06-垃圾邮件过滤

返回邮件DNS检查 返回邮件DNS检查 DNS
• 转发的DNS lookup是根据return/reply-to内所标明的地址 • 如果所指出的域不含有A记录的话，则按垃圾邮件予以处理
SMTP过滤顺序 SMTP过滤顺序
1. IP address BWL 2. RBL & ORDBL (Last IP) 3. IP address (FortiGuard – Anti-spam) 4. HELO DNS lookup 5. MIME headers check, E-mail address BWL check 6. Banned word check on email subject 7. IP address BWL check (IPs in “received” headers) 8. Banned word check on email body. 9. Return e-mail DNS check, FortiGuard – Anti-spam (URL) 10. RBL & ORDBL check on public IP
Email基础——查看SMTP Email基础——查看SMTP 基础——查看
Session initiation 220 smtp203.mail.sc5.yahoo.com ESMTP EHLO mcbride Mail server and it’s capabilities 250-smtp203.mail.sc5.yahoo.com 250-AUTH LOGIN PLAIN XYMCOOKIE 250-PIPELINING Client login 250 8BITMIME challenge & AUTH LOGIN response 334 VXNlcm5hbWU6 Zm9ydGluZXQwMDE= 334 UGFzc3dvcmQ6 Zi5ydGluZXQ= 235 ok, go ahead (#2.0.0) MAIL FROM:<fortinet001@yahoo.ca> 250 ok RCPT TO:<training@fortinet.com> Sender & 250 ok Recipient
实验
首先根据分析垃圾邮件的发送IP,在fortiguard中心判断一下该IP是 否在黑名单内，然后模拟环境设置测试。
Email message
DATA 354 go ahead From: fortinet001@yahoo.ca To: training@fortinet.com Date: Wed, 23 Nov 2005 16:53:26 +0100 MIME-Version: 1.0 Subject: Hello, World! Message-ID: <43849E86.29784.DF6209@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (4.21c) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body The quick brown fox jumped over the lazy dog. . 250 ok 1132761223 qp 71164 QUIT 221 smtp203.mail.sc5.yahoo.com
IMAP过滤顺序 POP / IMAP过滤顺序
1. 2. 3. 4. 5. 6. MIME headers check, E-mail address BWL check Banned word check on email subject IP BWL check Banned word check on email body Return e-mail DNS check, FortiGuard AntiSpam check, RBL & ORDBL check
• 在该案例中，服务器A和服务器B之间建立SMTP通话，实现了 传送邮件到最终用户。 • SMTP: Simple Mail Transport Protocol.该协议的相关内容会 Protocol. 在后面讲述. . • SMTP过程如下：
MUA连接到TCP端口25，建立一个会话，然后发送邮件到企业的 MTA. 企业的MTA发送邮件到接收者的 MTA. 接收者的MTA发送邮件到最终用户的 MUA.
最后一次中转，从什么地 方收到，为谁所收到 中间邮件中转过程
From, to，subject，date， MIME均为标准的邮件头 标注
X开头均为各Βιβλιοθήκη Baidu家自 行定义
反向DNS检测 反向DNS检测 DNS
• 检测邮件服务器的IP地址是否有DNS解析内容 • 转发的DNS lookup 是依据HELO domain内指明的 • 如果域内不含 A记录的话，则视之为垃圾邮件予以处理
邮件头分析
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Return-Path: <ddeng@wangfung.com> Received: from murder ([unix socket]) (authenticated user=cyrus bits=0) by fortinet.com (Cyrus v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1) with LMTPA; Mon, 18 Aug 2008 20:52:50 -0700 X-Sieve: CMU Sieve 2.2 Received: from smtp.fortinet.com (smtp.fortinet.com [192.168.200.188]) by mail.fortinet.com (8.13.1/8.13.1) with ESMTP id m7J3qoxw019686 for <support_cn@fortinet.com>; Mon, 18 Aug 2008 20:52:50 -0700 Received: from wangfung.com (pop.wangfung.com [220.246.31.137]) by smtp.fortinet.com with ESMTP id m7J3qjo5026309 for <support_cn@fortinet.com>; Mon, 18 Aug 2008 20:52:46 -0700 Received: from bid68 ([119.141.60.203]) by wangfung.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 19 Aug 2008 11:50:40 +0800 Message-ID: <D70C125B6E6040128D2C0FD4DC268125@bid68> From: "derek" <ddeng@wangfung.com> To: <support_cn@fortinet.com> Subject: =?gb2312?B?RjYwILK7uaTX98HL?= Date: Tue, 19 Aug 2008 11:43:16 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0093_01C901F0.C5197AD0" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 12.0.1606 X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606 X-Antivirus: avast! (VPS 080818-0, 08/18/2008), Outbound message X-Antivirus-Status: Clean X-OriginalArrivalTime: 19 Aug 2008 03:50:42.0609 (UTC) FILETIME=[C0B98210:01C901AE] X-FEAS-HEURISTIC-smtp-fortinet.com: 0.465(CN_BODY_148:0.157,CN_BODY_3:0.128,CN_BODY_368:0.18) X-FEAS-DEEPHEADER-smtp-fortinet.com: Node:{59} Confidence degree{ 73.5639 } Support degree{ 2.99063 } IP{ 220.246.31.137,119.141.60.203 }
测试IP和URL是否在黑名单中 测试IP和URL是否在黑名单中 IP
提交垃圾邮件
Ctrl+C将要提交的垃圾 邮件拷贝，然后再粘贴 到发送给 submitspam@fortinet.c om邮件中，
取消某判断错误的邮件
FortiGate判断垃圾邮件时没有打标记说明判断的原因，但是 FortiMail在邮件头中会标记出来。 如果发现某邮件被错误地判断为垃圾邮件，可以粘贴发送给 removespam@fortinet.com
反垃圾邮件
FortiGate Multi-Threat Security Systems I Course 301
Email基础解析 Email基础解析
• 简单的例子如下
Internet
UserA UserB
UserA@domain.com 发送邮件给 Userb@xtreme.com.mx
Email基础解析 Email基础解析