Presentation is loading. Please wait.

Presentation is loading. Please wait.

Email Filtering with Open Source Software OLUG – June 7, 2005.

Published byNorma Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Email Filtering with Open Source Software OLUG – June 7, 2005."— Presentation transcript:

1 Email Filtering with Open Source Software OLUG – June 7, 2005

2 Presenter Bio Undergraduate Education – Nebraska Wesleyan University B.A. Business Administration Minor Computer Science Professional Experience – 3 years experience as Software Engineer Vertical Market Software Application Development – 5 years as Network Engineer VAR / Consulting Industry

3 This Presentation Will be ‘High Level’ – the proposed solution is simple to install and configure by anyone with Basic to Intermediate Linux skills Presenter not an experienced speaker Please ask questions or elaborations at any time! Handout with resources available

4 Spam/Virus in Email – Well Known Problem Spam, virus, worms, spyware, phishing attacks on the rise. Problem increasing for companies, both large and small.

5 Commercial Solutions Expensive Many do not work very well Customization tricky in some areas Stability

6 Open Source – A better solution using Best of Breed Tools Sendmail – Ubiquitous open source mailer MimeDefang – Open source framework for filtering e-mail ClamAV – Open source virus scanner SpamAssassin – Open source spam filter.

7 Overview of Solution Sendmail ‘Bastion’ host filters mail for a Microsoft Exchange Server Mail ‘tagged-and-forwarded’ for processing by the MUA (Outlook) Benefits – Exchange Server not on the Internet – Mail will store if Exchange server not available

8 Solution Diagram

9 Overview of Solution - continued Mail scanned for – Virus – Phishing Attacks – Real-time blacklist listing (RBL) – Exploit blacklist listing (XBL) – Spam content – Un-allowed file extensions in Attachments Inside Zip files – Malformed MIME Takes advantage of flaws in the MUA (Outlook mainly) – Spam fingerprint/checksum check Razor, DCC

10 Disadvantages of Solution Not tightly integrated with destination MTA (Microsoft Exchange in this case) – Users can’t self-manage whitelists, blacklists – Can’t auto-whitelist based on users address book May actually be seen as a benefit by reducing complexity

11 Sendmail Configuration 8.13.X – needed for milter support Configured with Milter support to allow MimeDefang to interface with Sendmail Configured with mailertable support which allows direction of scanned mail to internal Exchange Server Other then this, standard install – refer to MimeDefang howto

12 MimeDefang Overview Combination of Perl and C ‘Filter’ written entirely in Perl which allows for complete and easy control and customization over the entire process. – Uses common Perl Modules found on CPAN Mime decoding Zip decompressing Syslog Etc – Uses other well-written modules Razor, DCC Well written and documented with an active mailing list – http://www.mimedefang.org

13 MimeDefang Configuration Compile, install, add to init scripts Stock Filter – very good start Enable different set of allowed extensions inside Zip archive Enable DCC and Razor spam fingerprint check Enable filter_recipient code to check for recipient in target organization – Entry in mimedefang-filter

14 ClamAV Overview Premier open source virus scanner Fast definition updates Support for blended threats such as recent Microsoft JPEG exploit and Icon overflow Support for blocking major Phishing attempts

15 ClamAV Configuration Compile and install Start clamd in init scripts Configure Freshclam – Runs via cron to keep virus database up to date New scanning engines require manual compilation and installation

16 SpamAssassin Overview Open source spam identification system Utilizes a scoring system – Tokens, scores, thresholds Can use Bayesian scoring to customize itself to the business Very easy to write your own ‘tests’ – Ex: German spam from recent Sober Virus – Other 3 rd party tests available

17 SpamAssassin Configuration Compile and install as outlined in the MimeDefang howto Not currently using Bayes features due to multi-business approach MimeDefang does not use spamd (SpamAssassin Daemon), but instead calls the Perl modules itself

18 Exchange Server Configuration Enable Recipient Filtering to allow Exchange to refuse non-existent users – Available in 2003, not on by default Could also use Sendmail’s Access features or integrate LDAP lookups into the MimeDefang code

19 MUA Configuration - Outlook Create a server-side rule – Will run even when Outlook is closed Examine header – X-Spam-Status: Yes Send mail to ‘Junk Mail’ folder We do this to allow users to inspect their own junk mail. Another option would be a central quarantine

20 Testing Test MimeDefang – Send test banned attachments Test SpamAssassin – GTUBE – Generic test for unsolicited bulk email Test ClamAV – Harmless Eicar Virus – detected by most AV scanners – Worm.Sobig.F – Found at ClamAV Howto – TestVirus.org – Sends over 30 kinds of virus Put into production and watch logs!

21 Other Ideas Central Quarantine Bayes Scanning Scan outgoing email (ISP) Disclaimer Boilerplate Compliance Processing Rate Limiting/GreetPause Per user settings (whitelists, Bayes, blacklists, spam thresholds) – SQL Database – Web Front-end

22 Results 100% Uptime in 8 months service Easily deflected recent Sober.P outbreak Estimated 98% Spam catch Almost non-existent false positive rate Has deflected many JPEG, Icon, Phishing, and other non-virus threats

23 Resources The MimeDefang Howto – http://www.mickeyhill.com/mimedefang-howto/ http://www.mickeyhill.com/mimedefang-howto/ Using MimeDefang with ClamAV – http://sial.org/howto/mimedefang/clamav/ http://sial.org/howto/mimedefang/clamav/ SpamAssassin WIKI – http://wiki.apache.org/spamassassin http://wiki.apache.org/spamassassin Email Me: – drazak@materiamagica.com – Andrew Embury drazak@materiamagica.com

24 Questions Open for questions

Download ppt "Email Filtering with Open Source Software OLUG – June 7, 2005."

Similar presentations

Filtragem Email Filtragem de Email com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.

Filtragem Filtragem de com Red Hat Linux Implementações Práticas e Apresentação de Laboratórios Ruben Oliveira RHCE RHCX MCSE MCITP.
Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3

Anti-SPAM experience at LAL Michel Jouvin LAL / IN2P3
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Dealing With Spam The email kind, not the Food product.

Dealing With Spam The kind, not the Food product.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Remote mailbox access gateway Software lab project.

Remote mailbox access gateway Software lab project.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Fighting Spam Enterprise Spam Filtering Using Open Source Tools.

Fighting Spam Enterprise Spam Filtering Using Open Source Tools.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
No. 1 anti-spam solution for Exchange/SMTP/Lotus.

No. 1 anti-spam solution for Exchange/SMTP/Lotus.
Email Filter Services. Advantages of Using Spam Filters Effective Filter Bigger Bandwidth Space Easy Interface Accurate Results.

Filter Services. Advantages of Using Spam Filters Effective Filter Bigger Bandwidth Space Easy Interface Accurate Results.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

Similar presentations

Ads by Google