1 / 19

The Anti-SPAM service from Forskningsnettet - What is new about it?

The Anti-SPAM service from Forskningsnettet - What is new about it?. TF-MSP meeting 4/2-2010 Martin Bech, UNI-C martin.bech@uni-c.dk. Fighting SPAM. A well-known problem Well-known solutions We all deal with spam Lots of home-built solutions Even more commercial services

happy
Download Presentation

The Anti-SPAM service from Forskningsnettet - What is new about it?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Anti-SPAM service fromForskningsnettet- What is new about it? TF-MSP meeting 4/2-2010 Martin Bech, UNI-Cmartin.bech@uni-c.dk

  2. Fighting SPAM • A well-known problem • Well-known solutions • We all deal with spam • Lots of home-built solutions • Even more commercial services Is there anything more for us as an NREN to do in this field?

  3. Motivation for a common Anti-spam service • All universities are centralizing mail handling • All Universities are using considerable resources fighting spam • Maybe some kind of economy of scale may be achieved • And we may even have a few new ideas to make the whole service better and innovative…

  4. The basic idea • Make the storage of spam mail the sender’s problem • While still preserving the benefits of having received the mails

  5. RFC 2821 • SMTP client required to wait 10 minutes before timeout for DATA completion • After we have received the final “.” in the mail we scan it while keeping the connection open. • If scanning is succesful, we return the “250 OK” message otherwise the “550” message is issued • Our “550” message contains a URL that a “human” sender may use to push his email through

  6. Standard reception flow SenderMTA Open TCP connection HELO local.domainMAIL FROM: mail@sendRCPT TO: mail@rec.dk DATASubject: bla bla More bla bla • In a blocking list? Greylisting No Bayesian filtering Yes …and whatever And give the mailthe standard filter treatment Virus scan Immediately reject mail: 550 Mail delivery rejected Immediately accept mail: 250 Message accepted for delivery Standard delivery Non-delivery mail to “sender”

  7. Our approach Greylisting SenderMTA Open TCP connection HELO local.domainMAIL FROM: mail@sendRCPT TO: mail@rec.dk DATASubject: bla bla More bla bla • In a blocking list? Apply filtering while TCP connection from MTA open Bayesian filtering …and whatever Virus scan No Reject mail: 550 Mail delivery rejected Yes Immediately accept mail: 250 Message accepted for delivery Standard delivery

  8. Advantages in our approach • It is the obligation of the sender to store the rejected mail • We don’t issue any non-delivery messages – they are the obligation of the sending MTA • Blocked and rejected mails may still be stored as desired by the user

  9. Ability to rescue all important mails from deletion • Honest (or at least human) senders may push their mails through – provided they don’t contain virus • Users may rescue rejected mails because we can configure the system to keep a copy even when it is the responsibility of the sender to store the rejected mail • For instance: You want a mail from a robot whose MTA is on a blocking list

  10. Several ways of recipient validation • LDAP • Radius • AD • “SMTP Interruptus”which means sending RCTP To: userto the mail-server and breaking the connection

  11. Configurable on domain and user level

  12. Anti-SPAM production configuration This figure is not very fancy, but the aim is to transmit the message that wehave designed this with scalability in mind

  13. Would a similar service be relevant in your NREN? • A tremendous interest from the users • All built using open-source components • No licences – only costs are our developers and the operations of the servers • We could help you build a similar setup – call me! martin.bech@uni-c.dk

More Related