1 / 34

Tuesday@2

Tuesday@2. 09/24/2013. Outage Information Patch Tuesday Barracuda Deployment Mail Flow SPAM Nagios Notifications Windows XP Job Opening at Region 7. Topics of Discussion. DNS Centurylink Cutover OSPF Malakoff. Outage Information.

minya
Download Presentation

Tuesday@2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tuesday@2 09/24/2013

  2. Outage Information Patch Tuesday Barracuda Deployment Mail Flow SPAM Nagios Notifications Windows XP Job Opening at Region 7 Topics of Discussion

  3. DNS Centurylink Cutover OSPF Malakoff Outage Information

  4. http://technet.microsoft.com/en-us/security/bulletin/ms13-sephttp://technet.microsoft.com/en-us/security/bulletin/ms13-sep Patch Tuesday

  5. Only a few districts left! • Laneville • Mt. Enterprise • Frankston • Etoile • Excelsior Barracuda Deployment

  6. Explanation of Mail Flow Mail Flow

  7. MX Servers do the following: SPAM Filtering via MailScanner and SpamAssassin Mail Delivery/Routing via Postfix MX Server Explained

  8. Mailscanner is primarily responsible for AntiVirus scanning of emails/attachments and the actual quaraniting of attachments. • It also tells Spamassassin how to do certain tasks. MailScanner Explained

  9. SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam. These tests are applied to email headers and content to classify email using advanced statistical methods. In addition, SpamAssassin has a modular architecture that allows other technologies to be quickly wielded against spam and is designed for easy integration into virtually any email system. Spamassassin Explained

  10. How it works • This flexible and powerful set of Perl programs, unlike older spam filtering approaches, uses the combined score from multiple types of checks to determine if a given message is spam. • Its primary features are: • Header tests • Body phrase tests. For more information, see SpamAssassinRules. • Bayesian filtering (BayesFaq) • Automatic address whitelist/blacklist (AutoWhitelist) • Manual address whitelist/blacklist (ManualWhitelist) • Collaborative spam identification databases (DCC, Pyzor, Razor2); See UsingNetworkTests. • DNS Blocklists, also known as "RBLs" or "RealtimeBlackhole Lists". See DnsBlocklists • Character sets and locales • Even though any one of these tests might, by themselves, mis-identify a Ham or Spam, their combined score is terribly difficult to fool. Spamassassin Explained

  11. Header Tests look for keywords in the header of an email and use just that information apply a score to the message to determine if it is SPAM Spamassassin Explained

  12. Received: from SVATREXCH06.ESC7.NET (2604:c400:0:4:72:53:176:57) by SVATREXCH03.esc7.net (2604:c400:0:4:72:53:176:54) with Microsoft SMTP Server (TLS) id 14.2.328.9; Tue, 24 Sep 2013 11:08:30 -0500 Received: from mx0.esc7.net (72.53.186.20) by SVATREXCH06.ESC7.NET (72.53.176.57) with Microsoft SMTP Server id 14.2.347.0; Tue, 24 Sep 2013 11:06:23 -0500 Received-SPF: Pass (SVATREXCH06.ESC7.NET: domain of mmansbach@citrixonline.com designates 199.15.215.103 as permitted sender) receiver=SVATREXCH06.ESC7.NET; client-ip=199.15.215.103; helo=mx0.esc7.net; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=199.15.215.103; helo=camel.mktdns.com; envelope-from=403-agf-920.0.7976.0.0.9372.7.10338324@em-sj-77.mktomail.com; receiver=jshupe@esc7.net Received: from camel.mktdns.com (camel.mktdns.com [199.15.215.103]) by mx0.esc7.net (Postfix) with ESMTP id 37098461BFC for <jshupe@esc7.net>; Tue, 24 Sep 2013 11:06:29 -0500 (CDT) DKIM-Signature: v=1; a=rsa-sha256; d=citrixonline.com; s=m1; c=relaxed/relaxed; q=dns/txt; i=@citrixonline.com; t=1380038788; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=kRFaYzZ8g9IMGRYjDp+V5Y/YYIrsiP2xO/zfksPZTc0=; b=uMDSVoOo5i2xZ37E0MJ9TtbVYIRvBS7++2UGzxAezi5cXa3Z6+d1ZpX2prTYG+4H oFKtVaVQYFJknK/MJQ2I/AJIf3Gbd9vQ/XBOCRppT6lCaAbynWfQm+NEOfhKBZnI Zf/2cAL445nx3R+cv6bcA2vKxHHuVqROUHXyJKeqvSA=; X-MSFBL: anNodXBlQGVzYzcubmV0QGR2cC0xOTktMTUtMjE1LTEwM0BiZy1zamQtMTNANDAz LUFHRi05MjA6MzMyMzo3OTc2OjI2MTM2OjA6OTM3Mjo3OjEwMzM4MzI0 Received: from [10.0.12.42] ([10.0.12.42:46330] helo=sjmas01.marketo.org) by sjmta01.marketo.org (envelope-from <mmansbach@citrixonline.com>) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id 33/9B-12908-488B1425; Tue, 24 Sep 2013 11:06:28 -0500 Date: Tue, 24 Sep 2013 11:06:28 -0500 From: "Mike Mansbach, Citrix" <mmansbach@citrixonline.com> Reply-To: <mmansbach@citrixonline.com> To: <jshupe@esc7.net> Message-ID: <93594436.66047571.1380038788860.JavaMail.root@bg-sjd-13> Subject: [ESC7-Disarmed] How to work anytime and anywhere you want MIME-Version: 1.0

