Control Mail File Size and Fight Spam with Notes/Domino 6
description
Transcript of Control Mail File Size and Fight Spam with Notes/Domino 6
© 2004 Wellesley Information Services. All rights reserved.
Control Mail File Size and Fight Spam with Notes/Domino 6
Andy PedisichTechnotics, Inc.
Webcast schedule
Today’s event will run one hour long. Here are the expected times for each segment of the webcast:
:00 - :05 -- Moderator introduces the speaker and discusses the details of the webcast.
:05 - :25 -- Speaker delivers a PowerPoint presentation on the webcast topic.
:25 - :35 -- Moderator and speaker engage in a brief Q&A on the topic.
:35 - :60 -- The speaker responds to questions submitted by the audience.
You can submit questions to the speaker at any time during the event. Just click on the “Ask a Question” button in the lower left corner of your screen.
Technical FAQs
Q: Why can’t I hear the audio part of the webcast?A: Try increasing the volume on your computer.
Q: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?
A: The slides are constantly be pushed to your screen. You’ll should refresh (hit F5) to view the latest slide.
If your question is still not answered, please click the “Ask a Question” button in the lower left corner of your screen and submit your problem. A technical support person will respond immediately.
You can also visit the Broadcast Help page (http://help.yahoo.com/help/bcst/) for more information or to test your browser compatibility.
© 2004 Wellesley Information Services. All rights reserved.
Control Mail File Size and Fight Spam with Notes/Domino 6
Andy PedisichTechnotics, Inc.
What we’ll cover…
•Making the case for smaller mail files•Configuring for size management•Configuring to close open relays•Using real-time blacklists•Anti-spam tools•10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
What we’ll cover…
• Making the case for smaller mail files• Configuring for size management• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
The legacy of the monster mail file
• Buying disk was cheaper than managing the files Even with backup factored -- it still seemed like a bargain
• Mail files became places to store everything Spreadsheets, presentations, documents, data sets
• So why is that changing now? Disk and backups now seen as too expensive
Growth of incredible large mail files is exponential Litigations mean expensive mail file searches
At $2 to $5 per message searched! Large mail files forces fewer users per server
We are buying servers when we should be consolidating them!
Issue
Three elements to control mail file size
1. Corporate policy must clearly state a size limit Best if dictated by the Legal Department
2. Admin tools are needed to control mail file size Need to be nearly user transparent
3. Users must learn best practice for using mail Must have the automated tools to help them
• Expect major pushback – everyone hates change Change in work habits Change in security They think they need their old mail
What we’ll cover…
• Making the case for smaller mail files• Configuring for size management• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
We have the backing – let’s go!
• Two features can be utilized for size management Quotas set max file size for users
Can interrupt user’s mail flow if file size exceeds max Archiving will help administrators manage size
• Quotas and thresholds can be set During registration Or for existing users mail files
Set per mail file, not per user
• Use a warning threshold to give users advance notice so they can take action before you do
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
Setting quotas
•Select the database using the Administrator client
Use Tools/Database/Quotas or right click and select Quotas
•Configure the database with a quota
In this example30 MB hard quota29 MB warning threshold
•Note that you could select more than one database in the Admin client
Over threshold and quota actions
• And once they are over threshold or quota You can annoy the user
At minute, hourly or daily intervalsEvery time they send a message
• With the added enforcement steps for quota You can deliver the mail – (You are such a nice admin!) Hold their mail – (Getting tougher!) Or send a non-deliver back to the originator – (You rat!)
When they are over – the messages start
• Server Configuration Document Router/SMTP -
Advanced - Controls tabFailure Messages
You can add customized text, or text from a fileYou must select one
or the other for all error messages
If you use text, only the first line appearsNote
Archiving mail to reduce mail file size
• You can set up to archive mail To another file on user’s mail server
This makes no sense at all in the context of reducing disk space usage
To the user’s local drive or to file serverMake sure it’s backed up!
To another serverThis works!New in ND6You can provide an
underpowered server to hold archive files
Note
Archiving should be automatic
•You can set up server to server archiving
Set it to delete documents or just attachmentsOr set it up to not archive at all, just to delete documents
Make sure users understand this if you take this route
Criteria for archiving
•Select a criterion for document selection and an age
•As a bonus, you can choose Not to delete documents with responsesTo log all archiving activity
Setting up archiving
•Set the archiving to run once a day at whatever hour you wish
Select one day or every day
•Use policies to set up archiving for your domain
Push out to certain OUs or your entire organization
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
Best practice for small mail files
• Remind users that they drive to the store, but they don’t leave groceries in the car once they get home “You can keep that data, but not on my mail server!”
• Archive all inbox messages older than 90 days old If you put it in a folder other than inbox, you get to keep it
• Encourage users to work smarter To reply without attachments and use shared DBs
• Zip attachments to save space 3rd party packages that will do this automatically Helps a lot, but must attack the problem at its root
Habits must change
What we’ll cover…
• Making the case for smaller mail files• Configuring for size management• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
How do spammers do what they do?
• Spammers send millions of messages because of thousands of incorrectly configured mail servers Some overworked administrators out there
Aren’t aware that their servers are open relaysDon’t know how to prevent it from happening
• Spammers use these open relay boxes as a launch pad for their barrage of messages If spammers used their own servers
We’d block their IP addressesWe’d block their domain names
o They’d be out of business
Don’t be an open relay – Part 1: Controls
• It’s easy to keep your Domino 6 SMTP locked down• Create a Server Config Document
Under the tab SMTP inbound controls Allow messages to the following external domains
Your own domain Deny messages to the following external domains
An asterisk (*) prevents relaying anywhere
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
Don’t be an open relay – Part 2: Enforce
• On the Inbound Relay Enforcement area Perform Anti-Relay enforcement for connecting hosts
Select “External Hosts Exceptions for authenticated users
Allow only authenticated users to relay
That’s it! You’re protected, and you’ve done your part in the fight against UCE – Unsolicited Commercial E-mail
Special configurations in some cases
• There are certain configurations that might apply to your domain or domains Inbound relay might be permitted for some domains and
servers This is still configurable in SMTP Inbound Controls tab
• You can allow or restrict relaying using a variety of IP address and domain name masks
• Would you like to test your SMTP server to see if it’s locked down? Of course you would! Here’s how
Here is the whole Telnet dialogue
• Here’s the dialogue the way you want to see it
telnet smtp.mycorp.com 25
220 smtp.mycorp.com ESMTP Service (Lotus Domino Release 6.5) ready at Feb 2004 07:15:36 -0700
helo bogus.com
250 ustech01.technotics.com Hello bogus.com ([10.200.200.86]), pleased to meet you
mail from:[email protected]
250 [email protected]... Sender OK
rcpt to:[email protected]
554 Relay rejected for policy reasons.
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
What we’ll cover…
• Making the case for smaller mail files• Configuring for size management• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
The danger of being an open relay
• If you’re an open relay, you will be reported to Internet blacklists SMTP host servers in many, many organizations will not
accept mail from blacklisted servers
• If your SMTP server is blacklisted, your organization might be unable to send mail to other Internet domains Your customers Your clients Vendors, banks and many others
• Put these blacklists to work for you!
Blacklists and you
• If your server is on a blacklist You might be notified as to which list you are on
And then again, you might not
• Want your server off the list? It’s like trying to clear your credit history
But there is no universal clearing houseMust search for backlist orgs -- look for your server
• Want to use a blacklist? Some are free, some charge a fee
You get what you pay forGenerally the fee-based ones are more flexible
Warning
How an open relay server is blacklisted
• In most cases, someone reports the alleged server to an organization like Mail Abuse Prevention System – mail-abuse.org Open Relay Database – ordb.org
• The system is tested, much in the same way as the Telnet session earlier But they use many more variations They try to exploit known holes in SMTP servers They attempt address variations that might fool a server
They don’t fool Domino 6, as long as it’s configured to reject relays
Here’s an example
• This is a portion of a log showing of a blacklist org’s open relay test against a Domino server Over 100 attempts were made to storm the SMTP gates of
the Domino serverNone made it through!
Attempt to relay mail to "[email protected]"@localhost rejected for policy reasons.
Attempt to relay mail to "[email protected]" rejected for policy reasons.
Attempt to relay mail to [email protected] rejected for policy reasons
Attempt to relay mail to obsl-add2%obsl.outblaze.com rejected for policy reasons.
Attempt to relay mail to obsl-add2%obsl.outblaze.com@[127.0.0.1] rejected for policy
Attempt to relay mail to "obsl-add2%obsl.outblaze.com" rejected for policy reasons.
Attempt to relay mail to "[email protected]"@[127.0.0.1] rejected for policy reasons.
Attempt to relay mail to obsl.outblaze.com!obsl-add2@[127.0.0.1] rejected for policy reasons.
Attempt to relay mail to obsl-add2%obsl.outblaze.com@[209.107.64.139] rejected for policy reasons.
Attempt to relay mail to "[email protected]"@[209.107.64.139] rejected for policy reasons.
Options for configuration
•OptionsLog – logs to Log.NSFLog and tag message – logs, and adds $DNSBLSites field to messageLog and reject message - same as Log, but rejects connection, returns configurable error message to the host
•It’s a good idea to log for a while in the beginning to be sure you’re not rejecting real e-mail
Real-time blacklists
• Open Relay Behaviour Modification System ordb.org
• Mail Abuse Protection System www.mail-abuse.com
• Spamhaus www.spamhaus.org
• Composite Blocking List Cbl.abuseat.org
• Spamcop www.spamcop.net
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
What we’ll cover…
• Making the case for smaller mail files• Configuring for size management• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
What doesn’t work fighting spam
• Here are a few techniques to forget about! IP address filtering
Their IP addresses change by the minute Domain name filtering
There is hardly a real domain name among them Mail address filtering
They never use the same one twice
• They forge headers, they spoof IP addresses They are relentless, they have no rules, they’ll never stop
How about content filtering?
• You can use the content filtering Journaling feature in ND6 as a first line of defense Filter for messages with words like viagra, xanax,
prescriptions, and the other non-PC porn terms that can make real trouble in e-mail to your employees
• But content filtering has its limitations in anti-spamProblem is, spammers spell it v.i.a.g.r.a, v1AgR@,
VI@gra, and V.a.l.ium, Va+l+iumThey surround their HTML sale text with meaningless
phrases
Note
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
So what can we do?
• Use a real-time blacklist service Use several if you wish Mail delivery times might suffer, please test before
acceptance
• Consider getting professional help You can assign people almost full time to fighting SPAM
in your organizationEnlist some type of vendor to complete the job
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
Categories of anti-spam products
• Desktop softwareStart using filtersUser determines what is and isn’t spamSoftware can “learn” correct filtering
• Server Software Set of content rules on the server determines what is or
isn’t spam with variations of….You determine spam rulesThe vendor determines the rules with your helpThe vendor provides all the rules -- it’s hands off for
youClick the “Ask a question” button in the
lower left section of your screen to submit a question.
Categories of anti-spam products (cont’d)
• Server Software (cont’d) Uses statistical analysis of message to score messages
for probability of being UCE
• Gateways, appliances, and other hardware Can either be hands off or you fiddle with it
• Mail redirection services Their servers are your MX hosts
They forward clean mail back to you
• Real Time Black Hole List Services Won’t let you receive mail from known open relays and
senders of UCE
What we’ll cover…
• Making the case for smaller mail files• Configuring for size management• Filtering for content• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
10 ways to fight spam now!
• Report spam to the real-time black hole vendors• Users must avoid placing e-mail addresses while
Posting to newsgroups, mailing lists, member profiles Listing yourself as Webmaster on a Web site
• If they must register on Web sites and newsgroups Forbid them from using their corporate address
Give them a different one or use Hotmail or Yahoo
• Tell users never to buy anything from someone who sends you e-mail
• Use client mail filtering to keep out the easiest junk and known offenders
10 Ways to Fight Spam Now! (cont’d)
• Delete spam without opening Avoid Spammer trick of seeing you’re alive using HTML Look at document properties to read Body field Turn off inbox preview
• Create cryptic email addresses Spammers use dictionaries to attack likely account
namesKLS0051 is better than Ken.L.Stevens
• Actively educate users about e-mail risks and responsibilities Establish spam policy if you don’t already have one
10 ways to fight spam now! (cont’d)
• Don’t use “out of office” reply if sender is from the Internet
• Never click a link in Spam mail The jury is still out on “unsubscribe me” links New law says they must remove you
But will they sell your name to someone else?
Resources
• Check out CAUCE Coalition Against Unsolicited Commercial Email www.cauce.org
Working for good anti-spam legislation
• Spam Abuse Network Promoting responsible net commerce Spam.abuse.net
• Spamhaus Tracks the Internet’s worst spammers www.spamhaus.org
Click the “Ask a question” button in the lower left section of your screen to
submit a question.
Questions?
Submit your questions now by clicking on the “Ask a Question” button in the
lower area of your presentation screen.
Thank you!
You can send additional questions to
Andy Pedisich via [email protected].
Thank you
Thank you for participating in this SearchDomino.com live webcast.
Contact Andy Pedisich at [email protected].
If you have additional questions about this webcast, send them to [email protected] and we’ll post them at a future date.
For more information on upcoming SearchDomino.com webcasts or to pre-register for an event, go to http://searchdomino.techtarget.com/webcasts/
To submit your comments or suggestions for future webcasts, send an e-mail to the SearchDomino.com editors at [email protected].