JEAG Recommendation (Outbound Port Blockin) 3 Japan Email Anti-Abuse Group 1. JEAG Recommendation JEAG Recommendation http://jea.jp/ 2. JEAG Recommendation JEAG RecommendationJEAG 3. JEAG Recommendation akairi@jea.jp(jeag )
http://jea.jp spamconf antispam ISP - OPB - ASP SIer NW
Outbound port Blockin Reputation RBL OPB JEAG Recommendation 2
Outbound Port Blockin SMTP AUTH Submission Port ISP A B ISP( A) ISP C B ISP A ISP
ISP B ISP A ( ) C ISP C A ISP ( ) ( ) ADSL dialup B ISP A ISP ISP 587 Radius Proxy Radius Ex NTT-E/W Internet Blockin Point
ASP/Hostin/ / f / :SMTP AUTH ASP/Hostin/ / f /
ASP/Hostin/ / c c d c / : OPB ASP/Hostin/ / c c d c a /
OPB ASP/Hostin/ / / OPB ASP/Hostin/ / /
Core 4: Core ISP Core 3: Ede OLT OLT 2: OLT 1: Ede Recommend
Recommend 1 : OPB ASP/Hostin/ / d e / Recommend 1 : OPB OPB ISP OPB ISP ISPIP IP Block
Recommend 2 : Submission Port 587 ASP/Hostin/ / b b b a b b b b / Recommend 2 : Submission Port 587 Submission Port (587 ) Global IP Address SMTP AUTH (SMTP AUTH (587) ) 587 SMTP AUTH POP ID/Password AUTH ID/Password (AUTH ID POP ID) POP before SMTP AUTHPBS
Recommend 2 : Submission Port 587 Messae Submission (RFC 2476) Dec. 1998 Messae Submission for Mail (RFC 4409) Apr. 2006 RFC2476 RFC4409 Require Authentication : Optional Actions Mandatory Actions Recommend 2 : SMTP AUTH 1) Port 587 Auth 2) Local Domain Auth Internet 587(non Auth) SMTP AUTH Spammer 587 Spammer Spool NON AUTH
Recommend 2 : POP before SMTP POP before SMTP 172.23.0.1 10 Internet POP SMTP POP NAT (masquerade): 172.23.0.1 192.168.0.0/24 IP bot Recommend 3 () ASP/Hostin/ / b b b a a b b b /
Recommend 3 () SMTP AUTH () () Global IP Address Recommend 5 Recommend 3 : () () () Internet MX OPB RBL RBL () () Auth mailbox IP bot IP
Recommend 3.1 A B ISP ASP/Hostin/ / b b / Recommend 3.1 A B ISP A ISP OPB B ISP Permit 1 B ISP A ISP OPB (587+Atuh)
Recommend 3.1 A B ISP ASP/Hostin/ / b b / Recommend 3.2 ASP/Hostin/ / /
Recommend 3.2 () Global IP Address ( Hostin ASP ) ISP OPB ISP OPB 6 7 OPB ISP Recommend 4 OPB ASP/Hostin/ / /
Recommend 4 OPB Source IP Address IP Destination Port TCP ISP A ISP () Recommend 4 OPB:Asymmetric Routin Attack Asymmetric Routin Attack IP Inbound Source Port Blockin -ISP IP Source Port Source Port IP (Source Address Validation) -Source Address Validation IP ISP
Recommend 4 OPB:Asymmetric Routin Attack Outbound Port Blockin Src Addr: A Dst Addr: Dst Port: A Recommend 4 OPB:Asymmetric Routin Attack Asymmetric Routin Attack Src Addr: B Src Addr: A Src Addr: A Dst Addr: Dst Port: Src Addr: Src Port: Dst Addr: A B A ISP
Recommend 4 OPB:Asymmetric Routin Attack Source Address ValidationAsymmetric Routin Attack Source Address Validation ISP Source Address Validation Src Addr: B Src Addr: A Src Addr: A Dst Addr: Dst Port: B A Source Address Validation Recommend 4 OPB:Asymmetric Routin Attack Asymmetric Routin Attack Source Address Validation ISP Src Addr: C Src Addr: A Src Addr: A Dst Addr: Dst Port: Src Addr: Src Port: Dst Addr: A C A Src Port A Src Port A Source Address Validation TCP
Recommend 4 : POP before SMTP Firewall / Proxy - Internet -Outoin 587(FW / Router) -587 (SMTP Proxy) Firewall 587 192.168.0.0/24 Recommend 5 () SMTP AUTH - RCPT TO Global IP Address OPB Spammer bot
Recommendation ASP/Hostin/ / / 2005 1-3 4-6 7-9 10-12 2006 1-3 4-6 7-9 10-12 2007 1-3 4-6 7-9 10-12 R1: OPB R2: Submission Port 587 R3: () 2006/05 2007/03 2008/03 R4: OPB 2006/12 R5:
port Port Spam http://jea.jp spamconf antispam