docs/diploma

view thesis/attic/spam-checking.txt @ 272:2aad3d950640

find changesets by author, revision, files, or words in the commit message
renamed pieces -> attic
author meillo@marmaro.de
date Thu, 15 Jan 2009 12:20:21 +0100
parents thesis/pieces/spam-checking.txt@c51f1be54224
children
line source
1
2 %(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''
3
4
5 checks while smtp dialog (pre-queue): in MTA implemented (need to be fast)
6 checks when mail is accepted and queued: external (amavis, spamassassin)
7
8 where to filter what
9
10
11 postfix:
12 content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail
13 - before-queue-c-f: need to be fast, can prevent system load
14 - after-queue-c-f: need more resources in global, more load
15
16 exim:
17 acls: to filter, what to accept (hook into smtp dialog) (complex)
18 routers: take recipient address and choose a matching transport
19 transports: ways to deliver mail (smtp, local)
20
21
22 postfix: after-queue-content-filter (smtp communication)
23 exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog)
24 sendmail: milter (tcp or unix sockets)
25
26
27
28
29
30
31
32 %what do do with recognized mail?
33 %- reject (only possible if recognized during SMTP dialog)
34 %- forward with added header line or changed subject
35 %(eisentraut05: page 18--20)
36
37 check incoming and outgoing mail
38 (eisentraut05: page 21)
39
40
41 milter:
42 communication with external daemons via a special protocol
43 at various times in the smtp dialog possible
44 can reject, delete or alter messages
45 http://milter.org
46 (eisentraut05: page 69)
47
48
49 use SA with exim:
50 - with transport: piped into sa
51 - content-scanning-feature: with ACL during smtp dialog
52 - plugin: sa-exim
53 - within amavis
54
55 use SA with sendmail:
56 - with milter
57 - within mimedefang or amavis
58
59 use SA with postfix:
60 - within amavis or mailfilter
61
62
63
64
65 DNSBL can contain:
66 - open relays
67 - dynamic IP addresses
68 - verified spam sources
69 - open multistage relays
70 - vulnerable CGI scripts
71 - open proxy servers
72 example: NJABL (http://njabl.org)
73
74 DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126)
75
76
77 greylisting:
78 if first contact from that address: temp failure and add to list
79 sender will retry, then accept
80
81 ``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138)
82 Probleme: load balancing using multiple servers with different IPs.
83 postfix: with policy server
84 exim: direct in config
85 sendmail: with greylist milter
86
87
88
89 hashcash