Январь - Xakep Online
26.11.2014 Views
Share Embed Flag

Январь - Xakep Online

Январь - Xakep Online

Январь - Xakep Online

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
xakep.ru

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

ÍÅÊÎÒÎÐÛÅ SMTP-ÊÎÄÛ ÎØÈÁÎÊ,<br />

ÏÎÑËÅ ÊÎÒÎÐÛÕ ÎÒÏÐÀÂÈÒÅËÜ<br />

ÎÁßÇÀÍ ÏÎÂÒÎÐÈÒÜ ÏÎÏÛÒÊÓ ÎÒÏÐÀÂÊÈ ÏÈÑÜÌÀ<br />

450 Requested mail action not taken: mailbox unavailable (E.g., mailbox busy)<br />

451 Requested action aborted: local error in processing<br />

550 Requested action not taken: mailbox unavailable (E.g., mailbox not found, no access)<br />

spamd MTA ðåêëàìíûå ïèñüìà áóäóò âîçâðàùåíû â ïî÷òîâóþ î÷åðåäü<br />

îòïðàâèòåëÿ), íàãðóçêà íà íàø ñåðâåð ïðàêòè÷åñêè íå âîçðàñòàåò,<br />

à âîò âðåìÿ è ñèñòåìíûå ðåñóðñû ïîäêëþ÷èâøåãîñÿ ñïàìåðñêîãî ñåðâåðà,<br />

êîòîðûé îáðàáàòûâàåò ñîòíè ñîåäèíåíèé îäíîâðåìåííî, òðàòÿòñÿ<br />

âïóñòóþ. Ìîæíî ñêàçàòü, spamd ïðîâîäèò î÷åíü àêêóðàòíóþ DoS-àòàêó,<br />

ïðè ýòîì íå îòñòóïàÿ íè íà éîòó îò ïîëîæåíèé, çàäîêóìåíòèðîâàííûõ â<br />

ïî÷òîâûõ RFC. Äà-äà, â èäåàëå, åñëè áû âñå ïî÷òîâûå ñåðâåðû áûëè<br />

îáîðóäîâàíû ïîäîáíîé çàùèòîé, ñïàìåðàì ïðèøëîñü áû âåñüìà òóãî.<br />

ÎÒ ÒÅÎÐÈÈ Ê ÏÐÀÊÒÈÊÅ<br />

Êîíôèãóðèðîâàíèå äåìîíà ñëåäóåò íà÷èíàòü ñ ïðàâêè spamd.conf(5).<br />

 êà÷åñòâå çíà÷åíèÿ äèðåêòèâû «all» óêàçûâàåì àäðåñà çàñâåòèâøèõñÿ<br />

ñïàìåðîâ èç äðóæåñòâåííûõ âîñòî÷íûõ ñòðàí (ìîæíî, êîíå÷íî,<br />

âêëþ÷èòü â ïåðå÷èñëåíèå ñåêöèè spamhaus è spews, íî òîãäà<br />

áóäü âíóòðåííå ãîòîâ ê òîìó, ÷òî â îäíî ïðåêðàñíîå óòðî òû ïåðåñòàíåøü<br />

ïîëó÷àòü ïî÷òó èç äîìåíîâ mail.ru, narod.ru, yandex.ru è ò.ä.):<br />

# vi /etc/spamd.conf<br />

all:\<br />

china:\<br />

korea:\<br />

:china:korea:<br />

:black:\<br />

:msg="SPAM. Your address %A appears to be from China\n\<br />

See www.okean.com/asianspamblocks.html for more details":\<br />

:method=http:\<br />

:file=www.openbsd.org/spamd/chinacidr.txt.gz:<br />

:black:\<br />

