advanced mail
play

Advanced Mail Computer Center, CS, NCTU 1 Computer Center, CS, - PDF document

Jan 19, 2023 •365 likes •848 views

hyili Advanced Mail Computer Center, CS, NCTU 1 Computer Center, CS, NCTU Introduction What is Email SPAM? Also known as junk email Ex. Phishing mail, malware mail, and unsolicited email Problem of SPAM In 2016, Over

  1. hyili Advanced Mail Computer Center, CS, NCTU 1

  2. Computer Center, CS, NCTU Introduction • What is Email SPAM? • Also known as junk email • Ex. Phishing mail, malware mail, and unsolicited email • Problem of SPAM • In 2016, Over 50% of E-mails are SPAM! • How to detect? • Client-based detection • Content-based detection • Email Spoofing 2

  3. Computer Center, CS, NCTU Introduction – Client-based detection Spammer detection • Actually detect who is sending SPAM • Rely on IP, domain name, or Email address to identify • Open relay servers • Zombie servers • Known spammers • Known proxy servers • ... • For example • Greylisting • DNSBL • RBL • 3

  4. Computer Center, CS, NCTU Introduction – Content-based detection Spam detection • Actually detect if an email is SPAM or not • Rely on the email content to identify • Pattern of advertising • Malware pattern • ... • For example • Anti-Spam scan • Anti-Virus scan • ...Machine learning • 4

  5. Computer Center, CS, NCTU Introduction – Email Spoofing Sender information of the email can be spoof without check • by default. Spammers may pretent you to send email. • Countermeasure • SPF • DKIM • DMARC • 5

  6. Computer Center, CS, NCTU Overview • The following techniques are some (new) tools for an administrator to fight with spammers: • Greylisting • DNSBL • RBL • The following is techniques for prevent Email Spoofing: • SPF • DKIM • DMARC 6

  7. Computer Center, CS, NCTU Greylisting • Greylisting is a client-based method that can stop mails coming from some spamming programs. • Behavior of different clients while receiving SMTP response codes Response Codes 2xx 4xx 5xx Normal MTA Success Retry later Give-up Most Spamming Success Ignore and send Give-up Programs another • While spammers prefer to send mails to other recipients rather than keeping log and retrying later, MTAs have the responsibility of retrying a deferred mail. 7

  8. Computer Center, CS, NCTU Greylisting – Idea and Workflow • Idea of greylisting: • Taking use of 4xx SMTP response code to stop steps of spamming programs. • Steps: • A database to store (recipient, client-ip) pair. • Reply a 4xx code for the first coming of every (recipient, client-ip) pair. • Allow retrial of this mail after a period of time (usually 5~20 mins). • Suitable waiting time will make the spamming programs giving up this mail. 8

  9. Computer Center, CS, NCTU Greylisting – Tool • Tool: mail/postgrey (port or pacakge) • A policy service of postfix. • Daemon-based, like amavisd 9

  10. Computer Center, CS, NCTU Greylisting – Enable Greylisting and Configuration • Setup • In /etc/rc.conf postgrey_enable="YES" • service postgrey start • Run on TCP port 10023 by default • In main.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023 • Reload Postfix 10

  11. Computer Center, CS, NCTU Greylisting – Log and Others • When a mail is reject by postgrey, you can find it in /var/log/maillog 450 4.2.0 <hyili@cs.nctu.edu.tw>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/cs.nctu.edu.tw.html (in reply to RCPT TO command) • Whitelist Configuration • /usr/local/etc/postfix/postgrey_whitelist_clients • /usr/local/etc/postfix/postgrey_whitelist_recipients 11

  12. Computer Center, CS, NCTU Greylisting – Problem of Greylisting • It cannot handle the domain which has large server farms (MSA pools) without using white list. • Microsoft Exchange Online Office 365 • Gmail • Outlook • ... 12

