Presentation is loading. Please wait.

Presentation is loading. Please wait.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

Published byGriffin Henry Modified over 7 years ago

Similar presentations

Presentation on theme: "554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt."— Presentation transcript:

1

2 554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt

3 Fermilab’s Email System HEPA Accepts email from Outside and does Spam Filtering Email Gateways Performs Virus scanning and mail routing IMAP/LISTServ/Local Machines Email can be routed to the central IMAP servers, or Listserv, or other Machines

4 Fermilab Email Policies  We deliver all email unless the email contains viruses, or is causing a denial of service condition.  SPAM is tagged with additional headers that the IMAP servers use to route the message to a “Tagged Spam” folder.  Users can have email delivered to their local machines or to offsite locations. They are not required to use the central IMAP servers.

5 What Happened?  One of the two email gateway systems at Fermilab was added to a Remote Blacklist (RBL) maintained by Spamcop.net (owned by IronPort)  Some sites block incoming email solely on the check of this RBL. Unfortunately this included several HEP sites.

6 Why Did This Happen? We accept all *.fnal.gov addresses We accept all *.fnal.gov addresses All incoming email must pass through our mail gateways. All incoming email must pass through our mail gateways. The HEPA machines could verify central (*@fnal.gov) addresses before accepting, but not local (*@*.fnal.gov) addresses. The HEPA machines could verify central (*@fnal.gov) addresses before accepting, but not local (*@*.fnal.gov) addresses.*@fnal.gov*@*.fnal.gov*@fnal.gov*@*.fnal.gov Mail addressed to invalid addresses on a local machine would later generate a bounce message. Mail addressed to invalid addresses on a local machine would later generate a bounce message.

7 Why Did This Happen? We deliver all email- even SPAM We deliver all email- even SPAM Users can forward their email to offsite addresses, which will result in our email gateways sending spam to the remote server. Users can forward their email to offsite addresses, which will result in our email gateways sending spam to the remote server.

8 To: nobody@cms1.fnal.gov From: user@cern.ch Subject: Make Money Fast! Received: by Hepa from Foreign box Received: by Mailgw from hepa Received: by CERN from mailgw Mail rejected by cms.fnal.gov Mail for nobody. Do you accept? No. Go Away %&#! I didn’t send this! I’m reporting this as SPAM. HepaMailgwCMS1 CERN

9 Fix 1  Eliminate Bounce messages. New software on the HEPA machines allows us to verify any local (*@*.fnal.gov) address before accepting it for delivery. New software on the HEPA machines allows us to verify any local (*@*.fnal.gov) address before accepting it for delivery.*@*.fnal.gov If the address is forged, the HEPA machine will refuse it instead of a bounce message being generated later. If the address is forged, the HEPA machine will refuse it instead of a bounce message being generated later.

10 Fix 2  Don’t deliver “obvious” spam. Messages with a spam score of 8.0 or higher destined for outbound delivery are queued on the email gateways for one week for evaluation before deletion. Messages with a spam score of 8.0 or higher destined for outbound delivery are queued on the email gateways for one week for evaluation before deletion. Investigating web based spam quarantining packages that will catch spam before the message may be forwarded offsite, even if the user isn’t using the central IMAP servers. Investigating web based spam quarantining packages that will catch spam before the message may be forwarded offsite, even if the user isn’t using the central IMAP servers.

11 Fix 3  Acquire alternate IP addresses for the email gateways. In the future, if an email gateway machine is blacklisted, we will have an alternate IP address to switch to as a temporary fix. In the future, if an email gateway machine is blacklisted, we will have an alternate IP address to switch to as a temporary fix.  Encourage users to read email on central systems. The central IMAP servers have a default rule to move spam messages to a “Tagged Spam” folder. The central IMAP servers have a default rule to move spam messages to a “Tagged Spam” folder.

12 Other Preventive Measures  We would like to create a HEPIX community list of designated SMTP servers that we all can use to white list each others mail servers, so we can avoid similar interruptions in the future.  Could be maintained on a web site where systems could automatically update.

Download ppt "554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt."

Similar presentations

1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Basic Communication on the Internet:

Basic Communication on the Internet:
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Dealing With Spam The email kind, not the Food product.

Dealing With Spam The kind, not the Food product.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.

FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE INTERCONTINENTAL GROUP Information security in real business firewall security.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
IT:Network:Applications.  Exchange Recipients  Defining Email Addresses  Managing Mailboxes  Mailbox Types  Assigning Permissions.

IT:Network:Applications.  Exchange Recipients  Defining Addresses  Managing Mailboxes  Mailbox Types  Assigning Permissions.
Hearth Bulk Email System Divisional Secretaries’ Briefing 2012.

Hearth Bulk System Divisional Secretaries’ Briefing 2012.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.

Spam Reduction Techniques Using greylisting and SpamAssassin.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.

Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.
CT NIKHEF Nov 2003 1 Mail NIKHEF CT system support.

CT NIKHEF Nov Mail NIKHEF CT system support.

Similar presentations

Ads by Google