SINH VIN THC HIN: 0512130 Dng Thanh Huy 0512408 H Th Thanh Vy 0512418 Phm Hong Linh
Contents 1. Spam mail ................................................................................................................. 4 Chng spam trn h thng mail server
An Ton Mng 2 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 1.1. Spam mail l g ? .................................................................................................... 4 1.2. c im ca Spam mail ....................................................................................... 4 1.3. Cch thc hot ng ca Spam mail..................................................................... 5 1.3.1. Thu thp a ch email ......................................................................................... 5 1.3.2. Pht tn email ...................................................................................................... 6 1.4. Cc loi Spam mail................................................................................................. 7 1.4.1. Harvested address spam ...................................................................................... 7 1.4.2. Virus spam........................................................................................................... 7 1.4.3. Domain name spam............................................................................................. 7 1.4.4. Dictionary spam................................................................................................... 7 1.4.5. Window messenger spam.................................................................................... 8 1.4.6. Hacked mail service spam..................................................................................... 8 1.5. Tc hi ca spam mail ............................................................................................ 8 2. Chng Spam trn h thng mail server ................................................................... 10 2.1. Cc c ch chng spam mail ................................................................................ 10 2.1.1. S dng DNS blacklist ........................................................................................ 10 2.1.2. S dng SURBL list ........................................................................................... 11 2.1.3. Kim tra ngi nhn........................................................................................... 12 2.1.4. Kim tra a ch .................................................................................................. 13 2.1.5. Chn IP .............................................................................................................. 13 2.1.6. S dng b lc Bayesian ................................................................................... 14 2.1.7. S dng danh sch Black/white list................................................................... 15 2.1.8. Kim tra Header................................................................................................. 16 2.1.9. S dng tnh nng Challenge/Response............................................................ 17 Chng spam trn h thng mail server
An Ton Mng 3 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 2.2. Cc cng ngh chng spam mail .......................................................................... 18 2.2.1. Tem cho email ................................................................................................... 18 2.2.2. Ci mt m......................................................................................................... 18 2.2.3. Khai bo thng tin ............................................................................................. 18 2.2.4. Lc email qua ni dung ..................................................................................... 18 2.2.5. Lc theo danh sch website chuyn tip ........................................................... 19 2.3. Cc bin php phng trnh spam mail ................................................................. 19 3. Cc cng c chng spam cho mail server ................................................................ 21 3.1. Software................................................................................................................ 21 3.1.1. VinaCIS AntiSpam............................................................................................ 21 3.1.2. GFI Mail Essentials ........................................................................................... 22 3.1.3. eWall.................................................................................................................. 24 3.2. Hardware .............................................................................................................. 25 3.2.1. Tng la lc th rc Barracuda Spam Firewall .............................................. 25 Ti liu tham kho ......................................................................................................... 27
I . Spam mail v cc vn lin quan Chng spam trn h thng mail server
An Ton Mng 4 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 1. Spam mail 1.1 . Spam mail l g ? Spam mail (th rc) l cc th in t v b thng cha cc loi qung co c gi mt cch v ti v v ni nhn l mt danh sch rt di gi t cc c nhn hay cc nhm ngi v cht lng ca loi th ny thng thp. i khi, n dn d ngi nh d, tm cch c s th tn dng v cc tin tc c nhn ca h.
1.2 . c im ca Spam mail Ngi dng hp th c th c cm gic b "tra tn" bng cc th in t qung co. Cc spam th v hi nhng mi ngy nhiu ngi c th v cc spam mail ny m b y c hp th. Trong nm 2003 khi cc phn mm chng spam cha ph bin v c ca cc hp th in t cn gii hn th c rt nhiu ngi dng email phi nhn c trm spam trong mt ngy m ch c ng vi ni dung khc nhau. Ti sao cc spam li lp i lp li mt ci th qung co c chc ln cho mt hp th? Mt l do l cc hng qung co mun dng hiu ng tm l. Khi hnh nh sn phm no c p vo mt ngi c mi th n lc cn mua mt th c chc nng tng t (hay cng loi) th chnh hnh nh thng hiu ca ci spam mail s hin n trong c ngi trc tin. L do khc l kch thch s t m ca ngi dng email mun c th mt spam xem c ni dung g bn trong. Spam mail khng c "c tnh", hiu theo ngha c hi cho my tnh, m ch i khi lm ngi ch hp th kh chu hoc i khi lm cho cc th t khc quan trng hn thay v nhn c th li b tr v cho ngi gi v l do hp th ngi nhn qu y. Tuy nhin, khng th trnh c cc spam mail c ni dung khiu khch hay li dng. Vic quan trng nht ca ngi dng hp th l ng bao gi tr li hay xc nhn bt k g m cc th ny yu cu v vic n gin l xa chng i. Chng spam trn h thng mail server
An Ton Mng 5 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn Cc chi ph chuyn th, cha th v x l th nhng lm thuc v ngi dng hay t chc cung ng Webmail. Tuy nhin cn phn bit r rng hon ton hp php khi c cc email tip th. Nhng ngi gi spam thng ngy to nhng thng tin gi nh l tn, a ch, s in thoi... nh la cc ISP. H cng thng dng s gi hay s n cp ca cc th tn dng chi tr cho cc ti khon. Vic ny cho php h di chuyn tht nhanh t mt ti khon ny sang ti khon khc mi ln b pht hin v b ng ti khon bi cc ch ISP.
