CN118301123B - Mail sending method, mail sending device, storage medium and electronic equipment - Google Patents
Mail sending method, mail sending device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN118301123B CN118301123B CN202410719224.1A CN202410719224A CN118301123B CN 118301123 B CN118301123 B CN 118301123B CN 202410719224 A CN202410719224 A CN 202410719224A CN 118301123 B CN118301123 B CN 118301123B
- Authority
- CN
- China
- Prior art keywords
- auditing
- information
- sending
- split
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000005540 biological transmission Effects 0.000 claims abstract description 28
- 238000012795 verification Methods 0.000 claims abstract description 11
- 238000004891 communication Methods 0.000 claims description 13
- 238000000605 extraction Methods 0.000 claims description 10
- 230000000903 blocking effect Effects 0.000 claims description 8
- 230000002265 prevention Effects 0.000 claims 2
- 238000012550 audit Methods 0.000 description 36
- 238000012545 processing Methods 0.000 description 12
- 230000001960 triggered effect Effects 0.000 description 9
- 239000003795 chemical substances by application Substances 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000000586 desensitisation Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012012 milestone trend analyses Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a mail sending method, a mail sending device, a storage medium and electronic equipment, and belongs to the technical field of network security. The method comprises the following steps: the method comprises the steps that mail information to be sent is obtained through a Mail Transmission Agent (MTA), the mail information comprises a receiving object set and sending content, and mail domain names of at least two receiving objects in the receiving object set are different; splitting the mail information according to the mail domain name to form a plurality of split mails; sending the split mail to a data leakage protection DLP for auditing to obtain a mail auditing result; and sending the mail information after the verification is finished. The application can efficiently manage the mail sending flow.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a mail sending method, a device, a storage medium, and an electronic apparatus.
Background
In some business exchanges for medium and large companies, mail is less useful for delivering messages. Generally, to ensure information transmission security, an MTA (MAIL TRANSFER AGENT, mail transmission agent) and a DLP (data leakage protection, DATA LEAKAGE priority) are configured, mail transmission is performed through the MTA, and information transmission is securely regulated through the DLP.
However, in the prior art, in order to improve the security monitoring of the mail sending information, a very large number of auditing and checking mechanisms are set, but the efficiency of mail transmission is ignored, so that the sending efficiency of the mail is lower under the condition that a large number of mails are sent at the same time.
Disclosure of Invention
In view of the foregoing, there is a need for providing a new mail sending method, apparatus, storage medium, and electronic device, which solve at least one of the above-mentioned technical problems.
The first aspect of the application provides a mail sending method, which comprises the following steps:
The method comprises the steps that mail information to be sent is obtained through a Mail Transmission Agent (MTA), the mail information comprises a receiving object set and sending content, and mail domain names of at least two receiving objects in the receiving object set are different;
splitting the mail information according to the mail domain name to form a plurality of split mails;
Sending the split mail to a data leakage protection DLP for auditing to obtain a mail auditing result;
and sending the mail information after the verification is finished.
In one embodiment, the splitting the mail information according to the mail domain name to form a plurality of split mails includes: and splitting each receiving object belonging to the same mail domain name as a unit, so that the receiving objects belonging to the same mail domain name are positioned in the same split mail.
In one embodiment, the sending the bypass mail to the data leakage protection DLP for auditing includes: and determining an auditing mode of each split mail according to the sender information in the mail information, wherein the auditing modes comprise serial auditing and parallel auditing.
In one embodiment, the auditing each of the split emails includes:
And when the auditing mode is serial auditing, auditing the second shunt mails positioned behind the first shunt mails based on the auditing cache records of the first shunt mails sequenced at the first position.
In one embodiment, the auditing each of the split emails includes: when the auditing mode is parallel auditing, before the auditing result of the first arrived third shunting mail does not come out, setting the fourth shunting mail which is not arrived first to be in a blocking state, and activating the auditing of the fourth shunting mail after the auditing result of the third shunting mail is obtained.
In one embodiment, the sending the bypass mail to the data leakage protection DLP for auditing includes:
Acquiring a first receiving object set in the mail information by calling an envelope recipient extraction command;
acquiring a second receiving object set in the mail information by calling a message header extraction command;
comparing the first receiving object set with the second receiving object set, and judging the receiving objects in the second receiving object set but not in the first receiving object set as mail closely-transmitted objects;
and auditing the split mail containing the mail secret delivery object based on auditing rules aiming at the secret delivery object.
In one embodiment, the auditing the split mail including the mail cipher sending object based on the auditing rule for the cipher sending object includes:
And deleting the secret sending object in the mail information when the sending content belongs to the sensitive information for the secret sending object, so as to prevent the sending content from being sent to the secret sending object.
In one embodiment, the sending the bypass mail to the data leakage protection DLP for auditing includes:
the DLP establishes communication connection with the MTA;
the DLP initiates an smtp session to the MTA;
Acquiring envelope header information, envelope recipient information and sending content information in the split mail through the MTA;
and combining the obtained envelope header information, envelope recipient information and sending content information into the split mail for auditing.
