It-sudparis.eu

The successful low-cost deployment of a secure Institut National des T´el´ecommunications, Computer Science and Audiovisual Engineering Department, Abstract. Communicating by email has become crucial for all compa-nies today. However, a significant amount of undesirable messages passthrough mail servers. Such unwanted and unsolicited communicationsare responsible for a significant loss of time and money for all corpora-tions and may be damaging for corporate reputations. We present herethe email delivery solution we have implemented in our institute, to pre-vent users from receiving spam and viruses. Our choice was motivatedby many criteria including reliability, availability and security but alsoflexibility and price. Indeed, this email gateway runs on a Linux serverand is based on a few modular open source tools designed for securitypurposes. We present all the tools involved in this gateway and discusstheir advantages and drawbacks. Technical explanations of system op-timization and Bayesian filtering are also demonstrated in this paper.
Finally, we show the rate of success we obtained on deploying this emailgateway.
The development of the Internet is a reflection of the insatiable need that humanbeings have to communicate with one another [7] and email has thus become thewidely used application on Internet . Sending an electronic message is probablynow the most common and widespread gesture of Internet users. Today, thistrend is verifiable in all modern enterprises and impacts employees, customers,partners and suppliers.
Communicating by email is crucial and constitutes essential conduit for ex- changing internal and external information. Therefore, any perturbation or evena suspicion of a problem is generally little appreciated by users. For this reasonan email delivery solution should be reliable and 100% available.
The success of email has of course brought with it a number of problems which include Internet worms, viruses, spam, phishing and fraud. The result hasbeen a significant loss in productivity, time and money for all businesses and maybe also damaging for corporate reputations. An effective email delivery gatewayshould therefore be able to protect users against all these threats.
In this paper, we present the successful deployment of a secure email gate- way, at the Institut National de T´el´ecommunications (int). The email deliverysolution we have implemented is able to detect viruses, spams and similar at-tacks, and has proved itself extremely effective and safe. We wish to emphasisethat because telecommunications are our core activity it is of paramount impor-tance that the department provides a working solution for all communicationneeds and this, in an extremely heterogeneous environment which includes ma-jor research projects, teaching and administrative staff and well over a thousandstudents.
After a brief explanation of the underlying protocols, we describe our initial emailgateway and describe our needs. Then, we discuss the choice of Mail TransferAgent (mta) and the different components involved in detection of viruses, spamand other security attacks. Finally, after a few technical indications in particulardealing with optimization, further insights are given.
Project specifications and system requirements Email allows any user connected to Internet to send messages. The transportof an email between the different sites around the world is usually made by theprotocol smtp (Simple Mail Transfer Protocol). In other terms, smtp is theapplication-level protocol that handles message services over tcp/ip networks.
smtp was defined in 1982 by the Internet Engineering Task Force (ietf) and iscurrently specified in rfcs 821 and 822. smtp uses tcp port 25.
Typically, when sending a message, a dns (Domain Name Service) request is done to discover how to reach the Mail eXchanger (mx) of the recipient. If anmx is found then the message is transferred to this server, through port tcp/25.
Although smtp is the most prevalent of the email protocols, it lacks some of the features. For example a primary weakness of standard smtp is the lack of sup-port for non-text messages. mime (Multipurpose Internet Mail Extensions) sup-plements smtp and allows the encapsulation of multimedia (non-text) messagesinside of a standard smtp message. Some mime types as ms-tnef1 (MicrosoftTransport Neutral Encapsulation Format), which is a proprietary standard fromMicrosoft, are more specific and need relevant tools to be interpreted correctly.
Discussions about our initial email gateway Distribution of email has exists for years in our institute but few modificationshave been introduced. At the beginning of this study, our email gateway wascomposed by a heterogeneous succession of three servers: an initial Linux server 1 The ms-tnef is usually generated by Microsoft’s mail client either Microsoft Outlook or Exchange Mail. The format encodes the attributes of messages such as fonts,colour of fonts or type face of fonts.
The successful deployment of an Email gateway running Sendmail in a DeMilitarized Zone (dmz), then a Windows server witha virus scanner and finally another Linux server containing all the mailing ad-dresses.
