IBM AH0QXML - Lotus Domino Messaging Скачать руководство пользователя страница 76 | Manualshive

Страница: 76 / 120

background image

64

Lotus Domino 6 spam Survival Guide for IBM eServer

When the Domino SMTP task operates in this mode, undeliverable mail is always
held in the mail.box file. This setting prevents spammers from gleaning valid
addresses, by process of elimination, from all the returned non-delivery reports.
However, the undelivered messages can still accumulate in the mail.box file.

By studying the content of these messages you can adjust your Inbound
Connection controls to defend against such attacks. Look carefully at the
Received fields in the problem messages. If the messages appear to come from
the same IP address or range of IP addresses, you may want to deny
connections from those particular IP address. However, you should be aware that
spammers often roam the internet looking for open relay servers from which to
send their spam, so the IP connections that you observe in the messages may
not show a pattern. Also, even though you may use a DSN Blacklist service, the
lists can lag behind as new open relays open up all the time.

Even with these anti-spam measures in place, it is always a good idea to monitor
your mail.box for dead and held messages. Typically these messages are just
spam junk and can be deleted, but occasionally you may see a true addressing
error: a slight misspelling of a true recipient in your mail system, for example.

We think the best combination is to use the “Hold undeliverable mail” setting
combined with active monitoring of mail.box for repeat offending IP addresses.
When you use “Hold undeliverable mail,” Domino always accepts mail, preventing
all types of active harvesting. Active monitoring of mail.box is required to prevent
the negative impact of spam mail bombing and the accumulation of large
amounts of bogus undeliverable spam mail.

Note:

In both types of attacks (Harvesting or DoS) it is likely that the attack will

create a substantial load on your mail server with errant spam mail messages
(in either HELD or DEAD state), so you should monitor your mail.box closely.
We recommend building a new view in mail.box that isolates mail with the
following select formula:

SELECT RoutingState = "HOLD":"DEAD" & @Contains(FailureReason;"not listed in
public")

and a column that displays the field “IntendedRecipient.” If this new view
contains more than a few messages where the IntendedRecipient is an invalid
address in your domain, then you may have been (or may still be!) the target
of an e-mail harvesting attack.

«
...
74
75
76
77
78
...
»

Содержание AH0QXML - Lotus Domino Messaging

Страница 1: ...for IBM Tommi Tulisalo Ted Chappell Beth Anne Collopy Kris Hansen Greg Kelleher Mark Ramos Bruce Walenius Avoid block and manage spam with server mail rules and mail file rules Anti spam features of...

Страница 2: ......

Страница 3: ...Lotus Domino 6 spam Survival Guide for IBM January 2003 International Technical Support Organization SG24 6930 00...

Страница 4: ...rs Restricted Rights Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp First Edition January 2003 This edition applies to IBM Lotus Notes 6 0 and IBM Lotus Domino 6 0...

Страница 5: ...erver 13 2 2 3 By the end user 14 2 2 4 Selecting the best approach 14 2 2 5 Managing the ongoing anti spam campaign 15 2 2 6 Summary 16 Chapter 3 Domino 6 anti spam architecture 17 3 1 The Domino mes...

Страница 6: ...mail 66 5 2 Mail file rules 68 5 2 1 Setting up mail file rules 68 5 2 2 Developing anti spam mail file rules 71 5 2 3 Viewing mail rules and the evaluation sequence 77 5 2 4 Monitoring mail file rul...

Страница 7: ...n this publication at any time without notice Any references in this information to non IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web si...

Страница 8: ...oration in the United States other countries or both Microsoft Windows Windows NT and the Windows logo are trademarks of Microsoft Corporation in the United States other countries or both Java and all...

Страница 9: ...ght some of the business partner products available to further address the spam problem These products fall into two categories those that run on a Domino server and those that operate as separate ant...

Страница 10: ...otus Domino infrastructure and development and is an IBM Certified Solutions Advisor Solutions Designer and a Certified Lotus Professional in Lotus Domino administration His areas of expertise include...

