[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

Slides:

Advertisements

Similar presentations

Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.

Advertisements

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

Basic Communication on the Internet:

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Fighting spam: the thin grey line Alun Jones,

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Dealing With Spam The kind, not the Food product.

Methods for Stopping Spam James Lick

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Chapter 30 Electronic Mail Representation & Transfer

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Empirical Analysis of Denial of Service Attack Against SMTP Servers Boldizsár BENCSÁTH, Laboratory of Cryptography and System Security (CrySyS) Budapest.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Exchange deployment at CERN and new ideas for SPAM fighting Michel Christaller, Emmanuel Ormancey, Alberto Pace.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

CT NIKHEF Nov Mail NIKHEF CT system support.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

Filtering with Open Source Software OLUG – June 7, 2005.

Update Unix Users Feb 2006 Kevin Hill. Update Spam Cop (We’ve been busted!) Greylisting- Next Generation Spam Fighting.

Anti-Spam & Anti-Virus WiscMail Implementation University of Wisconsin - Madison CSG Workshop September 21, 2004.

Lecturer : Ms.Trần Thị Ngọc Hoa Chapter 8 File Transfer Protocol – Simple Mail Transfer Protocol.

1 Bag – O – Bytes Organization FPB Helpdesk X /3/04.

Copyright © 2000, ZipLink Inc. Patent Pending 1 Mail Message Metering or, how to block outbound spam Robert D. Haskins.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Combating Abuse Brian Nisbet NOC Manager HEAnet.

OCR Nationals – Unit 1 AO2 (Part 2) – s. Overview of AO2 (Part 2) To select and use tools and facilities to download files/information and to send.

Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 9

The Linux Operating System Lecture 7: Tonga Institute of Higher Education.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.

Final Lab - Spam Group 10: Scott Durr Stephen Thompson.

IT:Network:Applications.  How messaging servers work  Initial tips for success Exchange management  Server roles  Exchange Server Management  Message.

© Toronto Area Security Klatch 2007 A drop-in anti-spam solution A 15 minute speed talk by Paul Wouters.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama.

(or ?) Short for Electronic Mail The transmission of messages over networks.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Introduction to Internet Mail Abridged & Updated by Hervey Allen Noah Sematimba Based on Materials by Philip Hazel.

Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-

1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.

Update on  Mail Gateways  Servers  Spam Tagging  Anti-Virus  IMAP  Web Mail  LISTSERV  POP.

Silicon & Software Systems (S3)‏ Copyright © Silicon & Software Systems Limited Antispam protection IT Department 20/03/2008 Ondrej Valousek.

Security Unix Mail Services David Funk Systems Administrators Computer Systems Support COE, University of Iowa.

GATEWAY WITH PER-USER SPAM BLOCKING AND VIRUS SCANNING Greg Woods National Center for Atmospheric Research Scientific Computing Division Boulder,

CS 3830 Day 9 Introduction 1-1. Announcements r Quiz #2 this Friday r Demo prog1 and prog2 together starting this Wednesday 2: Application Layer 2.

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

LinxChix And Exim. Mail agents MUA = Mail User Agent Interacts directly with the end user  Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,

Homework 04 Mail System. Computer Center, CS, NCTU 2 Architecture SMTP POP3/IMAP domain.tld Internet Users sub.domain.tld Mail Server.

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

Security fundamentals Topic 9 Securing internet messaging.

A Quick Look At How Works Understanding the basics of how works can make life a lot easier for any user. Especially those who are interested.

Linux Operations and Administration Chapter Twelve Configuring a Mail Server.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Discussion of OCP/SMTP profile and some Use cases Presented by Abbie Barbir

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

554 Access Denied Fermilab’s Experiences with Spamcop.net Kevin Hill Ray Pasetes Jack Schmidt.

Outlook / Exchange Training. Outlook / Exchange: Agenda What Can Microsoft Exchange Do / How works at UST? and Inbox Mailbox Quota Archiving.

FNAL Central Systems Jack Schmidt, Al Lilianstrom, Ray Pasetes, and Kevin Hill (Fermi National Accelerator Laboratory) Introduction The FNAL .

Application Layer instructors at St. Clair College in Windsor, Ontario for their slides. Special thanks to instructors at St. Clair College in Windsor,

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

درس مهندسی اینترنت – مهدی عمادی مهندسی اینترنت برنامه‌نویسی در اینترنت 1 SMTP, FTP.

Internet Business Associate v2.0

has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There.

