1 / 44

Filtragem de Email com RedHat Linux

Filtragem de Email com RedHat Linux. Ruben Oliveira RHCE RHCX MCSE MCITP. Conteúdos RedHat Linux SMTP - Simple Mail Transfer Protocol A evolução do SPAM Spam Bad Guys DNS Block Lists SPF Sender ID DomainKeys Greylisting Pattern Rules Bayes DCC Pyzor Razor OCR AV

jag
Download Presentation

Filtragem de Email com RedHat Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Filtragem de Email com RedHat Linux Ruben Oliveira RHCE RHCX MCSE MCITP

  2. Conteúdos • RedHat Linux • SMTP - Simple Mail Transfer Protocol • A evolução do SPAM • Spam Bad Guys • DNS Block Lists • SPF Sender ID DomainKeys • Greylisting • Pattern Rules • Bayes • DCC Pyzor Razor • OCR • AV • Soluções de Segurança

  3. Linux Origins 1984: The GNU Project and the Free Software Foundation Creates open source version of UNIX utilities Creates the General Public License (GPL)‏ 1991: Linus Torvalds Creates open source, UNIX-like kernel, released under the GPL Today: Linux kernel + GNU utilities = complete, open source, UNIX-like operating system Packaged for targeted audiences as distributions

  4. Red Hat Enterprise Linux • Enterprise-targeted operating system • Focused on mature open source technology • 18-24 month release cycle • Certified with leading OEM and ISV products • Purchased with one year Red Hat Network subscription and support contract • Support available for seven years after release • Up to 24x7 coverage plans available

  5. The Fedora Project • Red Hat sponsored open source project • Focused on latest open source technology • Rapid four to six month release cycle • Available as free download from the Internet CentOS • Created from the RedHat Linux OpenSource Software • No Support from RedHat • Community Supported • Rebranded RHEL Clone without the trademarks or RHN

  6. SMTP(Simple Mail Transfer Protocol)‏ • protocolo baseado em texto • Protocolo funciona na porta 25 numa rede TCP. • Simples : telnet servidor 25

  7. Exemplo de uma sessão SMTP telnet smpt.dominio.pt 25 S: 220 smtp.dominio.pt ESMTP Postfix C: HELO dominio2.pt S: 250 Hello dominio2.pt C: MAIL FROM: remetente@dominio2.pt S: 250 Ok C: RCPT TO: destinatario@dominio.pt S: 250 Ok C: DATA S: 354 End data with <CR><LF>.<CR><LF> C: Subject: Mensagem de Teste C: C: Olá. C: . S: 250 Ok: queued as 12345 C: quit S: 221 Bye

  8. Qual a razão do email comercial não solicitado ser conhecido como SPAM ?

  9. SPAM spiced ham famoso na 2ª guerra mundial Monty Python sketch 1970 menu

  10. The Evolution of Spam • The development of spammer techniques • Direct mailing • Spammers Ingénuos • Fácil de Filtrar Open Relay • Erro de configuração Zombie or bot networks - Internet popular - Updates ou Anti Virus deficientes - Utilizadores ingénuos

  11. The Evolution of Spam • The development of spam content • Simple text and HTML • Personalised mail • Random text strings • Graphics or PDF

  12. Empresas de Marketing Directo Afirmam que só enviam emails com o consentimento do destinatário. Como exemplo, Target, Virid, VirtualTarget, BrasilBiz, Spinletter.net

  13. Email Marketers Jeanne Jennings is a leading authority and independent consultant with over 15 years of experience in the e-mail and online realm. She specializes in all aspects of e-mail marketing and publishing, from strategy through design and metrics analysis. Jeanne works with medium- to enterprise-sized organizations and is expert at helping her clients become more effective and more profitable online. She is the author of "The Email Marketing Kit: The Ultimate Email Marketer’s Bible" (SitePoint, 2007) and publisher of "The Jennings Report," a free e-mail newsletter for online marketing professionals. Visit her online at JeanneJennings.com. http://www.clickz.com/showPage.html?page=3622788

