‘¾€Œ±° ¾ °¼¾¼ ¸ ²€µ´¾½¾½‹¼ ¾´¾¼ ¾¼¾‰Œ Microsoft Exchange

  • View
    38

  • Download
    0

Embed Size (px)

DESCRIPTION

Борьба со спамом и вредоносным кодом с помощью Microsoft Exchange 2007/2010 и Forefront Protection for Exchange 2010 - Теория. Мокшин Сергей Геннадьевич ОАО «ВСГК» sergey@mokshin.info. План презентации. Общие Сведения Финансовая сторона Технологии СПАМ рассылок - PowerPoint PPT Presentation

Text of ‘¾€Œ±° ¾ °¼¾¼ ¸...

1

1 Microsoft Exchange 2007/2010 Forefront Protection for Exchange 2010 - sergey@mokshin.infoMicrosoft TechDayshttp://www.techdays.ru 2 .

Microsoft TechDayshttp://www.techdays.ru 3 80-95% 1-3% 8-10% DoS -Junk mail () Unsolicited e-mail ()Spiced ham - spiced ham . (SPAM)?

Microsoft TechDayshttp://www.techdays.ru 4 (% )Microsoft TechDayshttp://www.techdays.ru 5 .18 (, ) ($800k )? - ? , , IP-; ; (); ; ; . - (0,1 USD ); ( 1-3%); , ; ( USD). Microsoft TechDayshttp://www.techdays.ru 6 , N*100 (N=1 100); N*100*50Kb=N*5Mb => N*110Mb ; 30 => 11 => 50.*(20../22/8)*11=62,5 ../; ; ; ; .Microsoft TechDayshttp://www.techdays.ru 7 web-

Microsoft TechDayshttp://www.techdays.ru 8 , ; ;, ;, ;GreyListing ;Tarpit - ;- (Honey Pot).

Microsoft TechDayshttp://www.techdays.ru 9 , , ., SURBL (Spam URL Realtime Block Lists URL). SURBL. , .

Microsoft TechDayshttp://www.techdays.ru 10 , ; Sender Reputation Filter, .Microsoft TechDayshttp://www.techdays.ru 11 ( Zaitsev! www.smolen.ru .); ( -); ( , ][, }{ 4); ( ); ; HTML; URL .Microsoft TechDayshttp://www.techdays.ru 12

RBL (Realtime Block List) IP -.White IP List IP .

Ip a.b.c.d/

Microsoft TechDayshttp://www.techdays.ru 13 - ; IP ; RBL ; . RBL. Microsoft TechDayshttp://www.techdays.ru 14 DNS- ; PTR ( );Caller ID + SPF (Sender Policy Framework)

Sender ID Framework + SRS (Sender Rewriting Scheme). DomainKeys Identified Mail (DKIM)

Microsoft TechDayshttp://www.techdays.ru 15

DNS- DNS vsgk.ru/vsgk.ruvsgk.ru text = "v=spf1 mx -all"vsgk.ru MX preference = 20, mail exchanger = mail1.vsgk.ruvsgk.ru MX preference = 10, mail exchanger = mail.vsgk.ru

vsgk.ru internet address = 195.151.248.117vsgk.ru nameserver = ns.virtech.ruvsgk.ru nameserver = ns2.virtech.ru

vsgk.ru nameserver = ns2.virtech.ruvsgk.ru nameserver = ns.virtech.rumail.vsgk.ru internet address = 195.206.47.30mail1.vsgk.ru internet address = 195.239.200.178

Microsoft TechDayshttp://www.techdays.ru 16

PTR Ip a.b.c.dmail.vsgk.ru195.206.47.30

mail.vsgk.ruAddress: 195.206.47.30

Microsoft TechDayshttp://www.techdays.ru 17

SPF DNS Txt v=spf 1 mx -allvsgk.ruvsgk.ru text = "v=spf1 mx -all"vsgk.ru MX preference = 20, mail exchanger = mail1.vsgk.ruvsgk.ru MX preference = 10, mail exchanger = mail.vsgk.ru

vsgk.ru internet address = 195.151.248.117vsgk.ru nameserver = ns.virtech.ruvsgk.ru nameserver = ns2.virtech.ru

vsgk.ru nameserver = ns2.virtech.ruvsgk.ru nameserver = ns.virtech.rumail.vsgk.ru internet address = 195.206.47.30mail1.vsgk.ru internet address = 195.239.200.178

Microsoft TechDayshttp://www.techdays.ru 18 ; ; from ; . DNS SPF ; . DNS PTR ; . DKIM ( 2007). .

Microsoft TechDayshttp://www.techdays.ru 19 GreyListing ; ;Tarpit - ;- (Honey Pot).Microsoft TechDayshttp://www.techdays.ru 20 , IP; . . ( );

Microsoft TechDayshttp://www.techdays.ru 21 . PTR DNS ; DNS (A, MX, SPF); ; ; ; Active Directory; (Tarpit); RBL/DNSBL; ; ;

Microsoft TechDayshttp://www.techdays.ru 22 , ; ; , john@mail.ru, info@mail.ru, office@mail.ru ..; , ; .

Microsoft TechDayshttp://www.techdays.ru 23 http://ru.wikipedia.org/wiki/Spamhttp://www.lexa.ru/articles/antispam.html http://antispam.home.nov.ru/ http://www.antispam.ru

, Exchangehttp://www.msexchange.ruhttp://www.exchangerus.ruhttp://www.msexchange.org

Microsoft TechDayshttp://www.techdays.ru 4/26/2010 12:03 PM Microsoft Exchange 2007/2010 Forefront Protection for Exchange 2010 - sergey@mokshin.infoMicrosoft TechDayshttp://www.techdays.ru 25

26