Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
services:e-mail_service:antispam_filters [2009/04/10 10:15] giunta |
services:e-mail_service:antispam_filters [2021/12/09 12:44] giunta removed |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Anti-Spam Filters ===== | ===== Anti-Spam Filters ===== | ||
| - | In the last years the SPAM phenomenon (Unsolicited Bulk & Commercial E-mails) has grown exponentially. Today the SPAM is over the 50% of the total e-mail traffic. To permit the people works (don't waste time to discard UCE and UBE mails) complex filters are required for the incoming e-mail traffic. **SISSA has two filters for the incoming emails**. | + | In the last years the SPAM phenomenon (Unsolicited Bulk & Commercial E-mails) has grown exponentially. Today the SPAM is over the 50% of the total e-mail traffic. In order not to waste time discarding UCE and IBE e-mails, complex filters are required for the incoming e-mail traffic. **SISSA has two filters for the incoming e-mails**. |
| ==== SafeMail ===== | ==== SafeMail ===== | ||
| - | **The first filter for the incoming mail is SafeMail, a commercial product of Spin** (http://www.spin.it). This software is istalled on the incoming e-mail gateway server. This machine is named hermes.sissa.it that is also the Mail Exchanger (MX) for the domain sissa.it. This filter **is applied by default to all the incoming mail** for the domains sissa.it, he.sissa.it, ma.sissa.it, ap.sissa.it and democritos.it. | + | **The first filter for the incoming e-mail is SafeMail, a commercial product of Spin** (http://www.spin.it). This software is installed on the incoming e-mail gateway server. This machine is the Mail Exchanger (MX) for the domain sissa.it. This filter **is applied by default to all the incoming mail** for the domains sissa.it. |
| - | This software use some RBLs (Real-time Spam Black Lists) to reject SPAM. The connection is rejected with a message. A real user should read the error and take an action to send again the message. See the page | + | This software use some RBLs (Real-time Spam Black Lists) to reject SPAM. |
| - | http://www.spin.it/spam/spam_filters.php3#eng for informations about Spin's anti-spam filters. | + | When SafeMail consider an e-mail as a sure spam, the connection is rejected and it sends an error message to the sender. |
| + | If it is a real person, he/she can take an action to send again the e-mail. | ||
| + | See the page: | ||
| + | http://www.spin.it/spam/spam_filters.php3#eng for information about Spin's anti-spam filters. | ||
| - | More informations about Spin SafeMail are available at address http://www.spin.it/spam/#eng. | + | More information about Spin SafeMail are available at address http://www.spin.it/spam/#eng. |
| - | Real-time statistics about SafeMail filter are available on the web page: http://hermes.sissa.it/cgi-bin/spamstats | ||
| + | ===== Anti-Virus Filters ===== | ||
| - | + | SISSA mail servers use an antivirus to scan all incoming/outgoing e-mail messages. This includes scanning e-mail bodies and attachments against known virus signatures as well as blocking certain file types and names (file extensions). The software will also scan compressed attachements. However it should be stressed that nobody should rely on the mail server filtering for complete virus protection. The main purposes of filtering on the mail servers are to minimise the possibility of a serious outbreak of a particular virus, provide protection against new unrecognised viruses and act as a secondary mechanism for detecting infected systems. It is essential, therefore, that you continue to treat ALL e-mail attachments with caution. | |
| - | ==== Barracuda Spam Firewall ==== | + | |
| - | + | ||
| - | **The second filter is Barracuda Spam Firewall**, a commercial appliance (special hardware with customized software), produced by [[http://www.barracudanetworks.com/|BarracudaNetworks]]. This machine operate with several anti-spam filters (DNSBL filters, euristhics filters, bayesian database, etc.).** At every incoming mail is assigned a spam score value**. Higher values are feature of SPAM e-mails. | + | |
| - | + | ||
| - | __**Only the mails** tagged definitively as Spam (**spam score over 9 points) are blocked by the Barracuda Spam Firewall**__. \\ | + | |
| - | **The others --//allowed or tagged as probably spam//-- are delivered to the final user. | + | |
| - | **\\ | + | |
| - | + | ||
| - | The score maybe negative o zero when the message is classified as not-spam. Values higher than 3.5 means that the mail is probably a SPAM message. The score should be used by an automatic procedure to separate the legitimate e-mails from the SPAM. \\ | + | |
| - | For more information and to manage your Spam level, please read: | + | |
| - | * [[webmail-horde:filter:spam-level| How to manage my e-mail spam filters using HORDE ]] | + | |
| - | * [[webmail-squirrel:filter:spam-level| How to manage my e-mail spam filters using SQUIRRELMAIL ]] | + | |
| \\ | \\ | ||
| - | Real-time statistics about Barracuda filtering are available on the web page: http://spam-stats.sissa.it/ (only internal). \\ | ||
| - | |||
| - | |||
| - | |||
| - | ===== Anti-Virus Filters ===== | ||
| - | |||
| - | SISSA mail servers use an antivirus to scan all incoming/outgoing email messages. This includes scanning email bodies and attachments against known virus signatures as well as blocking certain file types and names (file extensions). The software will also scan compressed attachements. However it should be stressed that nobody should rely on the mail server filtering for complete virus protection. The main purposes of filtering on the mail servers are to minimise the possibility of a serious outbreak of a particular virus, provide protection against new unrecognised viruses and act as a secondary mechanism for detecting infected systems. It is essential, therefore, that you continue to treat ALL email attachments with caution. | ||
| - | |||
| - | |||
