Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download spam
Document related concepts
Transcript
ECE4112 Internetwork Security
Lab XX: Secure Mail Server and Spam
Techniques
Group Number:
Group Member Names:
1)
2)
3)
Date Assigned MM/DD/YYYY
Date Due:
MM/DD/YYYY
Last Edited: MM/DD/YYYY
Lab Authored by: Matt Peter & Parnav Sawjiany
Goal
This Lab is designed to teach the student how to setup a secure mail server that
is resistant to spam from both a system administrator and spammer’s
perspective.
Summary
This lab will focus on the challenges of e-mail administration. To begin, we will
walk through an installation of Mail Transport Agent (MTA) software, which
allows us to receive email from other systems or users. Additionally, we will
install a copy of Spamassassin, heuristic anti-spam software which makes a best
guess effort at determiniing whether or not a piece of mail is spam, and marking
it accordingly. Then we will install software on our Windows XP machine that will
allow us to craft spammy email messages.
Lab Scenario
We will use our VMware copies of RedHat 7.2 (hereafter known as “server”) and
Windows XP (hereafter known as “client”). Server will run our mail software, and
our client will serve first as a legitimate email user, and then later as a spammer.
Maildir mailboxes
.-----------,
.----------,
***********
.---------,
|
|
|
|
* Inbox *
|
|
|
| ====> | Procmail | ===> *
* <======> | Courier |
<=== | Postfix |
|
| =\ ***********
| IMAPD |
===> | MTA
|
`---------'/ |
|
|
SMTP |
|
|
|====> ************
|
|
to & | (Message |
filtering |
* YYY *
|
|
from | Transfer |
rules in
\=>************ * <==> |
|
other | Agent) |
.mailfilter
* XXX * ***
|
| IMAP
MTAs |
| <--,
***
*
* <======> |
| <-,
`-----------'
\
************
`---------' \
\
\
V
`---<----------------------------------------<--------------'/
SMTP outgoing mail
\
\ .------------------------,
\
`-> |
|
\
| IMAP capable Email |
\
| client
|
\
|
|
`-----------<--------- |< SMTP outgoing mail |
|
|
`------------------------'
Section 01: Introduction
E-mail spam is a subset of spam that involves sending nearly identical messages
to thousands (or millions) of recipients. Perpetrators of such spam (”spammers”)
often harvest addresses of prospective recipients from Usenet postings or from
web pages, obtain them from databases, or simply guess them by using common
names and domains. By popular definition, spam occurs without the permission
of the recipients.
As the recipient directly bears the cost of delivery, storage, and processing, one
could regard spam as the electronic equivalent of “postage-due” junk mail.
However, the Direct Marketing Association will point to the existence of
“legitimate” e-mail marketing. Most commentators classify e-mail-based
marketing campaigns where the recipient has “opted in” to receive the
marketer’s message as “legitimate”.
Spammers frequently engage in deliberate fraud to send out their messages.
Spammers often use false names, addresses, phone numbers, and other contact
information to set up “disposable” accounts at various Internet service providers.
They also often use falsified or stolen credit card numbers to pay for these
accounts. This allows them to move quickly from one account to the next as the
host ISPs discover and shut down each one.
Spammers frequently go to great lengths to conceal the origin of their messages.
They do this by spoofing e-mail addresses (much easier than Internet protocol
spoofing). The e-mail protocol (SMTP) has no authentication by default, so the
spammer can easily make a message appear to originate from any e-mail
address. To prevent this, some ISPs and domains require the use of SMTP-AUTH,
allowing positive identification of the specific account from which an e-mail
originates.
Spammers cannot completely spoof e-mail delivery chains (the ‘Received’
header), since the receiving mailserver records the actual connection from the
last mailserver’s IP address. To counter this, some spammers forge additional
delivery headers to make it appear as if the e-mail had previously traversed
many legitimate servers. But even when the fake headers are identified, tracing
an e-mail message’s route is usually fruitless. Many ISPs have thousands of
customers, and identifying spammers is tedious and generally not considered
worth the effort.
