Control Mail File Size and Fight Spam with Notes/Domino 6

© 2004 Wellesley Information Services. All rights reserved.

Control Mail File Size and Fight Spam with Notes/Domino 6

Andy PedisichTechnotics, Inc.

Webcast schedule

Today’s event will run one hour long. Here are the expected times for each segment of the webcast:

:00 - :05 -- Moderator introduces the speaker and discusses the details of the webcast.

:05 - :25 -- Speaker delivers a PowerPoint presentation on the webcast topic.

:25 - :35 -- Moderator and speaker engage in a brief Q&A on the topic.

:35 - :60 -- The speaker responds to questions submitted by the audience.

You can submit questions to the speaker at any time during the event. Just click on the “Ask a Question” button in the lower left corner of your screen.

Technical FAQs

Q: Why can’t I hear the audio part of the webcast?A: Try increasing the volume on your computer.

Q: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?

A: The slides are constantly be pushed to your screen. You’ll should refresh (hit F5) to view the latest slide.

If your question is still not answered, please click the “Ask a Question” button in the lower left corner of your screen and submit your problem. A technical support person will respond immediately.

You can also visit the Broadcast Help page (http://help.yahoo.com/help/bcst/) for more information or to test your browser compatibility.

© 2004 Wellesley Information Services. All rights reserved.

Control Mail File Size and Fight Spam with Notes/Domino 6

Andy PedisichTechnotics, Inc.

What we’ll cover…

•Making the case for smaller mail files•Configuring for size management•Configuring to close open relays•Using real-time blacklists•Anti-spam tools•10 things you and your users can do to fight spam

Click the “Ask a question” button in the lower left section of your screen to

submit a question.


• Making the case for smaller mail files• Configuring for size management• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam


submit a question.

The legacy of the monster mail file

• Buying disk was cheaper than managing the files Even with backup factored -- it still seemed like a bargain

• Mail files became places to store everything Spreadsheets, presentations, documents, data sets

• So why is that changing now? Disk and backups now seen as too expensive

Growth of incredible large mail files is exponential Litigations mean expensive mail file searches

At $2 to $5 per message searched! Large mail files forces fewer users per server

We are buying servers when we should be consolidating them!

Issue

Three elements to control mail file size

1. Corporate policy must clearly state a size limit Best if dictated by the Legal Department

2. Admin tools are needed to control mail file size Need to be nearly user transparent

3. Users must learn best practice for using mail Must have the automated tools to help them

• Expect major pushback – everyone hates change Change in work habits Change in security They think they need their old mail




submit a question.

We have the backing – let’s go!

• Two features can be utilized for size management Quotas set max file size for users

Can interrupt user’s mail flow if file size exceeds max Archiving will help administrators manage size

• Quotas and thresholds can be set During registration Or for existing users mail files

Set per mail file, not per user

• Use a warning threshold to give users advance notice so they can take action before you do


submit a question.

Setting quotas

•Select the database using the Administrator client

Use Tools/Database/Quotas or right click and select Quotas

•Configure the database with a quota

In this example30 MB hard quota29 MB warning threshold

•Note that you could select more than one database in the Admin client

Over threshold and quota actions

• And once they are over threshold or quota You can annoy the user

At minute, hourly or daily intervalsEvery time they send a message

• With the added enforcement steps for quota You can deliver the mail – (You are such a nice admin!) Hold their mail – (Getting tougher!) Or send a non-deliver back to the originator – (You rat!)

When they are over – the messages start

• Server Configuration Document Router/SMTP -

Advanced - Controls tabFailure Messages

You can add customized text, or text from a fileYou must select one

or the other for all error messages

If you use text, only the first line appearsNote

Archiving mail to reduce mail file size

• You can set up to archive mail To another file on user’s mail server

This makes no sense at all in the context of reducing disk space usage

To the user’s local drive or to file serverMake sure it’s backed up!

To another serverThis works!New in ND6You can provide an

underpowered server to hold archive files

Note

Archiving should be automatic

•You can set up server to server archiving

Set it to delete documents or just attachmentsOr set it up to not archive at all, just to delete documents

Make sure users understand this if you take this route

Criteria for archiving

•Select a criterion for document selection and an age

•As a bonus, you can choose Not to delete documents with responsesTo log all archiving activity

Setting up archiving

•Set the archiving to run once a day at whatever hour you wish

Select one day or every day

•Use policies to set up archiving for your domain

Push out to certain OUs or your entire organization


submit a question.

Best practice for small mail files

• Remind users that they drive to the store, but they don’t leave groceries in the car once they get home “You can keep that data, but not on my mail server!”

