1.0 Intelligent Campus Network Solution 2.0 IDC Data Center Network Solution 3.0 Enterprise Cloud Solutions 4.0 Overall Information Security Solution 5.0 Smart Wireless Total Solution 6.0 HD Video Conference Solution 7.0 IDC Computer Room Construction Solution 8.0 Intelligent Weak Current Solution 9.0 Intelligent Building Solution 10.0 Intelligent Management Center Overall Solution

1.0 Intelligent Campus Network Solution

2.0 IDC Data Center Network Solution

3.0 Enterprise Cloud Solutions

4.0 Overall Information Security Solution

5.0 Smart Wireless Total Solution

6.0 HD Video Conference Solution

7.0 IDC Computer Room Construction Solution

8.0 Intelligent Weak Current Solution

9.0 Intelligent Building Solution

10.0 Intelligent Management Center Overall Solution

4.11 Email Security Overall Solution
4.11 Email Security Overall Solution
Date: 2018-12-06


Application background

E-mail system is one of the most important information communication methods for enterprises. Its convenient, fast, and low-cost features make the use of e-mail a daily habit of people's work and life. However, due to the spread of spam, corporate email systems are often plagued by a large number of spam and virus emails. On the other hand, unaudited e-mail systems are also vulnerable to abuse, leaking corporate secrets, or sending unrelated emails.

A complete email security solution should include three areas:

1 The security of the mail system itself.

relay 并对 SMTP 连接作相应限制;开启 SMTP 认证等。 The mail system should comply with the corresponding specifications: to prevent hackers or other unauthorized users from illegally accessing the mail server; to prevent virus infection; to close relay and restrict the SMTP connection accordingly; to enable SMTP authentication, etc. 2003 年以前国家信产部提出的关于邮件安全主要内容就是这些。 The main content of mail security put forward by the Ministry of Information Industry before 2003 was this. With the development of technology, the mail system manufacturers can well support the above functions. When implementing the overall solution of mail security, it will help customers check whether the mail system itself has potential security risks and propose corrections.

2 Anti-Spam System

2003 年起,由于垃圾邮件迅速增多,邮件系统本身的垃圾邮件过滤功能薄弱,企业纷纷购买专业的反垃圾邮件网关产品对垃圾邮件进行过滤。 Since 2003 , due to the rapid increase of spam, the spam filtering function of the mail system itself is weak, and companies have purchased professional anti-spam gateway products to filter spam.

3Mail storage gateway.

2006 年起,随着企业在运营管理、内部控制和法规遵从方面的要求也越来越高。 Since 2006 , with the increasing requirements of enterprises in operation management, internal control and regulatory compliance. SOX 的要求,所有可能最终涉及财务报告的内部资料均需存档以备核查,因此,公司的邮件消息需要有完整、可靠的存档,并在需要时可迅速查询。 According to the requirements of SOX , all internal information that may ultimately involve financial reporting needs to be archived for verification. Therefore, the company's mail messages need to be completely and reliably archived and can be queried quickly when needed. The mail storage gateway is an integrated hardware and software solution that helps enterprise users archive all mail sent and received. The mail storage gateway automatically stores and indexes all messages in real time, enabling authorized users to quickly find and retrieve messages.

Overall Email Security Solution

Overall description:

1In the enterprise's existing network architecture, one or two high-end models of anti-spam products are used as anti-spam gateways to scan emails from the Internet for spam and virus emails. After filtering is completed, normal emails will be scanned. Send to mail server.

2 Under the existing network architecture, install a high-end model mail storage gateway to store and back up all incoming and outgoing mail.

  • Solution topology diagram

Third, the implementation plan

1.   DMZ 区域。 It is recommended that the spam firewall, mail storage gateway, and mail server be physically connected in parallel and deployed in the DMZ area.

