Mercurial > docs > diploma
annotate thesis/pieces/spam-checking.txt @ 173:c51f1be54224
wrote about spam prevention and malware checking
| author | meillo@marmaro.de |
|---|---|
| date | Tue, 23 Dec 2008 13:13:05 +0100 |
| parents | |
| children |
| rev | line source |
|---|---|
|
173
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
1 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
2 %(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.'' |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
3 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
4 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
5 checks while smtp dialog (pre-queue): in MTA implemented (need to be fast) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
6 checks when mail is accepted and queued: external (amavis, spamassassin) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
7 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
8 where to filter what |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
9 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
10 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
11 postfix: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
12 content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
13 - before-queue-c-f: need to be fast, can prevent system load |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
14 - after-queue-c-f: need more resources in global, more load |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
15 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
16 exim: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
17 acls: to filter, what to accept (hook into smtp dialog) (complex) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
18 routers: take recipient address and choose a matching transport |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
19 transports: ways to deliver mail (smtp, local) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
20 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
21 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
22 postfix: after-queue-content-filter (smtp communication) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
23 exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
24 sendmail: milter (tcp or unix sockets) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
25 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
26 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
27 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
28 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
29 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
30 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
31 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
32 %what do do with recognized mail? |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
33 %- reject (only possible if recognized during SMTP dialog) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
34 %- forward with added header line or changed subject |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
35 %(eisentraut05: page 18--20) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
36 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
37 check incoming and outgoing mail |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
38 (eisentraut05: page 21) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
39 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
40 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
41 milter: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
42 communication with external daemons via a special protocol |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
43 at various times in the smtp dialog possible |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
44 can reject, delete or alter messages |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
45 http://milter.org |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
46 (eisentraut05: page 69) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
47 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
48 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
49 use SA with exim: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
50 - with transport: piped into sa |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
51 - content-scanning-feature: with ACL during smtp dialog |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
52 - plugin: sa-exim |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
53 - within amavis |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
54 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
55 use SA with sendmail: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
56 - with milter |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
57 - within mimedefang or amavis |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
58 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
59 use SA with postfix: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
60 - within amavis or mailfilter |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
61 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
62 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
63 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
64 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
65 DNSBL can contain: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
66 - open relays |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
67 - dynamic IP addresses |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
68 - verified spam sources |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
69 - open multistage relays |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
70 - vulnerable CGI scripts |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
71 - open proxy servers |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
72 example: NJABL (http://njabl.org) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
73 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
74 DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
75 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
76 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
77 greylisting: |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
78 if first contact from that address: temp failure and add to list |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
79 sender will retry, then accept |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
80 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
81 ``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138) |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
82 Probleme: load balancing using multiple servers with different IPs. |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
83 postfix: with policy server |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
84 exim: direct in config |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
85 sendmail: with greylist milter |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
86 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
87 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
88 |
|
c51f1be54224
wrote about spam prevention and malware checking
meillo@marmaro.de
parents:
diff
changeset
|
89 hashcash |