Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010.

Published byJonathan Merritt Modified over 7 years ago

Similar presentations

Presentation on theme: "Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010."— Presentation transcript:

1 Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010

2 Overview Scope Little bit about me Why I built the spamfilter Deployment environment Spamfilter details Tuning and maintainance Other resources

3 Scope Explanation of how and why I did this Show all software packages used Point towards resources to learn more

4 A little about me Compliance Test engineer @ Compliance Worldwide 9 ½ years USAF installing CO and microwave relay stations Started tinkering w/ Linux ~ 2001 Not a professional Linux engineer No formal CS background/education

5 Why I built spamfilter I personally was getting > 500 spam mails /day Probably > 2000 to entire company Tried anti-spam plugins – not very effective Commercial solutions very expensive Couldn't find anything viable for our Exchange Server

6 Deployment environment Initially 100% MS in back office Windows NT Server MS Exchange Clients – MS Outlook Suggested minimum Pentium II 450 MHz w/ 512 Mbit RAM My setup Pentium II 350 w/ 256 Mbit RAM

7 Overview of spamfilter Found it initially through site written by Scott Henderson Built on RH 9.0 Scott stopped maintaining document ~ 2008 freespamfilter.org started to continue project Contains initial RH build as well as Debian, FreeBSD, OpenBSD, Gentoo, Fedora builds I use the Debian build

8 Overview of spamfilter

9 Software Packages Postfix Amavisd-new SpamAssassin Razor DCC Pyzor ClamAV

10 Postfix Mailer written by Wietse Venema that started life at IBM research as an alternative to the widely-used but difficult to configure Sendmail program. Key files are master.cf and main.cf A lot of values stored in lookup tables that are turned into hash tables using command: postmap foo Many settings stop mail from being accepted ”at the front door”

11 Amavisd-new amavisd-new is a high-performance interface between mailer and content checkers: virus scanners, and/or SpamAssassin. Settings used in online document are what might be used at small business (perfect for me). Many more settings that scale highly for larger deployments

12 SpamAssassin Apache project Assigns a score to each email depending on how ”spammy” it calculates it to be. Called by amavisd-new Querys DCC, Pyzor, Razor servers to score mail Also queries real time blacklists (RBLs)

13 Pyzor Collaborative, networked system to detect and block spam using digests of messages. Pyzor queries similar to DNS requests - uses UDP port 24441

14 Razor Distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

15 DCC Distributed Checksum Clearinghouse The basic logic in DCC is that most spam mails are sent to many recipients. The same message body appearing many times is therefore bulk email. DCC identifies bulk email by taking a checksum and sending that checksum to a Clearinghouse (server). Server responds with the number of times it has received that checksum. An individual email will create a score of 1 each time it is processed. Bulk mail can be identified because the response number is high. Content is not examined. Uses UDP protocol and uses little bandwidth.

16 ClamAV Cross-platform antivirus software tool-kit capable of detecting many types of malicious software, including viruses. Used as a server-side email virus scanner. Owned by Sourcefire, maker of Snort

17 Maintainance and Tuning ClamAV lets you know when new versions are available in /var/log/clamav/freshclam.log Since Postfix is run in a chroot jail it will complain about files differing. When this happens, we need to run a script that is supplied with the Postfix source code (called LINUX2) that will once again copy all the files that Postfix needs to where it needs them.

18 Maintainance and Tuning (more) Postfix has sections dealing with whitelisting and blacklisting. Amavisd also has sections dealing with whitelisting and blacklisting. Several scripts for updating, log checking, intrusion detection, etc.

19 Resources www.freespamfilter.org www.postfix.org http://razor.sourceforge.net/ http://www.ijs.si/software/amavisd/ http://spamassassin.apache.org http://sourceforge.net/apps/trac/pyzor/ http://www.clamav.net/

Download ppt "Spamfilter Relay Mailserver Mark McSweeney CentraLUG, February 1, 2010."

Similar presentations

Filtragem Email Filtragem de Email com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.

Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.
Justin Mason, SpamAssassin Project & Deersoft

Justin Mason, SpamAssassin Project & Deersoft
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Course 201 – Administration, Content Inspection and SSL VPN Filtering

Course 201 – Administration, Content Inspection and SSL VPN Filtering
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
How Clients and Servers Work Together. Objectives Web Server Protocols Examine how e-mail server and client software work Use FTP to transfer files Initiate.

How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.

Spam Reduction Techniques Using greylisting and SpamAssassin.
POP Email Configuration Microsoft Outlook 2002. What is POP? Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most.

POP Configuration Microsoft Outlook What is POP? Short for Post Office Protocol, a protocol used to retrieve from a mail server. Most.
CT NIKHEF Nov 2003 1 Mail NIKHEF CT system support.

CT NIKHEF Nov Mail NIKHEF CT system support.
IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.

IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.
Email Filtering with Open Source Software OLUG – June 7, 2005.

Filtering with Open Source Software OLUG – June 7, 2005.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Introduction to Computer Administration System Administration

Introduction to Computer Administration System Administration
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.

Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.

Similar presentations

Ads by Google