BACKSCATTER PROTECTION AGENT Version 1.1 documentation



Similar documents
ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

How to Add HealthCentral to Your Safe Senders List

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Premium Anti Spam User s Guide. Table of Contents

Filtering with Microsoft Outlook

Filtering for Spam: PC

How to install and use the File Sharing Outlook Plugin

Installing Policy Patrol with Lotus Domino

How To Block Ndr Spam

Adding an address to a safe sender list in an client or security software

MailGuard and Microsoft Exchange 2007

Microsoft Exchange 2003

Quick Start Policy Patrol Spam Filter 5

AD Self Password Reset Installation and configuration

A D M I N I S T R A T O R V 1. 0

Migration Manual (For Outlook Express 6)

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

1. Navigate to Control Panel and click on User Accounts and Family Safety. 2. Click on User Accounts

8.6. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.6. Contents

MailEnable Connector for Microsoft Outlook

Quick Reference Guide: Business Mail

Marketing Glossary of Terms

Versions Addressed: Microsoft Exchange 2003 Document Updated: March 25, 2015 Co nfidential Copyright 2015 Smarsh, Inc. All rights reserved.

Mod 08: Exchange Online FOPE

About this documentation

Instructions for Microsoft Outlook 2003

Using Barracuda Spam Firewall

BULLGUARD SPAMFILTER

Purchase College Barracuda Anti-Spam Firewall User s Guide

How does the Excalibur Technology SPAM & Virus Protection System work?

POP3 Connector for Exchange - Configuration

Intercept Anti-Spam Quick Start Guide


HOW TO: Use the UWITC Barracuda Spam Filter System

How to make sure you receive all s from the University of Edinburgh

OR Filter 3.2 Manual. Draft. Copyright 2003, Martijn Jongen. All Rights Reserved Version : Ref. nr. : MhJ/ By : M.

WaveWare Technologies, Inc. We Deliver Information at the Speed of Light

AntiSpam QuickStart Guide

Migration Manual (For Outlook 2010)

Feature Comparison Guide

Smart E-Marketer s Guide

Add an address to a safe sender list in a client or security software AOL. BellSouth / AT&T Web

Quick Start Policy Patrol Spam Filter 9

EnterGroup offers multiple spam fighting technologies so that you can pick and choose one or more that are right for you.

Configuration Guide for Exchange 2003, 2007 and 2010

Security. Help Documentation

Merak Outlook Connector User Guide

Whitelist Instructions

10 Step 2 System Service Setup. 11 Step 3 RelayFax Server Setup. 11 Step 4 Company Name and CSID String. 12 Step 5 Fax and Voice Number

Owner of the content within this article is Written by Marc Grote

D3 TECHNOLOGIES SPAM FILTER

Microsoft Outlook 2010 contains a Junk Filter designed to reduce unwanted messages in your

Avira Managed Security (AMES) User Guide

Configuring MDaemon for Centralized Spam Blocking and Filtering

Policy Patrol 7 Upgrade Guide

Installing GFI MailEssentials

Configuring Microsoft Dynamics AX 2012 Alerts and Notifications Using an SMTP Relay Server with Office 365

Trend Micro Hosted Security Stop Spam. Save Time.

Installation Guide For Choic Enterprise Edition

Vodafone Text Centre User Guide for Microsoft Outlook

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Chapter 10 Encryption Service

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

OUTLOOK EXPRESS ACCOUNT SETUP FOR USE WITH ELLIPSE ADVANCED SPAM FILTER

Version 2.1.x. Barracuda Message Archiver. Outlook Add-In User's Guide

Creating a User Profile for Outlook 2013

1 Accessing accounts on the Axxess Mail Server

Implementing MDaemon as an Security Gateway to Exchange Server

WinTask x64 Scheduler for Windows 7 64 bit, Windows 8/ bit and Windows 2008 R2 64 bit. Scheduler Quick Start Guide