  13. Body phrase tests look for keywords or phrases in the body of the email. They then supply a score to the message to determine if a message is SPAM Spamassassin Explained

  14. Bayesian Filtering is not currently employed in our mail system. • Automatic Address Listing is also not currently employed in our mail system Spamassassin Explained

  15. We currently have a lengthy list of whitelisted email addresses and domain – all of which are user submitted. • Blacklisting is handled more directly by the header checks – as we no longer block mail for SPAM only tag it [ESC7-SPAM] Spamassassin Explained

  16. We utilize DCC to help us determine what is and isn’t SPAM. • The Distributed Checksum Clearinghouses or DCC is an anti-spam content filter that runs on a variety of operating systems. • The counts can be used by SMTP servers and mail user agents to detect and reject or filter spam or unsolicited bulk mail. • DCC servers exchange or "flood" common checksums. • The checksums include values that are constant across common variations in bulk messages, including "personalizations." Spamassassin Explained

  17. We utilized Real Time Blacklists maintained by third parties such as SORBS. • Basically it looks at the originating mail server IP address or DNS name or email address and checks those for know SPAMMERS and if there is a match the spam score is increased. Spamassassin Explained

  18. In this instance postfix does the following: • Determines what mail domains we will send/receive email on behalf of • Determine what mail systems can send mail through our MX servers • Rejects non-unicode characters • E.g Chinese/Russian Postfix Explained

  19. Bmail is basically a postfix/dovecot server running two web interfaces: • Squirrelmail • RoundCube Bmail Explained

  20. Postfix in this instance is responsible for receiving mail from the MX servers and sending it to the MX servers Bmail Explained

  21. Dovecot is responsible for the secure IMAP connection to the system both via Clients and within the web interfaces. Bmail Explained

  22. Squirrelmail is a no-frills basic web interface. • Note: we are currently version locked due to a PHP issue, hopefully will be resolved soon Bmail Explained

  23. RoundCube more full featured plugin capable web interface for IMAP. Bmail Explained

  24. So basically due the way our mail system is setup all mail is automatically archived • Inbound • Outbound • Internal • external, doesn’t matter. If it’s sent a copy of it is archived Archiving Explained

  25. Archiving is currently handled two ways: • In a folder of all the days mail compressed daily • In a searchable database Archiving Explained

  26. The compressed folders go back to 2009. • The database searchable format goes back to July of 2013 Archiving Explained

  27. To mark a message as SPAM send to spam@esc7.net To remove a message from being marked as SPAM send to notspam@esc7.net SPAM

  28. This will only add/remove the [ESC7-SPAM] header [ESC7-Disarmed] is related to HTML tags in messages. SPAM

  29. On average the processing is handled within a week, but usually sooner. Requests can be sent to support@esc7.net as well but they’ll just be forwarded to either spam@esc7.net or notspam@esc7.net and processed later. SPAM

  30. Our new Nagios system is operational, but I haven’t yet got the Twitter/Perl modules installed. • Expect that to be working by the end of the week. Nagios Notifications

  31. As I mentioned last time, Windows XP is almost EOL – please consider upgrading if you’re still running it anywhere. • The same goes for any systems still running Server 2003 Windows XP

  32. Technology Specialist for Education Technology • Network Specialist I for Information Technology • https://www.searchsoft.net/ats/app_login?COMPANY_ID=00013940 Job Opening at Region 7

  33. October 1st • Send any questions to support@esc7.net • Tuesday@2 in the subject line • http://ntech.esc7.net/Tuesdaysat2 Next Meeting

More Related