| Line 48: | Line 29: | ||
| ===== Banned file Types and Extensions ===== | ===== Banned file Types and Extensions ===== | ||
| - | Certain file types and extensions pose a significant risk to windows machines, as they are executable by default. Most viruses are spread through email with one of these executable attachements. As such, SIS has decided to block the following extensions: | + | Certain file types and extensions pose a significant risk to windows machines, as they are executable by default. Most viruses are spread through e-mail with one of these executable attachements. As such, ITCS has decided to block the following extensions: |
| ^Extension^Generic description^ | ^Extension^Generic description^ | ||
| Line 75: | Line 56: | ||
| - | This means you will not be allowed to send/receive any filenames with the banned extensions. Where you have a genuine need to send a program as an attachment then you should enclose it in a .zip or .gz file before attaching it. Windows XP and Mac OS X have this functionality built in. Do not create a self-extracting zip file because that will result in an executable type of file that will also be blocked. | + | This means you will not be allowed to send/receive any file whose filename has a banned extension. Where you have a genuine need to send a program as an attachment then you should enclose it in a .zip or .gz file before attaching it. Windows XP and Mac OS X have this functionality built in. Do not create a self-extracting zip file because that will result in an executable type of file that will also be blocked. |
| In order to properly receive a program file as an attachment, you will have to ask the sender to enclose the program in a .zip or .gz file before sending. | In order to properly receive a program file as an attachment, you will have to ask the sender to enclose the program in a .zip or .gz file before sending. | ||
| - | In both case, remember to DO NOT SET A PASSWORD TO THE ARCHIVE FILE, otherwise the email will be BANNED again. | + | In both case, remember to DO NOT SET A PASSWORD TO THE ARCHIVE FILE, otherwise the e-mail will be BANNED again. |
| - | ===== Blocked Email Notification ===== | + | \\ |
| - | SISSA mail server will alert users when they receive an email containing a banned content. Our server do NOT reply to email sender. | ||
| Line 89: | Line 69: | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ==== Blocked Notifications for Received Email ==== | ||
| - | |||
| - | When our mail server finds banned content in an email destined to your email address, it will send you an email similar to: | ||
| - | |||
| - | <code> | ||
| - | From: SISSA SISSA Barracuda Spam Firewall <postmaster@sissa.it> | ||
| - | To: your_username@sissa.it | ||
| - | Subject: BANNED FILE IN MAIL TO YOU (from <sender@example.com>) / | ||
| - | FILE BLOCCATO IN UNA MAIL DIRETTA A TE ( spedita da <sender@example.com>) | ||
| - | |||
| - | BANNED FILENAME ALERT | ||
| - | |||
| - | The SISSA Spam Firewall (charon.sissa.it) found an attached | ||
| - | file 'filename' in an email sent from <sender@example.com>. | ||
| - | |||
| - | Due to security reason, our system has been set to block this type of file. | ||
| - | |||
| - | For further informations, visit: | ||
| - | |||
| - | http://sis.sissa.it/services/e-mail_service/antispam_filters#anti-virus_filters | ||
| - | |||
| - | ------------------------- | ||
| - | | ||
| - | AVVISO FILE BLOCCATO | ||
| - | |||
| - | L'anti-spam della SISSA (charon.sissa.it) ha trovato un file 'filename' | ||
| - | allegato ad una mail inviata da <sender@example.com>. | ||
| - | |||
| - | Per motivi di sicurezza, il nostro sistema ha bloccato questo tipo di file. | ||
| - | |||
| - | Per ulteriori informazioni, visita: | ||
| - | |||
| - | http://sis.sissa.it/services/e-mail_service/antispam_filters#anti-virus_filters | ||
| - | </code> | ||
| - | |||
| - | Where: | ||
| - | * <your_username@sissa.it> is your email address. | ||
| - | * <sender@example.com> is the email address of the sender (may be empty in case of spam). | ||
| - | * ''filename'' is the name (or only the extension ) of banned file. | ||
| - | |||
| - | FIXME | ||
| - | |||
| - | ==== IMSS ==== | ||
| - | |||
| - | The central e-mail provides an anti-virus filtering service for incoming and outgoing e-mails. The anti-virus software is TrendMicro **IMSS** (Interscan Messaging Security Suite), a commercial product and one of the more diffused and effective email anti-virus software. The filter acts blocking e-mails produced by mass-mailing worms and viruses. Normal attachments containing viruses are cleaned. In this case the cleaned mail is delivered to the recipient and a notification is sent to the sender. | ||
| - | |||
| - | ==== BARRACUDA ==== | ||
| - | |||
| - | Another anti-virus filtering is acted on the incoming mails (from outside Sissa), by the [[antispam_filters#barracuda_spam_firewall|Barracuda Spam Firewall]]. | ||
| - | |||
| - | === Barracuda anti-virus notification messages === | ||
| - | |||
| - | You can receive e-mails from our anti-virus containing infos like the follwing ones: | ||
| - | |||
| - | |||
| - | BANNED NAME ALERT | ||
| - | The SISSA Spam Firewall (charon.sissa.it) found an attached file: | ||
| - | NOMEFILE.EXT | ||
| - | in an email to you. | ||
| - | The SISSA Spam Firewall has been set to block this type of file | ||
| - | for security policy. | ||
| - | |||
| - | \\ | ||
| - | In the subject of the e-mail you find: | ||
| - | |||
| - | BANNED NAME IN MAIL TO YOU (from [[SOMEUSERNAME@domain.xxx]]) | ||
| - | |||
| - | \\ | ||
| - | That means that from this address has been received, for your username, a file name "NOMEFILE.EXT", probably containing a virus. | ||
| - | \\ | ||
| - | IF (AND ONLY IF!) you know the sender of the e-mail and know that the file is NOT a virus, and want to receive it, you can: | ||
| - | |||
| - | * write to the sender asking him to ZIP the file NOMEFILE.EXT, so it will be sent you. | ||