  13. Computer Center, CS, NCTU Sender Policy Framework (SPF) • A client-based method to detect whether a client is authorized or not. • Checking for smtp.mailfrom (Return-Path) 13

  14. Computer Center, CS, NCTU Sender Policy Framework (SPF) – Idea and Workflow • Idea of SPF • Using DNS TXT record to provide authorized server list for the query domain. • Steps • A MTA connects to the server and sends an email. • Take the email’s smtp.mailfrom’sdomain (ex. hyili@hyili.idv.tw) and the MTA’s ip. • Query the domain’s TXT record for authorized server list. • Check if that MTA is authorized to send email as hyili.idv.twand see how to handle the email. 14

  15. Computer Center, CS, NCTU SPF Record Syntax – Tool • Tool: mail/postfix-policyd-spf-perl (port or package) • A policy service of postfix. • Daemon-based, like amavisd 15

  16. Computer Center, CS, NCTU SPF Record Syntax – Enable SPF Check in Postfix • Setup • In /usr/local/etc/postfix/main.cf spf-policy_time_limit = 3600 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/spf-policy • In /usr/local/etc/postfix/master.cf spf-policy unix - n n - 0 spawn user=nobody argv=/usr/local/libexec/postfix-policyd-spf-perl • Reload Postfix • A policy service of postfix. • Daemon-based, like amavisd 16

  17. Computer Center, CS, NCTU Sender Policy Framework (SPF) – Backward Compatibility • When there is no SPF record, guess by A record. spf=neutral (google.com: 140.131.188.43 is neither permitted nor denied by best guess record for domain of student@hyili.idv.tw) smtp.mailfrom=hyili@hyili.idv.tw; • Comparative result – when SPF record available. spf=pass (google.com: domain of hyili@hyili.idv.tw designates 140.131.188.43 as permitted sender) 17

  18. Computer Center, CS, NCTU SPF Record Syntax – Mechanisms (1/3) • all • Always matches • Usually at the end of the SPF record • ip4 (NOT ipv4) • ip4: <ip4-address> • ip4: <ip4-network>/<prefix-length> • ip6 (NOT ipv6) • ip6:<ip6-address> • ip6:<ip6-network>/<prefix-length> 18

  19. Computer Center, CS, NCTU SPF Record Syntax – Mechanisms (2/3) • a • a • a/<prefix-length> • a:<domain> • a:<domain>/<prefix-length> • mx • mx • mx/<prefix-length> • mx:<domain> • mx:<domain>/<prefix-length> 19

  20. Computer Center, CS, NCTU SPF Record Syntax – Mechanisms (3/3) • ptr v=spf1 a mx ~all • ptr • ptr:<domain> • exists • exists:<domain> • include • include:<domain> • Also lookup record from <domain> • Warning: If the domain does not have a valid SPF record, the result is a permanent error . Some mail receivers will reject based on a PermError . 20

  21. Computer Center, CS, NCTU SPF Record Syntax – Qualifiers & Evaluation • Qualifiers v=spf1 a mx ~all • + Pass (default qualifier) cs.nctu.edu.tw • - Fail "v=spf1 a mx • ~ SoftFail a:csmailer.cs.nctu.edu.tw a:csmailgate.cs.nctu.edu.tw • ? Neutral a:csmail.cs.nctu.edu.tw ~all" 21

  22. Computer Center, CS, NCTU SPF Record Syntax – Qualifiers & Evaluation • Evaluation v=spf1 a mx ~all • Mechanisms are evaluated in order: (first match rule) • If a mechanism results in a hit, its qualifier value is used. • If no mechanism or modifier matches, the default result is "Neutral“ • Ex. • “v=spf1 +a +mx -all” • “v=spf1 a mx -all” cs.nctu.edu.tw "v=spf1 a mx a:csmailer.cs.nctu.edu.tw a:csmailgate.cs.nctu.edu.tw a:csmail.cs.nctu.edu.tw ~all" 22