1.3. Cch thc hot ng ca Spam mail 1.3.1. Thu thp a ch email Bc u tin m cc Spammer s dng l thu thp email cng nhiu cng tt, v sau gi mail hng lot cho cc a ch email c. u tin, cc Spammer s thu thp a ch email t cc trang web c xut bn trn mng internet thng qua vic nhn dng k t @ - i din cho mt a ch email. Cch ny kh hiu qu di s tr gip ca cc phn mm lc email chuyn dng. Cch th 2 l thnh lp cc trang web vi ni dung "nng bng, khiu gi", hp dn chiu d nhng ngi nh d, ch cn li email trn textbox: "Would you like to receive e-mail newsletters from our partners?" hoc: Enter email to receive largest prize of the year... hoc l: Enter email to chat with her bn cnh l tm hnh mt c gi xinh p no . Cch th 3 l tham gia cc din n, website c s dng thng tin ng k qua email kch hot ti khon, nhng tay spammer thng thu thp s lng ln t cc forum dng ny thng qua cc phn mm, cc bot t ng d tm email hoc... cc Admin bn email thnh vin cho nhng cty chuyn i spam mail hay gi vi ci tn p hn l Email Marketing. Cch th 4 v mang li hiu qu nht vn l Dictionary Attack, cch ny s dng phng thc lp trnh sn cho mt chic my tnh c th to ra rt nhiu bin Chng spam trn h thng mail server
An Ton Mng 6 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn th t mt a ch email bng cch thay i cc k t - v d nh email1@gmail.com ri ti email2@gmail.com, c tip tc nh vy... n s t ng sinh ra c ngn ci email khc nhau ch bng cch sa vi ch ci hay vi con s.
1.3.2. Pht tn email Sau khi thu thp c hng trm ngn email bng cc cch trn. Bc tip theo Spammer pht tn th ti cc email thu thp c. Vic pht tn email c thc hin vi nhiu cch. Cch th nht l cc Spammer phi b tin u t trang b cho mnh rt nhiu h thng my tnh, modem v ng truyn Internet tc cao Spam, cch th hai l gi Spam thng qua nhng my ch (open proxy servers). Cch na khng th khng ni n h thng Botnet nhng my b nhim backdoor chim quyn iu khin, nhng my con ny to thnh mt h thng mng Botnet khng l c th ln n hng nghn my tnh ni mng, ngoi cng dng DDoS hu hiu n cn l ni pht tn th rc ngoan ngon v an ton cho cc Spammer, Hacker. Cch ny kh nguy him cho ngi dng internet nhng mang li hiu qu kh ln cho cc Spammer chuyn nghip.
Chng spam trn h thng mail server
An Ton Mng 7 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 1.4. Cc loi Spam mail 1.4.1. Harvested address spam y l loi spam ph bin nht. Spammer s dng gin ip hay spam bot kim tra hu ht cc a ch website trn internet. Spam bot s tm kim trong code ca mi trang web k t @. Khi n tm thy mt k t @, n bit rng n tm thy mt a ch email. Sau n s thu thp cc bit k cn k t @ ly c a ch email v thm vo trong c s d liu ca spammer, ni cha hng triu a ch thu thp c. T nhng a ch ny s nhn c rt nhiu spam.
1.4.2. Virus spam My tnh ca mt ai b nhim loi virus ny. Khng may l trong address book ca h c cha a ch email ca bn. Virus s gi spam ti mi a ch c trong address book .
1.4.3. Domain name spam Spammer cho rng hu ht cc website u s dng a ch email dng chung l sale@... hay info@... H ch vic gi spam n tt c cc email c chun chung nh vy ti mi tn min trn th gii.
1.4.4. Dictionary spam i khi bn nhn c spam theo dng t in khi bn s dng mt dch v email ph bin. Spammer s to ra cc bin th t mt a ch email bng cch thay i mt vi k t, c nh th s to c hng nghn cc a ch khc nhau.
Chng spam trn h thng mail server
An Ton Mng 8 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 1.4.5. Window messenger spam Bn c thy xut hin thanh pop up vi dng ch Messenger Service trn thanh tiu hay khng ? Nu c tc l bn c th nhn c Window messenger spam.