In a second aspect of the present application, there is provided a mail sending apparatus comprising:
the mail information acquisition module is used for acquiring mail information to be transmitted through a Mail Transmission Agent (MTA), wherein the mail information comprises a receiving object set and transmission contents, and mail domain names of at least two receiving objects in the receiving object set are different;
The mail distribution auditing module is used for distributing the mail information according to the mail domain name to form a plurality of distributed mails; sending the split mail to a data leakage protection DLP for auditing to obtain a mail auditing result;
And the mail sending module is used for sending the mail information after the verification is finished.
In a third aspect of the present application, there is provided an electronic apparatus comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the mail sending method according to any one of the embodiments of the present application.
In a fourth aspect of the present application, there is provided a computer storage medium storing executable instructions that, when executed by a processor, cause the processor to perform a mail sending method according to any one of the embodiments of the present application.
According to the mail sending method, the device, the storage medium and the electronic equipment, the mail is monitored by calling the MTA, the mail information is shunted according to the domain name of the received object, and the mail sending flow can be efficiently managed by auditing through DLP aiming at shunting mails.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope of the present application.
FIG. 1 is a flow diagram of a method of sending mail in one embodiment;
FIG. 2A is a logic diagram of a serial audit of split mail in one embodiment;
FIG. 2B is a logic diagram of a parallel audit of split mail in one embodiment;
FIG. 3 is a block diagram showing the structure of a mail sending apparatus in one embodiment;
fig. 4 is a block diagram of an electronic device in one embodiment.
Detailed Description
Hereinafter, embodiments of the present application will be described with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the application. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The words "a", "an", and "the" as used herein are also intended to include the meaning of "a plurality", etc., unless the context clearly indicates otherwise. Furthermore, the terms "comprises," "comprising," and the like, when used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
In addition, although the terms "first," "second," "third," etc. may be used herein to describe various elements (or various processes or various applications or various instructions or various operations), etc., these elements (or processes or applications or instructions or operations) should not be limited by these terms. These terms are only used to distinguish one element (or process or application or instruction or operation) from another element (or process or application or instruction or operation).
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
In one embodiment, as shown in connection with fig. 1, there is provided a mail sending method, the method comprising:
Step 102, acquiring mail information to be sent through a mail transmission agent MTA, wherein the mail information comprises a receiving object set and sending content, and mail domain names of at least two receiving objects in the receiving object set are different.
In this embodiment, the user may write the mail information to be sent on the client such as the mobile phone and the computer, and send the mail by triggering the corresponding sending control. For example, the mail may be sent via an associated mail client or directly in a browser. And the electronic equipment deployed with the MTA service responds to the mail sending instruction, acquires mail information edited by the user, and transmits the mail information to a pre-deployed mail transmission agent MTA. Alternatively, the electronic device in which the MTA service is deployed may be the client itself of the user, or may be another server or client.
The electronic device may pre-start the MTA service, monitor the mail to be sent in real time through the MTA service, and obtain the corresponding mail information. The mail information comprises mail identification, sender information, a receiving object set, sending content and the like. The mail identifier is used for uniquely identifying the mail information, and may be composed of one or more of a number, a letter, a special symbol, etc. of a preset number of digits. The receiving object set contains a plurality of receiving objects, and the receiving objects can comprise one or a combination of a plurality of receiving types of receiving objects, copying objects, close-fed objects and the like. The sender information comprises a mailbox account of the sender, and the receiving object comprises receiving the mailbox account of the mail.
For example, the MTA service may be any one of postfix, sendmail, qmail, exim, etc.
In the same mail to be sent, the mail domain names of the receiving objects can be the same or different. For example, in a certain mail message to be sent, the mail domain name of the existing receiving objects 1 and 2 is a Gmail domain name, the domain name of the receiving object 3 is an Outlook domain name, the domain names of the receiving objects 4 and 5 are QQ mailbox domain names, and the receiving objects 1-5 can be any one or more of the receiving objects, the copying objects and the close-fed objects.
And 104, splitting the mail information according to the mail domain name to form a plurality of split mails.
In this embodiment, after receiving the mail information to be sent, the MTA reads the header information of the mail, obtains the sender information and the receiving object set, obtains the content of the mail, and performs mail splitting by combining the receiving object set and the content of the mail, and sends the formed split mail to the DLP system for content auditing and protection.
Specifically, since servers corresponding to receiving objects of different mail domain names may be different from each other, and when the transmission content is transmitted to the receiving objects of different domain names, there is also no necessity that the risk of data leakage is the same. Therefore, the electronic equipment configures corresponding mail distribution rules in advance according to different mail domain names, and divides the receiving objects of one or more domain names into the same distributed mail. For example, when N mail domain names exist, the electronic device may form the same split for the receiving objects under the two types of domain names, that is, the mail domain name a and the mail domain name B, use the receiving object under the mail domain name C as an independent split, and form the same split for the receiving object under the mail domain name D, E, F.
