Fumo-idosec SPAMwall
SPAM problem
- most emailuser get unwanted emails
- up to 80% of all emails are SPAM
- more than 80% of malware ( virus, troyans, worms ) is distributed by SPAM
( the FBI and computer crime & securtiy survey )
- 31% of users click on links in SPAM mails
( Radicati Group May 2005 )
- 10% of users buy on SPAM
( Radicati Group May 2005 )
- users of a *.com domain get 86% more SPAM mail than useful email
SPAM disadvantages
- productivity loss
- augmentation on costs of IT infrastructure ( bandwith, strorage capacity, ... )
- augmentation on costs of IT management ( administration )
- performance loss on emailservers
- confidence loss in emailing
- potential problem on the law
- emails with malware ( i.e. Virus )
- user satisfaction on email infrastructure
Who are the SPAMers?
- some years ago: amateur handicraftsman, now: professionals
- they act like a profitcenter
- you can get a 150 million mailadresses for only 100 $
- 0,5 % answers on SPAM mean 5000 potential customers
- on phishing attacks, 0,1 % return is a very good deal
==>> SPAMming is an easy way to get rich !!
What can you do?
1. ignore it ! disadvantages: malware, bad network performance, high cost on backup, ...
2. trust on the law. disadvantages : SPAMmers are spread all over the world;
its not allowed to do a robbery, but ... ?
==>> you need a technical solution
What are the requirements for the technical solution?
- have a recognition rate >> 90%
- have very low false positive and false negative rate
- be easy administrational
- be always up-to-date
- act on low costs
- be law-conformal
- have a slow delay on delivery
- have no big manual to learn
The 'traditional' way
- real time black lists ( RBL )
disadvantage: high false positive rate, very hard to get out of the list
- lexical analysis
disadvantage: human intervention is necessary, needs update every day
- distributed checksum clearinghouse ( DCC )
disadvantage: searches only for bulk mails, but not every bulk mail is SPAM
- collaborative Spam database - internetusers enter Spam-emails, each message gets a unique signature
disadvantage: depends on users
www.fumocom.com
- bayesian filters - comparison of Spam and useful emails
disadvantage: need much time to learn
- trend analysis - analyses the behavior of sender and receiver
disadvantage: id only useful in improving the false-positive rate
- white & blacklist - active blocking or allowing of sender or domain
disadvantage: not scaleable, just tunig the system
- SPAM traps - traps designed to catch SPAM
disadvantage: only useful in SPAM recognition and measurement
- dns authentification ( SPF, CID, SID ) - a new standard should identify the sender and verify addresses
disadvantage: 3 concurrent solutions
SPAM filtering by the idosec SPAMwall
- based on greylisting
- on first contact, ask the sender to resend the mail
- parameters are stored in a database to check resending
- additional spam solutions implemented (black listing, spamassassin ...)
- virus scanning implemended
- can be combined with black- and whitelists
- internal or external solutions available - with redundancy option (managed service provider)
- settings stored in a MySQL database
- easy web-based administration
www.fumocom.com
Benefits
- reduces administration overhead
- prevents against great amount of malware
- relieves antivirus server
- saves on internet bandwith
- reduces emailserver performance
- saves LAN bandwith
- increases productivity ( saves time of users )
- may avoid problems on law regulations
- no expensive update service
- no temporally limited use
- no license agreement
- a all-in-one solution against unproductive data garbage!