2.   MX 记录更改到上,这样来自互联网的邮件将先发送到上,过滤完成后发送到邮件服务器上。 It is recommended to use a spam firewall to change the MX record to the above, so that the mail from the Internet will be sent to the first, and the filtering will be sent to the mail server. 2 台进行冗余 ,实现对邮件数据的同步,并且提高整体的邮件处理能力。 In order to avoid a single point of failure in the entire mail routing process, we use two for redundancy to achieve synchronization of mail data and improve the overall mail processing capacity.

3.   Smarthost ,将所有外发的邮件发送到上,记录扫描后发往 Internet Set up Smarthost on the mail server , send all outgoing mails to it, and send them to the Internet after scanning .

4.   journaling )功能,将需要进行归档发送到邮件存储网关上;但推荐使用反垃圾邮件的 journaling 功能,将所有发送和接收的邮件发送到邮件存储网关上。 Enabling the journaling function of the background mail server will be archived and sent to the mail storage gateway ; but the anti-spam journaling function is recommended to send all sent and received mail to the mail storage gateway.

5.   remote journal account 功能,自动从邮件服务器抓取 journaledmessages ,推荐使用 IMAP 协议,可以在抓取的过程中,保留相应的附本在邮件服务器。 By enabling the remote journal account function of the mail storage gateway to automatically grab journaled messages from the mail server , it is recommended to use the IMAP protocol, which can keep the corresponding attached copies in the mail server during the crawling process. The mail storage gateway will automatically index, classify, and manage users based on all archived mail.

6.   SMB/CIFS 的存储服务器,实现 raid 0 raid 1 的存储空间扩展,避免因为邮件存储网关的故障导致数据的丢失。 The external storage management function of the mail storage gateway can cooperate with the storage server that supports SMB / CIFS to realize the storage space expansion of raid 0 and raid 1 to avoid data loss due to the failure of the mail storage gateway.

Fourth, anti-spam product introduction

1How Anti-Spam Works

Twelve layers of filtering model

Each incoming mail must pass up to twelve layers of anti-spam filtering. Only after passing all twelve layers of filtering, will it be forwarded to the mail server, thereby protecting the mail server from spam. Layer filtering is:

) 拒绝服务攻击及安全防护层: 可有效地阻止针对邮件服务器的DoS或DDoS攻击。 1 ) Denial of service attack and security protection layer: can effectively prevent DoS or DDoS attacks against mail servers.

) 速率控制 :该层检查每个IP的连接频率,如超过用户定义值,则阻止其连接,直至符合规定。 2 ) Rate control : This layer checks the connection frequency of each IP. If it exceeds a user-defined value, it blocks its connection until it meets the regulations. This layer can also limit the number of messages per connection, the duration of each connection, and so on. Protect your mail server from massive email attacks.

) IP过滤层: 该层对邮件的IP来源进行分析,阻止不良IP来源的邮件。 3 ) IP filtering layer: This layer analyzes the IP source of the mail and blocks the mail from bad IP sources. Including real-time black and white list library analysis, international and domestic public RBLs analysis, user-defined IP black and white list analysis. This layer can filter more than 30% of spam and even block more than 90% of spam in some areas.

) 发送者验证 :该层对发件人的合法性进行分析,阻止不良或虚假的发件人。 4 ) Sender verification : This layer analyzes the sender's legitimacy to prevent bad or fake senders. Including: sender domain name legality detection, authenticity detection, whether it is forged that someone else's domain is sending emails, whether it can pass SMTP authentication, etc.

) 收件人验证: 该层对收件人的合法性进行分析,拒绝不存在的收件人邮件。 5 ) Recipient verification: This layer analyzes the legitimacy of the recipient and rejects non-existent recipient emails. Including: whether it is a forwarding judgment, query whether the recipient exists through SMTP or LDAP. Through the above detections, dictionary attacks and directory attacks are effectively prevented.

) 双层病毒防护: 采用open resource的clamd防毒引擎以及公司原创的防毒引擎,进行严格的双层交互病毒防护。 6 ) Double-layer virus protection: Adopt open resource clamd anti-virus engine and the company's original anti-virus engine for strict double-layer interactive virus protection. It can continuously prevent various viruses, and can also identify phishing emails and some spyware. This layer also performs virus checks on compressed files.