It will be appreciated that the information in each formed split mail is part of the complete mail information to be sent, i.e. belongs to a subset of the mail information, and that the same content exists in multiple split mails, such as all having the same sending content, sender information, etc.
By shunting the mail information, the subsequent mail auditing efficiency and the mail sending efficiency can be improved.
Optionally, each receiving object belonging to the same mail domain name is split in units, so that the receiving objects belonging to the same mail domain name are in the same split mail.
In this embodiment, the receiving objects with the same mail domain name may be split into the same split mail, and the receiving objects with different domain names may be split into different split mails, i.e. how many mail domain names the receiving object set includes corresponds to how many split mails are split. For example, the set of receiving objects includes 5 receiving objects and there are 3 mail domains, and the electronic device may form a split with the receiving object A1 and the receiving object A2 belonging to the mail domain name a, take the receiving object C1 belonging to the mail domain name C as a separate split, and form the same split with the receiving objects D1 and D2 belonging to the mail domain name D.
In this embodiment, by splitting the flow by using the domain name as a unit, the splitting efficiency can be improved, and further the subsequent auditing and mail sending efficiency can be improved.
And step 106, sending the split mail to a data leakage protection DLP for auditing, and obtaining a mail auditing result.
In this embodiment, a mail server in an electronic device configures an MTA to relay to a mail DLP, sends a shunted mail to the DLP through the MTA for mail auditing, and after the mail DLP intercepts the shunted mail corresponding to the mail information to be sent, can audit the sending content and the receiving object sent by the sender according to a preconfigured auditing policy, detect whether there is a risk of information leakage, and output a mail auditing result. The auditing results comprise auditing passing results and auditing failing results.
And step 108, sending the mail information after the verification is finished.
Optionally, after the DLP completes the audit of the mail, the MTA performs a corresponding operation on the mail information according to the audit result of the DLP. For example, mail which is not passed through the audit can be directly prevented from being sent, or sensitive information in the mail can be desensitized and then sent; for the mail passing the audit, the mail can be sent to the corresponding receiving object, or further, in addition to the corresponding receiving object, one or more mailbox accounts of related personnel such as corresponding department responsible personnel, auditors and the like can be added as receiving objects according to related configuration, and the mail information is synchronized to the corresponding newly added receiving object, so that the safety monitoring of the mail information is improved.
When sending the mail information, the MTA corresponding to the sender information in the mail information may communicate with the target MTA corresponding to the receiving object (i.e., the mail transmission proxy service where the receiving object is located), and transmit the mail information. This process may require forwarding through multiple intermediate MTAs until the mail eventually reaches the target MTA. After receiving the mail information, the target MTA delivers the mail information to a mailbox of a corresponding receiving object, and waits for the receiving object to read and reply through a mail user agent.
According to the mail sending method, the mail is monitored by calling the MTA, the mail information is shunted according to the domain name of the received object, and the verification is performed on the shunted mail by the DLP, so that the verification efficiency and the sending efficiency of the mail can be improved.
In one embodiment, step 106 includes: and determining an auditing mode of each split mail according to the sender information in the mail information.
In this embodiment, the auditing mode includes serial auditing and parallel auditing. The serial auditing means that the mails which are distributed are arranged according to the sequence to audit, and the parallel auditing means that the mails which are distributed can audit at the same time.
Specifically, the electronic device may pre-configure auditing modes corresponding to different sender information, where the corresponding auditing modes may be configured according to mail domain names to which the sender account belongs for mail sending rules of different domain names, for example, a serial auditing mode is adopted for setting a mail domain name of a sender to be a mail sent by a domain name a, and a parallel auditing mode is adopted for a mail sent by a sender mail of a mail domain name B. The auditing mode is configured according to the domain name of the mail of the sender, so that the adopted auditing mode is matched with the corresponding domain name, and the auditing efficiency and the sending efficiency of the mail can be improved.
Optionally, when the auditing mode is serial auditing, auditing is performed on the second split mail located after the first split mail based on the auditing cache record of the first split mail ordered at the first position.
When serial auditing is adopted, auditing is started according to the sequence, namely, after auditing of the first shunting mail is completed, auditing of the second shunting mail is carried out until auditing of all shunting mails is completed. When the auditing of the first split mail is started, the DLP establishes connection with the MTA through communication, and initiates a mail transmission protocol smtp session, so that the information acquisition of the split mail is realized. Specifically, after the smtp session is established, the mail identifier in the mail information to be sent corresponding to the split mail can be obtained, and then the mail header information of the mail is obtained by triggering an envelope header obtaining instruction, an envelope recipient obtaining instruction and a mail header obtaining instruction in sequence, wherein the envelope header information respectively comprises header information related to recipients, a sending object, a mail subject, a sending date, a sending time and the like, after the reception of the envelope header information is finished, a mail header ending instruction is triggered, then a mail sending content information obtaining instruction is triggered again, content information including a mail text, an attachment and the like is obtained, and after all the sending content information is obtained, the split mail information obtaining ending instruction is triggered, so that the reception of the information of one split mail is completed.