1.4.6. Hacked mail service spam Mt vi ISP hay dch v webmail c th b hack bi cc spammer hay cc a ch mail c th b bn cho cc spammer. Cn c k nhng iu l khi ng k a ch mail. Tm xem c box no ni rng: Chng ti c th gi a ch email ca bn cho mt bn th 3, nh du vo y nu bn khng mun nhn nhng thng tin tip th t cc cng ty khc .. hay khng.
1.5. Tc hi ca spam mail Mi nm lng th rc tng ln mt cch chng mt vt qua mi s ngn chn ca nhiu phn mm bo mt, cc t chc nghin cu. V tc hi do n th khng th o hay tnh c, nhng theo thng k ca Internet Week th "50 t USD mi nm" l s tin m cc cng ty, t chc thng mi trn th gii phi b ra i ph vi nn th rc ang hng ngy tn cng vo hm th ca nhn vin. M l quc gia chu nhiu thit hi nht, chim 1/3 s tin ni trn. Ngoi vic gim nng sut lao ng, gy kh chu cho ngi nhn, tc nghn bng thng mng v ti nguyn lu tr, lm tng thi gian x l ca h thng my ch e-mail, spam cn l nguyn nhn gy au u cho nhng nh qun tr cc doanh nghip ln v chng lm h tn hng triu USD mi nm x l v loi b spam mail. Thng k v spam trn th gii cho thy: 31 t l tng s spam c gi qua internet trong nm 2002, v 60 t vo nm 2006 (theo Bo co thng 1/2003 ca chnh ph Canada: E-mail marketing: Consumer choices and business opportunities). Chng spam trn h thng mail server
An Ton Mng 9 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 36% l t l m spam chim trong tng s e-mail lu thng trn internet nm 2002, tng 8% so vi 2001 (http://www.cnet.com/). 42 spam/ngy l con s trung bnh mt a ch e-mail nhn. Theo nghin cu ca Cng ty Jupiter Research (M), con s tng ln thnh 70 vo nm 2007 (theo PC Magazine 5/2003). 15 gi/nm l tng s gi mt ngi phi b ra xa spam vo nm 2003, so snh vi 2,2 gi/nm ca nm 2000 (theo Ferris Research; http://www.cnn.com/2001/TECH/computing/01/04/spam.blocking.idg/index.html. 2-3 USD/thng l chi ph ngi dng phi tr cho ISP kim sot spam (theo Information Week, 2000). 10 t Euro l tng s tin c tnh ngi dng e-mail trn ton th gii phi chi tr hng nm cho spam (http://europa.eu.int/comm/internal_market/en/dataprot/studies/spam.htm). 25% trong tng s spam mang ni dung khiu dm v rao bn cc sn phm, dch v lin quan (http://www.brightmail.com/pdfs/gartner_rebuilt.pdf). Trn 53% l tng s gi hot ng hng nm ca cc my ch e-mail phi dng x l spam v cc dng tn cng e-mail vo nm 2002 (theo cng ty Postini, chuyn cung cp cng ngh x l spam - http://www.postini.com/). 74% l t l ngi dng internet tin rng ISP ca h phi c trch nhim x l spam (Cng ty Nghin cu Gartner Group). 36% l t l ngi dng phi thay i ISP gim bt s lng spam m h nhn (Cng ty Nghin cu Gartner Group). Spam l l do th t khin ngi dng thay i ISP: L do th nht l li kt ni, th hai l gi thnh, th ba l thng bo bn, th t l spam (theo SpamCon Foundation, 2002). i vi cc doanh nghip, cc chi ph trc tip phi tr bao gm phn cng my ch (khng gian a cng lu gi cc thng ip), bng thng (spam lm nghn mng hoc khin mng hot ng khng n nh) v chi ph nng cp my trm. Nhng hao tn thi gian xa cc spam mi l iu ng ni hn. Cc nh Chng spam trn h thng mail server
An Ton Mng 10 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn cung cp dch v internet (ISP) cng l nn nhn c bit ca spam bi chng lu thng trn mng thng xuyn, khin h phi lu tr hng triu th rc nh vy. Cc chuyn gia v spam lo ngi: Spam s lm thay i cch s dng e-mail v cu trc internet ton cu.