Страница 11: ...Ted Niblett Steven Preston Jon Raslawski Jeffrey Slone Carol Sumner Lotus Software Dieter Stalder STDI Consulting Kristin Baker Eagle Technology Consultants Libby Schwartz e Pro Magazine Andy Yett Met...

Страница 12: ...to us We want our Redbooks to be as helpful as possible Send us your comments about this or other Redbooks in one of the following ways Use the online Contact us review redbook form found at ibm com r...

Страница 13: ...hown that end user managed spam costs 10 to 20 minutes of productivity per person per day on average Other messaging clients servers have not yet recognized this burden and force users to constantly m...

Страница 14: ...y form of advertising that is more expensive for its audience than for the advertiser It is not simply a case of getting a few extra mail messages a day and taking a minute or two to delete them Spam...

Страница 15: ...tive clients Some of the most widely distributed advertisement type spam mailings include offers to reduce or enlarge various body parts invitations to buy prescription drugs at discount prices and of...

Страница 16: ...d virus warnings nor unsolicited mail trying to get you to upgrade drivers on your operating system do not confuse this with the Automatic Update feature of Windows Operating Systems The spammer will...

Страница 17: ...type of spam the average person will be least likely to come across It consists of malformed messages designed to disrupt mail services often by attempting to crash SMTP routers There are an infinite...

Страница 18: ...6 Lotus Domino 6 spam Survival Guide for IBM eServer...

Страница 19: ...sociated with that All mail is suspect and scrutinized by the server for point of origin and content Any messages not measuring up are discarded Another philosophy is to let everything in and have the...

Страница 20: ...acks In this section we introduce some passive harvesting techniques that spammers use to obtain e mail addresses To learn about how to protect your Domino 6 server from harvesting attacks see 4 5 Pro...

Страница 21: ...dress on newsgroups or public Web discussions Avoid publishing their e mail address in public people finder directories or Instant Messaging directories Avoid using standard e mail addresses for domai...

Страница 22: ...6d Email me a Here is an example of a perl script that will convert ASCII addresses to hex usr bin perl Little perl program to convert ascii email addresses to hex to avoid spam harvesting from mailt...

Страница 23: ...response Advise your users of this and what the costs of spam are Chances are they are aware of it and dislike it as much as you do but make sure that they know never to purchase anything from an unso...

Страница 24: ...e mail address or a free e mail address for non work related correspondence Disregard chain letters or other spam that encourages you to send messages to others If you send mail to several external u...

Страница 25: ...jection can be a very effective way of dealing with these messages There are several configuration areas in Notes Domino 6 that can be set to help reject spam both at the SMTP listener level and at th...

Страница 26: ...hey want to discard and what they want to retain If they do create false positives they can retrieve them or adjust the mail rules accordingly Chapter 5 Using mail file rules to prevent spam on page 6...

Страница 27: ...this you can move to a weekly analysis After several smooth weeks you might consider moving to a biweekly schedule There are some tasks that you should perform infrequently to avoid impacting users Th...

Страница 28: ...am Users that avoid providing their e mail address to spammers receive less spam Web sites that are careful to make themselves a difficult target for harvesters also result in less unsolicited mail Wi...

Страница 29: ...ino networks are well controlled and do not originate spam mail The public and open nature of Internet e mail has led to an explosion of spam so for purposes of spam analysis we focus on Internet orig...

Страница 30: ...tures can be implemented on either the external or internal servers or even on additional dedicated servers that are located in between the external servers and the internal servers in the network top...

Страница 31: ...trator you can implement mail rules on the server to protect against viruses and eliminate as much spam as you can The end users of your organization can take further actions to manage spam by creatin...

Страница 32: ...mino 6 to help you control spam The Domino 6 anti spam components are activated at three different points during the reception of an incoming message Spam can be controlled by 1 The SMTP Listener when...

Страница 33: ...n page 29 The SMTP Listener uses the configuration settings to determine if an incoming connection should be accepted Once a connection is established the SMTP Listener checks additional information i...

Страница 34: ...has provided the message size as a parameter on the mail from command the inbound file size restrictions are performed messages that are too large are rejected 5 Originating SMTP server sends the RCPT...

