1 / 11

Welcome to the 1.5 years anniversary meeting.

New York Exchange User Group . Welcome to the 1.5 years anniversary meeting. Tue, August 8, 2006. Every 2 nd Tuesday of the Month. Same Time and Place Upcoming Meetings September - Designing Large Scale Distributed Deployments by Michael Murphy, TechNet Presenter for Microsoft

bian
Télécharger la présentation

Welcome to the 1.5 years anniversary meeting.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New York Exchange User Group Welcome to the 1.5 years anniversary meeting. Tue, August 8, 2006. Every 2nd Tuesday of the Month. Same Time and Place Upcoming Meetings September - Designing Large Scale Distributed Deployments by Michael Murphy, TechNet Presenter for Microsoft October – Are your email DBs growing and need SAN based storage needs, come and get an Intro to iSCSI, Fibre Channel, HBA cards, etc. Agenda -Enjoy pizza & soda - Introduction to group, direction of group & topics. - Main Presentation (Inside Scope on Resource Booking by Steve Lujan of WHEDCO.org 2nd Presentation (Server-Side Anti-Spam Techniques by Ben Serebin of REEFsolutions.com - Raffle Items (wait until the end of the meeting) Presented by Ben Serebin www.reefsolutions.com

  2. Latest Server-SideAnti-Spam Technologies & Techniques Goal of Presentation To be able to understand the pros/cons of of the major techniques and technologies utilized in anti-spam filtering. Spam affects everyone with an email address, unless you have a username@server.local email address. Presented by Ben Serebin www.reefsolutions.com

  3. Introduction • Working in the IT sector since 1996 • Specialty is MS Exchange and Spam Filtering • How I use to list my e-mail address on my website (source shown) : <script type="text/javascript"><!-- document.write('<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;' + '&#98;&#101;&#110;@' + '&#114;&#101;&#101;&#102;&#115;&#111;&#108;&#117;&#116;&#105;&#111;&#110;&#115;&#46;&#99;&#111;&#109;' + '">' + '&#98;&#101;&#110;&#64;&#114;&#101;&#101;&#102;&#115;&#111;&#108;&#117;&#116;&#105;&#111;&#110;&#115;&#46;&#99;&#111;&#109;' + '</a>'); // --> </script> Presented by Ben Serebin www.reefsolutions.com

  4. Spam – Is it really that bad? • Sadly, yes. Spam counts for even at the most conservative mail server deployments 50%. I’ve seen deployments have spam amounting to as high as 90% of all email! • According to a recent June 06 study, up to 86% of all email is spam. Presented by Ben Serebin www.reefsolutions.com

  5. What Server-Side Anti-Spam Options Exist? • There are three major approaches to anti-spam filtering : on the mail server, mail gateway and DNS proxying. • There are a number of pros & cons to the various approaches regarding performance, accuracy, and ease of use. Presented by Ben Serebin www.reefsolutions.com

  6. Filtering on the Mail Server • This is considered the old school way and still one of the best. Using software (e.g. GFI MailEssentials, MailSecurity) on the Exchange Server. • Pro’s • highly accurate • easy to use for users • Con’s • CPU and memory performance penalty to run it on your server • Server backups include spam filtered to Junk Mail or spam filter folder Presented by Ben Serebin www.reefsolutions.com

  7. Filtering on the Mail Gateway • A good approach to protect your Exchange Server and offer spam filtering via a separate server (e.g. most 3rd mail servers, Merak, CommuniGate, ) • Pro’s • protects your Exchange Server from DoS and other attacks and vulnerabilities • reduces cpu and memory needs on Exchange Server • most configuration possibilities (ability to control in/out-bound rules) • Con’s • most administrator support since spam frequently is tagged or sent to a global spam mail address • requires separate server Presented by Ben Serebin www.reefsolutions.com

  8. Filtering via DNS Proxying • A newer approach to spam filtering that utilizes hosted services (e.g. Postini, FrontBridge, etc) or enterprise class hardware (e.g Barracuda Networks) • Pro’s • protects your Exchange Server from DoS and other attacks and vulnerabilities • reduces cpu, memory needs, and backups sizes on Exchange Server • ease of use for users & administrators • Con’s • frequently the most costly solution • trust your company’s email to a 3rd party vendor • requires users to check daily quarantine emails Presented by Ben Serebin www.reefsolutions.com

  9. Anti-Spam Techniques Quiz yourself on the acronyms. • SPF (Sender Policy Framework) – aka Sender ID Filtering. Used to emails sent by spoofed mail servers by using configured DNS records. Natively supported in Exchange 2003. Gaining use and SPF records are frequently incorrectly configured by admins. • Domain Keys – uses public/private key encryption to add headers to authenticate SMP. Created by Yahoo and is now open-source. Difficult, not commonly used outside of Yahoo. • Challenge Response – recipient server generates a response email to email sender and requires sender to visit a website to enter a code to allow email message to be accepted. Not very popular since only Yahoo and open source mail servers support this (frequently Linux/Unix based solutions). • Tarpitting & Directory Harvesting Checking – insures spammers cannot use dictionary attack on a recipient’s server. Natively supported in Exch 2003. • ????? – receiving mail server checks in-bound email against DNS server to determine if they are on a list. There are a # of different lists. Some that I recommend. I STRONGLY recommend you read and understand the philosophy and the process for adding/removing mail servers & IP to the lists. • Whitelists – IP based for other mail servers, network devices, fully from email addresses (realuser@aol.com), from domains (citibank.com), and to email address (myemail@mydomain.com) Presented by Ben Serebin www.reefsolutions.com

  10. Anti-Spam Techniques (continued...) Quiz yourself on the acronyms. • Bayesian Analysis – highly intelligent method of filtering that dynamically learns based on your usage of email. • RBLs (real time block lists) – email messages headers and/or sending mail server are checking against a database of spammers via DNS. Recommend: dnsbl.njabl.org, relays.ordb.org, bl.spamcop.net, sbl-xml.spamhaus.org • SURBLs (spam URL) – any URLs in an email messages body is checked against a database of spammers via DNS. Recommend multi.surbl.org, bl.spamcop.net • Content Filters (header and body, e.g. Intelligent Message Filter) – filters based on headers such as subject and body content. An example is an email with the subject of “p0rn” should automatically be considered spam. • New Senders – tags the email and notifies a recipient that this is the first time a new user is emailing you. Not very useful, I would disable it. • Greylisting – 1st time a mail server attempts to connect results in a 4xx error, means retry in a short time. Useful, but has nasty side-effect of slowing down mail flow. • BATV (Bounce Address Tag Validation) – protects against bounced messages redirecting to valid accounts. Presented by Ben Serebin www.reefsolutions.com

  11. Conclusion • Q&A Now… • Questions or comments: email me @ ben A-T reefsolutions . com • This presentation will be online this week. Presented by Ben Serebin www.reefsolutions.com

More Related