  23. Computer Center, CS, NCTU SPF Record Syntax – Evaluation Results Result Explanation Intended action Pass The SPF record designates the host to be allowed to send Accept Fail The SPF record has designated the host as NOT being allowed to Reject send SoftFail The SPF record has designated the host as NOT being allowed to Accept but mark send but is in transition Neutral The SPF record specifies explicitly that nothing can be said about Accept validity None The domain does not have an SPF record or the SPF record does Accept not evaluate to a result PermError A permanent error has occurred Unspecified (eg. Badly formatted SPF record) TempError A transient error has occurred Accept or reject 23

  24. Computer Center, CS, NCTU SPF Record Syntax – Modifier v=spf1 redirect=cs.nctu.edu.tw • redirect • redirect=<doamin> • When mail server is outside from my domain • The SPF record for domain replace the current record. The macro- expanded domain is also substituted for the current-domain in those look-ups. 24

  25. Computer Center, CS, NCTU SPF Record Syntax – Modifier v=spf1 mx a exp=error.hyili.idv.tw • exp • exp=<doamin> • Explaination • If an SMTP receiver rejects a message, it can include an explanation. An SPF publisher can specify the explanation string that senders see. This way, an ISP can direct nonconforming users to a web page that provides further instructions about how to configure SASL. • The domain is expanded; a TXT lookup is performed. The result of the TXT query is then macro-expanded and shown to the sender. Other macros can be used to provide a customized explanation. 25

  26. Computer Center, CS, NCTU Sender Policy Framework (SPF) – SPF and Forwarding • What will happened if SPF meet mail forwarding? 26

Recommend

Advanced Topics of Mail Service Deal with Malicious Mail, including Virus, Phishing, Spam,

Advanced Topics of Mail Service Deal with Malicious Mail, including Virus, Phishing, Spam,

Advanced Topics of Mail Service Deal with Malicious Mail, including Virus, Phishing, Spam, Computer Center, CS, NCTU Nature of Spam Spam Simultaneously Posted Advertising Message UBE Unsolicited Bulk Email UCE

915 views • 89 slides
ADVANCED ECONOMETRICS I Theory (3/3) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Theory (3/3) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Theory (3/3) Instructor: Joaquim J. S. Ramalho E.mail: jjsro@iscte-iul.pt Personal Website: http://home.iscte-iul.pt/~jjsro Office: D5.10 Course Website: https://jjsramalho.wixsite.com/advecoi Fnix:

729 views • 50 slides
ADVANCED ECONOMETRICS I Theory (1/3) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Theory (1/3) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Theory (1/3) Instructor: Joaquim J. S. Ramalho E.mail: jjsro@iscte-iul.pt Personal Website: http://home.iscte-iul.pt/~jjsro Office: D5.10 Course Website: https://jjsramalho.wixsite.com/advecoi Fnix:

1.48k views • 88 slides
ADVANCED ECONOMETRICS I Theory (2/3) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Theory (2/3) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Theory (2/3) Instructor: Joaquim J. S. Ramalho E.mail: jjsro@iscte-iul.pt Personal Website: http://home.iscte-iul.pt/~jjsro Office: D5.10 Course Website: https://jjsramalho.wixsite.com/advecoi Fnix:

745 views • 36 slides
ADVANCED ECONOMETRICS I Practice Exercises (1/2) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Practice Exercises (1/2) Instructor: Joaquim J. S. Ramalho E.mail:

ADVANCED ECONOMETRICS I Practice Exercises (1/2) Instructor: Joaquim J. S. Ramalho E.mail: jjsro@iscte-iul.pt Personal Website: http://home.iscte-iul.pt/~jjsro Office: D5.10 Course Website: https://jjsramalho.wixsite.com/advecoi Fnix:

995 views • 95 slides
VOTE B BY MAIL IL #VBMHawaii What i is Vote B By M Mail? Act 136, SLH 2019 requires all

VOTE B BY MAIL IL #VBMHawaii What i is Vote B By M Mail? Act 136, SLH 2019 requires all

VOTE B BY MAIL IL #VBMHawaii What i is Vote B By M Mail? Act 136, SLH 2019 requires all elections in Hawaii to be conducted by mail starting in 2020. Ballots packages will be mailed and received by all registered voters approx.