2. Chng Spam trn h thng mail server 2.1. Cc c ch chng spam mail Spam mail gy ra rt nhiu tc hi, v th vic phng chng v ngn chn spam mail l cn thit. Hin c nhiu cng ty phn mm cung cp cc gii php chng spam, mi dng sn phm c nhng tnh nng v u nhc im ring nhng hu ht cc sn phm hot ng u da vo mt s nguyn l sau:
2.1.1. S dng DNS blacklist
Phng php s dng DNS black list s chn cc email n t cc a ch nm trong danh sch DNS blacklist. C hai loi danh sch DNS Blacklist thng c s dng, l: Chng spam trn h thng mail server
An Ton Mng 11 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn Danh sch cc min gi spam bit, danh sch cc min ny c lit k v cp nht ti a ch http://spamhaus.org/sbl. Danh sch cc my ch email cho php hoc b li dng thc hin vic chuyn tip spam c gi i t spammer. Danh sch ny c lit k v cp nht thng xuyn ti a ch http://www.ordb.org. C s d liu Open Relay Database ny c duy tr bi ORDB.org l mt t chc phi li nhun. Khi mt email c gi i, n s i qua mt s SMTP server trc khi chuyn ti a ch ngi nhn. a ch IP ca cc SMTP server m email chuyn qua c ghi trong phn header ca email. Cc chng trnh chng spam s kim tra tt c cc a ch IP c tm thy trong phn header ca email sau so snh vi c s d liu DNS Blacklist bit. Nu a ch IP tm thy trong phn ny c trong c s d liu v cc DNS Blacklist, n s b coi l spam, cn nu khng, email s c coi l mt email hp l. Phng php ny c u im l cc email c th c kim tra trc khi ti xung, do tit kim c bng thng ng truyn. Nhc im ca phng php ny l khng pht hin ra c nhng email gi mo a ch ngi gi.
2.1.2. S dng SURBL list
Chng spam trn h thng mail server
An Ton Mng 12 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn
Phng php s dng SURBL pht hin spam da vo ni dung ca email. Chng trnh chng spam s phn tch ni dung ca email xem bn trong n c cha cc lin kt c lit k trong Spam URI Realtime Blocklists (SURBL) hay khng. SURBL cha danh sch cc min v a ch ca cc spammer bit. C s d liu ny c cung cp v cp nht thng xuyn ti a ch www.surbl.org. C nhiu danh sch SURBL khc nhau nh sc.surbl.org, ws.surbl.org, ob.surbl.org, ab.surbl.org..., cc danh sch ny c cp nht t nhiu ngun. Thng thng, ngi qun tr thng kt hp cc SURBL list bng cch tham chiu ti a ch multi.surbl.org. Nu mt email sau khi kim tra ni dung c cha cc lin kt c ch ra trong SURBL list th n s c nh du l spam email, cn khng n s c cho l mt email thng thng. Phng php ny c u im pht hin c cc email gi mo a ch ngi gi nh la cc b lc. Nhc im ca n l email phi c ti xung trc khi tin hnh kim tra, do s chim bng thng ng truyn v ti nguyn ca my tnh phn tch cc ni dung email.
2.1.3. Kim tra ngi nhn Tn cng spam kiu t in s dng cc a ch email v tn min bit to ra cc a ch email hp l khc. Bng k thut ny spammer c th gi spam ti cc a ch email c sinh ra mt cch ngu nhin. Mt s a ch email trong s c thc, tuy nhin mt lng ln trong l a ch khng tn ti v chng gy ra hin tng lt cc my ch mail. Phng php kim tra ngi nhn s ngn chn kiu tn cng ny bng cch chn li cc email gi ti cc a ch khng tn ti trn Active Directory hoc trn my ch mail server trong cng ty. Tnh nng ny s s dng Active Directory hoc LDAP server xc minh cc a ch ngi nhn c tn ti hay Chng spam trn h thng mail server
An Ton Mng 13 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn khng. Nu s a ch ngi nhn khng tn ti vt qu mt ngng no (do ngi qun tr thit lp) th email gi ti s b coi l spam v chn li.
2.1.4. Kim tra a ch
Bng cch kim tra a ch ngi gi v ngi nhn, phn ln spam s c pht hin v chn li. Thc hin kim tra a ch ngi gi trc khi email c ti xung s tit kim c bng thng ng truyn cho ton h thng. K thut Sender Policy Framework (SPF, www.openspf.org) c s dng kim tra a ch ngi gi email. K thut SPF cho php ch s hu ca mt tn min Internet s dng cc bn ghi DNS c bit (gi l bn ghi SPF) ch r cc my c dng gi email t min ca h. Khi mt email c gi ti, b lc SPF s phn tch cc thng tin trong trng From hoc Sender kim tra a ch ngi gi. Sau SPF s i chiu a ch vi cc thng tin c cng b trong bn ghi SPF ca min xem my gi email c c php gi email hay khng. Nu email n t mt server khng c trong bn ghi SPF m min cng b th email b coi l gi mo.
