Changes

From SME Server
Jump to navigationJump to search

SMEOptimizer (view source)

Revision as of 14:59, 16 June 2022

2,258 bytes added ,  14:59, 16 June 2022
→‎RPM Download instructions
Line 8: Line 8:     
=====SME Dedicated DNS Blacklist=====
 
=====SME Dedicated DNS Blacklist=====
The first functionality is a SME dedicated DNS Blacklist which is partially based on the user contributions. With SME Optimizer you provide data about your spam rejects and in return you get access to a large DNS blacklist. This blacklist is both providing IP as well as URI based lists and comes as a configuration option to SpamAssassin. The DNS Blacklist has as of today (October 2016) around 1.4 mio. Spam, Malware and Ransomware IP addresses as well as around 350,000 URIs. These will be provided as part of the DNS Blacklist.
+
The first functionality is a SME dedicated DNS Blacklist which is partially based on the user contributions. With SME Optimizer you provide data about your spam rejects and in return you get access to a large DNS blacklist. This blacklist is both providing IP as well as URI based lists and comes as a configuration option to SpamAssassin or it can directly reject via the qpsmtpd plugin. The DNS Blacklist has as of today (October 2016) around 1.4 mio. Spam, Malware and Ransomware IP addresses as well as around 350,000 URIs. These will be provided as part of the DNS Blacklist.
    
=====Server Monitoring=====
 
=====Server Monitoring=====
Line 93: Line 93:  
  -contact=[Email]:        Set the contact email address where alerts are sent to - default admin@<your domain>.
 
  -contact=[Email]:        Set the contact email address where alerts are sent to - default admin@<your domain>.
 
  -VTAPI=[API Key]:        This is the VirusTotal public API key used to check attachments (will remain local).
 
  -VTAPI=[API Key]:        This is the VirusTotal public API key used to check attachments (will remain local).
 +
-DNSBL=[qpsmtpd|sa]:    This configures whether the DNS blacklist lookup rejects directly (qpsmtpd) or scores (sa=SpamAssassin).
   −
==FAQ==
+
 
* Question: What is transferred from my server to the central server as part of the spam report that is used to build the DNS Blacklist?
+
==Privacy and Security==
** Answer: The qpsmtpd plugin captures the sender domain and the sending ipaddress, the qpsmtpd plugin which rejected the mail and the plugins return text.
+
The solution is dependent of the joint forces of the contributing SME servers and therefore data is shared to succeed. All communication between your SME servers and the SMEOptimizer server(s) are done via HTTPS when reporting and simple DNS lookups when checking.
 +
 
 +
====DNS Blacklist====
 +
All IP and URL/URI checks are performed a simple DNS lookups either inline via the qpsmtpd plugin or through SpamAssassin. The sending IP address or domain is used for this lookup just as any other DNS blacklist (Spamhaus, etc.).
 +
 
 +
When your own server, based on your configured DNS blacklists, rejects a mail the SMEOptimizer qpsmtpd plugin will capture the sending IP address and the sender domain as well as the return text from the dnsbl plugin (Usually a link provided by the DNS blacklist service for further details). These details are stored in a local MySQL database and on a hourly basis transferred via HTTPS PUT to the SMEOptimizer server. Here, based on a score system, they are added to the shared DNS Blacklist for all to benefit from.
 +
 
 +
====Attachment Filter====
 +
The system will generate a SHA1 hash based on the attached file and check this hash via a DNS lookup against the SMEOptimizer DNS server. If there is a match (A record), then the TXT record for this key provides a SHA256 and a filesize as well as Virus/Malware description. The SHA256 and size will be used to double verify the match and the description to provide a proper reject message in the qpsmtpd plugin.
 +
 
 +
If there is not match, then the SHA1, SHA256, file size and filename is stored in a local MySQL database. The SHA256 is checked up against VirusTotal and if there is a match then SHA1, SHA256, file size and filename will be sent to the SMEOptimizer server via a HTTPS PUT request. VirusTotal only allows free checke every 15 seconds and therefore this cannot be done inline (within the qpsmtpd plugin).
 +
 
 +
A no time will any attachment content leave your local server and be shared anywhere.
    
==Uninstall SMEOptimizer==
 
==Uninstall SMEOptimizer==
Line 124: Line 137:  
  wget http://smeoptimizer.com/downloads/SME9/perl-JSON-2.50-1.el6.rfx.noarch.rpm
 
  wget http://smeoptimizer.com/downloads/SME9/perl-JSON-2.50-1.el6.rfx.noarch.rpm
 
  yum localinstall perl-Digest-MD5-File-0.07-1.el6.rf.noarch.rpm perl-JSON-2.50-1.el6.rfx.noarch.rpm
 
  yum localinstall perl-Digest-MD5-File-0.07-1.el6.rf.noarch.rpm perl-JSON-2.50-1.el6.rfx.noarch.rpm
 +
 +
== Bugs ==
 +
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
 +
and select the smeoptimizer component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeoptimizer|title=this link}}.
 +
 +
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeoptimizer|noresultsmessage="No open bugs found."}}
 +
 
----
 
----
 
[[Category:Contrib]]
 
[[Category:Contrib]]
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/33460...41194"

Navigation menu