Страница 35: ...trols can and should be used to block all mail to or from specific users and domains The Server mail rules allow more flexibility and control by allowing you to specify additional conditions to be tes...

Страница 36: ...e verifies that mail received by your SMTP server is actually intended for a local user in your domain When enabled all messages received via SMTP are looked up based on the value of the RCPT TO field...

Страница 37: ...features Mail file rules allow the individual end user to isolate messages by sender address domain subject or even by message body content When creating anti spam mail file rules with the Notes clien...

Страница 38: ...your server X A specific e mail address is sending a large amount of spam to your server X External servers spammers are using your server as a relay X X X Messages are sent to users that are no longe...

Страница 39: ...ist filters Check inbound connection and look up host in DNS blacklist log and reject message if determined to be from a known spamming site Messages are sent to users that are no longer with your com...

Страница 40: ...the Domino Directory Inbound sender controls If this continues deny messages from this domain A new virus has been identified and reported on the Web but it has not been incorporated into your vendor...

Страница 41: ...o Release 5 We start by discussing how to detect spam messages Then we describe features that are available to control connections from spammers DNS Blacklist filters Intended Recipient Controls Disab...

Страница 42: ...certain fields you can implement intended inbound recipient controls or even deny connections from certain hostnames or IP addresses 4 1 1 Examining the message properties By analyzing the properties...

Страница 43: ...ons from this host category If you have a large quantity of dead or held messages that appear to be invalid addresses in your domain sent from the same domain you may have been under a harvesting atta...

Страница 44: ...Relays do not have any security imposed on their systems allowing any user to send mail from their systems These open relays leave their systems open and could be used by a spammer to flood the Intern...

Страница 45: ...ltiple DNSBL sites Domino will perform queries to all sites until a match has been found If the connecting host is located in the first DNSBL site specified the search is complete and remaining DNSBL...

Страница 46: ...found in the first DNSBL site Domino will then look to all subsequent DNSBL listed if applicable This feature is not enabled by default but it is extremely useful in environments that have Domino as t...

Страница 47: ...Using the Custom SMTP error message response for rejected messages you can create your own error message In the previous example custom error handling is enabled and will result in a delivery failure...

Страница 48: ...Domino Directory Configuration of Inbound Intended Recipient Controls 1 In the Administration client click the Configuration tab and expand the Messaging section 2 Click Configurations 3 Select the co...

Страница 49: ...nfigured directories to determine whether the specified recipient is a valid user If all lookups complete successfully and no matching username is found the SMTP server returns a 550 permanent failure...

Страница 50: ...receive mail from the internet you could add their explicit Internet address e mail address to the Deny messages intended for the following internet addresses list Likewise for those that you will al...

Страница 51: ...TP although all mail addressed to groups will be blocked regardless of the origin of the message Mail sent to groups by Notes users will be sent because Notes client does a group expansion before send...

Страница 52: ...ents field is added to the message containing the members of the group now expanded to the contents of the group Users or spammers attempting to send to any group name defined in your Domino Directory...

Страница 53: ...you want to control the hosts that can be connected to this server If the allow field contains entries then only these hosts IP addresses would be allowed to connect to the server The opposite is true...

Страница 54: ...s can be used to control the hosts that are allowed or denied a connection to this Domino server via SMTP Hostnames and IP addresses are allowed in these fields If you choose to use IP addresses be su...

Страница 55: ...lowing internet addresses domains settings work very similar to most of the other Allow Deny fields These will allow you to specify the names addresses of the external hosts that you will accept or re...

Страница 56: ...omains using the inbound sender controls the sending server will receive a 554 SMTP response and will not be allowed to transfer the message The message is never accepted by the Domino server nor is i...

Страница 57: ...t After a message is placed into a mail box by the SMTP server server mail rules are applied by the router before delivering messages any further It is most powerful to deny messages from know spam so...

Страница 58: ...e control over which messages are delivered in your environment With these rules you can filter out known spam senders messages that contain questionable content or even prevent your own users from se...

