Kees Cook, Ubuntu Software Engineer, Canonical Ltd.
Date: Friday, August 5th, 2005
Time: 10:45am - 11:30am
Theories about new email security techniques are developed fairly regularly, but the response from mainstream Mail Transfer Agent programmers to implement these techniques are not always very quick. To implement new policies, system administrators need to have a system in place that can manage arbitrary new rules and quantify the results.
This talk presents a case study on using MIMEDefang, ClamAV, SpamAssassin, and custom implementations of SAV, SPF, and SURBL checking to curb inbound viruses, spam, and phishing attacks at OSDL. Different MTAs were reviewed, and sendmail was chosen for its great extensibility through the milter API and the Perl tool MIMEDefang. Email security ideas were turned into actual working rules, and finally the logs were parsed to generate graphs detailing why and how much spam was rejected. Topics include:
- Scoring vs. bouncing: the religious debate
- Available techniques:
* Network evaluation: HELO, IP & DNS RBLs
* Sender validation: SAV, SPF, and Domainkeys
* Recipient validation: SRS
* Content scanning: Bayes, regex, SURBLs, DCC, filtering
* Virus scanning: ClamAV
* Session management: Quarantine, greylisting, tarpits
- Implementation: extending MIMEDefang
- Visualization: does any of this actually help?