Mercurial > docs > diploma

diff thesis/pieces/spam-checking.txt @ 173:c51f1be54224

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wrote about spam prevention and malware checking
author meillo@marmaro.de
date Tue, 23 Dec 2008 13:13:05 +0100
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/thesis/pieces/spam-checking.txt	Tue Dec 23 13:13:05 2008 +0100
@@ -0,0 +1,89 @@
+
+%(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''
+
+
+checks while smtp dialog (pre-queue): in MTA implemented (need to be fast)
+checks when mail is accepted and queued: external (amavis, spamassassin)
+
+where to filter what
+
+
+postfix:
+content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail
+- before-queue-c-f: need to be fast, can prevent system load
+- after-queue-c-f: need more resources in global, more load
+
+exim:
+acls: to filter, what to accept (hook into smtp dialog) (complex)
+routers: take recipient address and choose a matching transport
+transports: ways to deliver mail (smtp, local)
+
+
+postfix: after-queue-content-filter (smtp communication)
+exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog)
+sendmail: milter (tcp or unix sockets)
+
+
+
+
+
+
+
+%what do do with recognized mail?
+%- reject (only possible if recognized during SMTP dialog)
+%- forward with added header line or changed subject
+%(eisentraut05: page 18--20)
+
+check incoming and outgoing mail
+(eisentraut05: page 21)
+
+
+milter:
+communication with external daemons via a special protocol
+at various times in the smtp dialog possible
+can reject, delete or alter messages
+http://milter.org
+(eisentraut05: page 69)
+
+
+use SA with exim:
+- with transport: piped into sa
+- content-scanning-feature: with ACL during smtp dialog
+- plugin: sa-exim
+- within amavis
+
+use SA with sendmail:
+- with milter
+- within mimedefang or amavis
+
+use SA with postfix:
+- within amavis or mailfilter
+
+
+
+
+DNSBL can contain:
+- open relays
+- dynamic IP addresses
+- verified spam sources
+- open multistage relays
+- vulnerable CGI scripts
+- open proxy servers
+example: NJABL (http://njabl.org)
+
+DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126)
+
+
+greylisting:
+if first contact from that address: temp failure and add to list
+sender will retry, then accept
+
+``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138)
+Probleme: load balancing using multiple servers with different IPs.
+postfix: with policy server
+exim: direct in config
+sendmail: with greylist milter
+
+
+
+hashcash