slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT PowerPoint Presentation
Download Presentation
Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT

Loading in 2 Seconds...

play fullscreen
1 / 21

Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT - PowerPoint PPT Presentation


  • 251 Views
  • Uploaded on

Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT Agenda Introduction to Barracuda Networks (10 Min) Building a security appliance using open source technologies (10 Min) Anti-Spam technologies (40 Min)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT' - medwin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Build Your Own Spam Firewall

Using Postfix & SpamAssassin

Zach Levow, vp engineering

April 20, 2005 / SecureIT

agenda
Agenda
  • Introduction to Barracuda Networks (10 Min)
  • Building a security appliance using open source technologies (10 Min)
  • Anti-Spam technologies (40 Min)
  • System considerations (10 Min)
  • Q/A
company background
Company Background
  • Mission
    • Deliver easy to use and cost effective solutions for protecting email servers
  • Founded December 2002
    • Research and development since 2001
  • Barracuda Spam Firewall Launch October 2003
  • Barracuda Spyware Firewall Launch April 2005
  • Headquarters in Cupertino, California
    • Offices in Europe (UK), China (Shanghai), Canada, Australia, India, Pakistan, United Arab Emirates (Dubai), and USA
    • 100+ employees worldwide
    • Experienced management & development team
  • Privately Funded
    • Profitable
  • Market Leader
    • 14,000 customers worldwide
barracuda spam firewall
BarracudaSpamFirewall
  • Comprehensive email protection
    • Blocks spam and virus
    • Integrated hardware and software solution
  • Ease of use
    • Plug-and-play
    • No changes needed to email servers
  • Enterprise Features
    • Reliable and Robust
  • Aggressively Priced
    • No per user licensing fees
  • Market leading anti-spam appliance

Launched Oct. 13, 2003

barracuda spam firewall outbound edition
Barracuda Spam Firewall - Outbound Edition
  • Comprehensive MTA
  • Includes Barracuda Spam Firewall Features
    • Easy to use and Configure (web interface)
    • Secure
    • Reporting and logging
  • Stops Virus Proliferation
  • Enforces Corporate & Regulatory Policies
    • Foul language and security
    • HIPAA, Sarbanes-Oxley
  • Prevents Spamming & Open Relay Function

Launched Jan. 17, 2005

barracuda spyware firewall features
Barracuda Spyware Firewall Features
  • Gateway appliance
  • Powerful, easy to use & install
    • Intuitive user interface
  • Affordable
    • Prices starting at $1,999
  • Available in five models:
    • Spyware Firewall 210 ($1,999)
    • Spyware Firewall 310 ($3,299)
    • Spyware Firewall 410 ($5,999)
  • Inline hardware appliance
  • Complete scalability for growing organizations
cardinal rules of spam filtering
Cardinal Rules of Spam Filtering
  • No false positives!
  • A false positive where the sender is not notified is even worse
  • Reject rather than bounce
  • Don’t assume everyone’s mail looks like yours
open source technical issues
Open Source Technical Issues
  • Immature products: One size does not fit all
  • Mature products: Bloated codebase – hard to maintain
  • Security issues
    • Pro: an active community will find and fix security issues.
    • Con: an active community will introduce security flaws.
    • Con: publishing your source does expose you to more exploits. Hackers go for the lowest common denominator.
    • Chroot, chroot, chroot – it’s always worth it.
open source business issues
Open Source Business Issues
  • Giving back to the community
    • Many changes aren’t for everyone
    • Extra time to polish changes for contribution
  • Separating proprietary technology
    • Configuration files are yours
    • Absolutely no linking if you don’t want to share.
anti spam technologies
Anti-spam Technologies
  • Intent Analysis
    • Open alternative: SURBL – Bill Stearns’ URL Blacklist
    • Real-time query performance issues
  • RBLs
    • Spamhaus – only list with minimal false positives
  • SpamAssassin
    • Rules Updates
  • SPF
  • Rate Control/Throttling
  • Virus scanning
    • Several fairly good open source solutions…
    • No one solution catches all…
    • Combine them
anti spam technologies cont
Anti-Spam Technologies (Cont.)
  • Bayesian
    • International Charsets
      • IBM’s ICU library very efficient
      • Token Chaining Crucial
    • Per-user Bayes very important
    • Noise reduction very helpful
    • Pro: most proactive anti-spam technique
    • Con: Troubleshooting is usually a nightmare!
    • Make user classification easy
controversial anti spam techniques
Controversial Anti-Spam Techniques
  • Graylisting
    • Pro: Very effective at blocking spam
    • Con: Potentially delays all messages from new senders by several hours
    • Con: Spammers know how to defeat it, but most don’t yet
  • Tarpitting
    • Pro: effective at slowing down dictionary attacks
    • Con: Will bury a busy system if a process or thread is required per connection.
  • Challenge-response
    • Increases internet chatter
    • Unless linked to outbound SMTP, can lead to “Deadlock”
dns mx records
DNS MX Records
  • Example MX record

barracudanetworks.com MX preference = 10, mail exchanger = barracuda2.barracudanetworks.com

barracudanetworks.com MX preference = 10, mail exchanger = barracuda.barracudanetworks.com

  • SMTP is great to load-balancing/failover
    • Put as many systems as you like at the same “Preference” and all known clients will round-robin until they find an available system
    • DON’T LEAVE YOUR MAIL SERVER AS A BACKUP MX FOR YOUR SPAM FILTER!! Spammers will attack it directly
phishing
Phishing
  • No link should ever say that it is HTTPS in a message and then actually link to a non-HTTPS page
  • Relatively small list of known scams – fairly easy to keep up with if you have a good sample of email. It is worth the effort.
quarantine
Quarantine
  • Effective tool for reducing “False Positives” while increasing catch rate.
  • Best if integrated with directory services so that a user with multiple email addresses only has one quarantine box.
  • No perfect open-source solution:
    • Need web interface
    • Should send daily digest
per user settings
Per-User Settings
  • Major reduction in administration if users can update personal allow/block lists, passphrases, etc.
  • Again, best when integrated with directory services.
  • User interface issues.
system considerations
System Considerations
  • Databases:
    • Most open source databases are great for low-volume, general purpose applications.
    • In high load situations they all break down – specialized databases become necessary.
  • High-availability
    • Syncing of configurations (meta-data)
    • Syncing of quarantine information (data)
system considerations cont
System Considerations (Cont.)
  • Hard drives
    • Typical drives will last 6-12 months under a constant and steady mail load.
    • Use Raid
    • Turn off write cache (hdparm)
  • Filesystems
    • Use Journaling Filesystem
      • Ext3: slow, but robust
      • XFS/ReiserFS: faster, but less robust
      • Mount with synchronous I/O (sync)
fighting spam can be effective
Fighting Spam Can Be Effective
  • False positives are not acceptable or necessary.
  • Keep your spam rules and virus definitions up to date.
  • Reduce your administration load and false positives/negatives by giving control to your users through personal settings and quarantine.