This meant relatively complex email processing with many stages and there- fore many potential places where a problem could appear. In fact whenever amessage came from another site, it was sent to the first Linux server. Then, theWindows virus scanner received this email and worked on it. After, this messagewas sent again to the first Linux machine. Finally, the mail arrived on the Linuxserver which hosted the mailboxes.
We noted two main sources of trouble. First, the server with the electronic addresses was a potential single point of failure because all the traffic dependedon its availability. Second, the virus scanner hosted on the Windows server wasthe same one that was on the client’s desktop and therefore a malicious programwhich remained undetected could infect the user’s machine. Furthermore, ourvirus scanner was a US product and definitions were delivered with a time lagof about 6 hours which could be dramatic in case of a European virus attack.
Finally, not only was this system not able to filter spam, but it was also quiteexpensive (2000 purchasing price and around 400 a year after that). Nevertheless,users were familiar with the program and its reputation was reassuring.
The int possesses approximately 2000 mailboxes, and around 10 million emailpass through its smtp servers every year. There is a significant volume of traffic.
Traffic volume is significant, in addition many users have mailing addresses onexternal websites, so our choice was between installing on one powerful serveror on two servers.
The National Institute of technology owns approximately 2000 mailboxes, so about 10 millions emails pass through it smtp servers. Volumetry of traffic issignificant, as well as many users leave their mailing address on many website,so our future gateway should be implemented at least on a powerful server.
As email is fundamental for all users, especially in the int, we would prefera round-robin (dns load balancing) system of two servers. Then, if one servercrashes, the second one could take on the mail delivery.
For most users, email is an essential work-tool: everyone should have the possibility to send or receive a message at any time of the day, 365 days of theyear. This is particularly true for researchers who need to exchange informationwith international colleagues. Consequently, availability was a determining fac-tor in our choice of solution. This required that the servers which make up thegateway be secure and every effort should be made to investigate any factor thatcompromised that security.
Because, many clients run different Operating Systems (os) the smtp serverwhich hosts our future gateway should have the ability to recognise all formats(see above 2.1). As most INT users (around 80%) work on Windows systems, it might be more convenient to host this gateway on the same os. However, in oureducational environment, the costs involved are critical.
Open Source software is free of charge and more and more compliant with pro-prietary formats. Furthermore, we are convinced that the only way to achievethe required level of confidence and security is to employ Open Source solutions.
Indeed, commercial suppliers can not compete with thousands of developers spe-cialising in security.
French and European law stipulates that everyone has the right to privacy in his or her private life and correspondence. (Article 8, European Conventionfor the Protection of Human Rights and Fundamental Freedoms). An employercan not look at employee’s email even his computer belongs to the companyand even if the rules of use mention this possibility [1]. It is therefore necessaryfor the department to employ automatic “blind” technical solutions in order toanalyse message content.
To recapitulate the different points evoked above, our email gateway specifica-tions are to: – Use automatic analysis of the email– Reduce the number of servers involved in order to streamline the treatment – Favour a Linux solution to simplify the delivery process– Employ an Open Source solution to reduce the cost– Use both free and commercial virus scanners to reassure users– Detect, filter and sort undesirable messages– Hide the aliases lists from outside of our domain– Make transparent changes for the users with no messages lost In other terms, we wanted to put into place a straightforward, open, low-cost,secure, efficient and reliable email gateway solution.
To scan all email for viruses, spam, phishing and other malicious programs, soft-ware is needed. To securely perform this role, an Open Source toolbox is required.
, In addition to its low cost an Open Source gateway allows the possibility toincorporate different commercial virus scanners as well.
Two software programs present the features mentioned above: Amavis and MailScanner. When we started our assessment, Amavis did not offer the sameflexiblity as its rival so we only present MailScanner here, which is the softwarewe now employ at the int.
The successful deployment of an Email gateway MailScanner provides the engine used to scan email, detect security attacks,viruses and spam. By virtue of being Open Source, the technology in MailScannerhas been reviewed many times over before becoming a reliable and trustworthysolution. This software is written in Perl for three main reasons [12]: – Using Perl eliminates all the memory allocation and buffer overrun problems – Only parts of the process are CPU intensive– Perl is far more “portable” than most other languages, so it can be run on MailScanner is used by over 30,000 sites around the world, protecting top govern-ment departments, commercial corporations and educational institutions. Thistechnology is believed to become the standard email solution at many ISP sitesfor virus protection and spam filtering [4].
