Homework 04 Hint Mail System. Computer Center, CS, NCTU 2 Software  Postfix mail/postfix  POP/IMAP mail/dovecot  MTA filter security/amavisd-new 

Slides:

Advertisements

Similar presentations

Securing Bruce Maggs. Separate Suites of Protocols Protocols for retrieving POP, IMAP, MAPI (Microsoft Exchange) Protocols for sending

Advertisements

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Methods for Stopping Spam James Lick

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

AVG Internet Security 7.5 Product presentation.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

Enterprise Network Security Accessing the WAN Lecture week 4.

Guide to Operating System Security Chapter 10 Security.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Spam Reduction Techniques Using greylisting and SpamAssassin.

September 16, 2009 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache.

Belnet Antispam Pro A practical example Belnet – Aris Adamantiadis BNC – 24 November 2011.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Filtering with Open Source Software OLUG – June 7, 2005.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Implementing POP3 and IMAP4 Using Dovecot

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Combating Abuse Brian Nisbet NOC Manager HEAnet.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Mail Server Three major components MTA MUA MDA Mail Transfer Agent

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

ProtectionProfiles. 2 Fortinet Technologies Protection Profiles Protection profiles control t the type of traffic protected t HTTP t FTP t IMAP t POP3.

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

Dovecot – server for pop and imap AfNOG CHIX Blantyre, Malawi October - November, 2011 (Materials developed by Joel Jaeggli For AfNOG)‏

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Onno W. Purbo openssl Onno W. Purbo

Mail Service Mail Service using Postfix Campus-Booster ID : **XXXXX

1 SCOoffice Server for OpenServer Technical Overview.

Configuring Linux Mail Servers Objectives –This chapter will show you how to install and use Mailservers Contents –An Overview Of How Sendmail Works –Sendmail.

Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-

NA Homework 4+5 Postfix + DNS. 2 Demo >Setup everything before Demo, or you ’ ll get no point if something don ’ t work. >Show your mail functions to.

1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Securing Bruce Maggs. Separate Suites of Protocols Protocols for retrieving POP, IMAP, MAPI (Microsoft Exchange) Protocols for sending

SpamAssassin An Introduction PacNOG I Workshop June 20, 2005 Nadi, Fiji Hervey Allen.

Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.

Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.

1 COP 4343 Unix System Administration Unit 14: – send and receive mail – mail filtering – mail server – mailing lists.

Homework 3 Mail System Hint.

Security Unix Mail Services David Funk Systems Administrators Computer Systems Support COE, University of Iowa.

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Homework 04 Mail System. Computer Center, CS, NCTU 2 Architecture SMTP POP3/IMAP domain.tld Internet Users sub.domain.tld Mail Server.

Advanced Sendmail Part 1

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

Security fundamentals Topic 9 Securing internet messaging.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.

Linux Operations and Administration Chapter Twelve Configuring a Mail Server.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

LINUXCHIX WEBMAIL. Software run by an ISP or online service that provides access to send, receive, and review using only your Web browser. Users.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Office of the Vice President for Information Technology Enterprise Information Technology Services T HE U NIVERSITY OF G EORGIA Mail Gateway Future March.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.

Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010.

Anti-Spam Managing Spam with Kerio Connect

Network Administration Practice Homework4 – Mail System

Implementing Network Access Protection

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

Homework 03 Announce: Due:

Presentation transcript:

Homework 04 Hint Mail System

Computer Center, CS, NCTU 2 Software  Postfix mail/postfix  POP/IMAP mail/dovecot  MTA filter security/amavisd-new  MDA filter mail/procmail  Greylisting mail/postgrey  Anti-virus security/clamav  DKIM signature mail/dkimproxy  SPF  mail/sid-milter  mail/postfix-policyd-spf-perl  mail/postfix-policyd-spf-python  Webmail www/horde-base mail/roundcube mail/squirrelmail

Computer Center, CS, NCTU 3 Postfix – Installation  Options make config

Computer Center, CS, NCTU 4 Postfix – Installation (Cont.)  Execute the Postfix sendmail program install -o root -g wheel -m 555 /tmp/WRKDIR/usr/ports/mail/postfix/work/postfix /auxiliary/rmail/rmail /usr/local/bin/rmail install -o root -g wheel -m 555 /tmp/WRKDIR/usr/ports/mail/postfix/work/postfix /auxiliary/qshape/qshape.pl /usr/local/bin/qshape install -o root -g wheel -m 444 /tmp/WRKDIR/usr/ports/mail/postfix/work/postfix-2.9.1/man/man1/qshape.1 /usr/local/man/man1 ===> Installing rc.d startup script(s) Would you like to activate Postfix in /etc/mail/mailer.conf [n]?y

Computer Center, CS, NCTU 5 Postfix – Configuration  Stop sendmail  Edit /etc/rc.conf  Edit /etc/periodic.conf If it does not exist please create it Disable some sendmail specific daily maintenance routines sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO " postfix_enable=“YES” /etc/rc.d/sendmail stop daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"