)用户自定义规则: 用户自定义的各种规则的检查,如关键字检查、附件类型等。 7 ) User-defined rules: User-defined checks of various rules, such as keyword checks, attachment types, etc.

该层依托庞大的邮件指纹库进行核查。 8) Spam email fingerprint check: This layer relies on a huge email fingerprint database for verification. Sample sources of spam are, 1 The large number of honeypots that Bovet has installed worldwide. This is the main source of fingerprint samples. 2 Thousands of sorted spam messages worldwide. 3 Individual spam samples sent by users of certain models.

该层依托博威特公司建立的bsf数据库对邮件中的URL地址进行检查。 9) Intent analysis: This layer checks the URL addresses in the emails based on the bsf database established by the company. The earliest product to adopt intent analysis technology. Powerpoint updates hundreds of URLs every day.

传统的过滤技术无法对图片进行识别过滤。 10) Image analysis: Traditional filtering techniques cannot identify and filter images. The company has been monitoring and monitoring the latest changes and trends in Internet spam. The earliest released picture spam forecast and warning. The earliest proposed solution for picture spam. That is, the third-generation OCR technology is mainly used, and the mail fingerprint technology is used as a supplement to identify pictures.

贝叶斯分析是最经典的反垃圾邮件技术之一,它对邮件的可能性进行推理分析。 11) Bayesian analysis: Bayesian analysis is one of the most classic anti-spam technologies. It performs inference analysis on the possibility of emails. Bayesian technology makes it possible to make targeted judgments based on the characteristics of spam and normal mail of different users. To improve filtering accuracy and reduce false positives, Bayesian technology makes it "smarter".

根据规则对邮件进行评分,并整合垃圾邮件指纹检查、贝叶斯分析给出的评分,给出邮件的最终得分。 12) Scoring value of spam emails: Scoring emails according to rules, and integrating spam fingerprint check and Bayesian analysis to give the final score of emails.

The twelve layers of filtering have been carefully arranged, and the detection process conforms to four rules:

若某一层过滤判定该邮件不合法或为垃圾,则立即阻断该邮件,结束进程,后面的各层检查不再进行。 The spam termination rule: If a certain layer of filtering determines that the email is illegal or spam, it will immediately block the email and end the process. The subsequent layers will not be checked.

一个完整的smtp邮件发送从helo命令开始,因此从该进程的第一条命令开始依次进行检查。 Sequential check rule: a complete smtp email is sent from the helo command, so the check is performed in order from the first command of the process. If it is found as junk, the rest of the data will no longer be received.

占用系统资源较少的过滤层优先,耗费系统资源大的过滤层靠后。 Low-consumption priority rule: The filter layer that occupies less system resources takes precedence, and the filter layer that consumes more system resources comes later. In this way, the system can process the maximum amount of mail with minimal consumption.

涉及到系统重要安全的检查先进行。 Safety Priority Rule: Checks that involve important system security are performed first.

2 Anti-Spam Advantages:

采用了业界最先进的分层过滤技术,并使用了多种高级内容检测技术,如图片分析技术、意图分析技术、贝叶斯过滤技术、邮件指纹技术、 PDF 文件过滤技术等。 Anti-spam technology advantages: Adopting the industry's most advanced layered filtering technology, and using a variety of advanced content detection technologies, such as image analysis technology, intent analysis technology, Bayesian filtering technology, email fingerprint technology, PDF file filtering technology Wait. 7*24 小时监控互联网络,即使升级产品,确保能够过滤最新型垃圾邮件。 The center also monitors the Internet 7 * 24 hours to ensure that the latest spam can be filtered even if the product is upgraded.

:设备是专门为大型企业及电信用户开发的,每天可以处理 50-100 万封垃圾邮件。 Powerful processing performance : The device is specially developed for large enterprises and telecommunications users, and can handle 500,000 to 1 million spam messages per day .

