1 / 21

Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT

Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT Agenda Introduction to Barracuda Networks (10 Min) Building a security appliance using open source technologies (10 Min) Anti-Spam technologies (40 Min)

medwin
Download Presentation

Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Build Your Own Spam Firewall Using Postfix & SpamAssassin Zach Levow, vp engineering April 20, 2005 / SecureIT

  2. Agenda • Introduction to Barracuda Networks (10 Min) • Building a security appliance using open source technologies (10 Min) • Anti-Spam technologies (40 Min) • System considerations (10 Min) • Q/A

  3. Company Background • Mission • Deliver easy to use and cost effective solutions for protecting email servers • Founded December 2002 • Research and development since 2001 • Barracuda Spam Firewall Launch October 2003 • Barracuda Spyware Firewall Launch April 2005 • Headquarters in Cupertino, California • Offices in Europe (UK), China (Shanghai), Canada, Australia, India, Pakistan, United Arab Emirates (Dubai), and USA • 100+ employees worldwide • Experienced management & development team • Privately Funded • Profitable • Market Leader • 14,000 customers worldwide

  4. BarracudaSpamFirewall • Comprehensive email protection • Blocks spam and virus • Integrated hardware and software solution • Ease of use • Plug-and-play • No changes needed to email servers • Enterprise Features • Reliable and Robust • Aggressively Priced • No per user licensing fees • Market leading anti-spam appliance Launched Oct. 13, 2003

  5. Barracuda Spam Firewall - Outbound Edition • Comprehensive MTA • Includes Barracuda Spam Firewall Features • Easy to use and Configure (web interface) • Secure • Reporting and logging • Stops Virus Proliferation • Enforces Corporate & Regulatory Policies • Foul language and security • HIPAA, Sarbanes-Oxley • Prevents Spamming & Open Relay Function Launched Jan. 17, 2005

  6. Barracuda Spyware Firewall Features • Gateway appliance • Powerful, easy to use & install • Intuitive user interface • Affordable • Prices starting at $1,999 • Available in five models: • Spyware Firewall 210 ($1,999) • Spyware Firewall 310 ($3,299) • Spyware Firewall 410 ($5,999) • Inline hardware appliance • Complete scalability for growing organizations

  7. Customers

  8. Cardinal Rules of Spam Filtering • No false positives! • A false positive where the sender is not notified is even worse • Reject rather than bounce • Don’t assume everyone’s mail looks like yours

  9. Open Source Technical Issues • Immature products: One size does not fit all • Mature products: Bloated codebase – hard to maintain • Security issues • Pro: an active community will find and fix security issues. • Con: an active community will introduce security flaws. • Con: publishing your source does expose you to more exploits. Hackers go for the lowest common denominator. • Chroot, chroot, chroot – it’s always worth it.

  10. Open Source Business Issues • Giving back to the community • Many changes aren’t for everyone • Extra time to polish changes for contribution • Separating proprietary technology • Configuration files are yours • Absolutely no linking if you don’t want to share.

  11. Anti-spam Technologies • Intent Analysis • Open alternative: SURBL – Bill Stearns’ URL Blacklist • Real-time query performance issues • RBLs • Spamhaus – only list with minimal false positives • SpamAssassin • Rules Updates • SPF • Rate Control/Throttling • Virus scanning • Several fairly good open source solutions… • No one solution catches all… • Combine them

  12. Anti-Spam Technologies (Cont.) • Bayesian • International Charsets • IBM’s ICU library very efficient • Token Chaining Crucial • Per-user Bayes very important • Noise reduction very helpful • Pro: most proactive anti-spam technique • Con: Troubleshooting is usually a nightmare! • Make user classification easy

  13. Controversial Anti-Spam Techniques • Graylisting • Pro: Very effective at blocking spam • Con: Potentially delays all messages from new senders by several hours • Con: Spammers know how to defeat it, but most don’t yet • Tarpitting • Pro: effective at slowing down dictionary attacks • Con: Will bury a busy system if a process or thread is required per connection. • Challenge-response • Increases internet chatter • Unless linked to outbound SMTP, can lead to “Deadlock”

  14. DNS MX Records • Example MX record barracudanetworks.com MX preference = 10, mail exchanger = barracuda2.barracudanetworks.com barracudanetworks.com MX preference = 10, mail exchanger = barracuda.barracudanetworks.com • SMTP is great to load-balancing/failover • Put as many systems as you like at the same “Preference” and all known clients will round-robin until they find an available system • DON’T LEAVE YOUR MAIL SERVER AS A BACKUP MX FOR YOUR SPAM FILTER!! Spammers will attack it directly

  15. Phishing • No link should ever say that it is HTTPS in a message and then actually link to a non-HTTPS page • Relatively small list of known scams – fairly easy to keep up with if you have a good sample of email. It is worth the effort.

  16. Quarantine • Effective tool for reducing “False Positives” while increasing catch rate. • Best if integrated with directory services so that a user with multiple email addresses only has one quarantine box. • No perfect open-source solution: • Need web interface • Should send daily digest

  17. Per-User Settings • Major reduction in administration if users can update personal allow/block lists, passphrases, etc. • Again, best when integrated with directory services. • User interface issues.

  18. System Considerations • Databases: • Most open source databases are great for low-volume, general purpose applications. • In high load situations they all break down – specialized databases become necessary. • High-availability • Syncing of configurations (meta-data) • Syncing of quarantine information (data)

  19. System Considerations (Cont.) • Hard drives • Typical drives will last 6-12 months under a constant and steady mail load. • Use Raid • Turn off write cache (hdparm) • Filesystems • Use Journaling Filesystem • Ext3: slow, but robust • XFS/ReiserFS: faster, but less robust • Mount with synchronous I/O (sync)

  20. Fighting Spam Can Be Effective • False positives are not acceptable or necessary. • Keep your spam rules and virus definitions up to date. • Reduce your administration load and false positives/negatives by giving control to your users through personal settings and quarantine.

  21. Q/A

More Related