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Unit – 4 Chap - 2 Mail Delivery System

Presentation transcript:

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking Conference

[2] Lund University Lund University, Sweden Located in the very south of Sweden One of the biggest universities in Scandinavia Has almost all faculties students employees for more infowww.lu.se

[3] Lund University LU – employees and students Parallel mail servers used Same software used mainly Sun Java Enterprise System (JES) Sun JES Messaging Server Sun JES Directory Server (LDAP) Sendmail used in mail gateway Controlling systems: LUCAT and LADOK

[4] Mail systems LUCAT LDAP employees mail server Cassandra LADOK LDAP students mail server Piraten

[5] Mail systems New mail control structure Central mail gateway for spam and virus detection 3-4 parallel SunFire V240 servers In production since July 2004 Spam detection: SpamAssassin, Greylisting Virus detection: Sophos, ClamAV Address verification: Only messages to valid addresses on our domains are accepted

[6] Mail systems mail server POP IMAP webmail local mail server mail.lu.se Argus1-3 mail.lu.se Spam and virus detection mail.lu.se

[7] Mail systems Mail servers -- central / local Central mail server with services for POP, IMAP and webmail 75% of employees are using the central mail service Local mail servers exist in some departments Local mail servers can use the central mail gateway for spam and virus detection

[8] Virus detection Virus detection in mail Software: Sophos and ClamAV Flagging in Subject: ***VIRUS*** Virus infected attachments are removed, info text is inserted Also possible to check for ”bad” file types

[9] Spam detection Spam detection in mail Software: SpamAssassin Spam checks made, giving spam points Also RBL blacklists may give spam points Flagging in header: X-Spam-Flag Flagging in Subject: ***SPAM*** No messages are trashed centrally, only flagging is used (our policy) User must set up filter rules in his mail program

[10] Spam control: Greylisting Spam control: Greylisting added Set in production on 1 July 2004 Immediate impact ! Spam is no longer a problem !!! 90-95% of earlier spam is just gone ! Spam messages are not received, means less messages to check (for both spam and virus) No decision to take (if you would like to thrash messages)

[11] Spam control: Greylisting Greylisting effect: Messages counted in a user mailbox

[12] Spam control: Greylisting Greylisting effect: (Graph from Umeå University)

[13] Spam control: Greylisting Some user reactions: This is fantastic! Now you can again use like in the old days! The spam is gone! How did you do this? Lots of thanks! Really magic! Earlier I got 200 spam messages a day, now I see at most two! Thank you for an excellent work! It is almost sad with so few messages in my inbox … There must be something wrong with the mail system, I hardly get any mail at all …

[14] Spam control: Greylisting Greylisting technique Evan Harris: The Next Step in the Spam Control War Using Internet SMTP standard (RFC 821) The trick is following SMTP status: TempFail – Please try again later Status code 451 can be handled by ”real” SMTP mail servers (put message in queue, try to resend it later) Spam spreading programs can not treat 451 status info … (not yet …)

[15] Spam control: Greylisting Greylisting technique For incoming messages following ”triplet” is checked: 1) IP address for sending SMTP server 2) Sender address (envelope sender) 3) Receiver address (envelope recipient) If this triplet has not been seen earlier: Send SMTP status 451, TempFail If this triplet has been seen at least 5 minutes ago: Accept the incoming message

[16] Spam control: Greylisting Greylisting technique A data base is needed (MySQL):  Time that triplet was first seen  Time that triplet blocking will expire  Time that triplet record itself will expire  Number of blocked delivery attempts  Number of messages sucessfully passed  Some other data

[17] Spam control: Greylisting Greylisting technique Some configuration parameters:  Unknown triplet, initial delay (default: 1 hour, our value: 5 minutes)  Lifetime of new triplets that have not yet allowed a mail to pass (default: 5 hours, our value: 30 hours)  Lifetime of auto-whitelisted triplets that have allowed mail to pass (default: 36 days)

[18] Spam control: Greylisting Greylisting – not always Manual whitelisting possible:  Can be done for sending SMTP server, sender address, receiver address  Our own IP series are whitelisted (making the mail gateway accept outgoing messages from our local mail clients)  Some ”odd” SMTP servers with problems with Greylisting may be whitelisted. (But why not fix those servers in stead?)

[19] Spam control: Greylisting Greylisting – any problems? Possible problems:  First delivery is always delayed (for an unknown triplet)  Some mail servers are really not following Internet SMTP standards, i e they don’t know how to handle SMTP status 451  Some mail servers have enormous spool queues, making resend of messages something that might happen first in a very distant future …  Greylisting is no final solution to the spam problem. Spammers will learn and adapt. But don’t tell them … !?

[20] Spam control: Greylisting Greylisting software  We use it together with Sendmail  But Greylisting can work with others:  Exim  Qmail  Qpsmtpd  Postfix  Squirrelmail  Mail proxies

[21] Spam control: Greylisting Software used at Lund University  Sendmail 8.13  Greylisting (invoked via Sendmail Milter function)  MailScanner 4.31  SpamAssassin 2.63  Some RBLs (used from SpamAssassin)  Sophos anti-virus  ClamAV anti-virus

[22] Spam control: Greylisting More Greylisting information

[24] Lund University policy policy proposed  Outgoing will be accepted only from a few verified SMTP servers (very few servers running spam and virus programs)  All incoming must pass a central mail gateway performing spam and virus checking  Also internal (within the university) should pass spam and virus checking

[25] Lund University policy Why use local mail servers?  Goal: Reduce number of local mail servers  Since earlier: Only certified SMTP servers are accepted in the network (certified servers are listed in routers). Only certified servers can receive SMTP mail (via port 25).  Certification is mainly an open relay check.  Make central mail services better! No need for local mail servers.