2.1.5. Chn IP
Chng spam trn h thng mail server
An Ton Mng 14 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn Phng php ny s chn cc email c gi n t cc a ch IP bit trc. Khi mt email n, b lc s phn tch a ch my gi v so snh vi danh sch a ch b chn. Nu email n t mt my c a ch trong danh sch ny th n s b coi l spam, ngc li n s c coi l email hp l.
2.1.6. S dng b lc Bayesian
B lc Bayesian hot ng da trn nh l Bayes tnh ton xc sut xy ra mt s kin da vo nhng s kin xy ra trc . K thut tng t nh vy c s dng phn loi spam. Nu mt s phn vn bn xut hin thng xuyn trong cc spam nhng thng khng xut hin trong cc email thng thng, th c th kt lun rng email l spam. Trc khi c th lc email bng b lc Bayesian, ngi dng cn to ra c s d liu t kha v du hiu (nh l k hiu $, a ch IP v cc min...) su tm t cc spam v cc email khng hp l khc. Mi t hoc mi du hiu s c cho mt gi tr xc sut xut hin, gi tr Chng spam trn h thng mail server
An Ton Mng 15 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn ny da trn vic tnh ton c bao nhiu t thng hay s dng trong spam, m trong cc email hp l thng khng s dng. Vic tnh ton ny c thc hin bng cch phn tch nhng email gi i ca ngi dng v phn tch cc kiu spam bit. b lc Bayesian hot ng chnh xc v c hiu qu cao, cn phi to ra c s d liu v cc email thng thng v spam ph hp vi c th kinh doanh ca tng cng ty. C s d liu ny c hnh thnh khi b lc tri qua giai on hun luyn. Ngi qun tr phi cung cp khong 1000 email thng thng v 1000 spam b lc phn tch to ra c s d liu cho ring n.
2.1.7. S dng danh sch Black/white list
Vic s dng cc danh sch black list, white list gip cho vic lc spam hiu qu hn. Black list l c s d liu cc a ch email v cc min m bn khng bao gi mun nhn cc email t . Cc email gi ti t cc a ch ny s b nh du l spam. Chng spam trn h thng mail server
An Ton Mng 16 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn White list l c s d liu cc a ch email v cc min m bn mong mun nhn email t . Nu cc email c gi n t nhng a ch nm trong danh sch ny th chng lun c cho qua. Thng thng cc b lc c tnh nng t hc, khi mt email b nh du l spam th a ch ngi gi s c t ng a vo danh sch black list. Ngc li, khi mt email c gi i t trong cng ty th a ch ngi nhn s c t ng a vo danh sch white list.
2.1.8. Kim tra Header
Phng php ny s phn tch cc trng trong phn header ca email nh gi email l email thng thng hay l spam. Spam thng c mt s c im nh: trng trng From: hoc trng To: Trng From: cha a ch email khng tun theo cc chun RFC. Cc URL trong phn header v phn thn ca message c cha a ch IP c m ha di dng h hex/oct hoc c s kt hp theo dng username/password (v d cc a ch: http://00722353893457472/hello.com, www.citibank.com@scammer.com). Phn tiu ca email c th cha a ch email ngi nhn c nhn ha email . Lu khi s dng tnh nng ny vi cc a ch email dng chung c dng nh sales@company.com. V d khi mt khch hng phn hi bng cch Chng spam trn h thng mail server
An Ton Mng 17 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn s dng tnh nng auto-reply vi tiu your email to sales c th b nh du l spam. Gi ti mt s lng rt ln ngi nhn khc nhau. Ch cha nhng file nh m khng cha cc t nh la cc b lc. S dng ngn ng khc vi ngn ng m ngi nhn ang s dng. Da vo nhng c im ny ca spam, cc b lc c th lc chn.
2.1.9. S dng tnh nng Challenge/Response
Tnh nng ny s yu cu ngi ln u gi email xc nhn li email u tin m h gi, sau khi xc nhn, a ch email ca ngi gi c b sung vo danh sch White list v t tr v sau cc email c gi t a ch c t ng cho qua cc b lc. Do spammer s dng cc chng trnh gi email t ng v h khng th xc nhn li tt c cc email gi i, v th nhng email khng c xc nhn s b coi l spam. Chng spam trn h thng mail server
An Ton Mng 18 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn Phng php ny c hn ch l n yu cu nhng ngi gi mi phi xc nhn li email u tin m h gi. khc phc nhc im ny, ngi qun tr ch nn s dng phng php ny i vi nhng email m h nghi ng l spam.
2.2. Cc cng ngh chng spam mail 2.2.1. Tem cho email Theo hai nh nghin cu Fahlman v Mark Wegman thuc Trung tm Nghin cu ca IBM ti Watson, M, phng php chng spam hiu qu nht l yu cu nhng ngi khng c tn trong danh sch khch hng thn thit ca bn phi mua tem cho mi e-mail m h gi cho bn. Mt chng trnh s c t nm gia my ch e-mail v my tnh c nhn ca khch hng i chiu tn ngi gi vi danh sch khch hng ca bn. ng tin i lin khc rut, nhng k gi spam s phi cn nhc k trc khi bm send gi hng lot e-mail.
