docs/diploma

diff thesis/pieces/spam-checking.txt @ 173:c51f1be54224

wrote about spam prevention and malware checking
author meillo@marmaro.de
date Tue, 23 Dec 2008 13:13:05 +0100
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/thesis/pieces/spam-checking.txt	Tue Dec 23 13:13:05 2008 +0100
     1.3 @@ -0,0 +1,89 @@
     1.4 +
     1.5 +%(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''
     1.6 +
     1.7 +
     1.8 +checks while smtp dialog (pre-queue): in MTA implemented (need to be fast)
     1.9 +checks when mail is accepted and queued: external (amavis, spamassassin)
    1.10 +
    1.11 +where to filter what
    1.12 +
    1.13 +
    1.14 +postfix:
    1.15 +content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail
    1.16 +- before-queue-c-f: need to be fast, can prevent system load
    1.17 +- after-queue-c-f: need more resources in global, more load
    1.18 +
    1.19 +exim:
    1.20 +acls: to filter, what to accept (hook into smtp dialog) (complex)
    1.21 +routers: take recipient address and choose a matching transport
    1.22 +transports: ways to deliver mail (smtp, local)
    1.23 +
    1.24 +
    1.25 +postfix: after-queue-content-filter (smtp communication)
    1.26 +exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog)
    1.27 +sendmail: milter (tcp or unix sockets)
    1.28 +
    1.29 +
    1.30 +
    1.31 +
    1.32 +
    1.33 +
    1.34 +
    1.35 +%what do do with recognized mail?
    1.36 +%- reject (only possible if recognized during SMTP dialog)
    1.37 +%- forward with added header line or changed subject
    1.38 +%(eisentraut05: page 18--20)
    1.39 +
    1.40 +check incoming and outgoing mail
    1.41 +(eisentraut05: page 21)
    1.42 +
    1.43 +
    1.44 +milter:
    1.45 +communication with external daemons via a special protocol
    1.46 +at various times in the smtp dialog possible
    1.47 +can reject, delete or alter messages
    1.48 +http://milter.org
    1.49 +(eisentraut05: page 69)
    1.50 +
    1.51 +
    1.52 +use SA with exim:
    1.53 +- with transport: piped into sa
    1.54 +- content-scanning-feature: with ACL during smtp dialog
    1.55 +- plugin: sa-exim
    1.56 +- within amavis
    1.57 +
    1.58 +use SA with sendmail:
    1.59 +- with milter
    1.60 +- within mimedefang or amavis
    1.61 +
    1.62 +use SA with postfix:
    1.63 +- within amavis or mailfilter
    1.64 +
    1.65 +
    1.66 +
    1.67 +
    1.68 +DNSBL can contain:
    1.69 +- open relays
    1.70 +- dynamic IP addresses
    1.71 +- verified spam sources
    1.72 +- open multistage relays
    1.73 +- vulnerable CGI scripts
    1.74 +- open proxy servers
    1.75 +example: NJABL (http://njabl.org)
    1.76 +
    1.77 +DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126)
    1.78 +
    1.79 +
    1.80 +greylisting:
    1.81 +if first contact from that address: temp failure and add to list
    1.82 +sender will retry, then accept
    1.83 +
    1.84 +``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138)
    1.85 +Probleme: load balancing using multiple servers with different IPs.
    1.86 +postfix: with policy server
    1.87 +exim: direct in config
    1.88 +sendmail: with greylist milter
    1.89 +
    1.90 +
    1.91 +
    1.92 +hashcash