Mail Message Metering or, how to block outbound spam

Download Report

Transcript Mail Message Metering or, how to block outbound spam

Mail Message Metering
or, how to block outbound spam
Robert D. Haskins
Copyright © 2000, ZipLink Inc.
Patent Pending
1
Interactive Week, 3/6/2000
“… (Lawlor) opened AGIS to unsolicited
commercial e-mailers and only relented after
a walkout of key technical staff and a crippling
hack attack in 1997.”
Copyright © 2000, ZipLink Inc.
Patent Pending
2
Outline
•
•
•
•
•
•
•
•
Introduction/Goals
Problem definition
Existing solutions
Outline of our solution
RADIUS database
Mail relays
Shortcomings
References
Copyright © 2000, ZipLink Inc.
Patent Pending
3
Introduction
• Wholesale Internet connectivity provider
• Our customers are free ISP’s, small ISP’s,
and information appliance vendors (500+)
• ZipLink can be a source of spam
Problem: an effective way to block outbound
spam
Solution: ?
Copyright © 2000, ZipLink Inc.
Patent Pending
4
Goals
• Block at least 50% of outbound spam
• Little or no impact on customer (ISP) and
subscriber
• Ability to exclude certain domains
• Configurable and scalable
• Low impact on RADIUS servers
• Utilize freely available software if possible
Copyright © 2000, ZipLink Inc.
Patent Pending
5
Existing solutions
• Existing “free” solutions for spam:
– Blackmail by Ken Hollis and James Murray
– SMAPD from Trusted Information Systems
– SMTPD from Obtuse Systems Corporation
• Brightmail by Bright Light Technologies
• RAS filters
Copyright © 2000, ZipLink Inc.
Patent Pending
6
Existing solutions (2)
• No solution met our needs completely
• Most solutions are focused on the problem of
inbound spam only
• No solution incorporates the idea of
“message metering”
Our solution: allow end user to send only X
messages during Y amount of time
Copyright © 2000, ZipLink Inc.
Patent Pending
7
Overview of solution
RADIUS
SQL DB
User
Mail Relay
Copyright © 2000, ZipLink Inc.
Patent Pending
Recipient
8
RADIUS database
• RADIUS servers run radius2db, written by
Dale Nielsen (contractor) in C
• radius2db reads RADIUS accounting logs
and forwards records to Oracle database
• overhead on RADIUS server < 5%
• additional fields for message counts, limits in
separate table
Copyright © 2000, ZipLink Inc.
Patent Pending
9
Mail Relays
SMTP
redirected
Mail relay
quota
check
User
sends
mail
Cust. mail
relay
Copyright © 2000, ZipLink Inc.
Patent Pending
Mail sent to
recipient
10
Mail Relays (2)
• Modifications made to SMTPD (Obtuse)
• SMTPD receives outbound message:
– verifies source IP address within ZipLink
range
– checks mail quotas for that user
– forwards message to SMTPFWD
• SMTPFWD relays message (via Sendmail) to
ISP customer mail relay for final delivery
Copyright © 2000, ZipLink Inc.
Patent Pending
11
Mail Relays (3)
• Adjustable parameters:
– # messages/time interval for user@realm
– # messages/time interval for @realm
– # messages/time interval, global
– 10 messages/10 minutes, max 100
messages/24 hours is the compiled in
default
• “450 Mail quota exceeded for %U” error
Copyright © 2000, ZipLink Inc.
Patent Pending
12
Shortcomings
• Still requires Acceptable Use Policy (AUP)
and strong language in contracts
• If ISP changes defaults, subscriber can still
spam if thresholds are set high enough
• No way to allow individual subscriber to use
3rd party mail relay
• Requires mechanism for redirecting all SMTP
sessions to mail relays
Copyright © 2000, ZipLink Inc.
Patent Pending
13
References
•
•
•
•
•
My page: www.ziplink.net/~rhaskins
FWTK: www.tis.com/research/software
Blackmail: bitgate.com/spam
Juniper/smptd: www.obtuse.com/smtpd.html
Brightmail: www.brightlight.com/isp/spam
Copyright © 2000, ZipLink Inc.
Patent Pending
14