docs/diploma

annotate thesis/pieces/spam-checking.txt @ 176:d4f818a4da04

restructured ch05
author meillo@marmaro.de
date Fri, 26 Dec 2008 16:37:44 +0100
parents
children
rev   line source
meillo@173 1
meillo@173 2 %(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''
meillo@173 3
meillo@173 4
meillo@173 5 checks while smtp dialog (pre-queue): in MTA implemented (need to be fast)
meillo@173 6 checks when mail is accepted and queued: external (amavis, spamassassin)
meillo@173 7
meillo@173 8 where to filter what
meillo@173 9
meillo@173 10
meillo@173 11 postfix:
meillo@173 12 content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail
meillo@173 13 - before-queue-c-f: need to be fast, can prevent system load
meillo@173 14 - after-queue-c-f: need more resources in global, more load
meillo@173 15
meillo@173 16 exim:
meillo@173 17 acls: to filter, what to accept (hook into smtp dialog) (complex)
meillo@173 18 routers: take recipient address and choose a matching transport
meillo@173 19 transports: ways to deliver mail (smtp, local)
meillo@173 20
meillo@173 21
meillo@173 22 postfix: after-queue-content-filter (smtp communication)
meillo@173 23 exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog)
meillo@173 24 sendmail: milter (tcp or unix sockets)
meillo@173 25
meillo@173 26
meillo@173 27
meillo@173 28
meillo@173 29
meillo@173 30
meillo@173 31
meillo@173 32 %what do do with recognized mail?
meillo@173 33 %- reject (only possible if recognized during SMTP dialog)
meillo@173 34 %- forward with added header line or changed subject
meillo@173 35 %(eisentraut05: page 18--20)
meillo@173 36
meillo@173 37 check incoming and outgoing mail
meillo@173 38 (eisentraut05: page 21)
meillo@173 39
meillo@173 40
meillo@173 41 milter:
meillo@173 42 communication with external daemons via a special protocol
meillo@173 43 at various times in the smtp dialog possible
meillo@173 44 can reject, delete or alter messages
meillo@173 45 http://milter.org
meillo@173 46 (eisentraut05: page 69)
meillo@173 47
meillo@173 48
meillo@173 49 use SA with exim:
meillo@173 50 - with transport: piped into sa
meillo@173 51 - content-scanning-feature: with ACL during smtp dialog
meillo@173 52 - plugin: sa-exim
meillo@173 53 - within amavis
meillo@173 54
meillo@173 55 use SA with sendmail:
meillo@173 56 - with milter
meillo@173 57 - within mimedefang or amavis
meillo@173 58
meillo@173 59 use SA with postfix:
meillo@173 60 - within amavis or mailfilter
meillo@173 61
meillo@173 62
meillo@173 63
meillo@173 64
meillo@173 65 DNSBL can contain:
meillo@173 66 - open relays
meillo@173 67 - dynamic IP addresses
meillo@173 68 - verified spam sources
meillo@173 69 - open multistage relays
meillo@173 70 - vulnerable CGI scripts
meillo@173 71 - open proxy servers
meillo@173 72 example: NJABL (http://njabl.org)
meillo@173 73
meillo@173 74 DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126)
meillo@173 75
meillo@173 76
meillo@173 77 greylisting:
meillo@173 78 if first contact from that address: temp failure and add to list
meillo@173 79 sender will retry, then accept
meillo@173 80
meillo@173 81 ``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138)
meillo@173 82 Probleme: load balancing using multiple servers with different IPs.
meillo@173 83 postfix: with policy server
meillo@173 84 exim: direct in config
meillo@173 85 sendmail: with greylist milter
meillo@173 86
meillo@173 87
meillo@173 88
meillo@173 89 hashcash