ECE4112 Internetwork SecurityLab XX: Secure Mail Server and Spam TechniquesGoalSummaryLab ScenarioSection 01: IntroductionQuestion 01.01Section 02: Information ExposureExample 02.01Example 02.02Question 02.01Section 03: InstallationGetting SetupSystem PreperationMail SoftwareMail InstallationMail SetupSpamassassinSpamassassin InstallationSpamassassin SetupProcmail FilterProcmail InstallationProcmail SetupQuestion 03.01OverviewSection 04: Windows Client SetupOutlook Express SetupQuestion 04.01SpamAssassin Bayesian LearningSection 06: OffenseQuestion 06.01Additional ResourcesSection 07: QuestionsQuestion 01.01Question 02.01Question 03.01Question 04.01Question 06.01General QuestionsAppendix A: Spamassassin CaveatsAppendix B: Additional ResourcesSpamAssassin ResourcesMail Server SetupOtherECE4112 Internetwork SecurityLab XX: Secure Mail Server and Spam TechniquesGroup Number: Group Member Names: 1) 2) 3) Date Assigned MM/DD/YYYY Date Due: MM/DD/YYYY Last Edited: MM/DD/YYYY Lab Authored by: Matt Peter & Parnav Sawjiany GoalThis Lab is designed to teach the student how to setup a secure mail server that is resistant to spam from both a system administrator and spammer’s perspective. SummaryThis lab will focus on the challenges of e-mail administration. To begin, we will walk through an installation of Mail Transport Agent (MTA) software, which allows us to receive email from other systems or users.Additionally, we will install a copy of Spamassassin, heuristic anti-spamsoftware which makes a best guess effort at determiniing whether or not a piece of mail is spam, and marking it accordingly. Then we will install software on our Windows XP machine that will allow us to craft spammy email messages. Lab ScenarioWe will use our VMware copies of RedHat 7.2 (hereafter known as “server”) and Windows XP (hereafter known as “client”). Server will runour mail software, and our client will serve first as a legitimate email user, and then later as a spammer. Maildir mailboxes .-----------, .----------, *********** .---------, | | | | * Inbox * | | | | ====> | Procmail | ===> * * <======> | Courier | <=== | Postfix | | | =\ *********** | IMAPD | ===> | MTA | `---------'/ | | | SMTP | | | |====> ************ | | to & | (Message | filtering | * YYY * | | from | Transfer | rules in \=>************ * <==> | | other | Agent) | .mailfilter * XXX * *** | | IMAP MTAs | | <--, *** * * <======> | | <-, `-----------' \ ************ `---------' \ \ \ V `---<----------------------------------------<--------------'/ SMTP outgoing mail \ \ .------------------------, \ `-> | | \ | IMAP capable Email | \ | client | \ | | `-----------<--------- |< SMTP outgoing mail | | | `------------------------'Section 01: IntroductionE-mail spam is a subset of spam that involves sending nearly identical messages to thousands (or millions) of recipients. Perpetrators of such spam (”spammers”) often harvest addresses of prospective recipients from Usenet postings or from web pages, obtain them from databases, or simply guess them by using common names and domains. By popular definition, spam occurs without the permission of the recipients. As the recipient directly bears the cost of delivery, storage, and processing, one could regard spam as the electronic equivalent of “postage-due” junk mail. However, the Direct Marketing Association will point to the existence of “legitimate” e-mail marketing. Most commentators classify e-mail-based marketing campaigns where the recipient has “opted in” to receive the marketer’s message as “legitimate”.Spammers frequently engage in deliberate fraud to send out their messages. Spammers often use false names, addresses, phone numbers, and other contact information to set up “disposable” accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one. Spammers frequently go to great lengths to conceal the origin of their messages. They do this by spoofing e-mail addresses (much easier than Internet protocol spoofing). The e-mail protocol (SMTP) has no authentication by default, so the spammer can easily make a message appear to originate from any e-mail address. To prevent this, some ISPsand domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an e-mail originates. Spammers cannot completely spoof e-mail delivery chains (the ‘Received’ header), since the receiving mailserver records the actual connection from the last mailserver’s IP address. To counter this, some spammers forge additional delivery headers to make it appear as if thee-mail had previously traversed many legitimate servers. But even when the fake headers are identified, tracing an e-mail message’s route is usually fruitless. Many ISPs have thousands of customers, and identifying spammers is tedious and generally not considered worth the effort. Spammers frequently seek out and make use of vulnerable third-party systems such as open mail relays and open proxy servers. The SMTP system, used to send e-mail across the Internet, forwards mail from one server to another; mail servers that ISPs run commonly require some form of authentication that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it quite a bit harder to track down spammers. Increasingly, spammers use networks of virus-infected Windows PCs