780 views • 13 slides
For ad hoc print and mail consolidation Receive, print and mail in one click! On average, mail

For ad hoc print and mail consolidation Receive, print and mail in one click! On average, mail

For ad hoc print and mail consolidation Receive, print and mail in one click! On average, mail volume has declined by 20% worldwide , over a period of 5 years.* *Source: PwC, 2013 Print facilities are There has been a decrease in print

269 views • 22 slides
Introduction Magnetic reconnection is Very powerful energy converter Very common in the

Introduction Magnetic reconnection is Very powerful energy converter Very common in the

Self-similar evolution of fast magnetic reconnection in free-space: A new model for astrophysical reconnection Shin-ya Nitta The Graduate University for Advanced Studies, Hayama Center for Advanced Studies E-mail:

172 views • 15 slides
guidance for correct mail presentation How to get it right A Royal Mail guide to the

guidance for correct mail presentation How to get it right A Royal Mail guide to the

guidance for correct mail presentation How to get it right A Royal Mail guide to the presentation of mail. Use it for information and advice about: 1 Envelope layout 2 Mailpiece specification 3 Window envelopes 4 Addressing 5 Clear zones

397 views • 17 slides
IPPM Working Group Chairs Matt Zekauskas &lt;matt@advanced.org&gt; Merike Kaeo

IPPM Working Group Chairs Matt Zekauskas &lt;matt@advanced.org&gt; Merike Kaeo

IPPM Working Group Chairs Matt Zekauskas &lt;matt@advanced.org&gt; Merike Kaeo &lt;kaeo@merike.com&gt; E-Mail ippm@advanced.org ippm-request@advanced.org (also: http://mailhost.advanced.org/mailman/listinfo/ippm )

364 views • 7 slides
Chapter 5 Electronic Mail Security -Pretty Good Privacy (PGP) -S/MIME 1 Need for E-Mail

Chapter 5 Electronic Mail Security -Pretty Good Privacy (PGP) -S/MIME 1 Need for E-Mail

Chapter 5 Electronic Mail Security -Pretty Good Privacy (PGP) -S/MIME 1 Need for E-Mail Security E-mail is necessary for E-Commerce Daily communication E-Mail is also very public, allowing for access at each point from the

1.1k views • 23 slides
USPS Engaging Your Audience With Direct Mail Agenda Statistics Informed Delivery

USPS Engaging Your Audience With Direct Mail Agenda Statistics Informed Delivery

USPS Engaging Your Audience With Direct Mail Agenda Statistics Informed Delivery Share Mail Irresistible Mail Next Steps Mail Moment of direct mail recipients 82 % check their mailbox at the first opportunity. sort

512 views • 15 slides
Mail Merge Internals Eilidh McAdam Mail Merge Mail merge fjlls a template from a

Mail Merge Internals Eilidh McAdam Mail Merge Mail merge fjlls a template from a

Mail Merge Internals Eilidh McAdam Mail Merge Mail merge fjlls a template from a datasource, producing a single or separate documents Datasource includes databases and spreadsheets Also used to generate labels and envelopes

345 views • 17 slides
Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP entry Indicate on attendance sheet Announcements Plan for today Its Co-op time Building a software system Orientation

475 views • 3 slides
E-Mail Transition May 4, 2010 E-Mail is Changing We are moving to two new e-mail systems.

E-Mail Transition May 4, 2010 E-Mail is Changing We are moving to two new e-mail systems.