Страница 59: ...r anti spam features 47 Figure 4 9 Where to set up server mail rules 5 Double click the document or click the Edit Server Configuration button to put the document into edit mode 6 Click New Rule to cr...

Страница 60: ...be turned on once you save it 8 In the Conditions section of the new server mail rule specify the ways of identifying the mail that you want the rule to act upon a First choose a field for the rule t...

Страница 61: ...recipient Figure 4 11 Choose the field to be examined by the rule b Each field can be tested for the following conditions contains does not contain is is not Figure 4 12 Specify the criteria for the f...

Страница 62: ...d that they will be related to the previous condition in one of two ways AND OR Figure 4 14 Add the condition 10 Move to the Specify Actions section of the Server Mail Rule dialog box There are five p...

Страница 63: ...ernal Notes sender receives an immediate dialog box that the message has been rejected The message never leaves the user s mail file For an SMTP message the router informs the connecting SMTP system t...

Страница 64: ...4 18 You can delete prioritize enable and disable the server mail rules Figure 4 18 Manage server mail rules Usually server mail rules are created to isolate or deny certain types of messages from re...

Страница 65: ...subject contains music OR subject contains cd OR subject contains credit OR subject contains phone OR subject contains movie Except when Subject does not contain free Move to database quarantine nsf d...

Страница 66: ...through no direct fault of your system This can happen if you have a relay open you allow anyone relaying mail off your server and a spammer has used your server for relaying spam messages You need t...

Страница 67: ...ers will be denied When you place an entry in the deny field only those domains listed will be denied all other domains are allowed If entries exist in both the allow and the deny fields the entries i...

Страница 68: ...ver this host could be placed in the Allow messages only from the following internet domain to be routed to external internet domains field Conflicts between the destination and source restrictions Do...

Страница 69: ...inistration client click the Configuration tab and expand the Messaging section 2 Click Configurations 3 Select the configurations settings document for the server you want to administer and click Edi...

Страница 70: ...find that your domain is being reported as an open relay you would want to close down the capability The settings shown are the correct representation of a closed relay The following two tables show...

Страница 71: ...you can choose to allow or deny your POP or IMAP users to relay This new field allows authenticated users to use the Domino server as a relay for messages to the Internet POP or IMAP users have to con...

Страница 72: ...the desired changes to the inbound relay enforcement fields and click Save Close This section has 3 fields Perform Anti Relay enforcement for these connecting hosts Specifies the connections for which...

Страница 73: ...local Internet domain This field provides an exception mechanism so that POP3 and IMAP users will be able to send internet e mail through this server Exclude these connecting hosts from anti relay che...

Страница 74: ...s by tracking subject sender and recipient information Addresses for which the spammer receives non delivery reports can be removed from their spamming list other addresses are maintained as valid spa...

Страница 75: ...u can reduce the effectiveness of this type of address harvesting by using the Domino 6 ini setting SMTPMaxForRecipients The SMTPMaxForRecipients setting will not stop harvesting but may slow it down...

Страница 76: ...l box for dead and held messages Typically these messages are just spam junk and can be deleted but occasionally you may see a true addressing error a slight misspelling of a true recipient in your ma...

Страница 77: ...ver Your end users can build anti spam mail file rules that are much more specific and aggressive Building anti spam mail file rules should be seen as an additional measure in the overall solution to...

Страница 78: ...message Example 5 1 Page source of a sample spam e mail message Received from a3mail lotus com 9 xx xx xx by cammail01 lotus com Lotus Domino Release 6 0 with ESMTP id 2002110613302032 41715 Wed 6 No...

Страница 79: ...s in to be removed from this list and they site some U S Federal Law IMPORTANT You may remove yourself from this mailing by utilizing our automated removal system at http 210 192 108 35 remove html Th...

Страница 80: ...o helping prevent spam mail file rules can be used to manage your legitimate e mail messages In this section we concentrate on anti spam mail file rule development 5 2 1 Setting up mail file rules Use...

Страница 81: ...marks for the criteria you enter As an example you could select sender and contains and then enter Alice to filter all messages sent to you by Alice French Alice Stearns and anyone else named Alice O...