2.2.2. Ci mt m Bn gi e-mail thng bo cho tt c mi ngi vi mt on mt m c ci t sn trong e-mail ca bn, v my ch e-mail ca ISP s ch cho php nhng e- mail no c on mt m ny i qua.
2.2.3. Khai bo thng tin Mt chng trnh s chn e-mail t nhng ngi l, v yu cu cung cp y thng tin c nhn trc khi chuyn e-mail n ngi nhn.
2.2.4. Lc email qua ni dung Mt chng trnh s thu thp thng tin nm trong phn ni dung ca e-mail gip cho cc qun tr vin my ch e-mail tch spam ra khi h thng. Phn mm s lt qua ton b thng ip tm kim nhng t kha c lin quan n Chng spam trn h thng mail server
An Ton Mng 19 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn spam. Chng hn nu bn khng phi l mt bc s, nhng bc th bn mong nhn c t c lin quan n cc vn gii tnh. V vy, viagra c th l mt t kha lc th quan trng. Cc c ch lc th phc tp hn c th lc nguyn c mt on m lnh u ca thng ip, nhng on m ny bm theo sut qu trnh lun chuyn ca e-mail v cung cp thng tin v chuyn i . Nu mt site spam c tn trong lch trnh , phn mm s t ng chn bc thng ip li.
2.2.5. Lc theo danh sch website chuyn tip Mt cng ngh lc khc da trn danh sch cc site chuyn tip. Cng ngh lc ny kim tra v chn cc thng ip c truyn ti qua nhng im chuyn tip m rng, tc l cc h thng trn internet cho php ngi s dng dng chng nh nhng im qu cnh th. Nhng k tn cng bng spam (spammer) thng xuyn s dng cc im chuyn tip m ny che du tung tch xut x ca mnh. Trong nhiu trng hp, tin tc tn dng cc l hng bo mt ra lnh cho cc my ch chuyn tip lm cng vic ca spam.
2.3. Cc bin php phng trnh spam mail Ngoi vic s dng cc b lc chng spam, ngi s dng cng ng vai tr quan trng trong vic chng li i dch th rc. Bi vy ngi dng cn tun theo mt s nguyn tc sau: Lun cp nht cc bn v mi nht ca cc phn mm ang ci t trn my. m bo tt c cc my lun c cp nht cc phn mm chng virus v chng spam. S dng cc firewall bo v h thng. Khng tr li cc email l khng r ngun gc. i vi cc spammer, khi nhn c mt tr li t hng ngn email h gi i th cng chng minh l phng php c hiu qu. Ngoi ra, vic tr li li cn xc nhn l a ch Chng spam trn h thng mail server
An Ton Mng 20 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn email ca bn l c thc v hin ang c s dng. Do vy a ch email ca bn s ng gi hn, v cc spammer s gi nhiu th rc hn. Khng gi cc thng tin c nhn ca bn (s th tn dng, mt khu, ti khon ngn hng, v.v... ) trong th in t. Cc spammer v nhng k la o qua mng c th to ra nhng trang web gi mo cc t chc, ngn hng... ngh bn gi mt khu v mt s thng tin v th tn dng ca bn qua email. Khng hi p email bng cch nhn ln t nh loi b (remove) hoc ngng ng k (unsubscribe) trong dng tiu hoc trong ni dung ca th tr khi y l ngun ng tin cy (cc email tip th trc tip). y l tiu xo ca cc spammer ngi s dng hi p li cc spam ca h. Khi nhn c hi p, cc spammer khng nhng khng loi b a ch email ca bn ra khi danh sch m cn gi ti nhiu spam hn bi v h bit rng a ch email ca bn hin ang hot ng. Khng bao gi bm vo cc lin kt URL hoc a ch trang web c ghi trong spam ngay c khi n hng dn ngi nhn ngng ng k. iu ny cng cho ngi gi bit rng a ch email ca bn ang c s dng v bn c th s nhn c nhiu spam hn. Hy s dng hai a ch email khc nhau, mt a ch s dng cho cc vic ring nh bn b, cng vic. Mt a ch s dng ng k tr thnh thnh vin ca cc din n, cc t chc... nhng ni m a ch email ca bn c th b lm dng hoc bn. Khng nn ng a ch email ca bn nhng ni cng cng (v d nh cc din n, bng tin, chat room...) ni cc spammer thng s dng cc tin ch thu thp v tm kim a ch email. S dng cc dch v email cung cp cng c chng spam, v d nh Yahoo! Mail, Gmail. Khng bao gi c chuyn tip spam cho ngi khc. Chuyn spam nhn c n ngi qun tr h thng email. Qun tr vin Chng spam trn h thng mail server
An Ton Mng 21 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn s thay i chng trnh lc ln sau h thng s chn li nhng email tng t nh th.