Then, the next split mail is acquired according to the same sequence, and the serial audit is adopted, so that the MTA and the DLP still keep a connection establishment state, at the moment, the DLP does not need to repeatedly establish connection, only needs to sequentially trigger a mail head acquisition instruction, an envelope recipient acquisition instruction and a mail head acquisition instruction to acquire the envelope head information of the mail, after the envelope head information is received, a mail head ending instruction is triggered, and then a mail sending content information acquisition instruction and a split mail information acquisition ending instruction are triggered. The split mails all carry mail identifiers in corresponding mail information, and whether the split mails belong to the same mail information can be judged according to the acquired mail identifiers in each split mail.
When the mail positioned behind the first split mail is checked, the first split mail can be directly utilized to check the data part which is different from the first split mail in the second split mail according to the check caching result of the data of the same part in the checking process because the two parts have the same mail information, so that the checking efficiency is improved. For example, the two split mails have the same sending time, mail text, attachment and the like, so that the auditing result of the previous split mail with the same mail identifier can be directly utilized for the data of the part, thereby avoiding repeated auditing. Only the different data were analyzed.
For example, for the second split-mail, the DLP may extract each receiving object therein, and directly analyze whether the text and the attachment content belong to sensitive content relative to the receiving objects therein according to the analysis results of the text and the attachment content in the cache data after obtaining the audit cache data of the previous split-mail, or whether the sensitive content needs to be deleted or whether new receiving objects need to be added, so as to obtain the audit result corresponding to the second split-mail.
After the auditing of all the split mails corresponding to the same mail information is completed, finally triggering a connection closing instruction to end the auditing of the mail information. That is, the same piece of email information is only once connected and disconnected for serial auditing.
When the auditing mode is parallel auditing, before the auditing result of the first arrived third shunting mail does not come out, setting the fourth shunting mail which is not arrived first to be in a blocking state, and activating the auditing of the fourth shunting mail after the auditing result of the third shunting mail is obtained.
During parallel auditing, each split mail (namely the third split mail and the fourth split mail) can be synchronously audited. The auditing flow of each shunt mail is the same as the auditing sequence of the first shunt mail in the serial auditing process. All the communication connection is required to be established, the smtp session is initiated, then the head acquisition instruction, the envelope recipient acquisition instruction, the mail head end instruction, the mail sending content information acquisition instruction and the shunt mail information acquisition end instruction are sequentially triggered, and finally the connection closing instruction with the MTA is triggered. Unlike serial auditing, for each split mail, the DLP needs to establish one connection and close connection with the MTA, i.e., how many split mails are connected and closed, and serial auditing only establishes connection and closed connection once.
In one embodiment, the parallel audit can be independently performed on the parallel audit-oriented bypass mail, or similar to a serial audit manner, after the audit result of the first bypass mail (i.e. the third bypass mail) to start the audit is waited, the audit of other bypass mails can be performed in parallel by means of the audit data in the third bypass mail. At this time, the electronic device may detect which of the split mails has been first to establish communication connection, and the split mail for which the communication connection has been first established by the DLP and the MTA is the third split mail, and the other split mails are the fourth split mail. At this time, for the auditing process of the fourth split email, the instruction may be triggered first according to the triggering sequence of the instruction, so as to obtain the email information therein, but scan and audit are not performed on the data content of the same part as the data content of the third split email, but only scan on the data of different parts. After scanning, if the auditing result of the third shunt mail does not come out, enabling the auditing of the fourth shunt mail to enter a blocking state, and stopping the blocking state after waiting for the auditing result of the third shunt mail to come out, so as to continue auditing, and at the moment, the auditing result cache data of the third shunt mail aiming at the same part of data can be obtained to continue auditing the fourth shunt mail. And the audit of the third split mail is not blocked, so that the audit can be smoothly completed.
Optionally, in order to further improve smoothness of the third split mail audit, after determining the third split mail, the third split mail directly enters a blocking state for the fourth split mail, and after waiting for the third split mail audit result to come out, the audit of the fourth split mail is restored, at this time, the fourth split mail can synchronously execute each blocked instruction, and when audit is performed for the content in the mail, audit cache data of the third split mail is called, so that audit efficiency of each fourth split mail is improved.
For step 106, it comprises: the DLP establishes communication connection with the MTA; the DLP initiates an smtp session to the MTA; acquiring envelope header information, envelope recipient information and sending content information in the split mail through the MTA; and combining the content information into streaming mail for auditing based on the acquired envelope header information, envelope recipient information and the content information.
The content in the split mail is acquired according to the above process for each split mail, whether the split mail is subjected to serial audit or parallel audit, so that the acquisition efficiency of the split mail information can be improved.