Spammers frequently seek out and make use of vulnerable third-party systems
such as open mail relays and open proxy servers. The SMTP system, used to
send e-mail across the Internet, forwards mail from one server to another; mail
servers that ISPs run commonly require some form of authentication that the
user is a customer of that ISP. Open relays, however, do not properly check who
is using the mail server and pass all mail to the destination address, making it
quite a bit harder to track down spammers.
Increasingly, spammers use networks of virus-infected Windows PCs (zombies)
to send their spam. Zombie networks are also known as Botnets.
Spoofing can have serious consequences for legitimate e-mail users. Not only
can their e-mail inboxes get clogged up with “undeliverable” e-mails in addition
to volumes of spam, they can mistakenly be identified as a spammer. Not only
may they receive irate e-mail from spam victims, but (if spam victims report the
e-mail address owner to the ISP, for example) their ISP may terminate their
service for spamming. 1)
Question 01.01
Why are spammers making the switch to zombie networks? What tactical
advantage does a dedicated zombie network have over a more traditional open
proxy relay arrangement? Think back to our labs on Honeynets.
Section 02: Information Exposure
An effective anti-spam strategy for any individual or organization will necessarily
be a multi-step solution. But as in many other things, often careful attention to
the first line of defense is the most effective. Spammers most often generate
valid email addresses by spidering the internet for webpages that contain valid
email addresses.
So, in order to limit the exposure an organization may have the number of times
email addresses appear on the internet must be limited. At an individual level it
is important to realize that any posting on a public forum, or mailing list will be
harvested by automated scripts. Some people create throw-away email
addresses that are meant for only for spam. This allows them to keep their
private email address, private.
Although many times an administrator cannot control everyone’s use of company
email addresses, he can limit or eliminate email addresses that appear on
company websites, mailing lists, and forums. One of the easiest methods many
corporate websites use to limit spam is to create “feedback” forms that are sent
through an html interface, rather than email client. This makes the internal
address completely private. It also has the added benefit of encouraging
feedback from users by making it a bit simpler for them to contact various
departments. There are many methods of creating feedback forms, and any
direct implementation depends on a host of factors related to the base
installation.
In many cases, forms are not a viable method, and a direct link to an email
address must be provided on a public website. In this case, there are several
methods for obfuscuating the email address to harvesters, while displaying a
perfectly normal address to end users.
Example 02.01
<script LANGUAGE="JavaScript">
<!-- BEGIN Script
var cry1=String.fromCharCode(109,97,105,108,116,111,58);
document.write("<a href=\"");
document.write(cry1);
document.write("YOURNAME");
document.write(String.fromCharCode(64));
document.write("YOURDOMAIN.com");
document.write("\">");
document.write("YOURNAME");
document.write(String.fromCharCode(64));
document.write("YOURDOMAIN.com");
document.write("</a>");
//END -->
</script>
citation:
Example 02.02
<script type="text/javascript">
//<![CDATA[
var email = "enquiries"
var domain = "seowebsitepromotion.com"
document.write("<a href=" +
"mail" + "to:" + email + "@" + domain +
"?subject=General%20Enquiry" + ">" +
email + "@" + domain + "</a>")
//]]>
</script>
citation:
Question 02.01
The above javascript solutions take in as strings the parts of a valid email
address, and output a valid email address. In what ways do the two methods
differ? Why might using Javascript be a bad idea in this case?
Section 03: Installation
Getting Setup
First, we need to get our system up and ready for use by mounting our share,
grabbing the lab files, and creating a working directory for ourselves.
# start up your RH72 image and login as root
# mount your shared nas drive
mount /mnt/nas4112
# copy the file spam-lab.tar.gz from the LabXX directory to our new directory
cp /mnt/nas4112/LabXX/spam-lab.tar.gz /home
#unzip the files
tar -zxvf spam-lab.tar.gz
cd /home/spam-lab
This will extract the entire lab into a new directory /home/spam-lab. The
structure is as follows:
/--.
|-- backup/
# backup files
|-- conf/
# configuration files
|-- corpus/ # sample spam archive
|-- docs/
# html version of lab
|-- modules/ # perl modules
|-- rpms/
# RedHat rpms
|-- spammer/ # Spammer Programs
`-- install.sh # install script
System Preperation
Because the amount of setup required to get all the software that needs to be
installed and configured borders on the insane, we’ve created an installer script
that will allow you to bypass several hours of installation work. But we have done
a complete explanation of each step of the installation process, and you will have
to read the following in order to understand and answer the questions.