Страница 82: ...lect addresses from an address book If you selected Set expire date enter a number and select days weeks months or years If you selected Change importance to select an importance level You can combine...

Страница 83: ...tive As an administrator you should also look to incorporate rules that users may have in their individual mail files that would eliminate spam for the whole organization if implemented as server mail...

Страница 84: ...ur example on their own mail file would have to periodically review all of the Incoming folders The user must review the content of the Suspicious folder for false positives that is desired e mails th...

Страница 85: ...that might be used to categorize them as spam so that they are deleted or placed in the suspicious folder in the future Denying mail from certain addresses Some spammers use certain e mail addresses...

Страница 86: ...le that automatically denies all mail from domain spamsrus com Figure 5 4 Deleting all mail from spamsrus com If you decide at a future time that you want to accept e mail from a specific address at s...

Страница 87: ...so be present in an e mail from an unsatisfied customer These issues must always be considered when putting mail rules in place because false positives desired e mail that has been classified as spam...

Страница 88: ...are scanning the body of incoming mail to see if it contains the words unsubscribe and offer If an e mail contains both of these words the rule files it in our Incoming Suspicious folder Filing e mail...

Страница 89: ...ple rules and their sequence in the mail file rules view Move Up and Move Down action buttons at the top of the rules view can be used to change the sequence Figure 5 9 Rules view showing rules in the...

Страница 90: ...ess you want to search for Figure 5 10 Searching the Domino Server Log Mail Routing Events In Figure 5 10 we are searching for an address that we are denying mail from in a mail file rule Since we hav...

Страница 91: ...hey are not will at best cause a nuisance and at worst will cause missed or lost business Select your text phrases carefully Scanning for text that is too broad in scope can cause false positives For...

Страница 92: ...80 Lotus Domino 6 spam Survival Guide for IBM eServer...

Страница 93: ...m products This chapter introduces some of the third party products available to help you in addressing the spam problem We have divided the products into two categories Anti spam products that run on...

Страница 94: ...ng important e mail Configuring spamJam spamJam allows mail administrators to define spam filters at the corporate level to prevent true spam like pornography while allowing individual users to define...

Страница 95: ...ndle mail that has been determined to be spam Dump and log databases With spamJam administrators track and view spam via log and dump databases The log database contains a listing of all incoming mail...

Страница 96: ...r desired messages Depending on the various levels of Master configurations end users have a wide array of spam classification options that they can control according to their level of technical exper...

Страница 97: ...w or recover intercepted spam messages spamJam runs in Domino R5 and Domino 6 environments and is supported on all Domino server platforms For more detailed information or for an evaluation copy of sp...

Страница 98: ...h one block list for the entire organization the list is centrally controlled by an administrator Users can contribute to the blocking lists SpamEraser integrates with the Server Configuration documen...

Страница 99: ...r are visible in Figure 6 6 Figure 6 6 This is Spam button in the mail file In order to prevent messages from mistakenly being construed as spam the application also features an Exception List functio...

Страница 100: ...te of products the iQ Suite for e mail security and organization A number of products are available for Microsoft Exchange and Lotus Domino servers The securiQ product line contains the following e ma...

Страница 101: ...Server based protection of encrypted e mail When used in conjunction with securiQ Crypt securiQ Wall offers centralized content checking for encrypted inbound and outbound e mail Flexible tailoring i...

Страница 102: ...il content filtering and mail and bandwidth management The spam filtering is based on a spam rule database with filter rules to identify the spam mail These rules are used by the content filter of eMa...

Страница 103: ...ly choose to quarantine the blocked e mail and notifications can also be enabled for testing purposes Figure 6 9 Mail filter rule configuration After you save the new rule it will be listed in the vie...

Страница 104: ...rements SpamStop allows a company to have per user or per department settings to accommodate different languages non western characters special department circumstances and so forth Stopping messages...

Страница 105: ...pam products 93 Figure 6 11 through Figure 6 13 show some sample screens from the SpamStop product Figure 6 11 User customizable Figure 6 12 Uses over 300 checks with point system Figure 6 13 Workflow...

