docs/diploma

view thesis/pieces/spam-checking.txt @ 197:b08be036783d

moved new design to chapter of its own
author meillo@marmaro.de
date Wed, 31 Dec 2008 14:01:58 +0100
parents
children
line source
2 %(eisentraut05: page 25) ``Ganz ohne Analyse während der SMTP-Phase kommt sowieso kein MTA aus, und es ist eine Frage der Einschätzung, wie weit man diese Phase belasten möchte.''
5 checks while smtp dialog (pre-queue): in MTA implemented (need to be fast)
6 checks when mail is accepted and queued: external (amavis, spamassassin)
8 where to filter what
11 postfix:
12 content-filter: arbitrary programs that talk smtp, can filter, rewrite or delete mail
13 - before-queue-c-f: need to be fast, can prevent system load
14 - after-queue-c-f: need more resources in global, more load
16 exim:
17 acls: to filter, what to accept (hook into smtp dialog) (complex)
18 routers: take recipient address and choose a matching transport
19 transports: ways to deliver mail (smtp, local)
22 postfix: after-queue-content-filter (smtp communication)
23 exim: content-scan-feature (analyses the content: MIME stuff, blacklisted words, virus scanning) (all within smtp dialog)
24 sendmail: milter (tcp or unix sockets)
32 %what do do with recognized mail?
33 %- reject (only possible if recognized during SMTP dialog)
34 %- forward with added header line or changed subject
35 %(eisentraut05: page 18--20)
37 check incoming and outgoing mail
38 (eisentraut05: page 21)
41 milter:
42 communication with external daemons via a special protocol
43 at various times in the smtp dialog possible
44 can reject, delete or alter messages
45 http://milter.org
46 (eisentraut05: page 69)
49 use SA with exim:
50 - with transport: piped into sa
51 - content-scanning-feature: with ACL during smtp dialog
52 - plugin: sa-exim
53 - within amavis
55 use SA with sendmail:
56 - with milter
57 - within mimedefang or amavis
59 use SA with postfix:
60 - within amavis or mailfilter
65 DNSBL can contain:
66 - open relays
67 - dynamic IP addresses
68 - verified spam sources
69 - open multistage relays
70 - vulnerable CGI scripts
71 - open proxy servers
72 example: NJABL (http://njabl.org)
74 DNSBL in smpt dialog is aggressive and can lead to problems (eisentraut05: page 126)
77 greylisting:
78 if first contact from that address: temp failure and add to list
79 sender will retry, then accept
81 ``Das Greylisting zählt derzeit zu den effektivsten Methoden, um gegen unerwünschte E-Mails vorzugehen. Allein durch Greylisting können derzeit rund 70\% des potenziellen Spam-Aufkommens auf einem Mailserver vollständig geblockt werden. Allerdings ist es auch nur eine Frage der Zeit, bis sich die Gemeinde der Spammer und Virenautoren auf diese Methode der Spam-Bekämpfung eingerichtet und entsprechende Queues in ihre Software eingebaut hat.''(eisentraut05: page 138)
82 Probleme: load balancing using multiple servers with different IPs.
83 postfix: with policy server
84 exim: direct in config
85 sendmail: with greylist milter
89 hashcash