基于Netfilter的垃圾邮件过滤网关的设计和实现

【作者】 张益；

【导师】 秦志光；

【作者基本信息】 电子科技大学 ， 计算机应用， 2006， 硕士

【摘要】 随着Internet应用的迅猛发展,电子邮件得到了越来越广泛的应用,给人们工作和生活带来了巨大便利。与此同时,大量的商业、社会和政治等垃圾邮件日益成为电子邮件使用者所面临的头痛问题。如何有效地过滤掉各种垃圾邮件已经成为众多研究者所关注的课题。目前绝大部分的邮件过滤方式都可大致分为两类:邮件客户端过滤和邮件服务器端过滤。而随着如今邮件流量和用户数量的迅猛增长,这种在集成在邮件服务器上过滤系统越来越暴露出它的缺点:对服务器资源的消耗大,影响了正常邮件服务。对于一个小型的邮件服务器(如公司内部使用的),现今的过滤手段又显得配置复杂,大材小用。本课题的来源是华为公司高校基金项目“基于P2P模式的垃圾邮件过滤网关”。本文首先介绍了一些传统邮件过滤技术,如实时黑白名单、反向DNS查询、贝叶斯过滤、基于规则的过滤等等,并总结了它们的特色和不足之处。在此基础上提出了一个基于Netfilter架构的垃圾邮件过滤网关模型,其基本特点是:过滤网关同邮件服务器分离,对用户透明存在,配置简单。该模型综合运用了多种技术,可划分为以下七个模块:数据包重定向模块,协议分析模块,攻击防护模块,邮件头分析模块,规则过滤模块,贝叶斯过滤模块,查毒模块,查询管理模块。其中前两者又可称作邮件截获引擎子系统。接着详细介绍了作者的主要工作:实现透明网关的邮件截获引擎,包括透明网关的搭建、数据包的捕获、邮件的还原、以及一个双缓冲可重入邮件队列的实现,并为垃圾邮件判定子系统提供了接口。在具体实现中,使用了Netfilter/Iptables系统,设计了“扣留最后一个包”算法实现数据包的重定向,模拟了一个专门针对SMTP协议的精简协议栈,以及在邮件队列中使用了双缓冲和多线程技术。然后相对简略介绍了垃圾邮件判定子系统的设计实现原理:包括邮件头分析、贝叶斯过滤和基于规则的过滤。最后给出了系统的测试方法和结果,并给出了在实验室内网中测试的结果,证明了该系统方案设计是合理可行的,并对以后的改进和扩展提出了建议。更多还原

【Abstract】 With the boom of Internet, Email is put into use widely for the great convenience of our work and life. At the same time, more and more Spam(or trash mail) became a big trouble for the Email users. How to filter Spams about all the types effectively is now a hotspot problem for many researchers.There are two ways for filtering Spam mostly, Client Filtering and Server Filtering. Present Spam-filtering systems using Server Filtering technique have their flaws. The first is that too much server resources are consumed by the Spam-filtering, which influence the common Email service. Secondly, they are complicated to configure and use in a smaller network, for example, a company Intranet.In the first part of this article, some traditional Spam-filtering techniques, including Real-time Black List, Reverse DNS Requirement, Bayes Filtering, Filtering based on rules, etc. are introduced. Through analyzing their features and deficiency, a Spam-filtering model based on Netfilter frameworks is proposed. It has features as separating from Email server, transparent for Email users and easy to configure and use. It consists of seven modules as following: IP packet re-direction, protocol analyse, attack protection, mail head analyse, Bayes filtering, filtering based on rules, virus check and administrator requirement. The first two of these are also called Email capturing engine.Consequent content of this article is about how to design and implement a high-speed Email capturing engine which is also the main course of my work. It includes constructing a transparent networks gateway, capturing IP packets, restoring SMTP Emails, and the implementation of a re-entered mail queue with two buffers. Afterwards, a relatively brief introduction to Spam Judge Subsystem is given, including mail head analyse, Bayes filtering and filtering based on rules.At the end, approaches to test this Spam-filtering system are illuminated and some successful tests are done in our lab’s Intranet. An advice to improve it is also mentioned.更多还原