• Like
  • Save
Build Your Own Spam Firewall
Upcoming SlideShare
Loading in...5

Build Your Own Spam Firewall






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Build Your Own Spam Firewall Build Your Own Spam Firewall Presentation Transcript

    • Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT
    • Agenda
      • Introduction to Barracuda Networks (10 Min)
      • Building a security appliance using open source technologies (10 Min)
      • Anti-Spam technologies (40 Min)
      • System considerations (10 Min)
      • Q/A
    • Company Background
      • Mission
        • Deliver easy to use and cost effective solutions for protecting email servers
      • Founded December 2002
        • Research and development since 2001
      • Barracuda Spam Firewall Launch October 2003
      • Barracuda Spyware Firewall Launch April 2005
      • Headquarters in Cupertino, California
        • Offices in Europe (UK), China (Shanghai), Canada, Australia, India, Pakistan, United Arab Emirates (Dubai), and USA
        • 100+ employees worldwide
        • Experienced management & development team
      • Privately Funded
        • Profitable
      • Market Leader
        • 14,000 customers worldwide
    • Barracuda Spam Firewall
      • Comprehensive email protection
        • Blocks spam and virus
        • Integrated hardware and software solution
      • Ease of use
        • Plug-and-play
        • No changes needed to email servers
      • Enterprise Features
        • Reliable and Robust
      • Aggressively Priced
        • No per user licensing fees
      • Market leading anti-spam appliance
      Launched Oct. 13, 2003
    • Barracuda Spam Firewall - Outbound Edition
      • Comprehensive MTA
      • Includes Barracuda Spam Firewall Features
        • Easy to use and Configure (web interface)
        • Secure
        • Reporting and logging
      • Stops Virus Proliferation
      • Enforces Corporate & Regulatory Policies
        • Foul language and security
        • HIPAA, Sarbanes-Oxley
      • Prevents Spamming & Open Relay Function
      Launched Jan. 17, 2005
    • Barracuda Spyware Firewall Features
      • Gateway appliance
      • Powerful, easy to use & install
        • Intuitive user interface
      • Affordable
        • Prices starting at $1,999
      • Available in five models:
        • Spyware Firewall 210 ($1,999)
        • Spyware Firewall 310 ($ 3,299)
        • Spyware Firewall 410 ($ 5,999 )
      • Inline hardware appliance
      • Complete scalability for growing organizations
    • Customers
    • Cardinal Rules of Spam Filtering
      • No false positives!
      • A false positive where the sender is not notified is even worse
      • Reject rather than bounce
      • Don’t assume everyone’s mail looks like yours
    • Open Source Technical Issues
      • Immature products: One size does not fit all
      • Mature products: Bloated codebase – hard to maintain
      • Security issues
        • Pro: an active community will find and fix security issues.
        • Con: an active community will introduce security flaws.
        • Con: publishing your source does expose you to more exploits. Hackers go for the lowest common denominator.
        • Chroot, chroot, chroot – it’s always worth it.
    • Open Source Business Issues
      • Giving back to the community
        • Many changes aren’t for everyone
        • Extra time to polish changes for contribution
      • Separating proprietary technology
        • Configuration files are yours
        • Absolutely no linking if you don’t want to share.
    • Anti-spam Technologies
      • Intent Analysis
        • Open alternative: SURBL – Bill Stearns’ URL Blacklist
        • Real-time query performance issues
      • RBLs
        • Spamhaus – only list with minimal false positives
      • SpamAssassin
        • Rules Updates
      • SPF
      • Rate Control/Throttling
      • Virus scanning
        • Several fairly good open source solutions…
        • No one solution catches all…
        • Combine them
    • Anti-Spam Technologies (Cont.)
      • Bayesian
        • International Charsets
          • IBM’s ICU library very efficient
          • Token Chaining Crucial
        • Per-user Bayes very important
        • Noise reduction very helpful
        • Pro: most proactive anti-spam technique
        • Con: Troubleshooting is usually a nightmare!
        • Make user classification easy
    • Controversial Anti-Spam Techniques
      • Graylisting
        • Pro: Very effective at blocking spam
        • Con: Potentially delays all messages from new senders by several hours
        • Con: Spammers know how to defeat it, but most don’t yet
      • Tarpitting
        • Pro: effective at slowing down dictionary attacks
        • Con: Will bury a busy system if a process or thread is required per connection.
      • Challenge-response
        • Increases internet chatter
        • Unless linked to outbound SMTP, can lead to “Deadlock”
    • DNS MX Records
      • Example MX record
      • barracudanetworks.com MX preference = 10, mail exchanger = barracuda2.barracudanetworks.com
      • barracudanetworks.com MX preference = 10, mail exchanger = barracuda.barracudanetworks.com
      • SMTP is great to load-balancing/failover
        • Put as many systems as you like at the same “Preference” and all known clients will round-robin until they find an available system
        • DON’T LEAVE YOUR MAIL SERVER AS A BACKUP MX FOR YOUR SPAM FILTER!! Spammers will attack it directly
    • Phishing
      • No link should ever say that it is HTTPS in a message and then actually link to a non-HTTPS page
      • Relatively small list of known scams – fairly easy to keep up with if you have a good sample of email. It is worth the effort.
    • Quarantine
      • Effective tool for reducing “False Positives” while increasing catch rate.
      • Best if integrated with directory services so that a user with multiple email addresses only has one quarantine box.
      • No perfect open-source solution:
        • Need web interface
        • Should send daily digest
    • Per-User Settings
      • Major reduction in administration if users can update personal allow/block lists, passphrases, etc.
      • Again, best when integrated with directory services.
      • User interface issues.
    • System Considerations
      • Databases:
        • Most open source databases are great for low-volume, general purpose applications.
        • In high load situations they all break down – specialized databases become necessary.
      • High-availability
        • Syncing of configurations (meta-data)
        • Syncing of quarantine information (data)
    • System Considerations (Cont.)
      • Hard drives
        • Typical drives will last 6-12 months under a constant and steady mail load.
        • Use Raid
        • Turn off write cache (hdparm)
      • Filesystems
        • Use Journaling Filesystem
          • Ext3: slow, but robust
          • XFS/ReiserFS: faster, but less robust
          • Mount with synchronous I/O (sync)
    • Fighting Spam Can Be Effective
      • False positives are not acceptable or necessary.
      • Keep your spam rules and virus definitions up to date.
      • Reduce your administration load and false positives/negatives by giving control to your users through personal settings and quarantine.
    • Q/A