docs/diploma
diff thesis/pieces/spam-checking.txt @ 173:c51f1be54224
wrote about spam prevention and malware checking
author | meillo@marmaro.de |
---|---|
date | Tue, 23 Dec 2008 13:13:05 +0100 |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/thesis/pieces/spam-checking.txt Tue Dec 23 13:13:05 2008 +0100 1.3 @@ -0,0 +1,89 @@ 1.4 + 1.5 +%(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.'' 1.6 + 1.7 + 1.8 +checks while smtp dialog (pre-queue): in MTA implemented (need to be fast) 1.9 +checks when mail is accepted and queued: external (amavis, spamassassin) 1.10 + 1.11 +where to filter what 1.12 + 1.13 + 1.14 +postfix: 1.15 +content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail 1.16 +- before-queue-c-f: need to be fast, can prevent system load 1.17 +- after-queue-c-f: need more resources in global, more load 1.18 + 1.19 +exim: 1.20 +acls: to filter, what to accept (hook into smtp dialog) (complex) 1.21 +routers: take recipient address and choose a matching transport 1.22 +transports: ways to deliver mail (smtp, local) 1.23 + 1.24 + 1.25 +postfix: after-queue-content-filter (smtp communication) 1.26 +exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog) 1.27 +sendmail: milter (tcp or unix sockets) 1.28 + 1.29 + 1.30 + 1.31 + 1.32 + 1.33 + 1.34 + 1.35 +%what do do with recognized mail? 1.36 +%- reject (only possible if recognized during SMTP dialog) 1.37 +%- forward with added header line or changed subject 1.38 +%(eisentraut05: page 18--20) 1.39 + 1.40 +check incoming and outgoing mail 1.41 +(eisentraut05: page 21) 1.42 + 1.43 + 1.44 +milter: 1.45 +communication with external daemons via a special protocol 1.46 +at various times in the smtp dialog possible 1.47 +can reject, delete or alter messages 1.48 +http://milter.org 1.49 +(eisentraut05: page 69) 1.50 + 1.51 + 1.52 +use SA with exim: 1.53 +- with transport: piped into sa 1.54 +- content-scanning-feature: with ACL during smtp dialog 1.55 +- plugin: sa-exim 1.56 +- within amavis 1.57 + 1.58 +use SA with sendmail: 1.59 +- with milter 1.60 +- within mimedefang or amavis 1.61 + 1.62 +use SA with postfix: 1.63 +- within amavis or mailfilter 1.64 + 1.65 + 1.66 + 1.67 + 1.68 +DNSBL can contain: 1.69 +- open relays 1.70 +- dynamic IP addresses 1.71 +- verified spam sources 1.72 +- open multistage relays 1.73 +- vulnerable CGI scripts 1.74 +- open proxy servers 1.75 +example: NJABL (http://njabl.org) 1.76 + 1.77 +DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126) 1.78 + 1.79 + 1.80 +greylisting: 1.81 +if first contact from that address: temp failure and add to list 1.82 +sender will retry, then accept 1.83 + 1.84 +``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138) 1.85 +Probleme: load balancing using multiple servers with different IPs. 1.86 +postfix: with policy server 1.87 +exim: direct in config 1.88 +sendmail: with greylist milter 1.89 + 1.90 + 1.91 + 1.92 +hashcash