Introduction of the S25R anti-spam system



Similar documents
Enhanced Spam Defence

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

GRAYWALL. Introduction. Installing Graywall. Graylist Mercury/32 daemon Version 1.0.0

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011

Mail Avenger. David Mazières New York University

Antispam Security Best Practices

MDaemon configuration recommendations for dealing with spam related issues

Implementing MDaemon as an Security Gateway to Exchange Server

Celframe - Easy Linux - Lesson 8 - Server

policyd-weight and some unorthodox approaches to eliminating spam

Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam .

POP3 Connector for Exchange - Configuration

Quick Start Policy Patrol Spam Filter 9

Serial Deployment Quick Start Guide

Configuring MDaemon for Centralized Spam Blocking and Filtering

MailFoundry User Manual. Page 1 of 86. Revision: MF Copyright 2007, Solinus Inc. All Rights Reserved. Page 1 of 86

Articles Fighting SPAM in Lotus Domino

PineApp Anti IP Blacklisting

Configuring Your Gateman Server

EFFECTIVE SPAM FILTERING WITH MDAEMON

CipherMail Gateway Quick Setup Guide

Anti-spam filtering techniques

Intercept Anti-Spam Quick Start Guide

TNote125 Student Locator Framework Notification Diagnostics

Collateral Damage. Consequences of Spam and Virus Filtering for the System. Peter Eisentraut 22C3. credativ GmbH.

Setting up and controlling

Anti Spam Best Practices

Anti-Spam Configuration in Outlook 2003 INDEX. Webmail settings Page 2. Client settings Page 6. Creation date Version 1.2

Migration Manual (For Outlook Express 6)

Feature Comparison Guide

Quick Start Policy Patrol Mail Security 9

Guardian Digital Secure Mail Suite Quick Start Guide

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

VPOP3 Your post office Getting Started Guide

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

Quick Start Policy Patrol Mail Security 10

Fast, flexible & efficient delivery software

Reliable & Secure . Professional, Dependable, Complete Easy to Learn, Use and Grow

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Internet Security [1] VU Engin Kirda

MailFoundry Users Manual. MailFoundry User Manual Revision: MF Copyright 2005, Solinus Inc. All Rights Reserved

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

services. Anders Wiehe IT department Gjøvik University College

AntiSpam QuickStart Guide

Using WinGate 6 . Concepts, Features, and Configurations.

s sent to the FaxFinder fax server must meet the following criteria to be processed for sending as a fax:

debops.postfix documentation

Migration Manual (For Outlook 2010)

Fighting Spam: Tools, Tips, and Techniques

eprism Security Appliance 6.0 Release Notes What's New in 6.0

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

MDaemon Vs. Microsoft Exchange Server 2013 Standard

Content Scanning with Exim 4

1 Accessing accounts on the Axxess Mail Server

on the RaQ 3. General. server. Services

Spam fighting with Postfix

Administrator Manual v3.0

Postfix: Status Quo current development an overview

Comodo Antispam Gateway Software Version 1.6

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Securepoint Security Systems

GFI Product Manual. Administration and Configuration Manual

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers

Mail Service Reference

Visendo Suite a reliable solution for SMBs

A D M I N I S T R A T O R V 1. 0

Configuring Security for SMTP Traffic

Technical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1

About this documentation

XGENPLUS SECURITY FEATURES...

Icebox - Sendio SPAM Filter

Avira Managed Security AMES FAQ.

How To Block Ndr Spam

Release Notes. for Kerio Connect 8.0.0

SME- Mail to SMS & MMS Gateway with NowSMS Quick Start Guide

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

Installing Policy Patrol with Lotus Domino

EMB. Basics. Goals of this lab: Prerequisites: LXB, NET, DNS

ORF ENTERPRISE EDITION 1. Getting the Most Out of ORF

Greylisting has been around since 2003 when Evan Harris wrote the original whitepaper on it as a spam filtering mechanism.

GREEN HOUSE DATA. Services Guide. Built right. Just for you. greenhousedata.com. Green House Data 340 Progress Circle Cheyenne, WY 82007

How To Filter From A Spam Filter

Oakland County Webmail Anti-Spam Setup

Tufts Technology Services (TTS) Proofpoint Frequently Asked Questions (FAQ)

How to Configure edgebox as an Server

Gateways Using MDaemon 6.0

FortiMail Filtering Course 221-v2.2 Course Overview

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

Quick Start Policy Patrol Spam Filter 5

WaveWare Technologies, Inc. We Deliver Information at the Speed of Light

Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration

Transcription:

Introduction of the S25R anti-spam system ASAMI Hideo deo@gabacho-net.jp http://www.gabacho-net.jp/en/anti-spam/ Aug 29, 2009 1

What is S25R? The Selective SMTP Rejection Anti-spam System (port 25) Gist of the action Rejects receiving mail returning a retry request (response code 450 ) when the client host is supposed to be an end-user s compter being based on its reverse name. Receives mail by whitelisting the host when a mail server is misidentified and so retry accesses are found. 2

Concept of mail route restriction sender site recipient site mail server SMTP mail server (protection point) SMTP / SMTP-AUTH PC SMTP has no reverse name or has a reverse name with many numerals, besides doesn t retry PC POP / IMAP 3