Страница 106: ...t filtering connection management and other related functionality as a service Some vendors also provide products and services that prevent directory harvesting and denial of service attacks as well a...

Страница 107: ...mail system at the gateway level protecting against productivity loss network downtime and vulnerability of informational assets caused by unsolicited or malicious e mail PureMessage spam filter The P...

Страница 108: ...uch as You were sent have received are receiving You re receiving 0 15 message e mail s because if you want wish care prefer not to don t do not want wish care to be contacted again receive any s more...

Страница 109: ...rScan Messaging Security Suite InterScan Messaging Security Suite provides comprehensive virus protection flexible policy based content filtering and easy to use management tools to help monitor and c...

Страница 110: ...ts and services Postini Perimeter Manager from Postini Corporation http www postini com services corporations html EasyLink MailWatch from EasyLink Services Corporation http www easylink com services_...

Страница 111: ...Web sites These Web sites are also relevant as further information sources Lotus Developer Domain http www lotus com ldd Especially articles Notes spam mail filtering Mail file rules by Graig Lordan...

Страница 112: ...tp www spamhaus org The Open Relay Database ORDB DNS Blacklist service provider http www ordb org OsiruSoft Research Engineering DNS Blacklist service provider http www osirusoft org How to get IBM Re...

Страница 113: ...trators and end users 23 Anti spam products for Notes and Domino 82 Anti spam server gateway products services 94 Anti spam strategy labor estimates 15 Avoiding harvesting 9 B Blocking spam 12 Bots 8...

Страница 114: ...ample 58 Inbound relay controls 24 54 configuration 57 configuring 55 managing conflicts 56 settings 55 Inbound relay enforcement 59 configuration 60 excluding hosts from anti relay checks 59 Inbound...

Страница 115: ...vention features 13 SMTP communication sequence 22 SMTP error message for rejected messages 34 SMTP harvesting attacks 62 SMTP mail handling 20 SMTP mail routing 19 SMTP Server 21 SMTPExpandDNSBLStats...

Страница 116: ...rver Troubleshooting 25 31 79 U User configurable anti spam features 65 V Verify that local domain recipients exist in the Dom ino Directory 24 36 63 Viewing the page source of e mail messages 66 View...

Страница 117: ...0 2 spine 0 17 0 473 90 249 pages Lotus Domino 6 spam Survival Guide for IBM eServer...

Страница 118: ......

Страница 119: ......

Страница 120: ...t techniques available to avoid and block spam We then explain how anti spam control and management work can be divided between servers between server tasks and between administrators and end users We...

Отзывы:

Нет отзывов

Похожие инструкции для AH0QXML - Lotus Domino Messaging

ML-1610 - B/W Laser Printer

Бренд: Samsung Страницы: 18

ML 3471ND - B/W Laser Printer

Бренд: Samsung Страницы: 27

Бренд: Samsung Страницы: 49

RESTORATION SUITE

Бренд: TC Electronic Страницы: 31

DREAMWEAVER 8-EXTENDING DREAMWEAVER

Бренд: MACROMEDIA Страницы: 504

Pilot for Android

Бренд: Garmin Страницы: 150

Бренд: Gallo Страницы: 9

DSP/BIOS Real-Time Analysis

Бренд: Texas Instruments Страницы: 29

Бренд: Labelmaster Страницы: 81

Бренд: Dresser Страницы: 57

Cassiopeia Pocket PC

Бренд: Zio Interactive Страницы: 17

STUDIO 8-EXPLORING STUDIO 8

Бренд: MACROMEDIA Страницы: 350

VIAVOICE 10-ADVANCED EDITION

Бренд: IBM Страницы: 126

DEEP FREEZE ENTERPRISE - TREND MICRO OFFICESCAN...

Бренд: FARONICS Страницы: 17

Guitar Tone Processor GTR Solo

Бренд: Waves Страницы: 29

Бренд: Waves Страницы: 17

SD400 - PowerShot Digital ELPH Camera

Бренд: Canon Страницы: 133

Бренд: HP Страницы: 173

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды