The Anti-SPAM service fromForskningsnettet- What is new about it?

TF-MSP meeting4/2-2010Martin Bech, UNI-Cmartin.bech@uni-c.dk

Fighting SPAM

A well-known problemWell-known solutionsWe all deal with spamLots of home-built solutionsEven more commercial services

Is there anything more for us as an NREN to do in this field?

Motivation for a common Anti-spam service

All universities are centralizing mail handlingAll Universities are using considerable resources fighting spamMaybe some kind of economy of scale may be achievedAnd we may even have a few new ideas to make the whole service better and innovative…

The basic idea

Make the storage of spam mail the sender’s problemWhile still preserving the benefits of having received the mails

RFC 2821

SMTP client required to wait 10 minutes before timeout for DATA completionAfter we have received the final “.” in the mail we scan it while keeping the connection open.If scanning is succesful, we return the “250 OK” message otherwise the “550” message is issuedOur “550” message contains a URL that a “human” sender may use to push his email through

Standard reception flow

SenderMTA

HELO local.domainMAIL FROM: mail@sendRCPT TO: mail@rec.dkDATASubject: bla bla

More bla bla

•

Immediately reject mail:550 Mail delivery rejected

Open TCP connection

GreylistingIn a

blocking list?

Yes

Immediately accept mail:250 Message accepted for delivery

No

And give the mailthe standard filter treatment

Bayesianfiltering

…and whatever

Virus scan

Non-delivery mail to “sender”

Standard delivery

Our approach

SenderMTA

HELO local.domainMAIL FROM: mail@sendRCPT TO: mail@rec.dkDATASubject: bla bla

More bla bla

•

Reject mail:550 Mail delivery rejected

Open TCP connection

Greylisting

In a blocking list?

Yes

Immediately accept mail:250 Message accepted for delivery

No

Bayesianfiltering

…and whatever

Virus scan

Standard delivery

Apply filtering while TCP connection from MTA open

Advantages in our approach

It is the obligation of the sender to store the rejected mailWe don’t issue any non-delivery messages – they are the obligation of the sending MTABlocked and rejected mails may still be stored as desired by the user

Ability to rescue all important mails from deletion

Honest (or at least human) senders may push their mails through – provided they don’t contain virusUsers may rescue rejected mails because we can configure the system to keep a copy even when it is the responsibility of the sender to store the rejected mailFor instance: You want a mail from a robot whose MTA is on a blocking list

Several ways of recipient validation

LDAPRadiusAD“SMTP Interruptus”which means sending RCTP To: userto the mail-server and breaking the connection

Configurable on domain and user level

Anti-SPAM production configuration

This figure is not very fancy, but the aim is to transmit the message that wehave designed this with scalability in mind

Would a similar service be relevant in your NREN?

A tremendous interest from the usersAll built using open-source componentsNo licences – only costs are our developers and the operations of the serversWe could help you build a similar setup – call me!

martin.bech@uni-c.dk