So, with that said, LET’s ROLL!
./install # assuming you're in /home/spam-lab as was stated above
First we need to create a temporary directory for our files to be installed in.
rm -rf /tmp/20030313SPAM/
mkdir /tmp/20030313SPAM
cp modules/* /tmp/20030313SPAM
cp rpms/* /tmp/20030313SPAM
cd /tmp/20030313SPAM/
Then we install the required RPM modules. A barebones installation of RH7.2
does not have many of the core features that may come on an ‘everything but
the kitchen sink’ style install. So we include all the possible rpm’s that we need to
minimize the chances that we miss a dependency somewhere down the road. In
this case, it was necessary to upgrade two pieces of the basic system, namely,
the version of perl and an installation of gcc. The first line in this block uses the U switch to signify that this is an upgrade to an existing perl installation, rather
than a new one. the –nodeps allows us to force the installation, because the rest
of the rpm files are in a state of circular dependency. This means that the perl5.6 rpm needs updated perl-CGI and perl-CPAN rpm’s, and perl-CGI, perl-CPAN
want the updated version of perl-5.6.
rpm
rpm
rpm
rpm
rpm
rpm
rpm
rpm
-Uv --nodeps perl-5.6.1-36.1.72.i386.rpm
-iv zlib-devel-1.1.3-24.i386.rpm
-iv zlib-1.1.3-24.i386.rpm
-iv perl-CGI-2.752-36.1.72.i386.rpm
-iv perl-CPAN-1.59_54-36.1.72.i386.rpm
-iv perl-DB_File-1.75-36.1.72.i386.rpm
-iv perl-NDBM_File-1.75-36.1.72.i386.rpm
-iv perl-suidperl-5.6.1-36.1.72.i386.rpm
rpm -Uv perl-HTML-Parser-3.26-2.i386.rpm
Next, we install the necessary backend rpm’s for gcc, the linux C compiler. Again,
we start from the bottomed out portion and work our way up the building blocks
until we get to the final goal, gcc.
rpm
rpm
rpm
rpm
rpm
-iv
-iv
-iv
-iv
-iv
binutils-2.11.90.0.8-9.i386.rpm
kernel-headers-2.4.7-10.i386.rpm
glibc-devel-2.2.4-13.i386.rpm
cpp-2.96-98.i386.rpm
gcc-2.96-98.i386.rpm
Finally, we create a new user on the system that will serve as our test bed for
scanning mail
/usr/sbin/adduser -c "Junk Mail Account" -s /bin/bash junk -u 110
/usr/bin/passwd junk
# INTERACTIVE
Set the password to whatever you like, but remember it for later.
Mail Software
Mail Installation
Now we have to backup and remove sendmail, then install Postfix (A drop in
replacement for Sendmail) which is easier to use and has a better security
reputation, and additionally, install Courier-IMAP, a industrial strength IMAP
server that integrates well with Postfix.
mkdir $CDIR/backup/sendmail/
cp /etc/aliases $CDIR/backup/sendmail
cp /etc/sendmail.cf $CDIR/backup/sendmail
cp /etc/sendmail.cw $CDIR/backup/sendmail
cp /etc/mail/* $CDIR/backup/sendmail
rpm -e sendmail sendmail-doc sendmail-cf --nodeps
killall sendmail
rpm -Uvh postfix-2.2.5-3.rh72.i386.rpm
# install IMAP daemon
rpm -iv courier-imap-1.4.3-2.rh.7.2.i386.rpm
Mail Setup
In this section we create a new user, and ask the installer to give him a
password. Then we use the ‘maildirmake’ utility that comes with Courier-IMAP to
create our initial IMAP directory structure. Finally, we take the modified conf files
and replace the default ones with them.
