Franzes Francisco Manila IBM Domino Server Crash and Messaging

Similar documents
SMTP Mail. February 14, 2012 Lotus Mail Routing Team IBM Corporation

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Ethical Hacking and. Version 6. Spamming

Lotus Protector for Mail Security

Setup Document Version 2.2+

CAMELOT Configuration Overview Step-by-Step

GFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual

GFI product comparison: GFI MailEssentials vs. McAfee Security for Servers

Office 365 Integration Guide Software Version 6.7

Vendor: Cisco. Exam Code: Exam Name: ESFE Cisco Security Field Engineer Specialist. Version: Demo

Appliance Installation Guide

Test-king q

INTERNET SAFETY IS IMPORTANT

COSC 301 Network Management. Lecture 14: Electronic Mail

The information and content in this document is provided for informational purposes only and is provided "as is" with no warranties of any kind,

An electronic mailing list is a way to distribute information to many Internet users using . It is a list of names and addresses, similar to a

Understanding the Pipeline

Managing Graymail. Overview of Graymail. Graymail Management Solution in Security Appliance

GFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall

Handling unwanted . What are the main sources of junk ?

Airtel PC Secure Trouble Shooting Guide

Anti-Spam. Overview of Anti-Spam Scanning

Choic Anti-Spam Quick Start Guide

Best Practices. Kevin Chege

SPAM UNDERSTANDING & AVOIDING

Mail Assure Quick Start Guide

IBM Express Managed Security Services for Security. Anti-Virus Administrator s Guide. Version 5.31

SMTP Scanner Creation

Anti-Spam. Overview of Anti-Spam Scanning

Employing VisNetic MailServer Security Features

Step 2 - Deploy Advanced Security for Exchange Server

Version 5.2. SurfControl Filter for SMTP Administrator s Guide

GFI product comparison: GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.5

ESFE Cisco Security Field Engineer Specialist

Defining Which Hosts Are Allowed to Connect Using the Host Access Table

Cyber Security Guide for NHSmail

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage

IBM Proventia Network Mail Security System. Administrator Guide. Version 1.6. IBM Internet Security Systems

On the Surface. Security Datasheet. Security Datasheet

AccessEnforcer Version 4.0 Features List

Comodo Antispam Gateway Software Version 2.12

Defining Which Hosts Are Allowed to Connect Using the Host Access Table

GFI product comparison: GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

PROTECTION. ENCRYPTION. LARGE FILES.

s and Anti-spam

Introduction. Logging in. WebMail User Guide

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Fortinet.Certdumps.FCESP.v by.Zocki.81q. Exam Code: FCESP. Exam Name: Fortinet Certified Security Professional

For example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.

IBM Managed Security Services for Security

M86 MailMarshal SMTP USER GUIDE. Software Version: 6.9.9

Spam Protection Guide

Configuring the Botnet Traffic Filter

SOLUTION MANAGEMENT GROUP

Version SurfControl RiskFilter - Administrator's Guide

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

3.5 SECURITY. How can you reduce the risk of getting a virus?

Enabling and Activating Anti-Spam

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Aloaha FindMail.

ESET Mobile Security for Windows Mobile. Installation Manual and User Guide - Public Beta

Mail Assure. Quick Start Guide

TrendMicro Hosted Security. Best Practice Guide

UTM 5000 WannaCry Technote

Using Centralized Security Reporting

Spam, Security and SORBS v2.0

Introduction. Logging in. WebQuarantine User Guide

Comodo Comodo Dome Antispam MSP Software Version 2.12

F-Secure Mobile Security

Sender Reputation Filtering

Dataprise Managed Anti-Spam Console

Exam : ST Title : Symantec Mail Security 8300 Series (STS) Version : Demo

Symantec Messaging Gateway Installation Guide. powered by Brightmail

Tracking Messages

Contents. Limitations. Prerequisites. Configuration

Introduction This paper will discuss the best practices for stopping the maximum amount of SPAM arriving in a user's inbox. It will outline simple

Configuring the Botnet Traffic Filter

Admin Guide Defense With Continuity

BEST PRACTICES FOR PERSONAL Security

IceWarp Unified Communications. AntiVirus Reference. Version 10.4

Troubleshooting SMTP Routing. Chris Miller Director of Messaging/Collab Connectria

Service Provider View of Cyber Security. July 2017

Comodo Dome Antispam Software Version 6.0

FRISK Software International F-Prot AVES Managed Security Service

SonicWALL Security 6.2 Appliance

IBM SmartCloud Notes (SCN) Mail Routing

How to Configure ATP in the HTTP Proxy

Company. Example Company Contact. John Smith Website. Date

Untitled Page. Help Documentation

MESSAGING SECURITY GATEWAY. Solution overview

Gateways. Kevin Chege

.-----~ IPSWITCH. IMail Server. Getting Started Guide

Setting up Microsoft Office 365

Sophos Central Admin. help

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

MX Control Console. Administrative User Manual

Configuring Gmail (G Suite) with Cisco Cloud Security

Transcription:

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Topics to be discussed What is SPAM / email Spoofing? How to identify one? Anti-SPAM / Anti-email spoofing basic techniques Domino configurations to prevent spam / email spoofing Common questions on how Domino controls SPAM / email spoofing

What are spam / email spoofing? Junk email, unsolicited bulk emails from unknown sources. Spam is basically anything that you did not request to receive via email. (Signing up for a newsletter and allowing the vendor to share your email address is NOT spam! )

Where do they come from? Bots, virus-infected computers, remotely controlled systems, malicious applications / attachments that send about 85% of spam. Spammers/Hackers that collect email addresses from forums, websites, customer lists, newsgroups, and viruses which harvest users' address books (Mostly from Windows systems. NSFs are ACL/ID protected), and are shared and sold to other spammers.

Types of Spam / Spoofed emails Spam advertising sites Websites or mass emails sent to users with odd or too good to be true offers. Some are also ads that are collected by cookies of websites you visit. Common products / issues Scams Spam emails that are sent to advertise common products that you are not aware or you didn t purchase or subscribe. Spam emails that ask for payments either for your credit card bill or state that you have a relative that is in need or in trouble. Phishing A spam method that aims to collect info or credentials from users and usually mask as legitimate emails. Spoofed headers A spam method where an unsuspicious email contains a remailer service or infected email in the body / page source of the mail. Backscatter Spam method where spammers send undeliverable mails intentionally to a mail server to inflict mail traffic Other examples Images that contain no text, but has infected contents on the page source that is very hard for scanners to check. Content has a link (often leading to really bad stuff), the rest of message is random ramblings that do not make sense. Sometimes hidden. Messages that appear to come from friends that ask you to follow a link, or open an attachment. Beware!

Top countries that are mostly infected by SPAM WORLD'S WORST SPAM HAVEN COUNTRIES FOR ENABLING SPAM (2017) 3881 2742 1141 775 658 481 460 459 437 429 Source: https://www.spamhaus.org/statistics/countries/

How does SPAM / SPOOFED emails affect your environment? Can cause major email traffic and server performance issues. Worse, legitimate emails can be damaged. Can degrade your internet domain s credibility. (getting blacklisted) Can exploit and open a gateway to your internal network. Can affect user s personal files and email contents. One of the worst case identified recently that can be caused by SPAM / Spoofed mails are RANSOMWARE attacks.

Verifying a SPAM / SPOOFED email Anatomy of a Spam / Spoofed email Notice the unique HTTP string? This string is used to confirm that you read the message, but only if you load the images.

Verifying a SPAM / SPOOFED email Looking at the page source: Received: from lpms.beantowntech.com ([192.168.1.214]) by newfrontier.beantowntech.com with ESMTP id 2016032308391217-2253 ; Wed, 23 Mar 2016 08:39:12-0400 Received: from localhost by lpms.beantowntech.com with LPMS BeanTownTech ESMTP for <john@beantowntech.com> from <SafeTubs@appleeleganto.top>; Wed, 23 Mar 2016 08:39:03-0400 Received: from 00b7be99.appleeleganto.top (162.254.231.210) by lpms.beantowntech.com (192.168.1.214) with LPMS BeanTownTech ESMTP; Wed, 23 Mar 2016 07:07:14-0400 Received: from 00b7be99.9x91f.appleeleganto.top (amavisd, port 8813) by 9x91f.appleeleganto.top with ESMTP id 00VFOHJLDFB7BEJNNROOHJ99; for <john@beantowntech.com>; Wed, 23 Mar 2016 04:07:34-0700 Date: Wed, 23 Mar 2016 04:07:34-0700 To: <john@beantowntech.com> From: "Safe Tubs" <SafeTubs@appleeleganto.top> Subject: [SPAM] The Best Walk In Tubs, Browse Ads For Them Here MIME-Version: 1.0 X-ISS-IPR: 1001:218 1:57 (162.254.231.210)

Verifying a SPAM / SPOOFED email Cross Checking the internet domain and IP of the unknown sender Useful Links: http://mxtoolbox.com/ https://www.consumer.ftc.gov/articles/0038-spam https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.s html

Anti-SPAM / Anti-email spoofing basic techniques User education and awareness. Up to date security patches for your Operating System and Domino environment. Enabling network / firewall for spam prevention capabilities NOTE: The best recommended choice to prevent spam / spoofed email is by setting up a third party anti-spam application in front of or on the Domino server. Domino was not designed to be a spam appliance. It has capabilities that can prevent light spam attacks but does not have the full functional feature of a Spam Appliance. Using of Spam Filter Gateway or Servers, like IBM s Lotus Protector For Mail Security or others from 3 rd party vendors. Utilizing Domino s configuration.