Computer Center, CS, NCTU 6 Postfix – Configuration (Cont.)  Edit /usr/local/etc/postfix/master.cf Enable postscreen  Whitelist  RBL  Edit /usr/local/etc/postfix/main.cf smtpd_client_restrictions  Deny from dynamic host  Start Postfix  Troubleshooting Check log  /var/log/maillog  /var/log/messages /usr/local/etc/rc.d/postfix start

Computer Center, CS, NCTU 7 Postfix – Postscreen  postscreen_dnsbl_sites Allows to weigh black/whitelists  postscreen_dnsbl_threshold When a client's score is equal to or greater than threshold, the message will be rejected postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites = zen.spamhaus.org*2, bl.spamcop.net*1, b.barracudacentral.org*1, list.dnswl.org*-1, swl.spamhaus.org*-1, dwl.spamhaus.org*-1

Computer Center, CS, NCTU 8 Dovecot  POP3(s)/IMAP(s) SSL support  SASL Authentication SASL support in the SMTP server  Configuring the following files /usr/local/etc/dovecot.conf /usr/local/etc/postfix/main.cf  Edit /etc/rc.conf  Start Dovecot zfs [~] -wangth- postconf -a dovecot dovecot_enable=“YES” /usr/local/etc/rc.d/dovecot start

Computer Center, CS, NCTU 9 Amavisd-new  Interface to MTA  Anti-virus supports daemonized virus and scanners accessible via Perl modules  Anti-spam SpamAssassin  DKIM signing and verification  SPF verification check

Computer Center, CS, NCTU 10 Amavisd-new (Cont.)  Configuring the following files /usr/local/etc/amavisd.conf /usr/local/etc/postfix/main.cf /usr/local/etc/postfix/master.cf  Run the sa-update command at the first time Automate SpamAssassin rule updates  Edit /etc/rc.conf  Start Amavisd amavisd_enable=“YES” /usr/local/etc/rc.d/amavisd start

Computer Center, CS, NCTU 11 Procmail  Configuring the following file /usr/local/etc/procmailrc  mmencode converters/mmencode Translate to and from mail-oriented encoding formats  Base64  Quote-Printable  zh-pm-lib zfs [~] -wangth- echo –n " 蘭迪 " | mmencode 6Jit6L+q zfs [~] -wangth- echo –n " 蘭迪 " | mmencode -q =E8=98=AD=E8=BF=AA=

Computer Center, CS, NCTU 12 DKIM signing  Create configuration files  Configuring the following files /usr/local/etc/dkimproxy_out.conf /usr/local/etc/postfix/master.cf  Edit /etc/rc.conf  Start dkimproxy zfs [/usr/local/etc] -wangth- sudo cp dkimproxy_in.conf.sample\ dkimproxy_in.conf zfs [/usr/local/etc] -wangth- sudo cp dkimproxy_out.conf.sample\ dkimproxy_out.conf dkimproxy_out_enable="YES" /usr/local/etc/rc.d/dkimproxy_out start

Computer Center, CS, NCTU 13 SPF  SPF record Add a TXT record to your zone file SPF wizard   SPF check sid-milter  An sid and spf milter for Sendmail Postfix configuration parameter  smtpd_milters

Computer Center, CS, NCTU 14 DNSBL filtering – Spamhaus   Safe DNSBLs for safe filters IP-based blacklist  SBL (Spamhaus Block List)  XBL (Exploits Blocks List)  PBL (Policy Block List)  ZEN ( 禪 ) Domain-based blacklist  DBL

Computer Center, CS, NCTU 15 DNSBL filtering – Spamhaus (Cont.)  SBL Static UBE sources, verified spam services and ROKSO spammers  XBL Illegal 3rd party exploits, including proxies, worms and trojan exploits  PBL End-user Non-MTA IP addresses set by ISP outbound mail policy  ZEN The combination of all Spamhaus IP-based DNSBLs  SBL, SBLCSS, XBL and PBL blocklists UBE: Unsolicited Bulk ROKSO: The Register of Known Spam Operations SBLCSS: Spamhaus Block List Composite SnowShoes

Computer Center, CS, NCTU 16 OpenSSL s_client  A generic SSL/TLS client which connects to a remote host using SSL/TLS very useful diagnostic tool for SSL servers. zfs [/usr/local/etc] -wangth- openssl s_client -connect mail.cs.nctu.edu.tw:993 CONNECTED( ) … --- SSL handshake has read 3859 bytes and written 337 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 5A29EC41C046F1A1090F A98FC8738FF FDC4912DA0BF296E Session-ID-ctx: Master-Key:... Key-Arg : None Start Time: Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] NCTU CS Dovecot ready.

Computer Center, CS, NCTU 17 Webmail – Gmail  SMTP over SSL  SMTP authentication

Computer Center, CS, NCTU 18 Webmail – Gmail  POP3 over SSL  IMAP over SSL

Computer Center, CS, NCTU 19 Reference  Postfix Postscreen Howto  Postfix SASL Howto  設定 - 郵件過濾設定設定 _-_ 郵件過濾設定  Mail-DKIM and DKIMproxy  Setting up DKIM mail signing and verification