org (Postfix) with ESMTP id D832B11431 for ; Mon, 11 May :09: (CST) Received: by an-out-0708.google.com with SMTP id d14so and.41 for ; Sun, 10 May :09: (PDT) Sender: Received: by with SMTP id v4mr anh ; Sun, 10 May :09: (PDT) Date: Mon, 11 May :09: Message-ID: Subject: test SPF From: Li-Wen Hsu To:

SPF and Forwarding Does SPF break forwarding? Yes, but only if the receiver checks SPF without understanding their mail receiving architecture. If receivers are going to check SPF, they should whitelist forwarders that do not rewrite the sender address from SPF checks. SRS: Sender Rewriting Scheme 15

On knight.lwhsu.org From: To: 16

17

18 Delivered-To: Received: by with SMTP id e12cs465902aga; Sun, 10 May :26: (PDT) Received: by with SMTP id 8mr ebr ; Sun, 10 May :26: (PDT) Return-Path: Received: from knight.lwhsu.ckefgisc.org (lwhsusvr.cs.nctu.edu.tw [ ]) by mx.google.com with ESMTP id 28si eye ; Sun, 10 May :26: (PDT) Received-SPF: neutral (google.com: is neither permitted nor denied by best guess record for domain of client- ip= ; Authentication-Results: mx.google.com; spf=neutral (google.com: is neither permitted nor denied by best guess record for domain of Received: by knight.lwhsu.ckefgisc.org (Postfix, from userid 1001) id 444EF1143E; Mon, 11 May :26: (CST) Date: Mon, 11 May :26: From: Li-Wen Hsu To: Subject: test cs.nctu.edu.tw SPF from external host Message-ID:

19 csns:/etc/namedb/db -lwhsu- dig cs.nctu.edu.tw txt ;; ANSWER SECTION: cs.nctu.edu.tw IN TXT "v=spf1 a mx a:csmailgate.cs.nctu.edu.tw a:csmailgate2.cs.nctu.edu.t w a:csmail.cs.nctu.edu.tw a:csmail1.cs.nctu.edu.tw a:csmail2.cs.nctu.edu.tw a: a:csws1.cs.nctu.edu.tw a:csws2.cs.nctu.edu.tw ~all" ;; ANSWER SECTION: csmx1.cs.nctu.edu.tw IN TXT "v=spf1 a -all“ ;; ANSWER SECTION: csmx2.cs.nctu.edu.tw IN TXT "v=spf1 a -all" ;; ANSWER SECTION: csmx3.cs.nctu.edu.tw IN TXT "v=spf1 a -all"

20 Delivered-To: Received: by with SMTP id e12cs719147aga; Tue, 12 May :49: (PDT) Received: by with SMTP id 21mr qai ; Tue, 12 May :49: (PDT) Return-Path: Received: from FreeBSD.cs.nctu.edu.tw (FreeBSD.cs.nctu.edu.tw [ ]) by mx.google.com with ESMTP id 7si qwf ; Tue, 12 May :49: (PDT) Received-SPF: pass (google.com: best guess record for domain of designates as permitted sender) client-ip= ; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of designates as permitted sender) Received: by FreeBSD.cs.nctu.edu.tw (Postfix, from userid 1058) id 6D98E61DBC; Tue, 12 May :49: (CST) Date: Tue, 12 May :49: From: Li-Wen Hsu To: Subject: test tw.freebsd.org SPF

21 Delivered-To: Received: by with SMTP id e12cs719801aga; Tue, 12 May :56: (PDT) Received: by with SMTP id t20mr qaj ; Tue, 12 May :56: (PDT) Return-Path: Received: from FreeBSD.cs.nctu.edu.tw (FreeBSD.cs.nctu.edu.tw [ ]) by mx.google.com with ESMTP id 5si qwh ; Tue, 12 May :56: (PDT) Received-SPF: pass (google.com: domain of designates as permitted sender) client-ip= ; Authentication-Results: mx.google.com; spf=pass (google.com: domain of designates as permitted sender) Received: by FreeBSD.cs.nctu.edu.tw (Postfix, from userid 1058) id 78CD461DB0; Tue, 12 May :56: (CST) Date: Tue, 12 May :56: From: Li-Wen Hsu To: Subject: test tw.freebsd.org SPF (2)

22 knight:~ -lwhsu- dig pixnet.net txt ;; ANSWER SECTION: pixnet.net IN TXT "v=spf1 include:aspmx.googl .com ip4: /24 ~all"

DomainKeys and DKIM RFC 4870 Domain-Based Authentication Using Public Keys Advertised in the DNS (DomainKeys) RFC 2871 DomainKeys Identified Mail (DKIM) Signatures 23

DKIM-Signature header v=Version a=Hash/signing algorithm q=Algorithm for getting public key d=Signing domain i=Signing identity s=Selector c=Canonicalization algorithm t=Signing time (seconds since 1/1/1970) x=Expiration time h=List of headers included in signature; dkim-signature is implied b=The signature itself bh=Body hash 24

