Mercurial > docs > diploma

view thesis/pieces/spam-checking.txt @ 232:1afdb3f85e69

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
reworked features and parts of functional requirements
author meillo@marmaro.de
date Sat, 10 Jan 2009 00:29:21 +0100
parents c51f1be54224
children
line wrap: on
line source


%(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''


checks while smtp dialog (pre-queue): in MTA implemented (need to be fast)
checks when mail is accepted and queued: external (amavis, spamassassin)

where to filter what


postfix:
content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail
- before-queue-c-f: need to be fast, can prevent system load
- after-queue-c-f: need more resources in global, more load

exim:
acls: to filter, what to accept (hook into smtp dialog) (complex)
routers: take recipient address and choose a matching transport
transports: ways to deliver mail (smtp, local)


postfix: after-queue-content-filter (smtp communication)
exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog)
sendmail: milter (tcp or unix sockets)







%what do do with recognized mail?
%- reject (only possible if recognized during SMTP dialog)
%- forward with added header line or changed subject
%(eisentraut05: page 18--20)

check incoming and outgoing mail
(eisentraut05: page 21)


milter:
communication with external daemons via a special protocol
at various times in the smtp dialog possible
can reject, delete or alter messages
http://milter.org
(eisentraut05: page 69)


use SA with exim:
- with transport: piped into sa
- content-scanning-feature: with ACL during smtp dialog
- plugin: sa-exim
- within amavis

use SA with sendmail:
- with milter
- within mimedefang or amavis

use SA with postfix:
- within amavis or mailfilter




DNSBL can contain:
- open relays
- dynamic IP addresses
- verified spam sources
- open multistage relays
- vulnerable CGI scripts
- open proxy servers
example: NJABL (http://njabl.org)

DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126)


greylisting:
if first contact from that address: temp failure and add to list
sender will retry, then accept

``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138)
Probleme: load balancing using multiple servers with different IPs.
postfix: with policy server
exim: direct in config
sendmail: with greylist milter



hashcash