3. Cc cng c chng spam cho mail server 3.1. Software 3.1.1. VinaCIS AntiSpam VinaCIS AntiSPAM phn mm chuyn dng chng li nn th rc c dng min ph cho Microsoft Outlook, Outlook Express, Windows Mail (phin bn Standard). VinaCIS Corporation Vit ha hon ton phn mm Spamfighter chng li nn th rc t Spamfighter ApS VinaCIS AntiSPAM c ch lc th rc vi cc c im u vit to nn 1 thng hiu v phn mm lc th rc chuyn dng cho vic phng chng th rc hiu qu. VinaCIS AntiSPAM ngn chn hon ton s xm nhp bt hp php ca cc phn mm Gin ip, Th la o, Th cha Virus...Vi c ch hot ng hon ton t ng v lc chnh xc n 99,9%, cng vi vic ci t v s dng d dng(v c Vit ha hon ton) nn phn mm VinaCIS AntiSPAM l s la chn cho vic chng li nn th rc hu hiu v chuyn dng cho ngi Vit. Mt s tnh nng t bit ca VinaCIS AntiSPAM: Giao din hon ton bng ting Vit. Vic ci t n gin v s dng d dng. Tch hp s dng b lc th rc cho nhiu ti khon trn mt my v tnh. T ng qun l danh sch th sch. Kh nng lc ty chn theo ngn ng. Khng gii hn danh sch th rc v th sch. Ty chn vic di chuyn thanh cng c trong Microsoft Outlook. Kha v m kha th rc bng i ch th in t v tn min website.
Chng spam trn h thng mail server
An Ton Mng 22 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn 3.1.2. GFI Mail Essentials
GFi MailEssentials chng Spam bng c ch Bayesian : c ch Bayesian c cc chuyn gia hng u th gii tin dng l cng c nhn bt Spam tt nht hin nay. Cng ngh ny s dng thut ton nhn bit th Spam v Ham .Do t l lc Spam ca GFi MailEssentials li ln n 98% ch sau hai tun cp nht . Ngn chn Spam v Phising ngay ti Server : GFi MailEssentials l mt ng dng ci t trn my ch hoc trn Gateway gip cho ngi qun tr d dng ci t v qun l da trn nn Desktop. Qun l whitelist thng minh trnh nhm ln : Tnh nng Whitelist nh du nhng mail " khng phi l Spam" t nhng a ch ngi gi qua c ch lc: Domain, a ch mail v keyword. Kim tra h thng tn min en trung gian : GFi MailEssentials nhn bit cc blacklist DNS (Real time black hole list) . Nhn bit cc tn min trung gian en nh : ORDB , Spam Haus , Spam cop v cho php admin nh dng cc RBL servers. H tr SPF v cc SURBL server trung gian : GFi mailEssentials t ng kim tra cc a ch mail c thc s c gi i t mt domain c ng k Chng spam trn h thng mail server
An Ton Mng 23 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn hay khng. Nu mt a ch Email m c gi i t mt domain trung gian s b GFi MailEssentials nh du l SPAM . Loi b cch thu thp Email ca cc Spamer (directory harvesting ) : Cc spamer thng to ra mt danh sch a ch Email ngu nhin v gi email ti nhng a ch ny . GFi MailEssentials kim tra xc thc ca mi a ch Email c gi i thng qua Active desktop hay qua h tr ca LDAP . Nu khng ph hp , email s b nh du l SPAM. Sp xp cc SPAM vo hm th rc (Junk Mail ) ca ngi dng : GFi MailEssentials cho php ngi dng d dng xc nh , x l mail c nh du l SPAM . C th di chuyn mail SPAM ny vo mt Folder v c th xem li chng . Phn tch tiu th v kim tra cc t kha : Vi chc nng thng minh ca GFi Mail Essentials d dng phn bit cc tiu ca email . pht hin cc tiu gi mo , cc Spam bin i cc IP khng c thc . Chc nng xem nhanh cc Mail l : Chc nng New senders cho php ngi s dng c th xem nhng a ch E-mail ca khch hng m h cha tng gi . D dng iu chnh b lc Bayesian thng qua cc Folder dng chung : Cc Admin d dng iu chnh b lc Bayesian bng cch ko th cc email Spam vo th mc dng chung . Bo co tnh nng lc v s dng th : Tnh nng qun l Email n v i gip to bn bo co r rng v bo co ch no lc SPAM tt nht . D dng phn bit whitelist hay backlist : GFi MailEssentials gip ngi s dng d dng qun l c danh sch mail whitelist hay backlist bng cch ko th Email spam vo Public Folder . Gip lm gim cng vic cho ngi qun tr. Cc Admin c th iu khin tng tnh bo mt cho Public Folder ny . Ti Update c s d liu v Spam: GFi MailEssentials ti cc bn cp nht chng Spam vo c s d liu ca Bayesian t trang web ca GFi . m bo chc chn cp nht nhng k thut chng Spam mi nht cho h thng . Chng spam trn h thng mail server
An Ton Mng 24 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn Chc nng ti Disclaimer u hoc cui Email cng ty : GFi MailEssentials cho php bn to disclaimer u hoc cui Email ca cng ty di dng text hoc HTML .Bn c th to nhiu disclaimer cho tng user , tng nhm v tng domain.