  14. march folded the wavy chestnut lock, andnot buy it back; and faith in one another madethe students pay some money for the dance? cloud of pink and white lace that lay upon have stared straight before you, utterly right, for i'm all in a tangle now with doubts then the mournful

  15. http://www.darknet.org.uk/2008/01/uber-spammer-alan-ralsky-back-in-the-news/http://www.darknet.org.uk/2008/01/uber-spammer-alan-ralsky-back-in-the-news/ • The 41-count indictment, unsealed in a Detroit federal court, claims Ralsky, 52, and his fellow defendants operated a wide-ranging international fraud scheme involving millions of illegal e-mails touting thinly-traded Chinese penny stocks. Ralsky profited by selling the stock at artificially inflated prices. • Only two of the defendants appeared in court Jan. 3 for arraignment. Ralsky is reportedly at large in Europe. • According to the indictment, Ralsky and his group earned approximately $3 million on the scheme during the summer of 2005. Ralsky faces charges including conspiracy, fraud in connection with electronic mail, computer fraud, mail fraud, wire fraud and money laundering. • The illegal e-mail practices cited in the indictment include evading spam-blocking devices, falsifying headers and domain names, using proxy computers to distribute the spam and misrepresenting the advertising content in the actual e-mail.

  16. Inside the "Ron Paul" Spam Botnet http://www.secureworks.com/research/threats/ronpaul SecureWorks would like to thank our colleagues at myNetWatchman, IronPort and Spamhaus for their invaluable assistance in the investigation of this botnet. Tracking the Spam email headers vary but some static elements The Reactor Core written in the Python language. Examining these showed that the Srizbi botnet is actually a working component of a piece of spamware known as “Reactor Mailer”. Reactor Mailer has been around at least since 2004, and is in its third major version. It was created along with Srizbi, the bot that actually does the mailing. Reactor Mailer is the brainchild of a spammer who goes by the pseudonym “spm”. He calls his company “Elphisoft”, and has even been interviewed about his operation by the Russian hacker website xakep.ru.

  17. http://spamtrackers.eu/wiki/index.php?title=Spamit Spamit is the alternate name for the Glavmed sponsorship, responsible for lots of illegal spamming of Canadian Pharmacy and US Pharmacy websites. Following the same example as SanCash and GenBucks, this follows the pattern of having a public-facing, wide-open entity (ie: GenBucks / Glavmed) which makes no mention of email spamming, or hijacking of servers, coupled with a very secretive, underground Affiliate program (ie: SanCash / Spamit) which is invitation only, password protected, and never mentioned anywhere in public, via any means.

  18. Dark Mailer http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK7284 What is ROKSO? The Register of Known Spam Operations (ROKSO) is a register of spam senders and spam services that have been thrown off Internet Service Providers 3 times or more in connection with spamming or providing spam services, and are therefore repeat offenders. Spamhaus believes that these known determined professional spam operations are responsible for approximately 80% of spam on the Internet.

  19. Planeamento e Gestão da Filtragem de Email • Filtragem de conexões • Filtragem por análise de conteúdo

  20. DNSBL DNS Block List Spamhaus Zen SBL XBL PBL identificam IPs que foram usados para envio de SPAM alvo de tentativas de DoS

  21. http://www.dnsbl.com/ * PSBL (psbl.surriel.com)‏ * FIVETEN (blackholes.five-ten-sg.com)‏ * ZEN (zen.spamhaus.org)‏ * APEWS (www.apews.org)‏ * SORBS (dnsbl.sorbs.net)‏ * Spamcop (bl.spamcop.net)‏ * CBL (cbl.abuseat.org)‏ * korea.services.net * UBL (ubl.unsubscore.com)‏

  22. Sender Policy Framework ou "Estrutura de Politicas de Remetente" • Para que Serve ? Identificar os servidores legítimos que podem enviar email de um domínio. • Como se configura ? No servidor de DNS num record TXT Ex: IN TXT "v=spf1 mx -all" todos os MX do dominio são os únicos que devem enviar email • Cabe ao servidor receptor a recusa ou não de processar o email • http://www.openspf.org/

  23. Sender ID • Patrocinado pela Microsoft semelhante ao Sender Policy Framework • Purported Responsible Address

  24. DomainKeys • Yahoo • When the recipient gets the message, they'll be able to: • verify the domain name of the sender. • confirm the message content hasn't been altered. • match the "from" address to the sender's domain name to prevent forgeries. • trace the message back to the sender's domain name.

