Mercurial > docs > diploma
comparison thesis/pieces/spam-checking.txt @ 173:c51f1be54224
wrote about spam prevention and malware checking
| author | meillo@marmaro.de |
|---|---|
| date | Tue, 23 Dec 2008 13:13:05 +0100 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 172:5c873e6478ef | 173:c51f1be54224 |
|---|---|
| 1 | |
| 2 %(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.'' | |
| 3 | |
| 4 | |
| 5 checks while smtp dialog (pre-queue): in MTA implemented (need to be fast) | |
| 6 checks when mail is accepted and queued: external (amavis, spamassassin) | |
| 7 | |
| 8 where to filter what | |
| 9 | |
| 10 | |
| 11 postfix: | |
| 12 content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail | |
| 13 - before-queue-c-f: need to be fast, can prevent system load | |
| 14 - after-queue-c-f: need more resources in global, more load | |
| 15 | |
| 16 exim: | |
| 17 acls: to filter, what to accept (hook into smtp dialog) (complex) | |
| 18 routers: take recipient address and choose a matching transport | |
| 19 transports: ways to deliver mail (smtp, local) | |
| 20 | |
| 21 | |
| 22 postfix: after-queue-content-filter (smtp communication) | |
| 23 exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog) | |
| 24 sendmail: milter (tcp or unix sockets) | |
| 25 | |
| 26 | |
| 27 | |
| 28 | |
| 29 | |
| 30 | |
| 31 | |
| 32 %what do do with recognized mail? | |
| 33 %- reject (only possible if recognized during SMTP dialog) | |
| 34 %- forward with added header line or changed subject | |
| 35 %(eisentraut05: page 18--20) | |
| 36 | |
| 37 check incoming and outgoing mail | |
| 38 (eisentraut05: page 21) | |
| 39 | |
| 40 | |
| 41 milter: | |
| 42 communication with external daemons via a special protocol | |
| 43 at various times in the smtp dialog possible | |
| 44 can reject, delete or alter messages | |
| 45 http://milter.org | |
| 46 (eisentraut05: page 69) | |
| 47 | |
| 48 | |
| 49 use SA with exim: | |
| 50 - with transport: piped into sa | |
| 51 - content-scanning-feature: with ACL during smtp dialog | |
| 52 - plugin: sa-exim | |
| 53 - within amavis | |
| 54 | |
| 55 use SA with sendmail: | |
| 56 - with milter | |
| 57 - within mimedefang or amavis | |
| 58 | |
| 59 use SA with postfix: | |
| 60 - within amavis or mailfilter | |
| 61 | |
| 62 | |
| 63 | |
| 64 | |
| 65 DNSBL can contain: | |
| 66 - open relays | |
| 67 - dynamic IP addresses | |
| 68 - verified spam sources | |
| 69 - open multistage relays | |
| 70 - vulnerable CGI scripts | |
| 71 - open proxy servers | |
| 72 example: NJABL (http://njabl.org) | |
| 73 | |
| 74 DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126) | |
| 75 | |
| 76 | |
| 77 greylisting: | |
| 78 if first contact from that address: temp failure and add to list | |
| 79 sender will retry, then accept | |
| 80 | |
| 81 ``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138) | |
| 82 Probleme: load balancing using multiple servers with different IPs. | |
| 83 postfix: with policy server | |
| 84 exim: direct in config | |
| 85 sendmail: with greylist milter | |
| 86 | |
| 87 | |
| 88 | |
| 89 hashcash |