www.fumocom.com
SPAMwall
Software configuration:
Operating System: Debian Stable
Mail System: Postfix
Current SPAM protection: Greylist, Spamassassin
Current Virus Mail-Scanner: ClamAV
Configuration: WebGUI
Main license: GNU (http://www.gnu.org), except WebGUI and customized scripts
User limit: unlimited by licence
Hardware configuration:
Processor: Single 64 Bit Intel Xeon 2,8 GHz with 1MB L2 Cache
Memory: 1GB DDR2 SDRAM, 400MHz (2x512)
Disks: 2 x 73GB SCSI 10.000rpm, RAID1
RAID Controller: PERC 4e/Si embedded (256MB Battery backed Cache)
Network: 2 x 1GBit Intel (embedded)
Powersupplys: 2 x 550W
CD-Drive: 8xDVD-ROM
Rackmountable, incl. Rackmount-Kit
Hardware specs:
Form factor: 1U rack height
Processors: Up to two 64-bit Intel Xeon processors at up to 3,6GHz
Front side bus: 800MHz
Cache: Up to 2MB L2
Chipset: Intel E7520
Memory: 256MB/12GB DDR-2 400 SDRAM; 16GB with avaulability of dual rank 4GB DIMMs'
I/O channels: Two total: two PCI-X slots (1 x 64-bit/133MHz and 1 x 64-bit/100MHz) or two PCI Express slots
(1 x 4 lane and 1 x 8 lane)
Drive controller: Embedded single channesl Ultra320 SCSI
RAID controller: Optional single channel ROMB (PERC 4e/Si), PERC 4/DC, PERC 4/SC and PERC 4a/DC
adapters
Drive bays: Two 1'' Ultra320 hot-plug SCSI drives
Maximum internal storage: SCSI: up to 600GB
Hard drives: 36GB, 73GB, 146GB and 300GB(10,000 rpm) Uptra320 SCSI / 18GB, 36GB, 73GB and
146GB(15,000 rpm) Ultra320 SCSI
Internal storage: 10K/15K RPM SCSI drives
External storage: Dell PowerVault SCSI and Dell ECM fibre channel storage
Tape backup options: Internal: none / External: PowerVault 114T, 122T, 128T, 132T and 136T
Network interface card: Dual embedded Intel Gigabit NICs; single and dual port Intel PRO/1000 MT Gigabit
adapters; Intel PRO/1000 MF (optical)
www.fumocom.com
Power supply: 550W, optional hot-plug redundant power
Availability: ECC memory, Single Device Data Correction (SDDC), Spare Bank, Memory Mirroring; hot-plug
SCSI hard drives; optional hot-plug redundant power; redundant cooling; tool-less chassis; high availability
fibre channel and SCSI cluster support; optional ROMB with battery-backed cache; optional RAID controllers
Video: Embedded ATI Radeon 7000-M with 16MB SDRAM
Remote management: Baseboard Management Controller with IPMI 1.5 compliance, accassible via network
or serial port; optional slot-free DRAC 4/i
Systems management: Dell OpenManage
Rack support: 4-post (Dell rack), 2-post and 3rd party
Chassis:
76.2 cm (30") D x 48.26 cm (19") W x 4.29 cm (1.69") H
Rack Weight 17.69kg (39 lb), maximum configuration
Power: 550W, optional hot-plug redundant power, 110/220 Volt
Environmental:
Operating Temperature: 10° to 35°C (50° to 95°F)
Storage Temperature: -40° to 65°C (-40° to 149°F)
Operating Relative Humidity: 20% to 80% (non-condensing)
Storage Relative Humidity: 5% to 95% non-condensing
Operating Vibration: 0.25G at 3Hz to 200Hz for 15 minutes
Storage Vibration: 1.54Grms at 10Hz to 250Hz for 15 minutes
Operating Shock: 1 shock pulse of 41G for up to 2ms
Storage Shock: 6 shock pulses of 71G for up to 2ms
Operating Altitude: -15.2m to 3,048m (-50ft to 10,000ft)
Storage Altitude: -15.2m to 10,668m (-50ft to 35,000ft)
Regulatory:
FCC (U.S. only) Class A
ICES (Canada) Class A
CE Mark (EN 55022 Class A, EN55024, EN61000-3-2, EN61000-3-3)
VCCI (Japan) Class A
BSMI (Taiwan) Class A
C-Tick (Australia/New Zealand) Class A
SABS (South Africa) Class A
CCC (China) Class A
MIC (Korea) Class A
UL 60950
CAN/CSA C22.2 No. 60950
EN 60950
www.fumocom.com