# add a user we can spam
echo "--------------------"
echo " Use password: junk "
echo "--------------------"
/usr/sbin/adduser -c "Junk Mail Account" -s /bin/bash junk -u 110
/usr/bin/passwd junk
# INTERACTIVE
maildirmake /home/junk/Maildir
maildirmake -f Spam /home/junk/Maildir/
maildirmake -f Trash /home/junk/Maildir/
cp -f $CDIR/conf/procmailrc /etc/procmailrc
cp -f $CDIR/conf/local.cf /etc/mail/spamassassin/local.cf
cp -f $CDIR/conf/main.cf /etc/postfix/main.cf
/etc/init.d/postfix restart
/etc/init.d/spamassassin restart
Spamassassin
Spamassassin Installation
Spamassassin requires a large number of different Perl modules in order to
function properly. We have provided the necessary ones in spam-labmodules.tar.gz. Our installation script automates the tedious process of
unzipping, making, testing, compiling, and installing. The standard process for
installing Perl modules is as follows:
# Install HTML-Tagset v3.03
cd /usr/src
tar zxvf /tmp/20030313SPAM/HTML-Tagset-3.03.tar.gz
cd HTML-Tagset-3.03/
perl Makefile.PL
make
make test
make install
# Install HTML-Parser v3.26
cd /usr/src
tar zxvf /tmp/20030313SPAM/HTML-Parser-3.26.tar.gz
cd HTML-Parser-3.26/
perl Makefile.PL
make
make test
make install
# Install Libnet
cd /usr/src
tar zxvf /tmp/20030313SPAM/libnet-1.0901.tar.gz
cd libnet-1.0901
perl Configure -d
perl Makefile.PL
make
make install
# Install Digest-SHA-1
cd ..
tar zxvf /tmp/20030313SPAM/Digest-SHA1-2.01.tar.gz
cd Digest-SHA1-2.01
perl Makefile.PL
make
make test
make install
# Install DigestMD5 v2.20
cd /usr/src/
tar zxvf /tmp/20030313SPAM/Digest-MD5-2.20.tar.gz
cd Digest-MD5-2.20/
perl Makefile.PL
make
make test
make install
# Install Digest-HMAC
cd ..
tar zxvf /tmp/20030313SPAM/Digest-HMAC-1.01.tar.gz
cd Digest-HMAC-1.01
perl Makefile.PL
make
make test
make install
# Install CoreStack
cd ..
tar zxvf /tmp/20030313SPAM/Devel-CoreStack-1.3.tar.gz
cd Devel-CoreStack-1.3
perl Makefile.PL
make
make test
make install
# Install Test-Harness
cd ..
tar zxvf /tmp/20030313SPAM/Test-Harness-2.26.tar.gz
cd Test-Harness-2.26
perl Makefile.PL
make
make test
make install
cd ..
tar zxvf /tmp/20030313SPAM/Test-Simple-0.45.tar.gz
cd Test-Simple-0.45
perl Makefile.PL
make
make test
make install
cd ..
tar zxvf /tmp/20030313SPAM/Net-DNS-0.31.tar.gz
cd Net-DNS-0.31
perl Makefile.PL
make
make test
make install
cd ..
tar zxvf /tmp/20030313SPAM/Time-HiRes-01.20.tar.gz
cd Time-HiRes-01.20
perl Makefile.PL
make
make test
make install
cd ..
tar zxvf /tmp/20030313SPAM/Digest-Nilsimsa-0.06.tar.gz
cd Digest-Nilsimsa-0.06
perl Makefile.PL
make
make test
make install
# Install MIME-Base64 v2.12
cd /usr/src/
tar zxvf /tmp/20030313SPAM/MIME-Base64-2.12.tar.gz
cd MIME-Base64-2.12/
perl Makefile.PL
make
make test
make install
# Install URI v1.22
cd /usr/src
tar zxvf /tmp/20030313SPAM/URI-1.22.tar.gz
cd URI-1.22/
perl Makefile.PL
make
make test
make install
# Install MailTools
cd ..
tar zxvf /tmp/20030313SPAM/MailTools-1.41.tar.gz
cd MailTools-1.41
perl Makefile.PL
make
make test
make install
cd ..
