第9åã¾ã£ã¡ã445åå¼·ä¼(è¿·æã¡ã¼ã«å¯¾çåå¼·ä¼)ã§è¬å¸«ãã¦ãã¾ãã
以åã®ã¨ã³ããªã¼ã«ãæ¸ããéããæ±äº¬ã§ã¾ã£ã¡ã445åå¼·ä¼ããè¿·æã¡ã¼ã«å¯¾çãã¨ãããã¨ã§ãããããã§è¬å¸«ãããã¦ããã ãã¦ãã¾ããã
ãã®éã®èªåã®ãã¬ã¼ã³è³æãå ¬éãã¾ããã®ã§ãèå³ã®ããæ¹ã¯ãåç §ãã ããã
ãSMTPã»ãã·ã§ã³ã§ã®ã¹ãã 対çã¨taRgreyã
http://k2net.hakuba.jp/spam/matcha445_9/20090829_tokyo_spam_satoh.pdf
ã¾ãããã¬ã¼ã³ã«åºã¦ããèªåã®ææ¡ãã¦ããå種ã¹ãã 対çææ³ãRgrey/Starpit/taRgreyã«ã¤ãã¦ã®ãã¼ã¸ã§ãããã¬ã¼ã³è¦ã¦èå³æãããæ¹ã¯ã詳ããå
容ã«ã¤ãã¦ã¯ãã¡ããã©ããã
Rgrey - S25R + greylisting
Starpitã§ã»ã¼èª¤æ¤åºç¡ã98%ã®ã¹ãã ãæé¤ (S25R+tarpittingã«ããã¹ãã 対ç)
taRgrey - S25R + tarpitting + greylisting (tarpit + greylist policy server)
ä»åã¯ãç¹ã«ãªã¼ãã³ã½ã¼ã¹ç³»ã§ã¹ãã 対çã«ãããã£ã¦ãã人ãã¡ãé常ã«å¤ãéã¾ãã¾ããã(ã¨è¨ãã¤ã¤ãã¾ã ä½åãæ°ã«ãªãæ¹ãããã§ãã)
ã¹ãã 対çã¯ãã©ã®æç¹ã§ã®å¯¾çãã¨ããææ³ã«ãã£ã¦å®ã¯åéãåããããã§ããããã®ã¸ããçµæ§ãã©ãã¦ããã®ã§ã話ãå
容ãåèªã®ã¡ã¤ã³ã®ã¨ããã«ãã©ã¼ã«ã¹ãããã¨ãã§ããå¯åº¦ã®æ¿ã話ã«ãªã£ãã®ã§ã¯ãªãããã¨æãã¾ãã
ãã¨ä»åããããå½¢ã«ãªã£ãã®ã¯ãã¹ãã 対çç³»ãã£ã¦ãã²ã¨ãã§åå¹´æ¯ã¨ãã«éã¾ã£ã¦æ
å ±äº¤æã§ããããããããã¨ããæ»æ¾¤ããã®çºæ¡ããã£ããããªã®ã§ãããåãå
èµ°ã£ã¦ä¼ããã人ã«å£°ããã¦ã¾ãã£ã¦ãã¾ã£ãããã§ãå人çã«ã¯ãåãã¹ãã 対çç³»ã§ä¼ãããã£ã人ã«ä¼ãããã®åå¼·ä¼ãã¿ãããªæãã«ãªã£ã¡ããã¾ããã
ãããåå è
ã¨ãã¦ãåã®ã¹ãã¼ä»²éã®â¦ ãããããæ¥æ¬ããMAAWGã«åå ããã¦ãmanabuãããMTA ã®ã¢ã¯ã»ã¹å¶å¾¡çæ¸ããã¦ããyamayaãããRgreyãtaRgreyã®ãã¨ã§ãããããä¸è©±ã«ãªã£ã¦ãBirds Of a Featherã®Cookieãããã»ãã¥ãªãã£ç³»ã®ãã¨ã§ããããã°åç
§ããã¦ããã£ã¦ããã¦ãã¦ã糸巻ãã®itochanãããã¨ããæãã§ãä¼ãããã£ã人ã«ç´æ¥ä¼ã£ã¦è©±ãåºæ¥ãã®ã§ãã»ãã¨ã¨ã¦ãããã£ãã§ãã
話ããããã£ã人ã«ãã£ãºãã«ä¼ãããã¦ãä¸äººã²ã¨ãã®äººã¨ãã¾ããããã話ãåºæ¥ãªãã£ãã®ãæ®å¿µãªãããã§ããã
ãããããface-to-faceéè¦ãã³ãã¥ãã±ã¼ã·ã§ã³ã®åãããããæç¶éã£ã¦ããã
ä»åããã¾ã£ã¡ããããã´ã¡ã«ã«ã³ããã¯ãããéå¶ã®ã¿ãªããã«ã¯å¤§å¤ãä¸è©±ã«ãªãã¾ããããããã決ã¾ãæå¥ã¨ãã¦ã®ããä¸è©±ã«ãªã£ããããããªãã¦ã»ãã¨ãã«ã
ç¹ã«ä»åã¯ãè¬å¸«äººæ°ãå¤ãã£ãã®ã§ãæéé
åã¨ãããããã¨å¤§å¤ã ã£ãã¨æãã¾ãã
楽ãã¾ãã¦ããã ããããã¨ããããã¾ãã _o_
æ親ä¼ã§è©±ãåºã¦ã¾ãããããã®åå¼·ä¼ã§åºãã¢ã¤ãã¢ãå
ã«å®éã«ãããªãã¨ããã£ã¦ã¿ã¦ããã®çµæããã§ãããã¿ãããªçºè¡¨ãå°æ¥ã®åå¼·ä¼ã§åºæ¥ãããã«ãããã§ããã
ã»ãã·ã§ã³å 容ã¨ããã®å ¬éããã¦ããã¬ã¼ã³è³æURLã¾ã¨ãã§ãã
ã»ãã·ã§ã³1ããDKIM, SPFè¨å®ã¨éåä¿¡ãµã¼ãã®åé¢âã¡ã¼ã«éä¿¡ãµã¤ãã®è¨å®ã
http://matcha445.techtalk.jp/saturday-workshop/9th-workshop
dkim-milter ãªã©ã® FreeBSD åãããã±ã¼ã¸ã¡ã³ãã / Hirohisa Yamaguchi (umq) ãã
第09å ã¾ã£ã¡ãï¼ï¼ï¼åå¼·ä¼ - umq ã®æ¥è¨
ã»ãã·ã§ã³2ã ãS25Rã
S25R éçºè
/ æµ
è¦ç§é ãã
Site: http://www.gabacho-net.jp/anti-spam/
S25Rã¹ãã 対çæ¹å¼ã®ãç´¹ä»
ã»ãã·ã§ã³3ãã SMTPã»ãã·ã§ã³ã§ã®ã¹ãã 対çã¨taRgrey
http://k2net.hakuba.jp/spam/matcha445_9/20090829_tokyo_spam_satoh.pdf
taRgrey éçºè
/ ä½è¤ æ½ ãã (æéä¼ç¤¾ã¸ã¼ã¯ã¼ã¯ã¹ )
Site: http://k2net.hakuba.jp/ , http://d.hatena.ne.jp/stealthinu/
第9åã¾ã£ã¡ã445åå¼·ä¼(è¿·æã¡ã¼ã«å¯¾çåå¼·ä¼)ã§è¬å¸«ãã¦ãã¾ãã - ã¢ã¼ã°ã«ã¨ã«ãã¨ãã¦ãã¼ã®æ¥è¨
