Filtragem Email

Filtragem de Email com Red Hat Linux

Implementações Práticas e Apresentação de Laboratórios

Ruben OliveiraRHCE RHCX MCSE MCITP

Filtragem Email

• Postfix Mail Server / GW Filter• Mailscanner• SpamAssassin• Mailwatch• Webmin/Usermin• Dovecot• Apresentação de Laboratórios

Filtragem Email

• Postfix Mail Server / GW Filter

Filtragem Email

• Postfix Mail Server / GW Filter

Filtragem Email

• Postfix• main.cf• multiple domain• mail relaying•sasl / tls

Filtragem Email

• MailScanner• www.mailscanner.info• A Free Anti-Virus and Anti-Spam Filter• Protecting over 1 billion e-mails every day• Over 1 million downloads• Perl based• Instalação simples• Compatível com Sendmail/Postfix/Exim,etc• como alternativas amavisd-new

Filtragem Email

• Spam Scanning• Most of the spam scanning is done with the help

of SpamAssassin:• DNS blacklists• over 850 heuristic rules• Bayesian probability system• Distributed network-based checks such as• Razor, DCC, Pyzor which track the frequency

of messages around the world to identify spam

Filtragem Email

• Virus Scanning• Scans all e-mail passing through it for viruses

using any combination of the supported anti-virus engines

• Many sites run 2 or 3 different engines for better coverage and resistance against brand new viruses

• Anti-Virus Engines 20 are supported, including all the major market leaders

• ClamAV is free and has greatly improved over the past year

Filtragem Email

• Virus Handling• Attachments containing viruses or other

security problems are removed• All safe content is delivered untouched• Recipients and senders may get a warning

explaining what happened and who they should contact for help

• System admin notified of basic details of message and what viruses were found

Filtragem Email

• Attachment Filenames• Allows/denies attachments based on filename

and file content, providing implementation of any email security policy.

• Easily used to block attachments which are common ways of disguising viruses, e.g.ReadMe.doc.exe

• These can be varied for different users.

Filtragem Email

• Highly Configurable• Virtually all configuration parameters can be set

using fixed values, “rulesets” or “Custom Functions”

• Rulesets allow different values for any users or domains you specify

• Reports are supplied in 15 languages• Language can be different for different domains

and users•

•

Filtragem Email

• Rulesets• Archive Mail = /etc/MailScanner/rules/arch.rules ;-)

• From: joao@dominio.pt joana@dominio2.pt• From: - Matches when the message is from a matching address

• To: - Matches when the message is to a matching address

• FromOrTo: - Matches when the message is from or to a matching address

• user@sub.domain.com # Individual address

• *@domain.com # Any user at 1 specific domain

• 192.168.21.0/24 # Any SMTP client IP address in this network

• *@* # Default value

• default # Default value

• Destination email address / directorio com ou sem datas appended / ficheiro mbox

Filtragem Email

• Custom Functions• These allow implementation of any other

configuration model you choose, including external databases of user options

• Many useful examples are provided• Minimal Perl knowledge needed

Filtragem Email

• Hash-Sharing Systems

• Send a checksum of a message to an online database of spam.

• "Has anyone reported this as spam?". The online database can report back "yes", allowing your mail system to raise the spam score for that message.

• Pyzor Razor DCC

Filtragem Email

• Mailwatch

• MailWatch for MailScanner is a web-based front-end to MailScanner written in PHP, MySQL

• Load Average and Today’s Totals for Messages, Spam, Viruses and Blocked Content.

• Colour-coded display of recently processed mail.

• Drill-down onto each message to see detailed information.

• Quarantine management allows you to release, delete or run sa-learn across any quarantined messages.

• Reports with customisable filters and graphs

Filtragem Email

Filtragem Email

Filtragem Email

Webmin / Usermin• Gestão e Utilização do servidor via https

Filtragem Email

• Dovecot

• Dovecot is an open source IMAP and POP3 server for Linux

• security primarily in mind.• It's fast, simple to set up, requires no special

administration and it uses very little memory.

Filtragem Email

• Laboratórios

• Utilização de Máquinas Virtuais• Instalação de um servidor de email com

filtragem de spam e virus, além de webmail e gestão via http

Filtragem Email

Obrigado

Perguntas e Respostas

ruben.oliveira@rumos.pt