• Archive all inbox messages older than 90 days old If you put it in a folder other than inbox, you get to keep it

• Encourage users to work smarter To reply without attachments and use shared DBs

• Zip attachments to save space 3rd party packages that will do this automatically Helps a lot, but must attack the problem at its root

Habits must change




submit a question.

How do spammers do what they do?

• Spammers send millions of messages because of thousands of incorrectly configured mail servers Some overworked administrators out there

Aren’t aware that their servers are open relaysDon’t know how to prevent it from happening

• Spammers use these open relay boxes as a launch pad for their barrage of messages If spammers used their own servers

We’d block their IP addressesWe’d block their domain names

o They’d be out of business

Don’t be an open relay – Part 1: Controls

• It’s easy to keep your Domino 6 SMTP locked down• Create a Server Config Document

Under the tab SMTP inbound controls Allow messages to the following external domains

Your own domain Deny messages to the following external domains

An asterisk (*) prevents relaying anywhere


submit a question.

Don’t be an open relay – Part 2: Enforce

• On the Inbound Relay Enforcement area Perform Anti-Relay enforcement for connecting hosts

Select “External Hosts Exceptions for authenticated users

Allow only authenticated users to relay

That’s it! You’re protected, and you’ve done your part in the fight against UCE – Unsolicited Commercial E-mail

Special configurations in some cases

• There are certain configurations that might apply to your domain or domains Inbound relay might be permitted for some domains and

servers This is still configurable in SMTP Inbound Controls tab

• You can allow or restrict relaying using a variety of IP address and domain name masks

• Would you like to test your SMTP server to see if it’s locked down? Of course you would! Here’s how

Here is the whole Telnet dialogue

• Here’s the dialogue the way you want to see it

telnet smtp.mycorp.com 25

220 smtp.mycorp.com ESMTP Service (Lotus Domino Release 6.5) ready at Feb 2004 07:15:36 -0700

helo bogus.com

250 ustech01.technotics.com Hello bogus.com ([10.200.200.86]), pleased to meet you

mail from:[email protected]

250 [email protected]... Sender OK

rcpt to:[email protected]

554 Relay rejected for policy reasons.


submit a question.




submit a question.

The danger of being an open relay

• If you’re an open relay, you will be reported to Internet blacklists SMTP host servers in many, many organizations will not

accept mail from blacklisted servers

• If your SMTP server is blacklisted, your organization might be unable to send mail to other Internet domains Your customers Your clients Vendors, banks and many others

• Put these blacklists to work for you!

Blacklists and you

• If your server is on a blacklist You might be notified as to which list you are on

And then again, you might not

• Want your server off the list? It’s like trying to clear your credit history

But there is no universal clearing houseMust search for backlist orgs -- look for your server

• Want to use a blacklist? Some are free, some charge a fee

You get what you pay forGenerally the fee-based ones are more flexible

Warning

How an open relay server is blacklisted

• In most cases, someone reports the alleged server to an organization like Mail Abuse Prevention System – mail-abuse.org Open Relay Database – ordb.org

• The system is tested, much in the same way as the Telnet session earlier But they use many more variations They try to exploit known holes in SMTP servers They attempt address variations that might fool a server

They don’t fool Domino 6, as long as it’s configured to reject relays

Here’s an example

• This is a portion of a log showing of a blacklist org’s open relay test against a Domino server Over 100 attempts were made to storm the SMTP gates of

the Domino serverNone made it through!

Attempt to relay mail to "[email protected]"@localhost rejected for policy reasons.

Attempt to relay mail to "[email protected]" rejected for policy reasons.

Attempt to relay mail to [email protected] rejected for policy reasons

Attempt to relay mail to obsl-add2%obsl.outblaze.com rejected for policy reasons.

Attempt to relay mail to obsl-add2%obsl.outblaze.com@[127.0.0.1] rejected for policy

Attempt to relay mail to "obsl-add2%obsl.outblaze.com" rejected for policy reasons.

Attempt to relay mail to "[email protected]"@[127.0.0.1] rejected for policy reasons.

Attempt to relay mail to obsl.outblaze.com!obsl-add2@[127.0.0.1] rejected for policy reasons.

Attempt to relay mail to obsl-add2%obsl.outblaze.com@[209.107.64.139] rejected for policy reasons.

Attempt to relay mail to "[email protected]"@[209.107.64.139] rejected for policy reasons.