For example, using postfix as MTA software, the partial implementation code for DLP acquisition and content review for each split mail is as follows:
static struct smfiDesc smfilter =
{
“MDLP-Filter”,
SMFI_VERSION,
SMFIF_ADDHDRS | SMFIF_CHGHDRS | SMFIF_CHGFROM | SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_CHGBODY,
smfi _connect, -establish a connection
Smfi- -helo- -initiate a smtp session
Smfi- -envfrom- -envelope header
Smfi- -envrcpt- -envelope recipient(s)
Smfi _ header is used to determine the position of the header, mail header
Smfi- -eoh- -End of Header
Smfi body, - - - -mail body + attachment
Smfi _eom- -End of Mail stream End of Mail
smfi_abort,
Smfi _ close is provided to the user, -closing the connection
}
Taking 3 split mails as an example, when serial auditing is performed, as shown in fig. 2A, the flow chart is that communication connection between the MTA and the DLP is realized through an instruction "smfi _connect", then instructions "smfi _ envfrom", "smfi _ envrcpt", "smfi _header", "smfi _ eoh", "smfi _body" and "smfi _eom" are sequentially executed for each split mail, so that auditing of a single split mail is completed, and then auditing of the next split mail is repeated for 3 times according to the same instruction sequence, and after scanning and auditing of all split mails are completed, the instruction "smfi _close" is triggered, so that auditing of the mail information is completed.
Taking 3 pieces of split mail as an example, when parallel auditing is performed, the flow chart of the method is shown in fig. 2B, and after scanning and auditing of all the split mails are completed by sequentially executing the instruction "smfi_connect"、"smfi_envfrom"、"smfi_envrcpt"、"smfi_header"、"smfi_eoh"、"smfi_body"、"smfi_eom"、"smfi_close", repeatedly 3 times for each split mail, auditing of the mail information is completed. The scanning and auditing among the split mails can be executed in parallel, and the fourth split mail can be blocked in the executing process, so that the scanning data of the third split mail which is firstly scanned and audited can be utilized, the utilization efficiency of the data is improved, and repeated scanning is avoided. Wherein each split mail can be determined by means of the mail identification of the same mail message to which it belongs.
In one embodiment, step 106 includes: acquiring a first receiving object set in the mail information by calling an envelope recipient extraction command; acquiring a second receiving object set in the mail information by calling a message header extraction command; comparing the first receiving object set with the second receiving object set, and judging the receiving objects in the second receiving object set but not in the first receiving object set as mail closely-transmitted objects; and auditing the split mail containing the mail secret delivery object based on the auditing rule for the secret delivery object.
The envelope recipient extraction instruction may be the above-mentioned "smfi _header" instruction; the call header extraction command may be the "smfi _ envrcpt" instruction described above, both of which contain the set of objects to be received for the mail. Alternatively, in general, the first receiving object set and the second receiving object set each include one or more receiving objects of the mail, but it cannot be identified which receiving object is specifically a receiving object, a copying object, a close-fed object, or the like, but the first receiving object set typically does not include a close-fed object of the mail, and includes only the receiving object and the copying object therein, while the second receiving object includes three receiving objects, that is, the receiving object, the copying object, and the close-fed object. So when there is a closely fed object, it cannot be acquired in the first received object set, but can be acquired in the second received object.
In the process of serial auditing and parallel auditing, the electronic equipment can compare whether the received object information in the first received object set and the second received object set are consistent, and if not, when one or more received objects exist in the second received object set only but not in the first received object set, the electronic equipment indicates that the one or more received objects are mail resending objects.
Because the receiving object and the copying object of the mail cannot know that the received mail is synchronously sent to the mail close-sending object. Aiming at the situation that the mail is sent in a close way, the risk of information leakage easily exists, therefore, by comparing the first receiving object with the second receiving object, whether the mail is sent in a close way or not can be known, and further when serial auditing or parallel auditing is carried out, the auditing is carried out on the split mails containing the mail is sent in a close way based on auditing rules aiming at the close way, so that information leakage is prevented.
Specifically, when the transmission content belongs to sensitive information for the confidential object, the confidential object in the mail information is deleted, thereby preventing the transmission content from being transmitted to the confidential object.
In this embodiment, since the sensitivity or security of the transmitted content information of the mail that can be received or referred to by different receiving objects is different, for example, the receiving object that belongs to the same domain name as the sender and to which the administrator authority belongs has a higher content information referring authority, the mail transmitted content that is generally sent by the sender is secure with respect to the receiving object, but may belong to sensitive information with respect to a receiving object that has authority lower than the administrator authority or an external receiving object that is not in the same domain name as the sender, and when the receiving object is a secret transmitting object, it is generally difficult to perceive that the mail information is transmitted to the secret transmitting object, therefore, once the sending object is identified as sensitive information with respect to the secret transmitting object, the secret transmitting object in the mail information is directly deleted, thereby preventing the secret transmitting object from receiving the transmitted content information, preventing information leakage, and improving the security of the transmitted content.
In one embodiment, when the transmission content belongs to sensitive information relative to the non-confidential transmission object, the desensitization processing is performed on the part belonging to the sensitive information in the transmission content, so that the non-confidential transmission object can receive the transmission content information after the desensitization processing.
For example, there are 6 receiving objects in the mail information, where receiving object a is a receiving object, receiving object B, receiving object C, and receiving object D are copy objects, and receiving object E and receiving object F are close-fed objects. Wherein, the receiving object a, the receiving object B and the receiving object F belong to the same domain name a, the receiving object C and the receiving object D belong to the same domain name B, and the receiving object E belongs to the domain name C. The electronic equipment splits the mail information into 2 split mails, wherein a receiving object A, a receiving object B and a receiving object F exist in the split mail A; the split mail B is provided with a receiving object C and a receiving object D; the received object E exists in the split mail C.
By based on the sender information, it can be determined whether serial or parallel auditing is undertaken for the split mail. Whether serial audit or parallel audit, for the first audit of the split mail (assumed to be the split mail a), after the sent content in the first audit is scanned, the subsequent split mail B and the split mail C can share the scanned content, so that the time for scanning and identification can be saved. The sensitivity of the transmission content is different for different receiving objects.
For example, when the received object verification is performed, the first received object set and the second received object set in the split mail a are compared to find that the split mail a further includes the closely transmitted object F, and the transmitted content in the mail information is obtained by scanning and checking the transmitted content and the received object, so that the transmitted content in the mail information is consistent for all the received objects a in the split mail, and at this time, it can be determined that the split mail a has no problem. For the split mail B, as can be seen by comparing the corresponding first receiving object set with the second receiving object set, there is no closely-transmitted object, where part of data of the transmitted content belongs to sensitive data with respect to the receiving object C, and for the receiving object D, compliance is achieved, at this time, desensitization processing may be performed on a part of the transmitted content, which belongs to sensitive data with respect to the receiving object C, for example, deleting the sensitive data therein, so that when the receiving object C receives the mail, it cannot browse the corresponding sensitive data, and all other receiving objects (for example, the receiving object D, the receiving object a, the receiving object B, and the receiving object F) may receive the complete mail transmission content.
For the split mail C, the comparison between the corresponding first receiving object set and the second receiving object set indicates that the receiving object E also belongs to the dense sending object, and if it is checked that any part of data in the sending content belongs to sensitive data relative to the receiving object E, the sending of the receiving object E is directly prevented, that is, the receiving object that the mail information is finally sent does not include the receiving object E.
In one embodiment, in step 108, when there is an inconsistency in any of the split mails, the split mails may be processed according to a predetermined processing manner, for example, the sending of the split mail to any receiving object may be directly prevented, or the portion with the inconsistency may be actively or passively processed according to a processing rule, so that the mail information after the compliance processing is sent. And the mail information after the verification is passed is the mail information after the processing of the sending content and the receiving object is carried out.
For example, for the mail information including 6 receiving objects, the mail information after processing is the information after deleting the receiving object E and performing the desensitization processing on the sending content received by the receiving object F, so that all receiving objects a to D can receive the corresponding sending content, and the receiving object F can not receive the corresponding mail information when receiving the sending content received by the receiving object F and being the desensitized sending content.
By performing different auditing processes according to different receiving objects, the flexibility of mail sending can be improved.
In one embodiment, as shown in fig. 3, there is provided a mail sending apparatus including:
The mail information obtaining module 302 is configured to obtain, through the mail transmission agent MTA, mail information to be sent, where the mail information includes a set of receiving objects and sending content, and mail domain names of at least two receiving objects in the set of receiving objects are different.
The mail distribution auditing module 304 is configured to distribute the mail information according to a mail domain name to form a plurality of distributed mails; and sending the split mail to a data leakage protection DLP for auditing to obtain a mail auditing result.
And the mail sending module 306 is used for sending the mail information after the verification is finished.
In one embodiment, the mail splitting audit module 304 is further configured to split each receiving object belonging to the same mail domain name, so that the receiving objects belonging to the same mail domain name are in the same split mail.
In one embodiment, the mail distribution auditing module 304 is further configured to determine, according to the sender information in the mail information, an auditing mode for each of the distributed mails, where the auditing modes include serial auditing and parallel auditing.
In one embodiment, the mail diversion auditing module 304 is further configured to audit, when the auditing manner is serial auditing, the second diversion mail that follows the first diversion mail based on the audit cache record of the first diversion mail that is sequenced at the first location.
In one embodiment, when the auditing manner of mail diversion is parallel auditing, the mail diversion auditing module 304 is further configured to set the fourth diversion mail that is not first arrived in a blocking state before the auditing result of the first arrived third diversion mail fails, and activate the auditing of the fourth diversion mail after the auditing result of the third diversion mail is obtained.
In one embodiment, the mail distribution auditing module 304 is further configured to obtain the first set of receiving objects in the mail message by invoking an envelope recipient extraction command; acquiring a second receiving object set in the mail information by calling a message header extraction command; comparing the first receiving object set with the second receiving object set, and judging the receiving objects in the second receiving object set but not in the first receiving object set as mail closely-transmitted objects; and auditing the split mail containing the mail secret delivery object based on auditing rules aiming at the secret delivery object.
In one embodiment, the mail diversion auditing module 304 is further configured to delete the confidential object in the mail information when the sent content belongs to sensitive information for the confidential object, thereby preventing the sent content from being sent to the confidential object.
In one embodiment, mail diversion auditing module 304 is further configured to invoke the DLP to establish a communication connection with the MTA; the DLP initiates an smtp session to the MTA; acquiring envelope header information, envelope recipient information and sending content information in the split mail through the MTA; and combining the obtained envelope header information, envelope recipient information and sending content information into the split mail for auditing.
In one embodiment, an electronic device is provided that includes a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the mail sending method of any of the embodiments described above. The electronic device may be a mobile phone, a tablet computer or a server.
In one embodiment, a computer storage medium having stored thereon computer executable instructions that, when executed by a processor, cause the processor to perform the steps of the mail sending method of any of the embodiments described above is provided.
In one embodiment, an electronic device, which may be a terminal or a server, is provided, where the MTA and/or DLP described above are deployed. As shown in fig. 4, the electronic device 400 includes a Central Processing Unit (CPU) 401, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic device 400 are also stored. The CPU 401, ROM 402, and RAM 403 are connected to each other by a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a keyboard, a mouse, and the like; an output portion 407 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage section 408 including a hard disk or the like; and a communication section 409 including a network interface card such as a LAN card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. The drive 410 is also connected to the I/O interface 405 as needed. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed on the drive 410 as needed, so that a computer program read therefrom is installed into the storage section 408 as needed.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the application include a computer program product comprising a computer storage medium bearing instructions that in such embodiments can be downloaded and installed from a network via communication section 709, and/or installed from removable medium 711. When executed by a Central Processing Unit (CPU) 701, performs the various method steps described in the present application.
Although example embodiments have been described, it will be apparent to those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the inventive concept. Accordingly, it should be understood that the above-described example embodiments are not limiting, but rather illustrative.
Claims (8)
1. A mail sending method, characterized in that the method comprises:
The method comprises the steps that mail information to be sent is obtained through a Mail Transmission Agent (MTA), the mail information comprises a receiving object set and sending content, and mail domain names of at least two receiving objects in the receiving object set are different;
splitting the mail information according to the mail domain name to form a plurality of split mails;
Sending the split mail to a data leakage protection DLP for auditing to obtain a mail auditing result;
sending the mail information after the verification is finished;
The sending the split mail to the data leakage protection DLP for auditing includes: and determining an auditing mode of each shunt mail according to sender information in the mail information, wherein the auditing mode comprises serial auditing and parallel auditing, when the auditing mode is serial auditing, the DLP sets a fourth shunt mail which is not first arrived as a blocking state for all shunt mails formed by the mail information according to the serial auditing of the mail information, and activates the auditing of the fourth shunt mail after the auditing result of the third shunt mail is obtained based on the auditing cache record of the first shunt mail which is sequenced at a first position.
2. The mail sending method according to claim 1, wherein the splitting the mail information according to the mail domain name to form a plurality of split mails comprises:
and splitting each receiving object belonging to the same mail domain name as a unit, so that the receiving objects belonging to the same mail domain name are positioned in the same split mail.
3. The mail sending method of claim 1, wherein the sending the split mail to the data leakage prevention DLP for auditing includes:
Acquiring a first receiving object set in the mail information by calling an envelope recipient extraction command;
acquiring a second receiving object set in the mail information by calling a message header extraction command;
comparing the first receiving object set with the second receiving object set, and judging the receiving objects in the second receiving object set but not in the first receiving object set as mail closely-transmitted objects;
and auditing the split mail containing the mail secret delivery object based on auditing rules aiming at the secret delivery object.
4. The mail sending method according to claim 3, wherein auditing the split mail containing the mail cipher sending object based on the auditing rule for the cipher sending object includes:
And deleting the secret sending object in the mail information when the sending content belongs to the sensitive information for the secret sending object, so as to prevent the sending content from being sent to the secret sending object.
5. The mail sending method of claim 1, wherein the sending the split mail to the data leakage prevention DLP for auditing includes:
the DLP establishes communication connection with the MTA;
the DLP initiates an smtp session to the MTA;
Acquiring envelope header information, envelope recipient information and sending content information in the split mail through the MTA;
and combining the obtained envelope header information, envelope recipient information and sending content information into the split mail for auditing.
6. A mail sending device, characterized in that the device comprises:
the mail information acquisition module is used for acquiring mail information to be transmitted through a Mail Transmission Agent (MTA), wherein the mail information comprises a receiving object set and transmission contents, and mail domain names of at least two receiving objects in the receiving object set are different;
The mail distribution auditing module is used for distributing the mail information according to the mail domain name to form a plurality of distributed mails; sending the split mail to a data leakage protection DLP for auditing to obtain a mail auditing result;
the mail sending module is used for sending the mail information after the verification is finished;
The mail distribution auditing module is further configured to determine an auditing mode of each of the distributed mails according to sender information in the mail information, where the auditing modes include serial auditing and parallel auditing, when the auditing mode is serial auditing, the DLP sets a connection and a closing connection with respect to all the serially-audited distributed mails formed by the mail information, only the serial auditing is set up with respect to the MTA, and based on an auditing cache record of a first distributed mail sequenced at a first position, the second distributed mail located behind the first distributed mail is audited, or when the auditing mode is parallel auditing, the DLP sets up a connection and a closing connection with respect to each parallel-audited distributed mail, and before an auditing result of a first-arrived third distributed mail fails, sets a fourth distributed mail which is not arrived first to a blocking state, and activates the auditing result of the fourth distributed mail after the auditing result of the third distributed mail is obtained.