This software can be found at http://www.mailscanner.info The MailScanner engine initiates email scanning by starting two instances of the Mail Transfer Agent.
The first mta is started in daemon mode to accept incoming email. The messageis accepted and simply delivered to an incoming queue directory. To accomplishthe scanning of incoming emails and processing tasks, MailScanner starts a con-figurable number of child processes. Typically, there are five child processes whichexamine the incoming queue at five second intervals and select a number of theoldest messages in the queue for batch processing2. MailScanner processes thewaiting message and then delivers the cleaned messages to the outgoing queuedirectory. Only after the messages are delivered to the outgoing queue directoryare they deleted from the incoming spool directory. This ensures that no mailis lost, even in the event of unexpected power loss, as the system always has aninternal copy of all messages being processed.
The second mta instance is also started in daemon mode and watches an outgo-ing queue directory for scanned and processed messages that need to be delivered[11].
In other terms, MailScanner is not involved in providing smtp service, or delivering emails but this software sits between the two instances of the mta(i.e. between the two queues), moving mail from the incoming to the outgoingas it scans it (see fig. 1 for explanations of the process flow).
2 The number of child processes and the time interval between them is configurable and should be established based on the gateway system’s speed, memory, number ofprocessors and other running applications.
Fig. 1. MailScanner process flow, (courtesy of J. Field). We see that MailScanner runsbetween two instances of the Mail Transfer Agent to accomplish scanning of emails inorder to detect security attacks, viruses and spam. MailScanner first runs a series ofReal-time Black List (RBL) tests on each message. If the message passes successfully theRBL tests it is passed to SpamAssassin which uses heuristic, Bayesian and other teststo determine the spam level of the message (SpamAssassin assigns a numerical value toeach test that is used on the message). Every message receives a “spam score”. Then,a virus scan is performed using related scanner(s): if a virus is detected, the messageis marked as containing a virus. Once virus detection is complete, the MailScannerchild process examines the filename and file type of any email attachments againstsite configurable rule sets. Virtually any type or name of attachments can be blockedor passed depending on how MailScanner has been configured. The message is alsoexamined to see if the body contains possibly dangerous HTML content. Configurableoptions allow logging, passing, deleting or disarming these HTML content tags. Afterthis stage of the processing, MailScanner has all the information needed to modify,deliver, reject or quarantine the message. This final message processing depends on themessage content and the MailScanner configuration settings [11].
The successful deployment of an Email gateway A few mtas exist like Sendmail, qmail, Exim or Postfix3. Each of these fourwidely-used mtas has broadly similar features. They can all handle large amountsof mail and can interact with databases in many formats. They have an extensiveknowledge of the many smtp variants in use and are not readily exploitable. Thesource code is freely available along with third party document support.
Sendmail is the most popular mta and is reckoned by many authorities to deliver a bit less than half of all Internet email. That works out to be billionsof messages every day. Sendmail is one of the main reasons that the Internet isuseful to many millions of people, and certainly sendmail is how Internet emailwas developed in the first place.
Sendmail has an extraordinarily obscure configuration file, a poor history of security breaches and a design centred around unix in the early 1980s. Itis a fact that hundreds of thousands of sendmail sites are currently advertisingthemselves as having remotely exploitable security vulnerabilities.
The primary design goal for qmail is to replace some Sendmail features, givingmore security and performance in the process.
The outstanding feature of Exim is that it was designed to be a general-purposemailer for unix machines. Exim is not a total rethink about how mail works,like qmail is. Exim looks and behaves much like any other unix daemon, witha monolithic configuration file, a monolithic daemon, a small number of log filesand a standard style of spooling. It does not have a poor security history, cancope with high load and it has excellent integration facilities.
Postfix is, like qmail, written by a prolific freeware security specialist. Postfixfits somewhere between qmail and Exim. It consists of several programs (butfewer than qmail), and has a substantial configuration file. Postfix has a strongemphasis on security, but not to the extent of imposing unusual unix manage-ment practices. Postfix is quite flexible in its configuration file, but not to theextent of Exim (Exim was designed to be a general-purpose mailer for unixmachines). Postfix has been measured by many as being extremely fast. Postfixis, like Exim, a drop-in replacement for Sendmail.
