welcome to the 1 5 years anniversary meeting n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Welcome to the 1.5 years anniversary meeting. PowerPoint Presentation
Download Presentation
Welcome to the 1.5 years anniversary meeting.

Loading in 2 Seconds...

play fullscreen
1 / 11

Welcome to the 1.5 years anniversary meeting. - PowerPoint PPT Presentation


  • 253 Views
  • Uploaded on

New York Exchange User Group . Welcome to the 1.5 years anniversary meeting. Tue, August 8, 2006. Every 2 nd Tuesday of the Month. Same Time and Place Upcoming Meetings September - Designing Large Scale Distributed Deployments by Michael Murphy, TechNet Presenter for Microsoft

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Welcome to the 1.5 years anniversary meeting.' - bian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
welcome to the 1 5 years anniversary meeting

New York Exchange User Group

Welcome to the 1.5 years anniversary meeting.

Tue, August 8, 2006. Every 2nd Tuesday of the Month. Same Time and Place

Upcoming Meetings

September - Designing Large Scale Distributed Deployments by Michael Murphy, TechNet Presenter for Microsoft

October – Are your email DBs growing and need SAN based storage needs, come and get an Intro to iSCSI, Fibre Channel, HBA cards, etc.

Agenda

-Enjoy pizza & soda

- Introduction to group, direction of group & topics.

- Main Presentation (Inside Scope on Resource Booking by Steve Lujan of WHEDCO.org

2nd Presentation (Server-Side Anti-Spam Techniques by Ben Serebin of REEFsolutions.com

- Raffle Items (wait until the end of the meeting)

Presented by Ben Serebin www.reefsolutions.com

latest server side anti spam technologies techniques

Latest Server-SideAnti-Spam Technologies & Techniques

Goal of Presentation

To be able to understand the pros/cons of of the major techniques and technologies utilized in anti-spam filtering.

Spam affects everyone with an email address, unless you have a username@server.local email address.

Presented by Ben Serebin www.reefsolutions.com

introduction
Introduction
  • Working in the IT sector since 1996
  • Specialty is MS Exchange and Spam Filtering
  • How I use to list my e-mail address on my website (source shown) :

<script type="text/javascript"><!--

document.write('<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;' + '&#98;&#101;&#110;@' + '&#114;&#101;&#101;&#102;&#115;&#111;&#108;&#117;&#116;&#105;&#111;&#110;&#115;&#46;&#99;&#111;&#109;' + '">' + '&#98;&#101;&#110;&#64;&#114;&#101;&#101;&#102;&#115;&#111;&#108;&#117;&#116;&#105;&#111;&#110;&#115;&#46;&#99;&#111;&#109;' + '</a>');

// -->

</script>

Presented by Ben Serebin www.reefsolutions.com

spam is it really that bad
Spam – Is it really that bad?
  • Sadly, yes. Spam counts for even at the most conservative mail server deployments 50%. I’ve seen deployments have spam amounting to as high as 90% of all email!
  • According to a recent June 06 study, up to 86% of all email is spam.

Presented by Ben Serebin www.reefsolutions.com

what server side anti spam options exist
What Server-Side Anti-Spam Options Exist?
  • There are three major approaches to anti-spam filtering : on the mail server, mail gateway and DNS proxying.
  • There are a number of pros & cons to the various approaches regarding performance, accuracy, and ease of use.

Presented by Ben Serebin www.reefsolutions.com

filtering on the mail server
Filtering on the Mail Server
  • This is considered the old school way and still one of the best. Using software (e.g. GFI MailEssentials, MailSecurity) on the Exchange Server.
  • Pro’s
  • highly accurate
  • easy to use for users
  • Con’s
  • CPU and memory performance penalty to run it on your server
  • Server backups include spam filtered to Junk Mail or spam filter folder

Presented by Ben Serebin www.reefsolutions.com

filtering on the mail gateway
Filtering on the Mail Gateway
  • A good approach to protect your Exchange Server and offer spam filtering via a separate server (e.g. most 3rd mail servers, Merak, CommuniGate, )
  • Pro’s
  • protects your Exchange Server from DoS and other attacks and vulnerabilities
  • reduces cpu and memory needs on Exchange Server
  • most configuration possibilities (ability to control in/out-bound rules)
  • Con’s
  • most administrator support since spam frequently is tagged or sent to a global spam mail address
  • requires separate server

Presented by Ben Serebin www.reefsolutions.com

filtering via dns proxying
Filtering via DNS Proxying
  • A newer approach to spam filtering that utilizes hosted services (e.g. Postini, FrontBridge, etc) or enterprise class hardware (e.g Barracuda Networks)
  • Pro’s
  • protects your Exchange Server from DoS and other attacks and vulnerabilities
  • reduces cpu, memory needs, and backups sizes on Exchange Server
  • ease of use for users & administrators
  • Con’s
  • frequently the most costly solution
  • trust your company’s email to a 3rd party vendor
  • requires users to check daily quarantine emails

Presented by Ben Serebin www.reefsolutions.com

anti spam techniques
Anti-Spam Techniques

Quiz yourself on the acronyms.

  • SPF (Sender Policy Framework) – aka Sender ID Filtering. Used to emails sent by spoofed mail servers by using configured DNS records. Natively supported in Exchange 2003. Gaining use and SPF records are frequently incorrectly configured by admins.
  • Domain Keys – uses public/private key encryption to add headers to authenticate SMP. Created by Yahoo and is now open-source. Difficult, not commonly used outside of Yahoo.
  • Challenge Response – recipient server generates a response email to email sender and requires sender to visit a website to enter a code to allow email message to be accepted. Not very popular since only Yahoo and open source mail servers support this (frequently Linux/Unix based solutions).
  • Tarpitting & Directory Harvesting Checking – insures spammers cannot use dictionary attack on a recipient’s server. Natively supported in Exch 2003.
  • ????? – receiving mail server checks in-bound email against DNS server to determine if they are on a list. There are a # of different lists. Some that I recommend. I STRONGLY recommend you read and understand the philosophy and the process for adding/removing mail servers & IP to the lists.
  • Whitelists – IP based for other mail servers, network devices, fully from email addresses (realuser@aol.com), from domains (citibank.com), and to email address (myemail@mydomain.com)

Presented by Ben Serebin www.reefsolutions.com

anti spam techniques continued
Anti-Spam Techniques (continued...)

Quiz yourself on the acronyms.

  • Bayesian Analysis – highly intelligent method of filtering that dynamically learns based on your usage of email.
  • RBLs (real time block lists) – email messages headers and/or sending mail server are checking against a database of spammers via DNS. Recommend: dnsbl.njabl.org, relays.ordb.org, bl.spamcop.net, sbl-xml.spamhaus.org
  • SURBLs (spam URL) – any URLs in an email messages body is checked against a database of spammers via DNS. Recommend multi.surbl.org, bl.spamcop.net
  • Content Filters (header and body, e.g. Intelligent Message Filter) – filters based on headers such as subject and body content. An example is an email with the subject of “p0rn” should automatically be considered spam.
  • New Senders – tags the email and notifies a recipient that this is the first time a new user is emailing you. Not very useful, I would disable it.
  • Greylisting – 1st time a mail server attempts to connect results in a 4xx error, means retry in a short time. Useful, but has nasty side-effect of slowing down mail flow.
  • BATV (Bounce Address Tag Validation) – protects against bounced messages redirecting to valid accounts.

Presented by Ben Serebin www.reefsolutions.com

conclusion
Conclusion
  • Q&A Now…
  • Questions or comments: email me @ ben A-T reefsolutions . com
  • This presentation will be online this week.

Presented by Ben Serebin www.reefsolutions.com