fighting spam for fun and profit
play

Fighting spam for fun and profit the long road to SpamAssassin 4.0 - PowerPoint PPT Presentation

Jul 22, 2023 •228 likes •424 views

Fighting spam for fun and profit the long road to SpamAssassin 4.0 Giovanni Bechis <gbechis@apache.org> Fosdem 2019, Brussels SA as a framework SpamAssassin should be seen as a framework, not as plug & play software if you

  1. Fighting spam for fun and profit the long road to SpamAssassin 4.0 Giovanni Bechis <gbechis@apache.org> Fosdem 2019, Brussels

  2. SA as a framework SpamAssassin should be seen as a framework, not as ”plug & play” software ◮ if you follow HOWTOs you will not take the best out of any software ◮ to take the best out of SA: ◮ write your ”simple” rules ◮ participate to ”masscheck” ◮ SA is a general purpose antispam framework, it’s used to filter spam in some webforms and it’s even integrated in a not-so-famous cms

  3. What’s Masscheck ? ◮ a tool to test rules for accuracy and hit-rate ◮ a good way to check how rules are performing ◮ mass-check is run nightly based on users corpora submission, from those data, scores are assigned to rules and new rules are promoted

  4. Checking how rules are performing RuleQA: ◮ score assigned to messages that has been hit by a rule ◮ ham/spam hit by a single rule ◮ rules that overlaps on a particular rule

  5. What have SpamAssassin done in 3 years and a half ? ◮ sysadmin team and mass-check work ◮ security fixes for PDFInfo plugin and core modules CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 ◮ perl bug triggered by SA on RedHat distros

  6. What have SpamAssassin done in 3 years and a half ? Assorted improvements: ◮ faster startup code and free(3) fixes for spamc(1) ◮ SSLv3 support removed from spamc(1) ◮ freemail antiforge improvements ◮ added possibility to score based on continents in geo-aware plugins ◮ improvements in URILocalBL plugin ◮ TxRep file descriptor leak fixes ◮ better check for http[s] mismatch plugin ◮ regression tests switched to Test::More

  7. What have SpamAssassin done in 3 years and a half ? HashBL plugin The HashBL plugin is the interface to The Email Blocklist (EBL). The EBL is intended to filter spam that is sent from IP addresses and domains that cannot be blocked without causing significant numbers of false positives.

  8. What have SpamAssassin done in 3 years and a half ? HashBL plugin Checking Bitcoin scams with HashBL. Using HashBL plugin (in 4.x release) or using an external plugin you can check if a Bitcoin address has been used for fraudolent purposes or not by asking via a dns query to $bitcoinaddress.bl.btcblack.it.

  9. What have SpamAssassin done in 3 years and a half ? GeoIP2 support Starting on 04/01/2018 Maxmind legacy geoip databases have been discontinued. GeoIP2 support has been added to RelayCountry and URILocalBL plugins. In addiction RelayCountry supports also IP::Country::DB File as an option.

  10. What have SpamAssassin done in 3 years and a half ? Anti phishing plugin A new anti phishing plugin has been developed, it searches phishing uri in a database downloaded from PhishTank or from OpenPhish. More antiphishing databases will be added soon.

  11. What have SpamAssassin done in 3 years and a half ? Resource limits plugin A new plugin that uses BSD::Resource perl module to assure your spamd child processes do not exceed specified CPU or memory limit.

  12. What have SpamAssassin done in 3 years and a half ? ”From Name” spoof plugin A new plugin that perform various tests to detect spoof attempts using the From header name section. From: "safeaddress@paypal.com" <hacked@hacked.eu>

  13. International channels International channels Channels are a set of signed rules, they are important and very effective because standard rules are mostly base on english emails.

  14. New features in SpamAssassin 4.0 ”Ole Macro” detection plugin A plugin have been developed to check if an email contains an Office attachment with a macro, it tries to detect if the attached macro is malicious or not.

  15. New features in SpamAssassin 4.0 ”Authentication-Results” parser plugin A plugin have been developed to check ”Authentication-Results” header fields, it can supply the results obtained to other plugins, to avoid repeating checks that have been performed already.

  16. KAM.cf rules: respond faster to spam KAM.cf rules KAM.cf is a set of ”additional/unofficial” rules developed to respond faster to spam, standard rules takes some days to be deployed due to masscheck. They are very effective but there could be ”very few” false positives.

  17. New features in SpamAssassin 4.0 SpamAssassin 4.0 and future releases ◮ full utf-8 support ◮ GeoDB module for a better geolocalization support ◮ better TxRep handling

  18. Questions ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Measuring the Role of Greylisting and Nolisting in Fighting Spam F. Pagani 1 M. De Astis 2 M.

Measuring the Role of Greylisting and Nolisting in Fighting Spam F. Pagani 1 M. De Astis 2 M.

Measuring the Role of Greylisting and Nolisting in Fighting Spam F. Pagani 1 M. De Astis 2 M. Graziano 1 A. Lanzi 2 D. Balzarotti 1 1 Eurecom Sophia Antipolis, France 2 Universit` a degli Studi di Milano Milano, Italy International Conference

559 views • 43 slides
09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud University of California, Riverside Acknowledgements Grateful to: UCR, My Advisor Dimitrios Gunopulos, My Mentors William S Yerazunis and Bhiksha Raj

572 views • 43 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
Fighting Spam with Haskell Simon Marlow 5 Sept 2015 Headlines Migrated a large service to

Fighting Spam with Haskell Simon Marlow 5 Sept 2015 Headlines Migrated a large service to

Fighting Spam with Haskell Simon Marlow 5 Sept 2015 Headlines Migrated a large service to Haskell thousands of machines every action on Facebook (and Instagram) runs some Haskell code live code updates (&lt;10 min) This talk

879 views • 69 slides
Fighting SPAM: Whitelisting Revisited David Erickson Martin Casado Nick McKeown

Fighting SPAM: Whitelisting Revisited David Erickson Martin Casado Nick McKeown

Fighting SPAM: Whitelisting Revisited David Erickson Martin Casado Nick McKeown derickso@stanford.edu casado@cs.stanford.edu nickm@stanford.edu Member project of the Stanford Clean Slate Program http://cleanslate.stanford.edu

395 views • 27 slides
Richard M. Nixon 1) How to raise a fucked-up kid 2) Fighting Wars for Fun and Profit 3)

Richard M. Nixon 1) How to raise a fucked-up kid 2) Fighting Wars for Fun and Profit 3)

Lessons From the Life of Richard M. Nixon 1) How to raise a fucked-up kid 2) Fighting Wars for Fun and Profit 3) Red-Baiting for dummies 4) Dogs are cute 5) Makeup is important on TV Image not licensed - Removed for internet distribution

413 views • 18 slides
Using BGP for realtime import and export of spam whitelist/blacklist entries Peter Hessler

Using BGP for realtime import and export of spam whitelist/blacklist entries Peter Hessler

Using BGP for realtime import and export of spam whitelist/blacklist entries Peter Hessler phessler@hostserver.de Hostserver GmbH 17 September, 2015 traditional methods network-based spam fighting: download a file from a server every

381 views • 26 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
Using BGP for realtime import and export of spam whitelist/blacklist entries a year in the life

Using BGP for realtime import and export of spam whitelist/blacklist entries a year in the life

Using BGP for realtime import and export of spam whitelist/blacklist entries a year in the life Peter Hessler phessler@openbsd.org OpenBSD 16 May, 2014 bgp-spamd.net network-based spam fighting: bypass and trap lists from spamd(8) use

546 views • 28 slides
Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
Email Administra5on Don Porter CSE/ISE 311: Systems Administra5on

Email Administra5on Don Porter CSE/ISE 311: Systems Administra5on

CSE/ISE 311: Systems Administra5on Email Administra5on Don Porter CSE/ISE 311: Systems Administra5on Theme Email systems started with a pre5y simple design

458 views • 33 slides
Vsevolod Stakhov https://rspamd.com Why rspamd? A real example Rspamd in nutshell Uses

Vsevolod Stakhov https://rspamd.com Why rspamd? A real example Rspamd in nutshell Uses

Vsevolod Stakhov https://rspamd.com Why rspamd? A real example Rspamd in nutshell Uses multiple rules to evaluate messages scores Is written in C Uses event driven processing model Supports plugins in LUA Has self-contained

862 views • 65 slides
Pitfalls of Crawling Crawling, session 7 CS6200: Information Retrieval Slides by: Jesse Anderton

Pitfalls of Crawling Crawling, session 7 CS6200: Information Retrieval Slides by: Jesse Anderton

Pitfalls of Crawling Crawling, session 7 CS6200: Information Retrieval Slides by: Jesse Anderton Crawling at Scale A commercial crawler should support thousands of HTTP requests per second. If the crawler is distributed, that applies for each

358 views • 8 slides
Chapter 6. Ensemble Methods Wei Pan Division of Biostatistics, School of Public Health,

Chapter 6. Ensemble Methods Wei Pan Division of Biostatistics, School of Public Health,

Chapter 6. Ensemble Methods Wei Pan Division of Biostatistics, School of Public Health, University of Minnesota, Minneapolis, MN 55455 Email: weip@biostat.umn.edu PubH 7475/8475 Wei Pan c Introduction Have a base learner/algorithm;

497 views • 32 slides
Link Spam Detection Based on Mass Estimation Zoltn Gyngyi , Pavel Berkhin, Hector

Link Spam Detection Based on Mass Estimation Zoltn Gyngyi , Pavel Berkhin, Hector

Link Spam Detection Based on Mass Estimation Zoltn Gyngyi , Pavel Berkhin, Hector Garcia-Molina, Jan Pedersen Roadmap Search engine spamming Link spamming PageRank contribution Spam mass Definition Estimation

618 views • 35 slides
Spark Machine Learning Amir H. Payberah amir@sics.se SICS Swedish ICT June 30, 2016 Amir H.

Spark Machine Learning Amir H. Payberah amir@sics.se SICS Swedish ICT June 30, 2016 Amir H.

Spark Machine Learning Amir H. Payberah amir@sics.se SICS Swedish ICT June 30, 2016 Amir H. Payberah (SICS) MLLib June 30, 2016 1 / 1 Data Amir H. Payberah (SICS) MLLib June 30, 2016 2 / 1 Data Actionable Knowledge Amir H. Payberah

799 views • 78 slides
CS 403X Mobile and Ubiquitous Computing Lecture 15: Making Apps Intelligent/Machine Learning

CS 403X Mobile and Ubiquitous Computing Lecture 15: Making Apps Intelligent/Machine Learning

CS 403X Mobile and Ubiquitous Computing Lecture 15: Making Apps Intelligent/Machine Learning Emmanuel Agu Making Apps Intelligent (Sensors Inference &amp; Machine Learning) My Goals in this Section If you know machine learning Set off light

586 views • 33 slides
Combating Snowshoe Spam with Fire Olivier van der Toorn &lt;o.i.vandertoorn@utwente.nl&gt;

Combating Snowshoe Spam with Fire Olivier van der Toorn &lt;o.i.vandertoorn@utwente.nl&gt;

Combating Snowshoe Spam with Fire Olivier van der Toorn &lt;o.i.vandertoorn@utwente.nl&gt; November 13, 2018 University of Twente, Design and Analysis of Communication Systems ICT OPEN 2018 Overview Introduction Methodology Results

1.05k views • 55 slides

More recommend