– Ease of administration– Security– Performance– Long-term viability Actually, all the cited mta are comparable but for either security reasons andbecause we have a number of years experience of Postfix (internal competence),we chose this mta.
3 There are other commendable mtas one can talk about, such as zmailer and smail3 (not as widely used) or products like Microsoft Exchange or Lotus Notes but wedecided to omit them.
Postfix is a complex system, running with reduced rights and privileges, using separate independent processes. It does not run under control of a user process(controlled environment), it is not a set-UID program (i.e. able to write and tochange rights). Postfix programs do not trust the contents of queue files (queuefiles have no on-disk record for deliveries) and the number of in-memory instancesis limited while the memory for strings and buffers is allocated dynamically inorder to prevent buffer overrun problems. For the same reason, large inputs arebroken up into sequences of reasonably-sized elements.
Most Postfix daemon programs can be run at fixed low privilege in a ch- rooted environment. This is especially true for the programs that are exposedto the network: the smtp server and smtp client. Postfix uses separate pro-cesses to insulate activities from each other (see fig. 2 or details). In particular,there is no direct path from the network to the security-sensitive local deliv-ery programs. Some parts of the Postfix system are multi-threaded. However,all programs that interact with the outside world are single-threaded. No Post-fix mail delivery program runs under control of a user process. Instead, mostPostfix programs run under control of a resident master daemon that runs in acontrolled environment,without any parent-child relationship to user processes.
This approach eliminates exploits that involve signals, open files, environmentvariables, and other process attributes that the unix system passes on from apossibly-malicious parent to a child. Postfix queue files have a specific format;less than one in 1012 non-Postfix files would be recognized as a valid Postfixqueue file. Postfix programs do not trust data received from the network. Inparticular, Postfix filters sender provided data before exporting it via environ-ment variables [2].
If Postfix uses multiple layers of defence, it is precisely because this program was written with security in mind. That is why, architecture of these multipleprograms are so difficult to break [10].
Postfix can be found at http://www.postfix.org Spam is unsolicited and undesirable email sent generally to sell a product suchas software, pharmaceutical products or encourage access to a pornographic sites[6].
The number and variety of these types of messages has increased dramat- ically. Today, the amount of spam sent to a site could even create bandwidthsaturation. As a result other applications could have difficulties to gain externalnetwork access [1]. As well as monopolising computer resources much time iswasted in dealing with it. Classic filtering techniques which drop messages con-taining key words like viagra are not sufficient. Indeed, spam with a spoofing,for instance misleading subject headers, are commonly seen [5].
A recent study revealed that the average cost of spam for an American companyis more than $150 per year and per person [3] and it may double over the nexttwo years.
The successful deployment of an Email gateway Maildrop Queue
Sendmail
Incoming
QUEUE MANAGER
INTERNET
Fig. 2. Simplified overview of postfix mailing system: Any messages from in-side our domain are transferred by the sendmail emulator into the maildropqueue. The pickup daemon reads from the maildrop queue and puts the emailinto the incoming queue with the help of the clean-up program. This clean-upprogram signals the arrival of new mail to the queue manager program, checksthe headers (as for instance the hostname of the sender), eventually informs theadministrator and rewrites the messages in the incoming queue. All emails inthis queue are transferred to the queue manager which is the core of the postfixsystem. After having given the necessary parameters as the name and addressof the recipient, the queue manager puts the message into an active state (if theemail is not temporary deffered) and thus calls an appropriate delivery agent (aslocal, bounce, rewrite or smtp) . Local messages (from and to our domain) aretransferred on the server which hosts the mailboxes via the local agent. Emailsfrom our client Workstations (i.e. by a ”Mail User Agent”, as for instance mailx, outlook, eudora, pine, etc.) are sent through the Internet using the SMTP util-ity. External mails from the Internet are received by the SMTPd daemon andwritten into the incoming queue with the help of the clean-up program and,then, any external emails follow the same process as a local message.
A MailScanner child process picks up a batch of messages from the incoming mail queue and first runs its own Real-time Black List (rbl see below) checkson the messages in the batch.
SpamAssassin (http://www.apache.org) is probably the only open-source soft-ware able to determine the probability for a message to stand for a spam. Fur-thermore, MailScanner works solely with SpamAssassin4.
If MailScanner is configured to use SpamAssassin, it then calls SpamAssassin once for each batch of messages (not once for each message), by directly callingthe SpamAssassin Perl modules, not the executable spamassassin or spamd, andruns the SpamAssassin rules against this batch of messages.
4 SpamAssassin is a spam-scoring engine used by many commercial products [10].
Real-time Black List Many black lists, which compile the IP address of thespam servers, exist over the world. These lists are renewed constantly and theyoffer a first level of protection against spam.
MailScanner runs a series of rbl tests on each message. If the IP address of the sender’s mail server or mail relay servers matches one of the addresses onthe lists, the message may marked definitively as spam and no further tests areperformed [11].
Those messages which pass the rbl tests, are passed to SpamAssassin which use heuristic, Bayesian and other tests to determine the spam level of the message(i.e. a spam “score”).
SpamAssassin and its Bayesian filtering SpamAssassin engine is present in mostof the commercial spam scanners. SpamAssassin is also an Open Source software,recognized as the most intelligent tool to prevent the propagation of spam.
SpamAssassin assigns a numerical value to each test that is used on the message. SpamAssassin also examines the site specific white lists (ham i.e. notspam) and black lists (spam). SpamAssassin calculates the final score for eachmessage at the end of these tests.
The Bayesian filter in SpamAssassin is one of the most effective techniques forfiltering spam.
Although Bayesian statistical analysis is a branch of mathematics, one doesn’t necessarily need to understand the mathematics to use spamassassin’s Bayesianfilter. Bayesian analysis involves teaching a system that a particular input givesa particular result. For spam filtering, this teaching is repeated, many times over,with many spam and ham emails. Once this is finished, a Bayesian system canbe presented with a new email and will give a probability of the result beingspam. For best results, teaching should be a constant process.
Internally, the Bayesian engine provides a single probability figure for each email processed. This probability ranges from 0 (0% likelihood that an email isspam) up to 99 (99% likelihood) [8].
To filter spam emails, the system is taught both ham and spam emails, un- til the filter has learned to differentiate between the two. Then, emails passedthrough the filter will be assigned a probability of being spam. When Bayesianfiltering is used in conjunction with SpamAssassin’s other spam detection rules,SpamAssassin approaches 100% detection of spam, with false positives (legiti-mate emails misclassified as spam) close to 0%.
After this stage of the processing, MailScanner has all the information needed to modify, deliver, reject or quarantine the message. Once SpamAssassin hasassigned a numerical value to the messages, MailScanner can perform any com-bination of the following configurable options (see fig. 1): – Delete - delete the message– Store - store the message in the quarantine– Bounce - send a rejection message back to the sender– Forward - forward a copy of the message to user@domain.com The successful deployment of an Email gateway – Strip HTML - convert all in-line HTML content to plain text– Attachment - Convert the original message into an attachment of the message– Deliver - deliver the message as normal The principal vector of viruses is email. To run a “good” virus scanner onan email gateway is thus the best protection. Indeed, some worms propagatethrough emails. Once installed on a computer, this kind of virus uses the ad-dresses book of the recipient to infect his or her contacts.
Email worms are not systematically recognized by the clients virus scanner.
MailScanner may be configured to use one or more of seventeen commercial orOpen Source virus scanners. If a virus is detected, the message is marked ascontaining a virus in the subject. We have performed several tests to choose themost appropriate bundle of virus scanners, aggregate to MailScanner.
The criteria used are: – The reactivity of the virus definition– The time taken in treating a message– The cost (price by server vs. by mailbox),– The combined use of Open Source and commercial virus scanners The virus scanners tested in our study were Antivir, bitDefender, clamAV, FProt, F-Secure, McAfee, Sophos, Command and Kaspersky. In our case, a serversolution is more advantageous than a mailbox analysis, so we finally decided touse clamAV (http://www.clamav.net), Kaspersky(http://www.kaspersky.com) and Command (http://www.authentium.com).
Once virus detection is complete, the MailScanner child process examines the filename and file types of any email attachments against configurable rule sets.
We note that this software can perform tests on zip archives that are not pass-word protected (with as many as 7 levels of compression).
Treatment of malicious attachments and other attacks The message is also examined by MailScanner to see if the body contains possiblydangerous HTML content such as IFrame or <Form> tags. Configurable optionsallow logging, passing, deleting or disarming these html content tags.
Over the past two years, we have seen the proliferation of a new type of attack.
This technique, called phishing, also referred to as brand spoofing or carding,has already caused a lot of damage. Messages are sent to a user purporting tobe from an established legitimate enterprise in an attempt to elicit the userinto surrendering private information that will be used for identity theft. Theemail directs the user to visit a Web site where they are asked to update personalinformation, such as passwords and credit card, social security, and bank accountnumbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users information.
A new module incorporated in MailScanner allows detection of such a message.
If a virus or another dangerous tag is detected, MailScanner can send: – A customized message to the sender of the virus (normally not desirable)– A customized message to the recipient of the virus– The disarmed and sanitized message to the recipient– The message and the virus to quarantine– The disinfected or cleaned message to the recipient Other applications may be installed with MailScanner to simplify administrationand provide additional functionality. We describe only here MailWatch, whichis a web-based front-end to MailScanner written in PHP, MySQL and JpGraphand is also freely available under the terms of the GNU Public Licence.
MailWatch (http://mailwatch.sourceforge.net) contains a module which causes MailScanner to log all message data (excluding body text) to a MySQLdatabase. MailWatch is then able to display reports and statistics as follows [11]: – Load average and daily totals for messages, spam, viruses and block content – Reports with customizable filters and graphs (see fig 3)– Color-coded recently processed emails– Drill-down onto each message to see detailed information– Quarantine management and spam learning– MySQL database status– MailScanner configuration files Fig. 3. Example of reports displayed by MailWatch for MailScanner: top ten virusesreceived by our smtp server are shown in a pie chart.
The successful deployment of an Email gateway DNS cache To improve time of rbls testing, installation of a dns cache serveris highly recommended. Then, after a short while, the IP addresses compiled onthese lists are known by the server and no other dns request is needed.
bind is an Open Source secure dns server, adapted to this use(http://www.isc.org/). Implementation of bind on a Linux box is quite easyand well documented.
tmpfs file system MailScanner “unpacks” messages for scanning on the direc-tory /var/spool/MailScanner/incoming. Mounting this directory in memoryimproves dramatically performance. Of course, no email will be lost even if thesystem crashes. The software never removes a message from the incoming mailqueue until it is fully written to the outgoing mail queue. In case of system crash,when MailScanner restarts, it will find the “lost” emails in the incoming mailqueue and it will process these messages normally.
Modification of the logging facility In a normal use, the syslog daemon no-tices the system in a very explicit (verbose) manner, especially when MailScannerstarts. Speed logging can be obtained by a simple modification of the/etc/syslog.conf file in a way to omit the synchronising of logs.
Improved performance is obtained using this method.
Confidence in our domain As the spam checks takes the most time, Spamas-sassin can be configured to ignore mail within the Local Area Network (lan).
It presupposes that no spammer connects from within the lan but this methodis probably the most effective way to reduce the internal delivery time. For this,one can simply modify /etc/mail/spamassassin/local.cf.
As underlined in the introduction, communicating by email has become crucialin the day to day work of sites such as government departments, commercialbusinesses and educational institutions. Nevertheless unwanted and unsolicitedcommunications are responsible for a significant loss of time and money foreverybody concerned and may be damaging for corporate reputations.
It appears from this study that it is possible to implement a secure smtp gate- way, in a working context, with only Open Source software. Such an email gate-way is a tool able to stop viruses, to filter spam, to detect attacks against securityvulnerabilities and thus plays a major part in the security of a network. The fi-nancial cost associated with this gateway is null, except for the investment inthe two servers. A schematic view of this gateway is shown in fig. 4.
Fig. 4. Scheme of the distribution of emails from/to outside (PCext) from/toinside our network. Red arrows show the outbound smtp fluxes, blue ones rep-resent the incoming fluxes. Green arrows represent the transport of messages tothe server containing the mailboxes by LMTP (Local Mail Transfer Protocol).
Light blue arrow illustrates a request (POP or IMAP) by a client. SMTP1 andSMTP2 are the same and load balanced: if a server crashe, the second one willtake its place. Both host running virus scanners and spam scoring software arerepresented in this figure.
The low-cost secure email gateway described here has been deployed for one year at the int. On the approximately 60 million messages received per year inour institute, we can note that only 25% contains real information: around 63% ofspam and 9% of viruses5. Today, spam filtering is more than 94% efficient and itis also important to notice that one false positive appears once in a month. Mostof the spams which are not identified are due to a fast mode of MailScanner usedto speed up the delivery process. All viruses are stopped by this gateway and 5 Theses rates include internal emails.
The successful deployment of an Email gateway most of the attacks are detected. However, we arbitrary stop many attachments,as the Windows executable files, which somehow disturb users during the firsttwo months following the installation of this gateway. Now, users agree in sayingthat this gateway provides them with an improved working environment.
The next step will be now to guarantee the complete availability of the mail- boxes by keeping the same principle, i.e. to distribute the load across multiplemachines rather than buying bigger and faster machines.
Instead of using the smtp protocol to send messages, clients use pop or imapto retrieve messages. The Post Office Protocol version 3 (pop3, specified in rfc1734) and the Internet Message Access Protocol (imap, described in rfc 1731)are the two main email retrieval protocols, used [9]. The underlying applicationwe use is Cyrus-imapd which allows the mailboxes to be pop compliant with afull support of imap (documentation about Cyrus imap server can be found athttp://asg.web.cmu.edu/cyrus/imapd/).
This means that users can access the mail from virtually any email client, andchoose to have it in the usual pop ”stored-forward” method, which downloadsto their client, or imap’s storage method, retaining the mail on the server.
This hosting mailbox server is clearly a single point of failure. The approach of distributing the load among imap/pop servers generally sacrifices the unifiedsystem image (distributing the load is complicated, particularly since there isno concept of mailbox location in imap). For pure email, this is an acceptablecompromise; however, trying to share mailboxes becomes difficult or even im-possible. A new approach to overcome these problems exists and is called Cyrusimap Aggregator. The Cyrus imap Aggregator transparently distributes imapand pop mailboxes across multiple servers, thereby appearing to be only oneserver to the clients. Unlike other systems for load balancing imap mailboxes,the aggregator allows users to access mailboxes on any of the imap servers in thesystem. Insights on the way to install and to configure Cyrus imap Aggregatorcan be found at http://asg.web.cmu.edu/cyrus/ag.html.
Author thanks Nigel Barnett for his help with the translation of this paper. Iacknowledge all the members of S2IA for many helpful discussions. I thank AnasAbou El Kalam for his concern in the submission of this article.
1. Aoun, F., B. Rasle, B.: Halte au Spam, (Eyrolles, 2003).
2. Dent, K. D.: Postfix Definitive Guide, (O’Reilly, 2004).
3. Calculating Spam Cost for your Organization, 511 Ferris Research, 2005.
4. Field, J.: MailScanner: A User Guide And Training Manual, EPrint Type Book, 5. Graham, P.: Adaptive Filtering: One Year On, in Usenix LISA, 03, 2003.
6. Graham, P.: A Plan for Spam, (web publication; IETF mailing list discussion), 2002.
7. Licklider, J.C.R.,Taylor, R.W.: The Computer as a Communication Device. In Sci- ence and Technology: For the Technical Men in Management, 76 (1968) 21–31.
8. McDonald, A.: SpamAssassin: A practical guide to integration and configuration 9. Mullet, D., Mullet, K.: Managing IMAP, (O’Reilly, 2000).
10. Schauer, H.: Relais de messagerie s´ecuris´e et libre, SETI proceeding, CS2, 2004.
11. Swaney, S., Bellavance, U., Neylon, M.: MailScanner administrator guide (Fortress 12. Williamson, A.: LWM Speaks with Julian Field: MailScanner addresses the growing spam problem, in LinuxWorld Magazine, December 2003.

Source: http://www.it-sudparis.eu/s2ia/user/gaboret/conferences/gaboret_crisis05.pdf