Module 11 - PowerPoint PPT Presentation

About This Presentation
Title:

Module 11

Description:

Managing Spam Filtering. 2. 2. SpamAssassin. SCO OpenServer. Postfix. Apache. ProFTP. OpenLDAP ... body __NIGERIAN_CIV_SERVICE /bcivil serviceb/i. body ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 21
Provided by: brianw9
Category:

less

Transcript and Presenter's Notes

Title: Module 11


1
Module 11
  • Managing Spam Filtering

2
SpamAssassin
Spam Assassin
ClamAV
Apache
ProFTP
OpenLDAP
Cyrus IMAP
AMaViS
Postfix
SCO OpenServer
3
SpamAssassin
  • SpamAssassin uses numerous tests
  • SpamAssassin is configured in
  • /opt/insight/etc/mail/local.cf
  • /opt/insight/share/spamassassin/.cf
  • Do not modify files in share/spamassassin
  • After modifying configuration files, run
  • spamassassin --lint
  • /opt/insight/etc/rc/amavisd restart

4
SpamAssassin
  • Every SpamAssassin administrator should know
  • required_hits
  • report_contact
  • report_safe
  • Whitelisting
  • Blacklisting

5
SpamAssassin
  • Customizing headers
  • SpamAssassin headers begin X-Spam
  • X-Spam-Checker-Version is mandatory
  • Modify headers with
  • remove_header
  • clear_headers
  • add_header

6
SpamAssassin
Report message
Spam detection software, running on the system
"_HOSTNAME_", has identified this incoming email
as possible spam. The original message has been
attached to this so you can view it (if it isn't
spam) or block similar future email. If you have
any questions, see _CONTACTADDRESS_ for
details. Content preview _PREVIEW_ Content
analysis details (_HITS_ points, _REQD_
required) " pts rule name description"
---- --- ------------------ ----------------------
---------------------- _SUMMARY_
7
SpamAssassin
Spamtrap message
Subject this address is no longer
availablethis message has been automatically
generatedPlease note that this address is no
longer in use, and nowadaysreceives nothing but
unsolicited commercial mail. Accordingly,any
mail sent to it is added to several spam-tracking
databases,then automatically deleted.If you
genuinely want to contact the owner of the
address, pleasere-check your contact lists, or
search the web, to find theircurrent e-mail
address.The mail you sent is reproduced in full
below, for resending tothe correct address.
Sorry for the inconvenience!-- Signed the
SpamAssassin mail filter
8
SpamAssassin
Unsafe_report message
  • The original message was not completely plain
    text, and may be unsafe to
  • open with some email clients in particular, it
    may contain a virus,
  • or confirm that your address can receive spam.
    If you wish to view
  • it, it may be safer to save it to a file and open
    it with an editor.

9
SpamAssassin
  • Areas tested
  • header
  • body
  • rawbody
  • full
  • uri

10
SpamAssassin
Header test example
Perl regex operator
Name of rule
header NO_REAL_NAME From
/"\s\lt?\S\_at_\S\gt?\s/
Header to match
Perl regularexpression
11
SpamAssassin
  • Header test definitions only define the test
  • Header test definitions dont define
  • The tests description
  • The tests score
  • 20_head_tests.cf specifies
  • 50_scores.cf specifies

header NO_REAL_NAME From
/"\s\lt?\S\_at_\S\gt?\s/ describe NO_REAL_NAME
From does not include a real name
SCOoffice uses this score
score NO_REAL_NAME 0.339 0.285 0.339 0.160
12
SpamAssassin
  • Meta-match (boolean expression)

body CLICK_BELOW_CAPS /CLICK\s.0,30(?HEREBELOW
)/s describe CLICK_BELOW_CAPS Asks you to click
below (in capital letters) body
__CLICK_BELOW /click\s.0,30(?herebelow)/is met
a CLICK_BELOW (__CLICK_BELOW
!CLICK_BELOW_CAPS) describe CLICK_BELOW Asks you
to click below
13
SpamAssassin
  • Meta-match (boolean arithmetic expression)

body __NIGERIAN_CODE_CONDUCT /\bcode of
conduct\b/i body __NIGERIAN_CIV_SERVICE /\bcivil
service\b/i body __NIGERIAN_TOP_SECRET /\btop
secret\b/I body __NIGERIAN_HONESTY /\btransparent
honesty\b/i meta NIGERIAN_BODY_GOVT ((__NIGERIAN
_CODE_CONDUCT __NIGERIAN_CIV_SERVICE
__NIGERIAN_TOP_SECRET __NIGERIAN_HON
ESTY) gt 2) describe NIGERIAN_BODY_GOVT Message
body has many indications of nigerian
scam score NIGERIAN_BODY_GOVT 2.900 2.800
2.800 2.700
14
Quaranting Viruses and Spam
  • By default, SCOoffice Server
  • Quarantines messages containing viruses
  • Does not quarantine messages containing spam

15
Quaranting Viruses and Spam
  • Messages containing viruses are quarantined by
    AMaViS.

16
Quaranting Viruses and Spam
  • Headers added to messages containing spam
  • X-Virus-Scanned
  • X-Spam-Status
  • X-Spam-Level
  • X-Spam-Flag
  • Subject

17
Quaranting Viruses and Spam
  • AMaViS can be configured to quarantine spam
  • Configured in amavisd.conf
  • final_spam_destiny
  • QUARANTINEDIR
  • spam_quarantine_to

18
Quaranting Viruses and Spam
  • To quarantine spam to a directory, configure
    amavisd.conf

final_spam_destiny D_PASS QUARANTINEDIR
/opt/insight/var/virusmails spam_quarantine_to
spam-quarantine
19
Header Checks
To block emails based on headers In
/opt/insight/etc/postfix/main.cf header_checks
pcre/opt/insight/etc/postfix/header_checks In
/opt/insight/etc/postfix/header_checks /subject
known_message_subject/ REJECT
20
Blocking Attachments by Extension
To block emails containing .exe, .bat, etc.
attachments In /opt/insight/etc/postfix/main.cf
header_checks pcre/opt/insight/etc/postfix/hea
der_checks In /opt/insight/etc/postfix/header_che
cks /content-type.namespace.\.(exeba
t)/REJECT Rejected file extension 1
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Module 11" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!