Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
public:emai:spam_chain [2021-06-16 10:38] – created vesely | public:emai:spam_chain [2021-06-17 13:54] (current) – vesely | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Spam fiters at CERGE-EI ====== | ====== Spam fiters at CERGE-EI ====== | ||
+ | |||
+ | See also [[: | ||
+ | |||
+ | ---- | ||
====== Incoming emails ====== | ====== Incoming emails ====== | ||
Line 13: | Line 17: | ||
Malicious content - is blocked and is put to system quarantine for further analysis. | Malicious content - is blocked and is put to system quarantine for further analysis. | ||
- | Suspicious content - usualy add warning to the subject - warning texts are in lowercase: [Spam], [Newsletter] , [Warning - bad SPF] etc. | + | Suspicious content - usualy add warning to the subject - <font inherit/ |
==== Step 2: Ironport ==== | ==== Step 2: Ironport ==== | ||
Line 21: | Line 24: | ||
Primary appliance is iport (iport2 is auxiliary) | Primary appliance is iport (iport2 is auxiliary) | ||
- | Filtrace na spam je několikastupňová.\\ | + | Ironport checks for: IP reputation, viruses, spam signatures, mass-mail behavior, executable, encrypted files etc. |
- | 1. První filtr je Fortimail, který kontrolujeme my a pokud by měla být nějaká reklamace na něj, potřebujeme dohledávat podle parametrů zprávy, času, odesílatele a podobně. Pak lze celkem dobře a přesně zjistit v logu, co se stalo, proč a jak se zprávou naložil.\\ | + | |
- | 2. Druhý filtr je Ironport, který mimo jiné zprávy značkuje | + | Malicious content - is rejected |
- | 3. Poslední serverový filtr je Zimbra, která může přeřadit zprávu do Junk folderu. Jeho filtrace je dohledatelná v hlavičkách zprávy. Viz i výše uvedený text na wiki, poslední ilustrovaný odstavec o hlavičkách zprávy.\\ | + | |
- | 4. Úplně poslední filtraci dělá i klient, | + | Suspicious content - is put to personal quarantine. Warnings are added to the subject - <font inherit/ |
+ | |||
+ | User gets regular email digest about newly quarantined emails. It is possible to manually release email and even whitelist sender. | ||
+ | |||
+ | ==== Step 3: Zimbra | ||
+ | |||
+ | //**Zimbra mailserver is the main email server at CERGE-EI** // | ||
+ | |||
+ | Zimbra mailserver may put problematic email message to the Junk folder. | ||
+ | |||
+ | It uses Spamassasin for spam detection. User may check message headers for detailed info about spam detection (clasification etc.). | ||
+ | |||
+ | ==== Step 4: Email client ==== | ||
+ | |||
+ | Last step of detection is usualy done in user's client software (Thunderbird, Outlook, …). | ||
+ | |||
+ | Each email client deals with suspicious content differently. It is necessary to be informed how your specific client works and where to find problematic emails (Junk folder, Spam folder, Newsletter folder etc.) | ||