7. An electronic device, comprising:
One or more processors;
A memory for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform a mail sending method as claimed in any one of claims 1 to 5.
8. A computer storage medium storing executable instructions which, when executed by a processor, cause the processor to perform a mail transmission method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410719224.1A CN118301123B (en) | 2024-06-05 | 2024-06-05 | Mail sending method, mail sending device, storage medium and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410719224.1A CN118301123B (en) | 2024-06-05 | 2024-06-05 | Mail sending method, mail sending device, storage medium and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN118301123A CN118301123A (en) | 2024-07-05 |
CN118301123B true CN118301123B (en) | 2024-08-13 |
Family
ID=91678412
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410719224.1A Active CN118301123B (en) | 2024-06-05 | 2024-06-05 | Mail sending method, mail sending device, storage medium and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN118301123B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768820A (en) * | 2018-03-15 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of mail security grading management method and system |
CN108833254A (en) * | 2018-04-19 | 2018-11-16 | 华为技术有限公司 | A kind of email processing method, device and storage medium |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007102334A (en) * | 2005-09-30 | 2007-04-19 | Ntt Data Corp | System, method and computer program for preventing information leakage by e-mail |
CN101150535A (en) * | 2007-06-15 | 2008-03-26 | 腾讯科技(深圳)有限公司 | Email filtering method, device and device |
US8448246B2 (en) * | 2010-07-08 | 2013-05-21 | Raytheon Company | Protecting sensitive email |
CN103220213B (en) * | 2013-04-23 | 2016-08-03 | 国家电网公司 | A kind of mail filtering method and device |
CN104883296A (en) * | 2015-06-26 | 2015-09-02 | 北京奇虎科技有限公司 | E-mail forwarding mode and related system |
CN108449263A (en) * | 2018-04-16 | 2018-08-24 | 深圳市小满科技有限公司 | E-mail sending method and device, electronic equipment and storage medium |
CN109818920B (en) * | 2018-12-13 | 2022-08-30 | 平安科技(深圳)有限公司 | Mail auditing method and device, computer equipment and computer readable storage medium |
CN112291138B (en) * | 2020-11-16 | 2022-07-26 | 北京北信源软件股份有限公司 | Mail data auditing method and device, electronic equipment and storage medium |
CN115766649A (en) * | 2022-11-04 | 2023-03-07 | 平安银行股份有限公司 | Method and device for sending mail, computer equipment and storage medium |
-
2024
- 2024-06-05 CN CN202410719224.1A patent/CN118301123B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768820A (en) * | 2018-03-15 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of mail security grading management method and system |
CN108833254A (en) * | 2018-04-19 | 2018-11-16 | 华为技术有限公司 | A kind of email processing method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN118301123A (en) | 2024-07-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7912910B2 (en) | Triggering a communication system to automatically reply to communications | |
US7299263B2 (en) | Data message mirroring and redirection | |
US6691156B1 (en) | Method for restricting delivery of unsolicited E-mail | |
US8073912B2 (en) | Sender authentication for difficult to classify email | |
US20030149726A1 (en) | Automating the reduction of unsolicited email in real time | |
CN102045267B (en) | Message recall method and device | |
US20040181581A1 (en) | Authentication method for preventing delivery of junk electronic mail | |
US7502451B2 (en) | Institutional electronic messaging system | |
US20030065941A1 (en) | Message handling with format translation and key management | |
KR20060095946A (en) | Data message mirroring and redirection | |
US11128588B2 (en) | Apparatus, method and computer-readable recording medium storing computer program for restricting electronic file viewing utilizing antivirus software | |
WO2016156858A1 (en) | Email management and control system | |
KR101696877B1 (en) | E-mail recieving system and mail sending system | |
CN118301123B (en) | Mail sending method, mail sending device, storage medium and electronic equipment | |
CN104660491A (en) | Mail handling method | |
US8819147B2 (en) | Electronic mail receiving apparatus | |
CN115801719B (en) | Mail processing method, device, equipment and readable storage medium | |
CN110493119A (en) | A kind of system and method for Email limitation forwarding in transmittance process | |
CN113938311B (en) | Mail attack tracing method and system | |
US20230353518A1 (en) | File Transfer System | |
US11438292B1 (en) | Method and apparatus for filtering undesired email messages | |
US11025572B2 (en) | Electronic mail delivery system having a spool function | |
CN114598673A (en) | Electronic mailbox system, mailbox processing method, device and computer equipment | |
Al-Zarouni | Tracing E-mail Headers. | |
CN113965354A (en) | Mail approval method and system based on terminal mail SSL protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |