CN103078787B - Email processing method and equipment - Google Patents
Email processing method and equipment Download PDFInfo
- Publication number
- CN103078787B CN103078787B CN201310017086.4A CN201310017086A CN103078787B CN 103078787 B CN103078787 B CN 103078787B CN 201310017086 A CN201310017086 A CN 201310017086A CN 103078787 B CN103078787 B CN 103078787B
- Authority
- CN
- China
- Prior art keywords
- mail data
- mta
- target
- data part
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 24
- 238000007689 inspection Methods 0.000 claims abstract description 40
- 238000000034 method Methods 0.000 claims abstract description 34
- 238000012545 processing Methods 0.000 claims description 92
- 238000012790 confirmation Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 12
- 230000000903 blocking effect Effects 0.000 claims description 12
- 238000012546 transfer Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 12
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a kind of email processing method and equipment, wherein method comprises: receive described multiple mail data parts that former mail transport agent MTA sends one by one; For each described mail data part, after receiving described mail data part, then start to perform safety inspection flow process; If determine after described safety inspection flow performing, described mail data part meets safety condition, be then sent to target MTA by described mail data part.Invention significantly improves mail treatment efficiency, no longer need to arrange the memory devices such as disk, thus also reduce the cost of mail handling equipment.
Description
Technical Field
The present invention relates to network technologies, and in particular, to a method and an apparatus for processing a mail.
Background
Mail is an indispensable tool for internal offices of companies or for communication between companies, and is a carrier of information, and generally sent mails all contain mail data such as mail body content or attachments. In order to ensure the security of the mail data and prevent the mail from being divulged, Data Loss Prevention (DLP) measures are taken, such as security check on the mail data by a mail processing device (e.g. a mail data leakage prevention gateway). For example, the security check is to screen out potential sensitive data such as characters like 'strictly prohibited from being disclosed to the outside', or digital strings with a format similar to a bank account number according to a keyword, a regular expression and the like, and if the information is found, the mail is considered to be insecure, and the mail processing device can prevent the mail from leaving the enterprise.
The existing mail processing equipment adopts the following mode to perform security check on mail data: the mail processing device is arranged between an original Mail Transmission Agent (MTA) and a target MTA (the original MTA is an agent for sending mails, and the target MTA is an agent for receiving mails); taking the example that the mail processing equipment is a mail data leakage-proof gateway, the original MTA firstly sends the mail data to the gateway, and the gateway stores the mail data to a disk; after the original MTA sends all the mail data included in a certain mail to the gateway, the gateway starts to check the mail stored on the disk according to the security rule. If the security rule is not violated, the mail can be sent to the target MTA, and the gateway deletes the mail from the disk after the target MTA receives the mail; otherwise, the gateway may block the mail from being delivered and send an alert message to the original MTA.
The method for the mail processing equipment to carry out the security check has the characteristics that the gateway needs to wait until all mail data of a certain mail are received from the original MTA and then starts to carry out the security check on the mail, which is equivalent to a serial flow of receiving, storing, checking and transmitting the mail, and the processing efficiency of the mail is very low; in addition, a disk device is also required to be arranged in the gateway, the disk is used for storing mail data, and the mail data is deleted from the disk after the target MTA finishes receiving, so that the cost of the gateway is higher.
Disclosure of Invention
The invention provides a mail processing method and equipment, which are used for improving the mail processing efficiency and reducing the cost of mail processing equipment.
In a first aspect, a mail processing method is provided, where a mail processed by the mail processing method includes a plurality of mail data portions, and the mail processing method includes:
receiving the plurality of mail data parts sent by the original mail transmission agent MTA one by one;
for each mail data part, after receiving the mail data part, starting to execute a security check flow;
and if the mail data part meets the safety condition after the safety check flow is executed, sending the mail data part to a target MTA.
With reference to the first aspect, in a first possible implementation manner, the executing a security check flow includes: analyzing the mail data part according to a mail protocol to obtain basic mail information; judging whether a target check object corresponding to the mail data part exists or not according to the mail basic information and a preset check rule, wherein the check rule comprises a corresponding relation between the mail basic information and the target check object; and if the mail data part exists, sending the mail data part to a processor corresponding to the target inspection object, and carrying out security inspection on the mail data part by the processor.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, after analyzing the mail data portion to obtain basic mail information, before determining whether a target inspection object corresponding to the mail data portion exists, the method further includes: and storing the basic information of the mail in a memory.
With reference to the first possible implementation manner of the first aspect, in a third possible implementation manner, the sending the mail data portion to the processor corresponding to the target inspection object includes: sending the partial copy of the mail data to the processor; or sending the mail data part to the processor in a reference mode.