E-Mail Transition May 4, 2010 E-Mail is Changing We are moving to two new e-mail systems. Students are migrating to Microsoft Live, branded as TigerMail Live, hosted off- campus by Microsoft. Employees will be migrating

418 views • 12 slides
Paper Summaries Any takers? Advanced Cameras Models Assignments Plan for today

Paper Summaries Any takers? Advanced Cameras Models Assignments Plan for today

Paper Summaries Any takers? Advanced Cameras Models Assignments Plan for today Checkpoint 1 Advanced Camera Models Most should have received e-mail How real cameras do it How this is simulated in Computer Graphics

348 views • 10 slides
Electronic Mail: SMTP &amp; % smtp1.tex February 3, 1998 ' $ AIS 2 Electronic mail

Electronic Mail: SMTP &amp; % smtp1.tex February 3, 1998 ' $ AIS 2 Electronic mail

' $ AIS 1 Electronic Mail: SMTP &amp; % smtp1.tex February 3, 1998 ' $ AIS 2 Electronic mail Asynchronous exchange of data sender does not know when (if) data reaches receiver client mail message user transfer agent (MUA)

280 views • 14 slides
Branded Commercial Mail Storefront for Wh Who is s PMSI SI? 36 year old print and mail

Branded Commercial Mail Storefront for Wh Who is s PMSI SI? 36 year old print and mail

Branded Commercial Mail Storefront for Wh Who is s PMSI SI? 36 year old print and mail communications company providing direct mail advertising and letter shop services, commercial printing including on-demand digital printing &amp;

392 views • 9 slides
USPS Engaging Your Audience With Direct Mail Agenda Statistics Informed Delivery

USPS Engaging Your Audience With Direct Mail Agenda Statistics Informed Delivery

NENA's 9th Annual National Training Conference September 2019 New Orleans, LA USPS Engaging Your Audience With Direct Mail Agenda Statistics Informed Delivery Share Mail Irresistible Mail Next Steps Mail Moment of

343 views • 5 slides
AT&amp;S first choice for advanced applications Company Presentation September 2014 AT &amp; S

AT&amp;S first choice for advanced applications Company Presentation September 2014 AT &amp; S

AT&amp;S first choice for advanced applications Company Presentation September 2014 AT &amp; S Austria Technologie &amp; Systemtechnik Aktiengesellschaft | Fabriksgasse13 | A-8700 Leoben Tel +43 (0) 3842 200-0 | E-Mail info@ats.net www.ats.net

401 views • 29 slides
Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling &amp; Verification E-mail: katoen@cs.rwth-aachen.de June 30, 2014 c JPK Advanced model checking Timelock,

720 views • 31 slides
Quantum Mechanics Germano Resconi Catholic University via Trieste 17 Brescia; E-Mail:

Quantum Mechanics Germano Resconi Catholic University via Trieste 17 Brescia; E-Mail:

Entropy and Copula Theory in Quantum Mechanics Germano Resconi Catholic University via Trieste 17 Brescia; E-Mail: resconi@speedyposta.it Ignazio Licata 2 ISEM Institute for Scientific Methodology, Palermo, Italy and School of Advanced

466 views • 13 slides
How to make your mail EAI compatible ICANN 64 | Kobe | March 2019 Universal Acceptance My new

How to make your mail EAI compatible ICANN 64 | Kobe | March 2019 Universal Acceptance My new

How to make your mail EAI compatible ICANN 64 | Kobe | March 2019 Universal Acceptance My new e-mail address ys@n.sp.am 2 A very short history of e-mail In three acts 3 Internet mail, classic edition From: Boris

1.04k views • 39 slides
Rochester Customer Service Mail Processing Center Area Mail Processing (AMP) Public Meeting

Rochester Customer Service Mail Processing Center Area Mail Processing (AMP) Public Meeting

Rochester Customer Service Mail Processing Center Area Mail Processing (AMP) Public Meeting November 16, 2011 Two Topics Radical Area Mail Network Processing Realignment Study 2 Mail Volume Shifting to a Less Profitable Mix Volume in

313 views • 20 slides

More recommend