tar zxvf /tmp/20030313SPAM/Mail-Audit-1.11.tar.gz
cd Mail-Audit-1.11
perl Makefile.PL
make
make test
make install
#HOMEPAGE: http://search.cpan.org/author/RBS/File-Spec-0.82/
cd ..
tar zxvf /tmp/20030313SPAM/File-Spec-0.82.tar.gz
cd File-Spec-0.82
perl Makefile.PL
make
make test
make install
#HOMEPAGE: http://search.cpan.org/author/MAREKR/PodParser-1.21/
cd ..
tar zxvf /tmp/20030313SPAM/PodParser-1.21.tar.gz
cd PodParser-1.21
perl Makefile.PL
make
make test
make install
cd ..
tar zxvf /tmp/20030313SPAM/Mail-SpamAssassin-2.44.tar.gz
cd Mail-SpamAssassin-2.44
perl Makefile.PL
make
make test
make install
Spamassassin Setup
# add spamd user: This creates a new user, and makes the shell /bin/false,
# which is non-interactive to prevent an attacker from gaining system
# acccess.
/usr/sbin/adduser -c "SpamAssassin" -s /bin/false spamd -u 103
# The redhat startup script is copied from the current directory into
# /etc/rc.d/init.d/ which is the general place we put startup scripts
cp redhat-rc-script.sh /etc/rc.d/init.d/spamassassin
chmod +x /etc/rc.d/init.d/spamassassin
# Now the startup script is set to start in runlevels 0 and 3
cd /etc/rc.d/rc3.d; ln -s ../init.d/spamassassin S81spamassassin
cd /etc/rc.d/rc0.d; ln -s ../init.d/spamassassin K31spamassassin
# we create a home directory for our spam daemon and set it up properly
mkdir /home/spamd/.spamassassin
chown spamd.spamd /home/spamd/.spamassassin
cd /usr/src/Mail-SpamAssassin-2.44/spamd/
cp spamd spamc /usr/bin/
# start the server up
/etc/rc.d/init.d/spamassassin start
mkdir /etc/mail/spamassassin
We now have a basic installation of RedHat 7.2 running Postfix MTA and CourierIMAP, backed up by ClamAV to protect our system against Virus, and
Spamassassin to deflect spam at the server level.
Procmail Filter
Procmail is a program that Sendmail uses to deliver local mail. It’s operation is
governed globally by the configuration file /etc/procmailrc and per-user by
~/.procmailrc.
Procmail Installation
Procmail comes preinstalled on RH7.2 Systems
Procmail Setup
By default, there is no /etc/procmailrc on fresh Red Hat Linux 7.2 installs. We
must create this file and put it there. Our installer script copies the file
conf/procmailrc into /etc/procmailrc for you.
# setup system wide procmail
cp procmailrc /etc/procmailrc
/etc/procmailrc has the following contents:
DEFAULT="$HOME/Maildir/"
SPAMIT="$HOME/Maildir/.Spam/"
:0 fw
| /usr/bin/spamc -f
:0
* ^X-Spam-Status: Yes
$SPAMIT
Line one setups up our default mail delivery site. The SPAMIT variable tells us
where to deliver spam if we get a hit.
Line 3, beginning with colon-zero, marks the start of what is called a “Procmail
recipe.” A recipe is a condition followed by an action. For more information on
Procmail recipes, see man procmailrc. The ‘fw’ indicates to Procmail that this
recipe is a filter, meaning that it may modify the original email message.
Line 4 tells Procmail to filter the message text through SpamAssassin. In other
words, the original message is replaced with SpamAssassin’s output. If
SpamAssassin determines that the message is spam, the subject line will be
rewritten to include a spam tag. (Other less visible changes will also be made to
the message.) 2)
Our script sets this all up for you.
Question 03.01
There are multiple ways to write this recipe. One of the most common things
people who use procmail and spamassasin do is limit the size of an email that
SpamAssassin checks. Why would this be a good idea? Read the man pages for
procmail or go online and write down the changes necessary to the above recipe
in order for it to disregard large emails.
Overview
We now have a test system that we can send emails to. Any email that is sent to
localhost will be delivered to the test user junk. Now we can use some of our
spammer tools to see just how effective we can make Spamassassin. This is also
the final thing the script will do for you. From here on out, you will have to follow
along with the directions.
