19
The Anti-SPAM service from Forskningsnettet - What is new about it? TF-MSP meeting 4/2-2010 Martin Bech, UNI-C [email protected]
The Anti-SPAM service fromForskningsnettet- What is new about it?
TF-MSP meeting4/2-2010Martin Bech, [email protected]
Fighting SPAM
A well-known problemWell-known solutionsWe all deal with spamLots of home-built solutionsEven more commercial services
Is there anything more for us as an NREN to do in this field?
Motivation for a common Anti-spam service
All universities are centralizing mail handlingAll Universities are using considerable resources fighting spamMaybe some kind of economy of scale may be achievedAnd we may even have a few new ideas to make the whole service better and innovative…
The basic idea
Make the storage of spam mail the sender’s problemWhile still preserving the benefits of having received the mails
RFC 2821
SMTP client required to wait 10 minutes before timeout for DATA completionAfter we have received the final “.” in the mail we scan it while keeping the connection open.If scanning is succesful, we return the “250 OK” message otherwise the “550” message is issuedOur “550” message contains a URL that a “human” sender may use to push his email through
Standard reception flow
SenderMTA
HELO local.domainMAIL FROM: mail@sendRCPT TO: [email protected]: bla bla
More bla bla
•
Immediately reject mail:550 Mail delivery rejected
Open TCP connection
GreylistingIn a
blocking list?
Yes
Immediately accept mail:250 Message accepted for delivery
No
And give the mailthe standard filter treatment
Bayesianfiltering
…and whatever
Virus scan
Non-delivery mail to “sender”
Standard delivery
Our approach
SenderMTA
HELO local.domainMAIL FROM: mail@sendRCPT TO: [email protected]: bla bla
More bla bla
•
Reject mail:550 Mail delivery rejected
Open TCP connection
Greylisting
In a blocking list?
Yes
Immediately accept mail:250 Message accepted for delivery
No
Bayesianfiltering
…and whatever
Virus scan
Standard delivery
Apply filtering while TCP connection from MTA open
Advantages in our approach
It is the obligation of the sender to store the rejected mailWe don’t issue any non-delivery messages – they are the obligation of the sending MTABlocked and rejected mails may still be stored as desired by the user
Ability to rescue all important mails from deletion
Honest (or at least human) senders may push their mails through – provided they don’t contain virusUsers may rescue rejected mails because we can configure the system to keep a copy even when it is the responsibility of the sender to store the rejected mailFor instance: You want a mail from a robot whose MTA is on a blocking list
Several ways of recipient validation
LDAPRadiusAD“SMTP Interruptus”which means sending RCTP To: userto the mail-server and breaking the connection
Configurable on domain and user level
Anti-SPAM production configuration
This figure is not very fancy, but the aim is to transmit the message that wehave designed this with scalability in mind
Would a similar service be relevant in your NREN?
A tremendous interest from the usersAll built using open-source componentsNo licences – only costs are our developers and the operations of the serversWe could help you build a similar setup – call me!