3.1.3. eWall
eWall l mt gateway c th lp trnh c cho bt k my ch mail no. N h tr phn mm chng virut mnh nh cc k thut chng spam khc nh (SPF, SURBL, DNSBL, Greylisting, Harvester detection, country block,...). Hn th na, n cng c th c s dng cung cp cc dch v mi n cc khck hng ca bn vi mt lot cc filter, API, v scripting engine. Phn mm min ph EWLSP lm cho eWall thc s trong sut vi cc mail server v l vt cn v hnh trn ng dn ca spam, scam, viruses, v cc ti liu khc. eWall c hai phin bn: X Edition l r hn nhng ch cho mt s lng gii hn ca mail server gi thnh thp hay min ph nh: XMail, hMailServer, Chng spam trn h thng mail server
An Ton Mng 25 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn MailEnable, ArGoSoft Mail Server v chng c tn "X" l da vo t Xmail, cn Unlimited Edition l khng b hn ch.
Barracuda Spam Firewall (BSF) l mt gii php hon ho tch hp phn mm trn phn cng chng Spam hiu qu. y thc s l mt gii php mnh m,d s dng v tit kim cho doanh nghip.Vi vic tch hp cc cng ngh chng spam v virus: Anti-Spam Anti-Virus Anti-Spoofing Anti-Phishing Anti-Spyware(Attachments) Denials of Services BSF tng thch vi tt c cc my ch Mail v c th s dng bt k t chc hoc doanh nghip t vi ngi dng cho n nhng t chc ln n 200.000 ngi s dng.Mi mt thit b c th h tr n 30.000 ti khon email v c th x l 20 triu th mi ngy.Thit b c h tr chy cluster tng dung lng v kh nng chu ti cao. Tt c cc email trc khi n my ch u c x l qua h thng 12 lp Chng spam trn h thng mail server
An Ton Mng 26 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn bo v ca thit b Barracuda: Denial of Service and Security Protection Rate Control IP Reputation Analysis Sender Authentication Recipient Verification Virus Check Policy (User-specified rules) Spam Fingerprint Check Intent Analysis Image Analysis Bayesian Analysis Rule-based Scoring BSF khc phc c nhng nhc im ca phn mm ang phi gnh chu: Khng cn s tng thch gia phn mm v phn cng Khng chim ti nguyn h thng v gim ti trn my ch bng vic loi b cc th rc,virus ngay ti thit b BSF,ch cho nhng th tt v khng cha virus n my ch. Ngoi ra,tt c cc dng sn phm ca BSF u tch hp sn chc nng Outbound ,lc v m bo tt c cc th gi ra u l th tt v khng cha virus,ch n gin l Convert sang ch Outbound. Hn th na,BSF cn h tr mt s dch v cho ngi s dng tinh chnh mt s filter,APIBSF thc s trong sut vi cc Mail Server v mt cng c hon ho cho server ca bn trong vic chng li th rc v virus. Tnh d s dng: Khng ci t phn mm,khng chnh sa nhiu trn h thng my ch mail c sn,vic thit lp nhanh chng v kh n gin.Tt c u s dng giao din Web theo di v bo tr. Chng spam trn h thng mail server
An Ton Mng 27 Trung tm o to qun tr & an ninh mng ATHENA www.ATHENA.edu.vn Vi dch v Energize Update,thit b BSF c cp nht mi lin tc hng gi t trung tm Barracuda t ti M. Gii php tit kim chi ph cho doanh nghip: y l thit b khng tnh ph theo ngi dng.Do BSF l mt gii php tit kim nht cho doanh nghip,t chc trong vic chng th rc v virus ly lan qua ng mail.
Ti liu tham kho How to prevent spam : http://www.wordsandpeople.com/security/how-to- prevent-spam.htm Wikipedia: http://en.wikipedia.org/wiki/Spam_mail Antispam: http://blog.protectwebform.com/p/category/anti-spam