With reference to the first aspect, in a fourth possible implementation manner, after the executing the security check procedure, the method further includes: and if the mail data part is determined not to meet the safety condition after the safety check flow is executed, stopping sending the mail data part to the target MTA.
With reference to the fourth possible implementation manner of the first aspect, in a fifth possible implementation manner, after the determining that the mail data portion does not satisfy the security condition, the method further includes: and sending a mail exception notification to the target MTA, so that the target MTA deletes the mail data part received before the mail data part according to the mail exception notification.
With reference to the fourth possible implementation manner of the first aspect, in a sixth possible implementation manner, after the determining that the mail data portion does not satisfy the security condition, the method further includes: stopping the security check flow being performed by the mail data portion received after the mail data portion.
With reference to the fourth possible implementation manner of the first aspect, in a seventh possible implementation manner, after the determining that the mail data portion does not satisfy the security condition, the method further includes: and sending a mail blocking notice to the original MTA, so that the original MTA stops transmitting the undelivered mail data part of the mail to which the mail data part belongs according to the mail blocking notice.
With reference to the first aspect, in an eighth possible implementation manner, after the sending the mail data portion to the target MTA, the method further includes: receiving a mail receiving completion notification sent by the target MTA, wherein the mail receiving completion notification is sent after the target MTA receives a mail to which the mail data part belongs; and after receiving the mail receiving completion notification, sending a mail receiving completion confirmation to the original MTA, so that the original MTA deletes the mail to which the mail data part belongs after receiving the mail receiving completion confirmation.
In a second aspect, there is provided a mail processing apparatus comprising:
a mail receiving unit, configured to receive, one by one, a plurality of mail data portions sent by an original mail transfer agent MTA, where a mail processed by the mail processing apparatus includes the plurality of mail data portions;
a mail inspection unit for starting to execute a security inspection flow after receiving the mail data part for each of the mail data parts;
and the mail sending unit is used for sending the mail data part to the target MTA when the mail data part meets the security condition after the security check flow is executed.
With reference to the second aspect, in a first possible implementation manner, the mail inspection unit includes: the analyzer is used for analyzing the mail data part to obtain basic mail information according to a mail protocol; the monitor is used for judging whether a target check object corresponding to the mail data part exists or not according to the mail basic information and a preset check rule, wherein the check rule comprises a corresponding relation between the mail basic information and the target check object; if the judgment result is yes, the mail data part is sent to a processor corresponding to the target inspection object; and the processor is used for carrying out security check on the mail data part.
With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, the parser is further configured to store the basic mail information in a memory after the basic mail information is obtained by parsing the mail data portion; and the listener is further configured to obtain the basic mail information from the memory before determining whether a target inspection object corresponding to the mail data portion exists.
With reference to the first possible implementation manner of the second aspect, in a third possible implementation manner, the listener includes at least one of the following two subunits: a first sending subunit, configured to send the partial copy of the mail data to the processor; and the second sending subunit is used for sending the mail data part to the processor in a reference mode.
With reference to the second aspect, in a fourth possible implementation manner, the mail sending unit is further configured to stop sending the mail data portion to the target MTA when it is determined that the mail data portion does not satisfy the security condition after the security check flow is executed.
With reference to the fourth possible implementation manner of the second aspect, in a fifth possible implementation manner, the method further includes: a notification transmitting and receiving unit, configured to send a mail exception notification to the target MTA after the determination that the mail data portion does not satisfy the security condition, so that the target MTA deletes the mail data portion received before the mail data portion according to the mail exception notification.
With reference to the fourth possible implementation manner of the second aspect, in a sixth possible implementation manner, the mail checking unit is further configured to, after the determination that the mail data portion does not satisfy the security condition, stop the security check flow being executed by the mail data portion received after the mail data portion.
With reference to the fifth possible implementation manner of the second aspect, in a seventh possible implementation manner, the notification transceiver unit is further configured to send a mail blocking notification to the original MTA after determining that the mail data portion does not satisfy the security condition, so that the original MTA stops transmitting a not-yet-transmitted mail data portion of a mail to which the mail data portion belongs according to the mail blocking notification.
With reference to the fifth possible implementation manner of the second aspect, in an eighth possible implementation manner, the notification transceiver unit is further configured to receive a mail reception completion notification sent by a target MTA after the mail data portion is sent to the target MTA, where the mail reception completion notification is sent by the target MTA after the target MTA receives a mail to which the mail data portion belongs; and after receiving the mail reception completion notification, sending a mail reception completion confirmation to the original MTA, so that the original MTA deletes the mail to which the mail data part belongs after receiving the mail reception completion confirmation.