Locking down your Domino environment to prevent SPAM / SPOOF attacks The following settings are not applicable should your Domino server be the second hop into your Domain. Domino should ONLY have these setting set in gateway mode; where Domino is listening directly from the internet. Domino can be configured to prevent some spam emails as follows: Locking down Domino as a Relay Server Enable Blacklisting Enable RDNS, and verification of senders Domain in DNS Enable recipient verification on your Domino address book Creating a server mail rule Using FullName Lookup for recipients on your address book

Locking down Domino as a Relay Server By default, Domino allows SMTP servers on the same subnet to relay thru the server. To change this and only allow specific systems of ranges, Set the following fields in the Configuration Document - -> Router/SMTP tab --> Restrictions and Controls --> SMTP inbound controls to:

Enable Blacklisting You can choose from a number of publicly available and/or private paid subscription services that maintain DNS black lists where Domino can check external connecting hosts. Please refer to the URL below for a list of DNS Black lists. https://en.wikipedia.org/wiki/comparison_of_dns_blacklists You can enter the text of the error message returned when denying a connection when the connecting host is black listed ( the default error message indicates that the connection was denied for policy reasons) You can use the format specifier %s to specify the IP address of the denied host and a second %s will display the DNS blacklist site where Domino found the host listed. For example: Your IP %s has been Black Listed. For more information contact %s Your IP 123.123.123.1 has been Black Listed. For more information contact examplednsbl.net

Enable Blacklisting

Verify connecting hostname in DNS You can also enable Domino to check the connecting host name / IP if they have a valid DNS record by setting Configuration Document --> Router/SMTP tab --> Restrictions and Controls --> SMTP inbound controls > Inbound Connection Controls 1. Enabled - Domino verifies the name of the connecting host by performing a reverse DNS lookup. If Domino cannot determine the name of the remote host, it does not allow the host to transfer mail NOTE: Internet SMTP hosts are not required to have PTR entries in DNS. As a result, when this field is enabled, the SMTP task may reject connections from valid SMTP hosts. 2. Disabled - (default) Domino does not check DNS to verify the name of the connecting host.

Verify that local domain recipients exist in the Domino Directory Specifies whether the SMTP listener checks recipient names specified in RCPT TO commands against entries in the Domino Directory Choose one: 1. Enabled - If the domain part an address specified in an SMTP RCPT TO command matches one of the configured local Internet domains, the SMTP listener checks all configured directories to determine whether the specified recipient is a valid user but if no matching user name is found, the SMTP server returns a 550 permanent failure response indicating that the user is unknown, for example, 550 bad_user@yourdomain.com... No such user. NOTE: When this setting is enabled and there is an entry in the "Local Internet domain smart host" field, messages that cannot be resolved are not accepted. Therefore, they are not forwarded to the smart host. 2. Disabled - (default) The SMTP listener does not check whether local domain recipients specified in the RCPT TO command are listed in the Domino Directory.

Setting Full Name Only It is also advisable to set Fullname only in the configuration document s address lookup field. This will avoid accepting messages for part of a user name, like Joe, or Smith. Setting the field to Fullname only also shuts of the use of soundex which will send a message to a person that has a similar sounding name(soundex value from $Users view).

Setting a Server Rule Configuration Document --> Router/SMTP tab --> Restrictions and Controls --> Rules Note that using server mail rules may slow down mail routing depending on the rule created. The more rules that are in place, the more of an impact this will have on routing performance. A server rule could be beneficial for preventing Zero day viruses. This is considering its file type or uniqueness(subject line, sender, body of message) that is identified that can be blocked. Please keep in mind using the " set rule " command at the server console to register the system rule. Also, when disabling a rule, to prevent a ghost rule. Disable the rule first, issue the set rule command, and then you may safely delete the rule.

Setting a Server Rule

Common questions on how Domino controls SPAM / SPOOFED emails Can Domino scan the content of images? documents? attachments? Answer: Domino cannot scan what is in the documents or attachments,but can prevent incoming mail w/ the use of file extensions. Can Domino do settings like quarantine? Answer: If you are aware of certain types of mails that you need to inspect first, Domino can utilize its server mail rule to move messages in a designated location or database for the admin s review. Can we mask our IP or addresses that are already known or exploited by attackers? Answer: Domino can add up or alter it s SMTP banner when doing handshakes to the internet to make it more secure, but as long as an attacker already knows your internal network or internal IP, the changes should be done on the Network level. For an IBM solution to SPAM and Antivirus please see: http://www-03.ibm.com/software/products/en/protector

References: http://www-01.ibm.com/support/docview.wss?uid=swg21378411 https://www-01.ibm.com/support/docview.wss?uid=swg21385199 https://www.ibm.com/developerworks/lotus/library/ls-domino_messaging_restrictions/index.html https://www.ibm.com/developerworks/lotus/library/spam-smtp1/ https://www.ibm.com/developerworks/lotus/library/spam-smtp2/

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback