Your SlideShare is downloading. ×
Build Your Own Spam Firewall
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Build Your Own Spam Firewall

964
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
964
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT
  • 2. Agenda
    • Introduction to Barracuda Networks (10 Min)
    • Building a security appliance using open source technologies (10 Min)
    • Anti-Spam technologies (40 Min)
    • System considerations (10 Min)
    • Q/A
  • 3. Company Background
    • Mission
      • Deliver easy to use and cost effective solutions for protecting email servers
    • Founded December 2002
      • Research and development since 2001
    • Barracuda Spam Firewall Launch October 2003
    • Barracuda Spyware Firewall Launch April 2005
    • Headquarters in Cupertino, California
      • Offices in Europe (UK), China (Shanghai), Canada, Australia, India, Pakistan, United Arab Emirates (Dubai), and USA
      • 100+ employees worldwide
      • Experienced management & development team
    • Privately Funded
      • Profitable
    • Market Leader
      • 14,000 customers worldwide
  • 4. Barracuda Spam Firewall
    • Comprehensive email protection
      • Blocks spam and virus
      • Integrated hardware and software solution
    • Ease of use
      • Plug-and-play
      • No changes needed to email servers
    • Enterprise Features
      • Reliable and Robust
    • Aggressively Priced
      • No per user licensing fees
    • Market leading anti-spam appliance
    Launched Oct. 13, 2003
  • 5. Barracuda Spam Firewall - Outbound Edition
    • Comprehensive MTA
    • Includes Barracuda Spam Firewall Features
      • Easy to use and Configure (web interface)
      • Secure
      • Reporting and logging
    • Stops Virus Proliferation
    • Enforces Corporate & Regulatory Policies
      • Foul language and security
      • HIPAA, Sarbanes-Oxley
    • Prevents Spamming & Open Relay Function
    Launched Jan. 17, 2005
  • 6. Barracuda Spyware Firewall Features
    • Gateway appliance
    • Powerful, easy to use & install
      • Intuitive user interface
    • Affordable
      • Prices starting at $1,999
    • Available in five models:
      • Spyware Firewall 210 ($1,999)
      • Spyware Firewall 310 ($ 3,299)
      • Spyware Firewall 410 ($ 5,999 )
    • Inline hardware appliance
    • Complete scalability for growing organizations
  • 7. Customers
  • 8. Cardinal Rules of Spam Filtering
    • No false positives!
    • A false positive where the sender is not notified is even worse
    • Reject rather than bounce
    • Don’t assume everyone’s mail looks like yours
  • 9. Open Source Technical Issues
    • Immature products: One size does not fit all
    • Mature products: Bloated codebase – hard to maintain
    • Security issues
      • Pro: an active community will find and fix security issues.
      • Con: an active community will introduce security flaws.
      • Con: publishing your source does expose you to more exploits. Hackers go for the lowest common denominator.
      • Chroot, chroot, chroot – it’s always worth it.
  • 10. Open Source Business Issues
    • Giving back to the community
      • Many changes aren’t for everyone
      • Extra time to polish changes for contribution
    • Separating proprietary technology
      • Configuration files are yours
      • Absolutely no linking if you don’t want to share.
  • 11. Anti-spam Technologies
    • Intent Analysis
      • Open alternative: SURBL – Bill Stearns’ URL Blacklist
      • Real-time query performance issues
    • RBLs
      • Spamhaus – only list with minimal false positives
    • SpamAssassin
      • Rules Updates
    • SPF
    • Rate Control/Throttling
    • Virus scanning
      • Several fairly good open source solutions…
      • No one solution catches all…
      • Combine them
  • 12. Anti-Spam Technologies (Cont.)
    • Bayesian
      • International Charsets
        • IBM’s ICU library very efficient
        • Token Chaining Crucial
      • Per-user Bayes very important
      • Noise reduction very helpful
      • Pro: most proactive anti-spam technique
      • Con: Troubleshooting is usually a nightmare!
      • Make user classification easy
  • 13. Controversial Anti-Spam Techniques
    • Graylisting
      • Pro: Very effective at blocking spam
      • Con: Potentially delays all messages from new senders by several hours
      • Con: Spammers know how to defeat it, but most don’t yet
    • Tarpitting
      • Pro: effective at slowing down dictionary attacks
      • Con: Will bury a busy system if a process or thread is required per connection.
    • Challenge-response
      • Increases internet chatter
      • Unless linked to outbound SMTP, can lead to “Deadlock”
  • 14. DNS MX Records
    • Example MX record
    • barracudanetworks.com MX preference = 10, mail exchanger = barracuda2.barracudanetworks.com
    • barracudanetworks.com MX preference = 10, mail exchanger = barracuda.barracudanetworks.com
    • SMTP is great to load-balancing/failover
      • Put as many systems as you like at the same “Preference” and all known clients will round-robin until they find an available system
      • DON’T LEAVE YOUR MAIL SERVER AS A BACKUP MX FOR YOUR SPAM FILTER!! Spammers will attack it directly
  • 15. Phishing
    • No link should ever say that it is HTTPS in a message and then actually link to a non-HTTPS page
    • Relatively small list of known scams – fairly easy to keep up with if you have a good sample of email. It is worth the effort.
  • 16. Quarantine
    • Effective tool for reducing “False Positives” while increasing catch rate.
    • Best if integrated with directory services so that a user with multiple email addresses only has one quarantine box.
    • No perfect open-source solution:
      • Need web interface
      • Should send daily digest
  • 17. Per-User Settings
    • Major reduction in administration if users can update personal allow/block lists, passphrases, etc.
    • Again, best when integrated with directory services.
    • User interface issues.
  • 18. System Considerations
    • Databases:
      • Most open source databases are great for low-volume, general purpose applications.
      • In high load situations they all break down – specialized databases become necessary.
    • High-availability
      • Syncing of configurations (meta-data)
      • Syncing of quarantine information (data)
  • 19. System Considerations (Cont.)
    • Hard drives
      • Typical drives will last 6-12 months under a constant and steady mail load.
      • Use Raid
      • Turn off write cache (hdparm)
    • Filesystems
      • Use Journaling Filesystem
        • Ext3: slow, but robust
        • XFS/ReiserFS: faster, but less robust
        • Mount with synchronous I/O (sync)
  • 20. Fighting Spam Can Be Effective
    • False positives are not acceptable or necessary.
    • Keep your spam rules and virus definitions up to date.
    • Reduce your administration load and false positives/negatives by giving control to your users through personal settings and quarantine.
  • 21. Q/A