How to configure /etc/postfix/main.cf smtpd_client_restrictions = permit_mynetworks, check_client_access regexp:/etc/postfix/white_list, check_client_access regexp:/etc/postfix/rejections /etc/postfix/white_list permission conditions for mail servers misidentified /etc/postfix/rejections rejection conditions for end-user s computers not blocked by the following conditions /^unknown$/ 450 reverse lookup failure, be patient /^[^.]*[0-9][^0-9.]+[0-9].*./ 450 S25R check, be patient /^[^.]*[0-9]{5}/ 450 S25R check, be patient /^([^.]+.)?[0-9][^.]*.[^.]+..+.[a-z]/ 450 S25R check, be patient /^[^.]*[0-9].[^.]*[0-9]-[0-9]/ 450 S25R check, be patient /^[^.]*[0-9].[^.]*[0-9].[^.]+..+./ 450 S25R check, be patient /^(dhcp dialup ppp [achrsvx]?dsl)[^.]*[0-9]/ 450 S25R check, be patient 4

Examples of blocked host names unknown evrtwa1-ar3-4-65-157-048.evrtwa1.dsl-verizon.net pcp04083532pcs.levtwn01.pa.comcast.net 398pkj.cm.chello.no host.101.169.23.62.rev.coltfrance.com wbar9.chi1-4-11-085-222.dsl-verizon.net d5.gtokyofl27.vectant.ne.jp dhcp0339.vpm.resnet.group.upenn.edu PPPbf708.tokyo-ip.dti.ne.jp 5

Comparison of spam blocking rates DNSBL E-mail reputation Bayesian filter S25R 50--60%? about 70% 80--90% 97--99% 6

You must NOT... specify REJECT (the response code 554 ). leave retry accesses without watching the mail log. * Retry period is 5 days by default setting of Postfix or sendmail (= given period for acceptance). * Some mail servers stop retry in about 2 days. * It is hard to accept mail servers which stop retry in about an hour. It is recommended to install the published white list or greylisting (such as Rgrey). 7

False positive rate about 13% without a white list Major cases that legitimate mail servers are blocked by S25R reverse lookup failure / paranoid test error reverse host names including a serial number assinged by an ISP which has many subscriber lines reverse host names including a serial number assinged by a company which has many servers The false positive rate reduces as the white list becomes enriched. 8

Virtuous circle of the white list S25R is used because of its easiness to use. White list information is contributed. Less false positive rate makes S25R easier to use. The published white list becomes enriched. The published white list: now includes about 700 items 9

Log sorting script for finding retry accesses easily Retry accesses (with the same IP address, sender addess and recipient address) are shown as lines in a sequence. =>Whitelist the host if the sequense shows behavior of a legitimate mail server. Generally, it retries for 30 mintes or more at an interval of 1 munute or more. An access which is not retried is shown as a single line separated by a blank line. =>You can ignore it. Estimated message count (nealy equal to the number of spam messages which might have been received if they were not blocked) is displayed. =>You can use it for statistics. 10

Automatic acceptance of hosts in false positives Acceptance of hosts in false positives can be automated by using greylisting or tarpitting together with S25R. merits demerits manual Additional software is not needed (in case of Postfix). Stringent against retried spam accesses. Much labor is needed for watching. Acceptance may fail if the retry period is shorter than the watching interval. automatic Few labor is needed for watching. Acceptance succeeds even if the retry period is short. Additional software is needed. Retried spam accesses may cheat the protection system (greylisting reduces 1% in the spam block rate). 11

Development by other volunteers for Postfix for qmail for sendmail for XMail for mail clients Rgrey Starpit targrey S25R application patch for qmail Qgrey s25rtarpitgreylist smtp_wrapper application with milter application with XMailCFG filter configuration for Becky! (by myself) Becky! S25R spam filter MailUtl3 12

Praises for S25R Surprising effectiveness! Legitimate mail can be received correctly. We had been in trouble over disk exhaustion by spam. We were survived. We can never abandon it. We recommend S25R for the customers of our hosting service. 13

Criticisms against S25R criticisms Some legitimate mail servers don t have a reverse name. Some legitimate mail servers have a revers name with many numarals. It excludes mail servers with a dynamic IP address. Don t reject accesses selfishly on nothing but the result of reverse lookup. It is not useful but for a personal site. answers You can receive mail by whitelisting while retry accesses are coming. You can receive mail by whitelisting while retry accesses are coming. I hope such mail servers send out mail through your ISP s mail server. Wait for whitelisting in the recipient site. It is mistaken operation if they leave retry accesses. The published white list has become useful for large sites. Receiving defers. Retry request loads the sender sites with the disk resource. Using greylisting or tarpitting reduces deferment. You shouldn t use it if you dislike even a little deferment. There is no problem even if mail stays in the sending queue. Loads on the Internet relay lines reduces. 14

Why has S25R spread? The number of sites applying it: estimated to be over 1000 High effectiveness. Free of charge. High skill is not needed for installation and operation. You don t need to ask anything of sender sites. The published white list has become enriched by contributors. Using greylisting and tarpitting was put into practice. It has become applicable for also qmail, sendmail and XMail. Besides the name is good? Demand for ISPs: the service which enables users of connection with one IP address to assign their own reverse name 15

Appendix: The teachings to foresee the future prospects People who first critisized things which have spread AGAWA Hiroyuki... Shinkansen ITOKAWA Hideo... VTR for home use pros and semipros of computers... Windows Things which satisfy the public needs with continuous efforts shall win. 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information