Setup Guide for Exchange Server

ORF ENTERPRISE EDITION 1. Getting the Most Out of ORF

How to make the s you Send from Outlook 2010 appear to Originate from different Addresses

Whitelist Instructions

Password Reset Tool for Service Desk Operators Version 2.0

Exchange Mailbox Protection

Icebox - Sendio SPAM Filter

Getting Started Guide Unix Platform

How To Send From A Netbook To A Spam Box On A Pc Or Mac Or Mac (For A Mac) On A Mac Or Ipo (For An Ipo) On An Ipot Or Ipot (For Mac) (For

Oakland County Webmail Anti-Spam Setup

PROOFPOINT - SPAM FILTER

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

GFI Product Manual. Getting Started Guide

Icebox - Sendio SPAM Filter

Securepoint Security Systems

ISPs AOL, AOL Web Mail, Yahoo, Hotmail Live, Windows Live and MSN, Gmail, Earthlink, AT&T, Comcast

Junk Settings. Options

Installing and Setting up Microsoft DNS Server

Mail Server Scenarios and Configurations

Barracuda Spam Firewall User s Guide

Barracuda Spam Firewall Administrator s Guide

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

Basic Exchange Setup Guide

Transcription:

BACKSCATTER PROTECTION AGENT Version 1.1 documentation Revision 1.3 (for ORF version 5.0) Date June 3, 2012

INTRODUCTION What is backscatter? Backscatter (or reverse NDR ) attacks occur when a spammer sends large amount of emails in the name of your domain and your email server gets bombed by bounce reports (also called DSNs or NDRs) from legitimate servers. For more information, please read our article at http://www.vamsoft.com/support/docs/articles/how-to-stop-backscatter How does this agent help? The Backscatter Protection Agent can detect backscatter with high accuracy and enables you to throw away the DSNs caused by the forged emails. Note that this agent will help against DSNs only. Out-Of-Office autoresponses, Challenge/Response anti-spam requests and other type of automated emails may get thru the filtering. Publishing an SPF policy could also help reducing the amount of backscatter you receive. Read more about this below. How does the agent work? The idea behind the agent is that most DSNs contain the original email and this allows the agent to check if the original email is from your network, by examining whether it shows properties unique to your network. This agent checks specifically for the Message-ID email header, which has a unique format pattern for every network/server. The agent extracts the Message-ID headers from the bounce report, and matches them with your unique pattern. If none of the Message-IDs are like your pattern, the agent reports that the original email was probably from another network in other words, it's a backscatter DSN. BEFORE INSTALLATION To start using the agent, you need to find out the Message-ID pattern unique to your network. Read the section below before you start installing the agent. 2

Determining your Message-ID pattern During email delivery, typically it is the first server involved in the delivery which assigns a unique Message-ID to the email, e.g. a Microsoft Exchange Server or the IIS SMTP Service. A Message-ID email header looks like this: Message-ID: <01a901c894aa$28afcc20$39fba8c0@domain.local> The value between < and > is the Message-ID, as shown in the example below: 01a901c894aa$28afcc20$39fba8c0@domain.local We highlighted the @domain.local part, because this is what we are going to define a simple regular expression pattern for, which is:.*@domain\.local$ [explained: zero or more (*) arbitrary characters (.), followed by an '@' sign and the literal domain, a dot character (\.) and the literal local. No extra characters behind this pattern are allowed ($)] In rare cases, your network may have multiple servers with where Message-IDs are generated. In this case, you may have to use a combined pattern:.*@(domain1\.local domain2\.local)$ [explained: same as before, but a logical OR operation was introduced between the two patterns, using parentheses and the sign. You can add further subpatterns in this fashion as (subpattern1 subpattern2 subpattern3)] Regular expressions (regex) can be a bit scary at first if you get lost, feel free to contact us with your Message-ID samples. When writing regexs, consider than many characters have special role in regular expressions. It is recommended that you escape any non-alphanumeric letter by placing a backslash in front of them. For example, dot character escaped is \., instead if just.. Now, you need to determine check your Message-ID pattern. The easiest way to do this is to send an email outside your organization (e.g. to GMail or Hotmail) and check the email source. Outlook shows the email headers (open the email, select View Options). In GMail, use the Show Original menu. You can also email us (cs@vamsoft.com) and we will tell you what Message-ID we received. Typically, your Message-ID will contain the internal server name or the local domain name. Consider that special-purpose email software, such as CRM systems, mailing lists, bug trackers and such may assign their own Message-ID to the emails they generate. If you have such software installed on your 3