:msg="SPAM. Your address %A appears to be from Korea\n\<br />

See www.okean.com/asianspamblocks.html for more details":\<br />

:method=http:\<br />

:file=www.openbsd.org/spamd/koreacidr.txt.gz:<br />

Êëþ÷åâîå ñëîâî black îïðåäåëÿåò ïðèíàäëåæíîñòü ê áëýêëèñòó, msg<br />

çàäàåò ñîîáùåíèå îá îøèáêå, âîçâðàùàåìîå SMTP-ñåðâåðó îòïðàâèòåëÿ,<br />

à method è file îïèñûâàþò ñïîñîá ïîëó÷åíèÿ ñæàòîãî<br />

gzip(1)'îì òåêñòîâîãî ôàéëà, ñîäåðæàùåãî IP-àäðåñà ñïàìåðîâ.<br />

Äàëåå óòèëèòîé crontab(1) âûçûâàåì òåêñòîâûé ðåäàêòîð (òîò, ÷òî<br />

îïðåäåëåí â ïåðåìåííîé îêðóæåíèÿ $EDITOR) äëÿ ïåðèîäè÷åñêîãî<br />

îáíîâëåíèÿ áàçû ñ àäðåñàìè ( êàæäûé ÷àñ):<br />

# crontab -e<br />

0 * * * * /usr/libexec/spamd-setup<br />

Òåïåðü íåíàäîëãî îòâëå÷åìñÿ îò ïðîöåññà êîíôèãóðèðîâàíèÿ<br />

è çàîñòðèì ñâîå âíèìàíèå íà ðåæèìå greylisting.<br />

ÌÀÃÈß GREYLISTING<br />

Áîðüáà ñî ñïàìîì ìîæåò èäòè íà äâóõ ôðîíòàõ: íà ñòîðîíå ñåðâåðà<br />

ëèáî íà ñòîðîíå êëèåíòà. Çàñòàâëÿòü êëèåíòà ñîâåðøàòü êàêèå-ëèáî<br />

òåëîäâèæåíèÿ — ýòî êîùóíñòâî :), à íà ñòîðîíå ñåðâåðà, ïîìèìî<br />

òðàäèöèîííûõ ÷åðíûõ ñïèñêîâ, ñóùåñòâóþò äâà ðàçëè÷íûõ ïîäõîäà:<br />

àíàëèç íåïîñðåäñòâåííîé êîððåñïîíäåíöèè, êîãäà ïî ñîâîêóïíîñòè<br />

ìíîãèõ ïàðàìåòðîâ äåëàåòñÿ âûâîä î «÷èñòîòå» êàæäîãî êîíêðåòíîãî<br />

ïèñüìà, à òàêæå òåõíîëîãèÿ «ñåðûõ ñïèñêîâ» (greylisting). Âîò î<br />

ïîñëåäíåé ìû è ïîãîâîðèì ïîäðîáíåå, âåäü ïðè ãðàìîòíîé ðåàëèçàöèè<br />

è ïðàâèëüíîé íàñòðîéêå äàííàÿ òåõíîëîãèÿ ñïîñîáíà îòôèëüòðîâàòü<br />

äî 98% ñïàìà, íå çàòðà÷èâàÿ âðåìÿ è ðåñóðñû ñåðâåðà íà<br />

òðàôèê è îáðàáîòêó «ãðÿçíûõ»ïèñåì.<br />

Çàäà÷à ñïàìåðà ñîñòîèò â òîì, ÷òîáû â êðàò÷àéøèå ñðîêè îòïðàâèòü<br />

ìàêñèìàëüíî âîçìîæíîå êîëè÷åñòâî ðåêëàìíûõ ïèñåì. Ïðè ýòîì óñïåøíîñòü<br />

îòïðàâêè êàæäîãî ñîîáùåíèÿ íå îòñëåæèâàåòñÿ. Îäíà èç<br />

ãëàâíûõ ïðè÷èí — â ìèðå ýëåêòðîííîé ïî÷òû íàäåæíîñòü äîñòàâêè<br />

èñõîäÿùåé êîððåñïîíäåíöèè äîðîãîãî ñòîèò, à èìåííî: íàëè÷èÿ ñïåöèàëüíûõ<br />