Section 04: Windows Client Setup
We would not have a semi-accurate simulacrum of what a client-server mail
setup is without a genuine Windows User to download mail from IMAP with. So,
we will now setup our Windows XP image to download mail. So, to begin, fire up
your vmware copy of Windows XP and login.
Outlook Express Setup
First, we need to configure an IMAP account on the built in mail reader, Outlook
Express. For the quick ones among us:
name
Group XX
email address junk@localhost
server type
imap
incoming server rh72 ip
outgoing server rh72 ip
username
junk
password
junk
For the less quick, when you’re done with the wizard, your properties views
should look like this:
and this:
When it prompts you to download the new folders say yes. The next prompt will
be an Inbox with “Trash” and “Spam” subfolders. Subscribe to these two
subfolders, when you’re done, it should look like this:
Try sending yourself an email:
Notice we’ve sent an email to our valid junk@localhost account, and an email
that does not exist in our mail server. They both forward to junk@localhost. The
system is setup such that *@localhost will end up in junk@localhost.
This will allow to do some interesting tests on the system in our next section.
Now, we can verify that SpamAssassin is indeed processing our emails by
viewing the source of our message. Highlight one of the messages you just sent
and go to Files → Properties, and click on the “Details” tab. Here you can see the
exact details of how how SpamAssassin has treated your email, and what rules it
processed it with.
Question 04.01
Print out a copy of the contents of your email message, showing the
SpamAssassin headers
Everything under tests = “...” represents specific flags SpamAssassin
found in the message that it used to adjust the overall score with. Consult
the files in /usr/share/spamassassin to determine what each of those flags
do, and what their current point value is. Here, grep is your friend.
SpamAssassin Bayesian Learning
One of the more effective methods SpamAssassin has for sifting through emails
is by statistical analysis. In simplest terms, SpamAssassin can examine a quantity
of known “Spam”, and a quantity of known “Ham” (not spam) and find
signatures. Then when new mail comes in, it can make a judgement about a new
piece and whether or not it feels more like spam, or not. We have provided a
large corpus of known spam and ham, which we can teach SpamAssassin with. It
will immediately start making better judgements on new email from this learning.
sa-learn --showdots -L -C /etc/mail/spamassassin --ham /home/spam-lab/corpus/ham/*
sa-learn --showdots -L -C /etc/mail/spamassassin --spam /home/spam-lab/corpus/spam/*
This technique is even more useful when users put missed spam into a
“LearnAsSpam” folder, at which point sa-learn can run from cron, thereby getting
incrementally better at differentiating spam vs ham.
Section 06: Offense
Spammers exist because it’s actually a lucrative market for those people who are
dedicated and smart enough. An interesting resource for those interested in
getting directly at the source of Spammer culture can visit
http://www.specialham.com. This is the main public forum for Spammers to talk
openly, most of their communication is done over ICQ and other Chat networks.
Not wistanding all the other shady business a spammer might also be in, a fulltime spammer can make money six-figure range US (See “Interview with a
Spammer”).
As with many other parts of this class, we learn by doing. Go back to your
VMWare installation of Windows XP and install ssalone.exe (Send Safe)located in
your /home/spam-lab/spammer/ folder. This is a fully featured program that is
surprisingly well designed.
Question 06.01
Use SendSafe to craft an email message that your installation of SpamAssassin
picks up as Spam. It should be automatically routed to your Spam directory.
Make sure you show the properties page with the score. If you get stuck consult
the /usr/share/spamassassin directory for concrete examples of what
SpamAssassin is using to score. Take a screen shot and turn it in with your lab.
Additional Resources
StealthMail Master
LegalSender
Interview with a Spammer
Section 07: Questions
Question 01.01
Why are spammers making the switch to zombie networks? What tactical
advantage does a dedicated zombie network have over a more traditional open
proxy relay arrangement? Think back to our labs on Honeynets.
Question 02.01
The above javascript solutions take in as strings the parts of a valid email
address, and output a valid email address. In what ways do the two methods
differ? Why might using Javascript be a bad idea in this case?
Question 03.01
There are multiple ways to write this recipe. One of the most common things
people who use procmail and spamassasin do is limit the size of an email that
SpamAssassin checks. Why would this be a good idea? Read the man pages for
procmail or go online and write down the changes necessary to the above recipe
in order for it to disregard large emails.
Question 04.01
Print out a copy of the contents of your email message, showing the
SpamAssassin headers
Everything under tests = “...” represents specific flags SpamAssassin
found in the message that it used to adjust the overall score with. Consult
the files in /usr/share/spamassassin to determine what each of those flags
do. Here, grep is your friend.
Question 06.01
Use SendSafe to craft an email message that your installation of SpamAssassin
picks up as Spam. It should be automatically routed to your Spam directory.
Make sure you show the properties page with the score. If you get stuck consult
the /usr/share/spamassassin directory for concrete examples of what
SpamAssassin is using to score.
General Questions
1. How long did it take you to complete this lab?
2. Was it an appropriate length lab?
3. What corrections and or improvements do you suggest for this lab? Please be
very specific and if you add new material give the exact wording and instructions
you would give to future students in the new lab handout. You may cross out
and edit the text of the lab on previous pages to make minor
corrections/suggestions.
General suggestions like add tool xyz to do more capable scanning will not be
awarded extras points even if the statement is totally true. Specific text that
could be cut and pasted into this lab, completed exercises, and completed
solutions may be awarded additional credit. Thus if tool xyx adds a capability or
additional or better learning experience for future students here is what you
need to do. You should add that tool to the lab by writing new detailed lab
instructions on where to get the tool, how to install it, how to run it, what exactly
to do with it in our lab, example outputs, etc. You must prove with what you turn
in that you actually did the lab improvement yourself. Screen shots and output
hardcopy are a good way to demonstrate that you actually completed your
suggested enhancements.
The lab addition section must start with the title “Lab Addition”, your addition
subject title, and must start with a paragraph explaining at a high level what new
concept may be learned by adding this to the existing laboratory assignment.
After this introductory paragraph, add the details of your lab addition.
Appendix A: Spamassassin Caveats
One thing we have glossed over in this lab are the many ways in which
SpamAssassin uses the power of the community to track and identify Spam. Due
to the lack of internet access in our labs, none of this is available to us. But we
would still like to provide you with resources and a little bit of information about
the more popular community based solutions.
Host Verification: Spamassassin does makes a variety of checks with
the sending host and domain name such as determining whether or not a
DNS MX record exists to verify whether or not a host is legitimate. This
also includes SPF (Sender Policy Framework)
Vipul’s Razor: “Vipul’s Razor is a distributed, collaborative, spam
detection and filtering network. Through user contribution, Razor
establishes a distributed and constantly updating catalogue of spam in
propagation that is consulted by email clients to filter out known spam.
Detection is done with statistical and randomized signatures that
efficiently spot mutating spam content. User input is validated through
reputation assignments based on consensus on report and revoke
assertions which in turn is used for computing confidence values
associated with individual signatures.” 3)
Pyzor: A system designed to be an open source replacement for Razor
which has since become widely adapted. It comes in the default
installation of SpamAssassin
SBL: “The Spamhaus Block List The SBL is a realtime database of IP
addresses of verified spam sources (including spammers, spam gangs and
spam support services), maintained by the Spamhaus Project team and
supplied as a free service to help email administrators better manage
incoming email streams.” 4)
Appendix B: Additional Resources
SpamAssassin Resources
Sender Policy Framework
Spamassassin
Razor
Pyzor
Mail Server Setup
RH71 Mail Server Config
How to set up a mail server on a GNU / Linux system
ACME.com Mail Filtering Introduction
RH7.1 > Postfix > Maildrop > Courier IMAP - How-I-did-it
Other
The Strange Story of Spammers & Blue Frogs
SpecialHam: Where Spammers go to Chat
Anti's: Keeping your Inbox Sorta Clean
1) Wikipedia Spam Overview
2) http://sharkysoft.com/tutorials/linuxtips/spam/
3) http://razor.sourceforge.net
4) http://www.spamhaus.org/sbl/index.lasso