D OMAIN K EYS I DENTIFIED M AIL (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass Derived from Yahoo DomainKeys and Cisco Identified Internet Mail Multi-vendor specification IETF working group being formed Msg header authentication DNS identifiers Public keys in DNS End-to-end Between origin/receiver administrative domains. Not path-based 25

DKIM Goals Validate message content, itself Not related to path Transparent to end users No client User Agent upgrades required But extensible to per-user signing Allow sender delegation Outsourcing Low development, deployment, use costs Avoid large PKI, new Internet services No trusted third parties (except DNS) 26

Technical High-points Signs body and selected parts of header Signature transmitted in DKIM-Signature header Public key stored in DNS In _domainkey subdomain New RR type, fall back to TXT Namespace divided using selectors Allows multiple keys for aging, delegation, etc. Sender Signing Policy lookup for unsigned or improperly signed mail 27

Example: DNS query will be made to: 28 DKIM-Signature: a=rsa-sha1; q=dns; d=example.com; s=jun2005.eng; c=relaxed/simple; t= ; x= ; h=from:to:subject:date; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb av+yuU4zGeeruD00lszZVoG4ZHRNiYzR jun2005.eng._domainkey.example.com DKIM-Signature header

29 From Mon May 11 17:25: Return-Path: X-Original-To: Delivered-To: Received: from web73511.mail.tp2.yahoo.com (web73511.mail.tp2.yahoo.com [ ]) by knight.lwhsu.ckefgisc.org (Postfix) with SMTP id 835AA11431 for ; Mon, 11 May :25: (CST) Received: (qmail invoked by uid 60001); 11 May :25: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.tw; s=s1024; t= ; bh=t3GnH+pN34KpMhlX59Eezm+9eCI68fU2hgid1Kscdrk=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content- Transfer-Encoding; b=emLg4QonGbqb3PhZIEoYfiQVDYMwcBBB6SAEW+RziBEhjxKS2OUWmq5EpD1cxX+uz9MzJ4+fK4QRJZOtd0Y10c6Ce2J+V+C/RHnrjZ3PF8kAhjqv T1GT TdohxivLGrMftg1xFGO//M7ML/fcI4UJL+XP1xhJMBaHlHMGhE1sdGQ= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.tw; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content- Transfer-Encoding; b=DlAhpuGID5ozcL77Ozm5doCQsxHSWaYHULW2hWAb3heXwewHgamqO+McEcSIplcB1JXTIBka7BR6HvbSPWX/XiMrVAjvb6zeRWiXSBWdtxIMpQhj JiBd zC8Y1BPCsdv2UwMgxOmR6i51BTIl+GDWFIKSgm5ky/MzU+ZsdwIhlss=; Message-ID: X-YMail-OSG: _MDOYpoVM1kaHzmTWKmqS4IkJcirBLjILe9qnyYESBBHMWfBYq0yS3ixCQWp3HdwB572OzEZnyUNfM8O4Ko9cX2BTFmCphREKoe8noEA1Ualvmfd8Q zdBS qmFg.RgCpIGuK7pDBWUPjpAzm8QhzdonQV11M_JdPaihhp67zpBtPhQqqyJTiyvKrd.JmxMA-- Received: from [ ] by web73511.mail.tp2.yahoo.com via HTTP; Mon, 11 May :25:44 CST X-Mailer: YahooMailRC/ YahooMailWebService/ Date: Mon, 11 May :25: (CST) From: " 立文 許 " Subject: test DomainKeys To: MIME-Version: 1.0 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable

30 knight:~ -lwhsu- dig gamma._domainkey.gmail.com txt ;; ANSWER SECTION: gamma._domainkey.gmail.com. 300 IN TXT "k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIhyR3oItOy22ZOaBrIVe9m/iME3RqOJeasANSpg2Y THTYV+Xtp4xwf5gTjCmHQEMOs0qYu0FYiNQPQogJ2t0Mfx9zNu06rfRBDjiIU9tpx2T+NGlWZ8qhbiLo5B y8apJavLyqTLavyPSrvsx0B3YzC63T4Age2CDqZYA+OwSMWQIDAQAB" knight:~ -lwhsu- dig s1024._domainkey.yahoo.com.tw txt ;; ANSWER SECTION: s1024._domainkey.yahoo.com.tw IN TXT "k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4U nn+2FAZVGE3kL23bzeoULYv4PeleB3gfm" "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwux K4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"

Sender ID RFC4406, 4405, 4407, 4408 Caller ID for + Sender Policy Framwrok es/senderid/default.mspx 31

32 knight:~ -lwhsu- dig paypal.com txt ;; ANSWER SECTION: paypal.com IN TXT "v=spf1 mx include:spf- 1.paypal.com include:p._spf.paypal.com include:p2._spf.paypal.com include:s._spf.ebay.com include:m._spf.ebay.com include:c._spf.ebay.com include:thirdparty.paypal.com ~all" paypal.com IN TXT "spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com include:p._sid.ebay.com include:c._sid.ebay.com include:spf-2._sid.paypal.com include:thirdparty._sid.paypal.com ~all"

Other MTA? qmail exim Sendmail X MeTA1 33