  25. Greylisting Temporáriamente rejeita mensagem Vantagens Fácil implementar Pouco CPU comparado com outras técnicas Desvantagens O primeiro email pode demorar SMTP, Instant Messaging, Push Mail

  26. Regras Spamassassin body LOCAL_DEMONSTRATION_RULE /test/ score LOCAL_DEMONSTRATION_RULE 0.1 describe LOCAL_DEMONSTRATION_RULE This is a simple test rule header LOCAL_DEMONSTRATION_SUBJECT Subject =~ /\btest\b/i score LOCAL_DEMONSTRATION_SUBJECT 0.1

  27. Bayesian classifier analisa conteúdos que lhe indicam como email legitimo ou spam e “aprende”

  28. Distributed signature systems Pyzor Razor DCC

  29. OCR Fácil Instalar Motores OCR gratuitos: gocr,ocrad CPU intensive HTML table slice

  30. AntiVirus Free Clamav BitDefender MailScanner Supported # sophos from www.sophos.com, or # mcafee from www.mcafee.com, or # command from www.command.co.uk, or # bitdefender from www.bitdefender.com, or # drweb from www.dials.ru/english/dsav_toolkit/drwebunix.htm, or # kaspersky from www.kaspersky.com, or # etrust from http://www3.ca.com/Solutions/Product.asp?ID=156, or # inoculate from www.cai.com/products/inoculateit.htm, or # inoculan from ftp.ca.com/pub/getbbs/linux.eng/inoctar.LINUX.Z, or # nod32 for No32 before version 1.99 from www.nod32.com, or # f-secure from www.f-secure.com, or # f-prot from www.f-prot.com, or # panda from www.pandasoftware.com, or # rav from www.ravantivirus.com, or # antivir from www.antivir.de, or # clamav from www.clamav.net, or # trend from www.trendmicro.com, or # norman from www.norman.de, or # css from www.symantec.com, or # avg from www.grisoft.com, or # vexira from www.centralcommand.com, or # symscanengine from www.symantec.com (Symantec Scan Engine, not CSS)‏

  31. Exchange Anti-Spam : Sender ID IMF Inteligent Message Filtering * Content Filtering * IP Allow and Block List Provider * Sender Filtering * Sender Reputation * SMTP Tarpiting

  32. Forefront Security

  33. Soluções Anti Spam Comerciais Sonicwall www.qos.pt grupo Rumos GFI MailEssential Barracuda IPBrick EdgeBox AnubisNetwork

  34. http://news.bbc.co.uk/1/hi/business/3426367.stm Spam will be a thing of the past in two years' time, Microsoft boss Bill Gates has promised. January 2004

  35. Organizações que combatem o spam Cauce (coallition against unsolicited commercial e-mail)‏ Http://www.Cauce.Org

  36. Concluindo, • NENHUMA técnica anti-spam funciona bem sozinha. • Os spammers estão sempre a inovar as suas técnicas, e precisamos modernizar as nossas proprias técnicas de bloqueio. • Serviço Email tem importância vital na maioria das empresas. • O Spam pode ser reduzido a um mínimo aceitável. • Actualização Constante ! No software já usado e com implementação de novas tecnologias.

  37. Cursos: • RH033 Red Hat Linux Essentials • RH133 Red Hat Linux System Administration • RH253 Red Hat Linux Network Services and Security Administration

  38. Obrigado Coffee Break Case Study I - PT Inovação Case Study II - Divultec

More Related