过滤效果广受赞誉,垃圾邮件过滤率可达 96%-98% High filtering rate and low false positive rate: The filtering effect is widely praised, and the spam filtering rate can reach 96% -98% .

安装简单,只需 10 分钟即可完成部署。 Easy to install and use: Installation is simple and deployment takes only 10 minutes. Web management interface, easy to understand, detailed online help. The virus database and the spam rule base are automatically updated, so they can be ignored after installation.

多层病毒扫描机制,零时病毒防护,具备安全库更新可以防止各种邮件攻击或针对本身的攻击。 High security: Multi-layer virus scanning mechanism, zero-hour virus protection, and security library update can prevent various email attacks or attacks against itself.

完全数据库化的日志系统,处理过程对用户透明,提供数十种日志搜索方式,提供模糊搜索、组合搜索;提供十多种不同形态的报表。 The log report function is powerful and detailed: the fully database-based log system, the processing process is transparent to the user, provides dozens of log search methods, provides fuzzy search, combined search, and provides more than ten different forms of reports.

V. Introduction to Mail Storage Gateway

The mail storage gateway is an integrated software and hardware integrated solution that helps enterprise users archive all mail sent and received. The mail storage gateway can automatically store and index all mails in real time, enabling administrators and users to search and retrieve mails very quickly and easily.

1 Features of the mail storage gateway

Storage gateways can help companies meet the high demands for process control in Sarbanes' case. include:

能够支持本公司 2 年内的电子邮件存档需求; Able to support our company 's email archiving needs within 2 years;

对进出邮件全部存档,没有遗漏,包括附件; Archive all incoming and outgoing messages without omissions, including attachments;

不存档垃圾邮件; do not archive spam;

应尽可能支持单副本附件; Single copy attachments should be supported to the extent possible;

存档内容不可选择性删除、改写,也不受用户删除、改写的影响; Archive content cannot be selectively deleted or rewritten, nor is it affected by user deletion and rewriting;

需要时可在一天内完成检索; Search can be completed within one day when needed;

支持对邮件体文本和常见附件的全文检索; Support full-text retrieval of body text and common attachments;

可以根据时间、收件人、发件人、主题、正文和附件内容进行快速检索; Quick retrieval based on time, recipient, sender, subject, body and attachment content;

对存档内容进行检索时,需有授权; Authorization is required to retrieve archived content;

需同时制订一个管理规范,对运行管理与维护、数据备份、销毁、检索过程进行规定。 At the same time, a management specification needs to be formulated to specify the operation management and maintenance, data backup, destruction, and retrieval processes.

Advantages of 2 mail storage gateways:

Easy to install and use IP ,连通网线即可。 The installation of the mail storage gateway is very simple and convenient. Just follow the installation topology diagram below, and simply set the IP and connect the network cable. No need to modify firewall, router, etc. settings. It usually takes only ten minutes to complete the installation and get started. It also does not require administrators to monitor and adjust settings during use. It is a simple and reliable product that is ready to use without management.

It can also be used in combination with an anti-spam gateway to double protect and expand your key email application systems:

Cost-effective, zero-maintenance solution The mail storage gateway does not charge according to the specific number of mail users. The dedicated hardware architecture makes its maintenance costs very low. At the same time, it makes complex systems such as archiving very simple and intuitive. At the same time, its own reinforced security system ensures high security. . Become a professional mail archive backup system with high performance and low price that every enterprise can use.

Real-time anti-virus capabilities 99% 以上的病毒邮件过滤率。 The mail storage gateway also provides additional virus protection functions. This function uses a built-in powerful virus filtering engine. The virus signatures can be upgraded as fast as hourly, reaching a virus mail filtering rate of more than 99% .

Comprehensive archiving capabilities TB 级的存储容量: The mail storage gateway has a very powerful mail archive storage capability, with terabytes of storage capacity:

© 2016 Guangzhou Mingchuang Network Technology Co., Ltd. All rights reserved Technical support: 35