copyright © 2000, ziplink inc. patent pending 1 mail message metering or, how to block outbound...

Copyright © 2000, ZipLink Inc. Patent Pending

1

Mail Message Metering or, how to block outbound spam

Robert D. Haskins


2

Interactive Week, 3/6/2000

“… (Lawlor) opened AGIS to unsolicited

commercial e-mailers and only relented after

a walkout of key technical staff and a crippling

hack attack in 1997.”


3

Outline

• Introduction/Goals• Problem definition• Existing solutions• Outline of our solution• RADIUS database• Mail relays• Shortcomings• References


4

• Wholesale Internet connectivity provider• Our customers are free ISP’s, small ISP’s,

and information appliance vendors (500+)• ZipLink can be a source of spam

Problem: an effective way to block outbound spam

Solution: ?

Introduction


5

Goals

• Block at least 50% of outbound spam• Little or no impact on customer (ISP) and

subscriber• Ability to exclude certain domains• Configurable and scalable• Low impact on RADIUS servers• Utilize freely available software if possible


6

• Existing “free” solutions for spam:– Blackmail by Ken Hollis and James Murray– SMAPD from Trusted Information Systems– SMTPD from Obtuse Systems Corporation

• Brightmail by Bright Light Technologies • RAS filters

Existing solutions


7

Existing solutions (2)

• No solution met our needs completely• Most solutions are focused on the problem of

inbound spam only• No solution incorporates the idea of

“message metering”

Our solution: allow end user to send only X messages during Y amount of time


8

Overview of solution

SQL DBRADIUS

User Mail Relay Recipient


9

• RADIUS servers run radius2db, written by Dale Nielsen (contractor) in C

• radius2db reads RADIUS accounting logs and forwards records to Oracle database

• overhead on RADIUS server < 5%• additional fields for message counts, limits in

separate table

RADIUS database


10

Mail Relays

User sendsmail

Mail sent to recipient

SMTP redirected

Mail relay quotacheck

Cust. mail relay


11

• Modifications made to SMTPD (Obtuse)• SMTPD receives outbound message:

– verifies source IP address within ZipLink range

– checks mail quotas for that user– forwards message to SMTPFWD

• SMTPFWD relays message (via Sendmail) to ISP customer mail relay for final delivery

Mail Relays (2)


12

• Adjustable parameters:– # messages/time interval for user@realm– # messages/time interval for @realm– # messages/time interval, global– 10 messages/10 minutes, max 100

messages/24 hours is the compiled in default

• “450 Mail quota exceeded for %U” error

Mail Relays (3)


13

Shortcomings

• Still requires Acceptable Use Policy (AUP) and strong language in contracts

• If ISP changes defaults, subscriber can still spam if thresholds are set high enough

• No way to allow individual subscriber to use 3rd party mail relay

• Requires mechanism for redirecting all SMTP sessions to mail relays


14

• My page: www.ziplink.net/~rhaskins• FWTK: www.tis.com/research/software• Blackmail: bitgate.com/spam• Juniper/smptd: www.obtuse.com/smtpd.html• Brightmail: www.brightlight.com/isp/spam

References

copyright © 2000, ziplink inc. patent pending 1 mail message metering or, how to block outbound...

Documents