ã»ãã·ã§ã³4ããmilter managerã
http://www.clear-code.com/archives/matcha445-9/
milter manager éçºè
/ é è¤åå¹³ ãã ï¼æ ªå¼ä¼ç¤¾ã¯ãªã¢ã³ã¼ãï¼
Site: http://milter-manager.sourceforge.net/index.html.ja
第09å ã¾ã£ã¡ã445åå¼·ä¼ã®è³æå
¬é - ã¯ã¯ãã°(2009-08-31)
ã»ãã·ã§ã³5ããèªåã¡ã¼ã«åé¡ãã¼ã« POPFileã
http://idisk.mac.com/amatubu/Public/study/POPFile_20090829_amatubu.pdf
POPFile Core Team ã®ä¸ã®äºº / ãããããªãã ãã
Site: http://getpopfile.org/docs/jp
第09åã¾ã£ã¡ãï¼ï¼ï¼åå¼·ä¼è³æ - ãã¾ã¤ã¶ï¼ ã¯ã¦ãªãã¤ã¢ãªã¼
ã»ãã·ã§ã³6 ãæ¥æ¬èªåSpamAssassin ã
SpamAssassin æ¥æ¬èªå¯¾å¿ãããéçºè
/ æ»æ¾¤ éå² ãã
Site: http://spamassassin.jp/
第09å ã¾ã£ã¡ã445åå¼·ä¼ - ãã ã®æ¯ãè¨
ã»ãã·ã§ã³7 ãSA TLECã¬ã·ãã
http://www.flcl.org/~yoh/sa_user_prefs_matsuda.zip
TLEC ã® SpamAssassin ã®ã«ã¼ã«ã®ä¸ã®äºº / æ¾ç°é½ä¸ ãã
Site: http://tlec.linux.or.jp/topic.html
2009.8.29ã¾ã£ã¡ã445åå¼·ä¼ã¢ãã¿ã¼ãã©ãã¼ - æ¥æ¬SpamAssassinã¦ã¼ã¶ä¼
ã»ãã·ã§ã³å 容ã«ã¤ãã¦æ°ã«ãªã£ãã¨ããã®ã¡ã¢
ãã¨ãåå¥ã®ã»ãã·ã§ã³å
容ã«ã¤ãã¦æ°ã«ãªã£ãã¨ãããåå¼·ä¼ä¸ã§èªåãã¡ã¢ã£ãå
容ã§ãã
ã¡ãªã¿ã«ãumqãã(SPF/DKIM)ãæµ
è¦ãã(S25R)ãé è¤ãã(milter-manager)ã®å
容ã«ã¤ãã¦ã¯ã¡ã¢ãå°ãªãã§ãããããã¯ååé岡ã®åå¼·ä¼ã§è©±ãèãã¦ãããã¨ãããã¨ã¨ãS25Rã«ã¤ãã¦ã¯èªåããããããå©ç¨ãã¦ç¥ã£ã¦ãããããªã®ã§ãããã«ãªã話ãå°ãªãã£ããã¨ãããã¨ã§ã¯ãªãã§ãã :) 念çº
S25R
- ç¾æç¹ã§ã98ã99%ããã
- ãã¯ã¤ããªã¹ãç¡ãã ã¨False Positive 13%ããããã
- ãã¯ã¤ããªã¹ãã¯ç¾å¨700件ããã
milter-manager
- milterã§ã¯HEADERã1è¡ãã¤ãBODYãåå²ãã¦æ¸¡ããã¦ãã
- milterã§ãDKIMã¯æå¾ã«æããªãã¨ã¾ããã¨ãé çªãéè¦ãªå ´åããã
- è©ä¾¡ã¢ã¼ãã¨ãã®çµæããçµ±è¨ã°ã©ããåºã
- ã¦ã¼ã¶æ¯ã«milterã®é©ç¨ãåºæ¥ã
POPFile
- å ã¯ã¹ãã 対çç¨ã§ã¯ãªãåé¡ç¨ã«ä½ããã
- imapã®å ´åimapå ã§é¸ãåããã¦ãããï¼
- ãã¤ãºã£ã¦ç¹å®ã§ããªããã©ã¡ã¼ã¿é¨åã¯çµæ§çç¥ããã¦ã
- ã¹ãã¼ã¹ã¯ããã ã空ã¿ã°å
¥ããããªã©ã¯ãå¥ã§å¤å®ãã¦ååä»ããã¦ããã¯ããã§å¤å®ææã«ãã¦ãã
- â å ¨é¨ãå ¨é¨èªåå¦ç¿ã§ãã¾ããããããããªã
- Spammer's Compendiumã¨ãããµã¤ãã«ãã®æã®ææ³ãç¶²ç¾ ããã¦ã
- ãä¸æãã¨ããå¤å®å ¥ãããã¨ã§å¤å®çãä¸ãã
- åãã¡æ¸ããã¼ãµã®éãã§ã¯å¤å®çã¯ã»ã¼ããããªã
- è±èªã§ã¯2æåã¯ç¡è¦ãããæ¥æ¬èªã§ã¯2æå以ä¸ã§åèª
- â çµæ§ç´°ãããã¼ã«ã©ã¤ãºã®éãããã
SA
- sa-updateã§ã«ã¼ã«ãææ°æ¨æºã«ã¼ã«ã«ã¢ãããã¼ãã§ãã
- sa-compileã§ã«ã¼ã«ãé«éååºæ¥ããæ¥æ¬èªåã®ãã®ã¯ãã¡ããã
- ASçªå·ã®ãã©ã°ã¤ã³ãããã
- å©ç¨éå§æã¯ãã¤ãºå¦ç¿ãã¾ã ãªã®ã§ required_score 5ã大ãããã¨ãã¦å¾ã ã«5ã«è¿ã¥ãã
- trusted_networks ã®è¨å®ã¯å¿ é
- è¨å®ãã¡ã¤ã«å¤ããã spamassasin --lint ãã¦ç¢ºèª
- spamass-milter ã¯ãæå¦ããå¯è½
- Thunderbirdã§SAã®ãããæ å ±å©ç¨ãããªãã·ã§ã³æå®ããã
- 12以ä¸ãªãééããªãã¹ãã ã§20以ä¸ãªãæ¨ã¦ã¦ããã ãã
- æ¥æ¬èªã«ã¼ã«èªåä½æã¹ã¯ãªãããããããã
TLECã¬ã·ã
- SAã¯æ¥æ¬èªåç¹æã®äºæ ãèæ ®ããã¦ããªã
- æ¬å®¶ã¬ã·ããçç³æ··äº¤ã§æå¤ã«ããã
- æ¥æ¬èªã¹ãã ã«ç¹åããã¬ã·ããTLECã¬ã·ã
- ã¡ã¿ã«ã¼ã«å¤ç¨
- â è¤åæ¡ä»¶ã§ãããããã¨ãã«ç¹æ°ãé«ããã
- è¯ã使ãããåçIPã¢ãã¬ã¹å¸¯ãç»é²ãã¦ãã
- â å®ã¯S25Rã¨åãæã«åãã£ã¦ããï¼ISPæ¯ã®ãã©ãã¯ãªã¹ã
- DNSBLãRazor2ã®ã«ã¼ã«ãåå¥ã§ã¯ä½ãã«ãã¦è¤åæ¡ä»¶ã§é«ããã
