Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Jun 2008
    Posts
    6

    Default SPAM Detection with TLS-enabled SMTP gateway

    I do have a tricky issue. If I enable TLS on my SMTP gateway, the traffic between the SMTP sender and my receiving SMTP gateway is encrypted. Therefore my untangle machine cannot recognize SPAM and a VIRUS sent via a TLS enabled mail system.

    So I have two approaches, which compromise each other. Either secure my mail traffic or analyze SPAM & VIRUSES ...

    Do you have any idea or any plans to solve my problem?

    Greetings,
    Alex

  2. #2
    Newbie
    Join Date
    Sep 2008
    Posts
    6

    Default

    not graceful but you could add an extra smarthost outside of your untangle box (but still on a network that you have physically secure and therefore minimal snoop risk)

    SMTP Server <-nonTLS-> Untangle <-nonTLS-> SMTP smarthost |edge of 'safe' network| <-TLS-> External SMTP Servers

    just an idea, i dont consider myself an untangle guru. there's probably a more graceful way.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    This is all moot, if you want SMTP filtration to work as it is implemented in UT you need to have the Untangle server in front of the SMTP server that receives the mail. Once you have a server in your organization receive it and relay it you've already lost the opportunity to check it for spam. You may as well stick the UT on the "inside" of your mail server and check messages on the pop3/imap connection on the way to the client. The additional strength of the SMTP scan is already lost.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler JEllingson's Avatar
    Join Date
    Jan 2008
    Location
    Warner Robins, GA
    Posts
    342

    Default

    Most TLS implementations I am aware of require authentication to work. So only users of your system would be able to send those encrypted session SMTP messages. And unless you suspect your own users to be the generator of spam, there is no real need to scan those emails.

  5. #5
    Untanglit
    Join Date
    Dec 2009
    Posts
    26

    Default

    dont know if anyone ever followed this up

    i have my UT box on the perimeter, before our Exchange 2007 box. since implementing the UT system we've had a dramatic decrease in spam - but for some reason 1 to 2 "viagra" emails were getting through a day..

    i couldn't work it out until i took a few extra seconds to read the headers.. i'd missed where it had said "Microsoft Exchange (TLS)".

    It seems some smart little buggers are sending their spam out via TLS and it's getting ignored by the UT box.

    How does one go about just blocking TLS emails?

  6. #6
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    If you have TLS enabled on UT to be allowed, it can not scan the email. I could not find a way in our setup to avoid the extra spam. If you find one, please share.

  7. #7
    Master Untangler
    Join Date
    Sep 2007
    Posts
    143

    Default

    The only immediate solution for this is to run local spam filtering on your mail servers. Local spam filtering will scan email after the TLS connection has been terminated at the mail daemon (e.g. Postfix) and delivered to the mail queue and on to the mail box.

    Relying on perimeter, inline spam filtering only won't address the recent barrage of TLS sent spam due to the UTM (Spam Filter / Commtouch) being unable to inspect TLS encrypted traffic at layer 5 / 6.

  8. #8
    Master Untangler JEllingson's Avatar
    Join Date
    Jan 2008
    Location
    Warner Robins, GA
    Posts
    342

    Default

    I run Exchange and turned off TLS/SSL on port 25. Port 25 only allows inbound non-encrypted emails.

    I then opened SMTP/SSL port 465 and set it to only allow authenticated access (not just for relay, for access too). And have all my client apps use that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2