èíæåêòîðîâ, âûïîëíåíèÿ äîïîëíèòåëüíûõ ðåñóðñîåìêèõ<br />

ñèñòåìíûõ âûçîâîâ, ê ïðèìåðó fsync(2) è write(2), è îïåðàöèé ñ î÷åðåäüþ<br />

/var/spool/mqueue (ëèáî ìèãðàöèè î÷åðåäåé). Òàê ÷òî ðàáîòó<br />

ñïàìåðîâ ìîæíî îõàðàêòåðèçîâàòü êàê «îòïðàâèë è çàáûë» (fire and<br />

forget). Ìû íà ýòîì è ñûãðàåì.<br />

Ñóòü èäåè greylisting'à ïðåäåëüíî ïðîñòà: êîððåêòíî ñêîíôèãóðèðîâàííûé<br />

ïî÷òîâûé ñåðâåð îòïðàâèòåëÿ, ïîëó÷èâ îïðåäåëåííûé<br />

îòâåò îò ñåðâåðà ïîëó÷àòåëÿ, îáÿçàí ïîâòîðèòü ïîïûòêó äîñòàâêè<br />

ïèñüìà ÷åðåç íåêîòîðûé ïðîìåæóòîê âðåìåíè (îáû÷íî 5, 15, 25,<br />

30 èëè 60 ìèíóò). Çíàÿ ýòî, â êà÷åñòâå îòâåòà íà ñîåäèíåíèå îò íåèçâåñòíîãî<br />

ïî÷òîâîãî ñåðâåðà ñ ïîìîùüþ spamd ìû áóäåì âîçâðàùàòü<br />

íåñòàíäàðòíîå SMTP-ñîîáùåíèå OK èëè Rejected, à âðåìåííóþ<br />

îøèáêó ñ êîäîì 450, 451 èëè 550. Êîãäà ïî÷òîâûé ñåðâåð<br />

îòïðàâèòåëÿ ïîâòîðèò äîñòàâêó ïèñüìà (à ïî RFC îí îáÿçàí ýòî<br />

ñäåëàòü), ìû ïðèìåì ê ñâåäåíèþ, ÷òî äàííûé ñåðâåð óæå ïûòàëñÿ<br />

îòïðàâèòü íàì ïèñüìî íåñêîëüêî ìèíóò íàçàä, à çíà÷èò, îí íå ñïàìåð.<br />

È òîãäà ìû ïðèìåì êîððåñïîíäåíöèþ.<br />

# tail /var/log/maillog<br />

Dec 1 01:55:53 toxahost sm-mta[21632]: j9F9jgYV021632:<br />

to=, delay=00:00:11, xdelay=00:00:11, mailer=esmtp,<br />

pri=30808, relay=mail.domain1.ru. [81.211.11.22], dsn=4.3.0, stat=Deferred: 451<br />

Temporary failure, please try again later.<br />

Íà ïðèâåäåííîì êóñêå ëîãà âèäíî, ÷òî ñåðâåð mail.domain1.ru îòâåðã<br />

íàøå ïèñüìî àäðåñàòó andrushock@domain1.ru. Åñëè áû ìû çàãëÿíóëè<br />

â /var/log/daemon ýòîãî ñåðâåðà, ìû áû óâèäåëè ðåçóëüòàò ðàáîòû<br />

greylisting:<br />

ñïðàâî÷íàÿ ñòðàíèöà spamd<br />

# tail /var/log/daemon<br />

Dec 1 01:56:19 mail spamd[3135]: 62.16.22.33: connected (1/0)<br />

Dec 1 01:56:30 mail spamd[3135]: (GREY) 62.16.22.33: -><br />

<br />

Dec 1 01:56:30 mail spamd[3135]: 62.16.22.33: disconnected after 11 seconds.<br />

XÀÊÅÐ 01 /85/ 06 107

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!