Thursday Apr 24, 2008

Modern Email Usage

And the survey is in: Spam in a landslide!

Friday Jan 19, 2007

Messaging Server: Security Issues with Anti-Spam and Anti-Virus Deployments

When planning to deploy anti-spam or anti-virus technology with Sun Java System Messaging Server, keep in mind that an incorrect deployment can defeat your security measures. The following figure shows an incorrect deployment of an anti-spam/anti-virus filter solution.

The next figure shows a correct deployment of an anti-spam/virus filter solution.

The Messaging Server MTA performs certain functions well, including:

  • Rejecting messages as early as possible
  • Per-user configuration and policy
  • Email security and routing policy
  • Mail queue management

The anti-spam/virus filter is good at determining if an email is spam or has a virus, but is generally not nearly as good at doing the things expected of a good MTA. Thus, do not depend on an anti-spam/virus filter to do those things. Your deployment is more "correct" when the anti-spam/virus filter is well integrated with the MTA, which is the case with Messaging Server. Messaging Server spam filter plug-in support provides all the potential reasons to reject a message early and applies all reasons at the same time.

A robust MTA, such as Messaging Server's, contains security features (SSL/TLS, traffic partitioning by IP address, early address rejection to reduce denial-of-service attacks, connection throttling by IP address/domain, and so on), which are defeated when an anti-spam/virus filter is deployed in front. Furthermore, anti-spam/virus filters that communicate by using the SMTP protocol often do not follow the robustness requirements of SMTP and thus lose email when they shouldn't. A correct deployment should have the anti-spam/virus filter working in conjunction with a robust MTA.

Monday Jan 08, 2007

First Line of Defense Against Spam: Greylisting & Messaging Server

What is Greylisting?

Per Wikipedia: Greylisting is a method of defending electronic mail users against email spam. A mail transfer agent which uses greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again to send it later, at which time the destination will accept it. If the mail is from a spammer, it will probably not be retried, and spam sources which re-transmit later are more likely to be listed in DNSBLs (DNS "black lists") and distributed signature systems such as Vipul's Razor.

Greylisting requires little configuration and modest resources. It is designed as a complement to existing defenses against spam, and not as a replacement.

If you're interested in configuring greylisting for Sun Java System Messaging Server, there's a nice solution called Gross, which was written by a current Messaging Server user.

The "magic" of this solution is based on the observation that spammers almost never queue their mail. In general, spammers send their message just once, and, if the attempt does not succeed, the message is not retried. By giving a temporary error on the first spam attempt, you are able to deny most spam immediately.

Note that Gross works well for sites that have "conservative" spam policies. Greylisting can delay legitimate messages as well. Because Gross imposes greylisting only for those hosts found on various dnsbls, the impact for legitimate mail is minimal.

About

Reporting about Unified Communications Suite Documentation, including news, Comms 101, documentation updates, and tips and tricks.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today