network, it is recommended to check their Message-ID samples, too. INSTALLATION 1. Download the package Download the Vamsoft Backscatter Protection Agent package from http://www.vamsoft.com/support/tools/backscatter-protection-agent 2. Extracting files Extract the package contents into an arbitrary local directory on your server. We recommend to extract the files to \Program Files\Vamsoft\BackscatterAgent. The rest of the guide assumes this path. 3. Importing the Agent definition Follow the instructions below to import the agent definition. 1. Start the ORF Administration Tool. 2. Select File Import External Agent Definitions... from the menu. 3. Select the \Program Files\Vamsoft\BackscatterAgent\agentdef\backscatteragent.xml definition file in the dialog and click Open. 4. Click Ok in the Importing Agent Definitions dialog. CONFIGURATION 1. Checking the External Agent test status The agent will work only if the External Agents test is enabled and properly configured. Make sure that: The External Agent Test is enabled on the Filtering / Tests page. Path for temporary email files points to a valid and existing directory on the Blacklists / External Agents page. 2. Checking the DSN filtering status Make sure that the Whitelist Delivery Status Notifications option is unchecked on the 4

Whitelist / Sender Whitelist page. 3. Setting the Agent path After importing the agent definition, you will have to set the path for the agent. 1. Select Blacklists / External Agents in the Administration Tool. 2. Select Vamsoft Backscatter Protection Agent from the list and click the Modify button. 3. Click the Run tab. 4. Click the ellipsis (...) button on the right of the Agent Executable edit box 5. Select backscatteragent.exe from from \Program Files\Vamsoft\BackscatterAgent\bin. 4. Configuring parameters Still on the same page, enter your Message-ID pattern. 1. In the Parameters box, replace the <msgidpattern> text with your Message-ID pattern regex. Make sure the regex is between double quotes, e.g.,.*@domain\.local$. To learn how to determine your Message-ID pattern, click here. 5. Enabling the Agent 1. Select Blacklists / External Agents in the Administration Tool. 2. Select Vamsoft Backscatter Protection Agent and check its checkbox. 3. Apply the configuration changes in the File Save Configuration menu. ADDITIONAL INFORMATION Just how accurate the agent is? In our lab test, the agent produced 0.19% false positives on a 1064 bounce-report-only test body. Here, a false positive means a DSN incorrectly classified as backscatter DSN. The false negative rate was 0.66%, i.e. emails that are from backscatter, but are not classified so. Note that the above figures are for bounce reports only. There is practically no chance for 5

classifying a regular email as backscatter DSN. False positives typically occur if the network which receives your email rewrites the Message- ID of the email. Another observed case is when the DSN is about another DSN. Other methods of protecting yourself from backscatter If you have not published an SPF policy yet, do it now and it will help with reducing backscatter. By publishing an SPF policy, you declare which IP addresses may act as outbound email servers for your domain. SPF-compliant email receivers will check your SPF policy and if they find that an email came from an IP address not listed by policy, they will know the sender is forged. Setting up an SPF policy is quite easy. Learn more about SPF at http://www.openspf.org. TECHNICAL SUPPORT Please find our technical support contact options on our website at: http://vamsoft.com/r?o-support 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information