- æ£è¦è¡¨ç¾ã¯ãªãã¹ãå³å¯ã«æ¸ãã¦èª¤æ¤åºããªãããã«
- fullã«ã¼ã«ã§ã¯ã^ãã$ãã¯ã¡ã¼ã«é ã¨æ«ã表ãã®ã§æ³¨æ
- æ¾ç°ããã®åéãã¦ãã¢ãã¬ã¹ã§ã¯æ¥æ¬èªã¹ãã ã25%
- â yahooã®ã¢ãã¬ã¹ã¨ãã ã¨æ¥æ¬èªã¹ãã ãå¤ãï¼
- æ¥æ¬èªã¹ãã ã¯ã¢ã¸ã¢çºã98%ã ããbotnetã¯ä½¿ã£ã¦ãªãã ãã
- Gmailçºã¯å¤å®ãã¨ã¦ãé£ãã
- å ¬éã¢ãã¬ã¹ã¨(yahooã®ï¼)ããã¼ãããã¢ãã¬ã¹ã§ã¯å ¨ãéãã¹ãã ãæ¥ã
- CNCã°ã«ã¼ãããã®ã¹ãã ã8å²(2009/3æç¹)
ã¡ãªã¿ã«ä»åãå人çã«ä¸çªé¢ç½ãã£ããªããã¨æã£ãã®ã¯TLECã¬ã·ãã®æ¾ç°ããã®è©±ã§ããã
ä»ã®æ¹ã®å
容ã¯ããã¯ããããªãã«ãç¥ã£ã¦ããå
容ãå¤ãã£ãã®ã§ãããæ¾ç°ããã®è©±ã«ã¯èªåã®ç¥ããªãåéã®ãã¨ãå¤ããããããã¨åºæ¿ãããã¾ããã
ãã¯ãèªåã®ææ³çã«botçºã®ã¹ãã 対çã«ã¤ãã¦ç®ãåãã¦ãããã¨ãå¤ãã®ã§ãæ¥æ¬èªã¹ãã ã«ã¤ãã¦ã®è©±ãå¾åã«ã¤ãã¦ã¯ç¹ã«åèã«ãªãã¾ãããæ³¥èãä½æ¥ã£ã¦çµ¶å¯¾å¿
è¦ã ãã
ããã«é¢é£ãã¦ãå½ã«ããçµæ§ã¹ãã ã®å¾åãéãã®ã§ãã«ã¼ã«ã®ãã¼ã«ã©ã¤ãºã£ã¦å®ã¯éè¦ã ã¨æã£ã¦ããã®ã§ãããä»åç¹ã«ãã®æããå¼·ããã¾ããã
ä¾ãã°ãæµ·å¤ã®MLã§S25Rã®èª¬æããæãçµæ§å¦å®çãªæè¦ãããããã¨ããããã§ããããããå°åæ¯ã®ç¹æ§ãçµæ§å¤§ããããã«æãã¾ããä¸å½ãéå½ãªã©ãå½ã«ãã£ã¦éå¼ãè¨å®ããªãã®ãçµæ§è¯ããããæ®éãã¨ããå ´åãæ¥æ¬ã»ã©ã¯ä½¿ãåæè¯ããªãã§ãããããã
ä»å¾ãå®æçã«ãããã£ãåå¼·ä¼ãåºæ¥ãããã«ãããããã¨ãã話ãåºã¦ã¾ãã®ã§ãèå³ã®ããåå¼·ä¼éå¬è
ã®æ¹ã¯ããã¼ããã¾ã£ã¡ãããã«é£çµ¡ãã¦ããããã°è¯ãã®ããªï¼
ãããã¯ããã«ã³ã¡ã³ããã¦ããããã°ã
èªåã¯æ°ãã¿èããªãã¡ããªã
(é¢é£)
8/29(å)第9åã¾ã£ã¡ãï¼ï¼ï¼åå¼·ä¼ã§ãè¿·æã¡ã¼ã«å¯¾çãã®åå¼·ä¼ - ã¢ã¼ã°ã«ã¨ã«ãã¨ãã¦ãã¼ã®æ¥è¨
第2åé岡ITPROåå¼·ä¼ã§è©±ãã¦ãã¾ãã - ã¢ã¼ã°ã«ã¨ã«ãã¨ãã¦ãã¼ã®æ¥è¨