Options for configuration

•OptionsLog – logs to Log.NSFLog and tag message – logs, and adds $DNSBLSites field to messageLog and reject message - same as Log, but rejects connection, returns configurable error message to the host

•It’s a good idea to log for a while in the beginning to be sure you’re not rejecting real e-mail

Real-time blacklists

• Open Relay Behaviour Modification System ordb.org

• Mail Abuse Protection System www.mail-abuse.com

• Spamhaus www.spamhaus.org

• Composite Blocking List Cbl.abuseat.org

• Spamcop www.spamcop.net


submit a question.




submit a question.

What doesn’t work fighting spam

• Here are a few techniques to forget about! IP address filtering

Their IP addresses change by the minute Domain name filtering

There is hardly a real domain name among them Mail address filtering

They never use the same one twice

• They forge headers, they spoof IP addresses They are relentless, they have no rules, they’ll never stop

How about content filtering?

• You can use the content filtering Journaling feature in ND6 as a first line of defense Filter for messages with words like viagra, xanax,

prescriptions, and the other non-PC porn terms that can make real trouble in e-mail to your employees

• But content filtering has its limitations in anti-spamProblem is, spammers spell it v.i.a.g.r.a, v1AgR@,

VI@gra, and V.a.l.ium, Va+l+iumThey surround their HTML sale text with meaningless

phrases

Note


submit a question.

So what can we do?

• Use a real-time blacklist service Use several if you wish Mail delivery times might suffer, please test before

acceptance

• Consider getting professional help You can assign people almost full time to fighting SPAM

in your organizationEnlist some type of vendor to complete the job


submit a question.

Categories of anti-spam products

• Desktop softwareStart using filtersUser determines what is and isn’t spamSoftware can “learn” correct filtering

• Server Software Set of content rules on the server determines what is or

isn’t spam with variations of….You determine spam rulesThe vendor determines the rules with your helpThe vendor provides all the rules -- it’s hands off for

youClick the “Ask a question” button in the

lower left section of your screen to submit a question.

Categories of anti-spam products (cont’d)

• Server Software (cont’d) Uses statistical analysis of message to score messages

for probability of being UCE

• Gateways, appliances, and other hardware Can either be hands off or you fiddle with it

• Mail redirection services Their servers are your MX hosts

They forward clean mail back to you

• Real Time Black Hole List Services Won’t let you receive mail from known open relays and

senders of UCE


• Making the case for smaller mail files• Configuring for size management• Filtering for content• Configuring to close open relays• Using real-time blacklists• Anti-spam tools• 10 things you and your users can do to fight spam


submit a question.

10 ways to fight spam now!

• Report spam to the real-time black hole vendors• Users must avoid placing e-mail addresses while

Posting to newsgroups, mailing lists, member profiles Listing yourself as Webmaster on a Web site

• If they must register on Web sites and newsgroups Forbid them from using their corporate address

Give them a different one or use Hotmail or Yahoo

• Tell users never to buy anything from someone who sends you e-mail

• Use client mail filtering to keep out the easiest junk and known offenders

10 Ways to Fight Spam Now! (cont’d)

• Delete spam without opening Avoid Spammer trick of seeing you’re alive using HTML Look at document properties to read Body field Turn off inbox preview

• Create cryptic email addresses Spammers use dictionaries to attack likely account

namesKLS0051 is better than Ken.L.Stevens

• Actively educate users about e-mail risks and responsibilities Establish spam policy if you don’t already have one

10 ways to fight spam now! (cont’d)

• Don’t use “out of office” reply if sender is from the Internet

• Never click a link in Spam mail The jury is still out on “unsubscribe me” links New law says they must remove you

But will they sell your name to someone else?

Resources

• Check out CAUCE Coalition Against Unsolicited Commercial Email www.cauce.org

Working for good anti-spam legislation

• Spam Abuse Network Promoting responsible net commerce Spam.abuse.net

• Spamhaus Tracks the Internet’s worst spammers www.spamhaus.org


submit a question.

Questions?

Submit your questions now by clicking on the “Ask a Question” button in the

lower area of your presentation screen.

Thank you!

You can send additional questions to

Andy Pedisich via [email protected].

Thank you

Thank you for participating in this SearchDomino.com live webcast.

Contact Andy Pedisich at [email protected].

If you have additional questions about this webcast, send them to [email protected] and we’ll post them at a future date.

For more information on upcoming SearchDomino.com webcasts or to pre-register for an event, go to http://searchdomino.techtarget.com/webcasts/

To submit your comments or suggestions for future webcasts, send an e-mail to the SearchDomino.com editors at [email protected].

Documents

Control Mail File Size and Fight Spam with Notes/Domino 6