Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

Published byFrancis McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill."— Presentation transcript:

1 Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill

2 Anti-Spam Updates Black listed by anti-spam sites Greylisting - Next Generation Spam Fighting

3 Working with Anti-Spam Companies

4 Blacklisted (Backscatter) Spam Cop started blacklisting the email gateways on 2/14/06. –We ask for assistance. No response was given on why we were blacklisted –A few sites had us blacklisted for “back- scatter” What we are doing is RFC compliant but that doesn’t always help!

5 Blacklisted (Back-scatter) Back-scatter –Backscatter occurs when an email system accepts a message for delivery and then the system determines that the message can not be delivered and sends an undeliverable mail notification. What to do? –Users should request that fnal.gov be added to the white list at remote site. –CD changed email system to prevent back-scatter (enabled 2/21) Still blacklisted!

6 Blacklisted (Relay) Is FNAL a Spam Relay? Incoming email marked as spam delivered to ‘user’@fnal.gov –‘user’@fnal.gov forwards email offsite. –’user’@fnal.gov forwards email to ‘user’@’machine’.fnal.gov then forwards email offsite. Email marked as spam sent offsite –Some mail systems treat us as spam relays

7 Blacklisted (Relay) Make recommendation Solution options: –Don’t allow offsite forwards (~4k active) –Follow AV policy - Delete obvious spam Set threshold score for delete, anything below that will be treated as it is now. –Enable spam filter on outgoing email. Delete obvious spam –Quarantine server review Most complicated to implement. Requires time and hardware.

8 Blacklisted (Relay) Recommendations –Delete Incoming spam above a certain threshold spam score Score > 10 delete Score >= 5 < 10 mark as spam and deliver –Set up quarantine server when resources* permit –Scan outgoing email when resources permit *resources are defined as FTE and additional hardware

9 Greylisting

10 What It Does Requires all email from unknown servers to retry sending their message a short time later. Virus infected computers spewing spam (and viruses) won’t retry. (yet). Many system administrators report up to 90% spam reduction.

11 How Messages Go Remote IP: smtp42.somelab.org Env Sender: John.smith@somelab.org Env Recipient: helpdesk@fnal.gov Combination unseen before – Temporarily Reject Message Remote Server retries delivery at a later time, at least 5 minutes later. Remote IP: smtp42.somelab.org Env Sender: John.smith@somelab.org Env Recipient: helpdesk@fnal.gov Combination in Database – Message Accepted

12 Who uses it DESY Zeuthen site is using Greylisting. DESY is also using SpamAssassin centrally University of Bergen - the Norwegian university of Bergen is using greylisting on their mail server. Texas A&M University - This Texas university is using greylisting: www.tamu.edu/network-services/smtp-relay/greylisting.html Leibniz Rechen Zentrum - LRZ is a major German internet hub for academic institutions in southern Germany. They started using greylisting as a method of limiting spam a couple of months ago: www.lrz-muenchen.de/aktuell/ali2052/ www.lrz-muenchen.de/aktuell/ali2052/ APNIC (Asia Pacific Network Information Centre) - This organisation, one of the five major internet registries of the world, is also using greylisting: www.apnic.net/info/contact/greylisting.htmlwww.apnic.net/info/contact/greylisting.html RWTH - RWTH is a large German University. They have a page on their greylisting (german) here: www.rz.rwth- aachen.de/infodienste/email/greylisting.php

13 How It Works Records a triplet consisting of remote server ip address, envelope sender, and envelope recipient. If that triplet hasn’t been seen before, enter it in the database and reject the message with a temporary failure code. If the triplet has been seen more than 5 minutes before, and less than the expire time for entries, accept the message.

14 Possible Fallout Some people will see a delay getting email from someone new. This will be between 5 minutes and however long the remote server takes to retry delivery. Generally not more than 1 hour. A few sites won’t retry. They are broken, but need to be dealt with.

15 Solutions WhiteLists –Our greylist package provides downloadable whitelists of known broken/good email servers. –Local whitelists are maintainable. Opt-Out –We can maintain an ‘opt-out’ list, for people who prefer to get more spam.

16 Rollout Timeline Upgrade Hepa machines version of Postfix and install local mysql server. 1 day (Done) Install sqlgrey Greylisting service. Configure postfix to warn only (in the mail logs) to prebuild databases. 15-30 days (Done) Monitor Logs for legit mail that isn’t getting through. Ongoing Turn greylisting on “for real”. (3/8/2006)

Download ppt "Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill."

Similar presentations

Example policy elements and their role in bandwidth management and optimisation.

Example policy elements and their role in bandwidth management and optimisation.
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Fighting spam: the thin grey line Alun Jones,

Fighting spam: the thin grey line Alun Jones,
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.

UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.
Tony BrettOUCS Course Code ZAE 1 March 2004 Webmail – the new WING Tony Brett Oxford University Computing Services.

Tony BrettOUCS Course Code ZAE 1 March 2004 Webmail – the new WING Tony Brett Oxford University Computing Services.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
0 EMAIL 5000 Series DATA MANAGEMENT. 1 Why Email? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.

Series DATA MANAGEMENT. 1 Why ? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.

Spam Reduction Techniques Using greylisting and SpamAssassin.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
CT NIKHEF Nov 2003 1 Mail NIKHEF CT system support.

CT NIKHEF Nov Mail NIKHEF CT system support.

Similar presentations

Ads by Google