The mail processing method and the mail processing equipment provided by the invention have the technical effects that: the mail is composed of a plurality of mail data parts, the embodiment of the invention does not execute security check after the whole mail is received as in the prior art, but starts security check after each mail data part is received, which is equivalent to checking the mail while receiving, for example, if two mail data parts, namely a1 and a2, are received, then the security check is started for a1 when a1 is received, and the security check is started for a2 when a2 is received, namely, the security check flows of different mail data parts are respectively executed; also, the transmission of each mail data portion is separately performed, such as if it is determined that a1 satisfies the security condition, a1 is transmitted to the target MTA, while it is possible that a2 is still performing security check. Compared with the prior art that the mail is sent after the a1 and the a2 are received and the a1 and the a2 determine that the safety condition is met, the method has the advantage that the mail processing efficiency is improved remarkably. In addition, the mode is that the mail is received and checked, and the mail is not required to be stored, and the storage device such as a magnetic disk is not required to be arranged, so that the cost of the mail processing device is reduced.
Drawings
FIG. 1 is a diagram of a system architecture to which an embodiment of the mail processing method of the present invention is applied;
FIG. 2 is a flowchart illustrating an exemplary mail processing method according to the present invention;
FIG. 3 is a diagram illustrating a processing status in an embodiment of a mail processing method according to the present invention;
FIG. 4 is a schematic view of a security check flow in another embodiment of the mail processing method of the present invention;
FIG. 5 is a schematic diagram of a mail processing signaling in another embodiment of the mail processing method of the present invention;
FIG. 6 is a schematic structural diagram of an embodiment of a mail processing apparatus according to the present invention;
FIG. 7 is a schematic structural diagram of another embodiment of a mail processing apparatus of the present invention;
fig. 8 is a schematic structural diagram of a mail processing apparatus according to still another embodiment of the present invention.
Detailed Description
The mail processing equipment of the embodiment of the invention refers to equipment for carrying out security check on mails, such as a mail data anti-leakage gateway; compared with the prior art, the mail processing device and the mail processing method are improved, so that the mail processing efficiency is improved, and the equipment cost is reduced.
Fig. 1 is a system architecture diagram applied in the embodiment of the mail processing method of the present invention, as shown in fig. 1, an MTA is a proxy device for transmitting a mail, an MTA for sending the mail is referred to as an original MTA, and an MTA for receiving the mail is referred to as a target MTA. And the original MTA sends the mail to the target MTA, wherein the mail is forwarded by the mail processing equipment, namely the mail processing equipment receives the mail from the original MTA, carries out security check on the mail, and sends the mail to the target MTA when the mail is determined to meet the security condition. A mail processing method in which a mail processing apparatus performs security check on the mail will be described below:
example one
FIG. 2 is a flowchart illustrating an exemplary method of processing a mail according to the present invention, which is executed by a mail processing device; as shown in fig. 2, the method may include:
201. receiving the plurality of mail data parts sent by the original mail transmission agent MTA one by one;
wherein, the mail data part is explained as follows: each mail that is normally sent is sent to a mail a1 of a recipient a, for example, through 163 mailboxes, the mail a1 appears to be a whole mail, but the mail also includes a lot of data, such as body content data, attachment content data, and the like. The whole mail a1 can be compared with a database, and the data in the database can be divided into a plurality of parts, and the plurality of parts of data form a mail; each of the plurality of data may be referred to as a mail data portion, and thus, the mail is composed of a plurality of mail data portions.
As described above, the mail is composed of a plurality of mail data portions, and the original MTA also sends the plurality of mail data portions one by one when sending the mail, for example, if the mail includes mail data portions a1, a2, a3, and a4, the original MTA will send the a1, a2, a3, and a4 in sequence, and the sending is complete, which indicates that the mail is sent completely. Accordingly, the mail processing apparatus also receives a1, a2, a3 and a4 in sequence, all of which receive completion indicates that the mail reception is complete.
202. For each mail data part, after receiving the mail data part, starting to execute a security check flow;
for example, the following steps are carried out: assuming that mail processing equipment receives a1, a2, a3 and a4 in sequence, when receiving a1, the safety check flow of the a1 is started, and when receiving a2, the safety check flow of the a2 is started, wherein the mail data parts have no influence and the safety check flows are respectively carried out; for example, there may be a state where a2 is performing security check when a1 has completed security check, and a4 has not yet received since a3 has just received that security check has not yet started.
Compared with the prior art, the prior art needs to perform security check after all the a1, a2, a3 and a4 are received, and the mail processing mode of the embodiment is completely different from that of the prior art. In addition, the size of the data portion of the mail may be set according to actual conditions in a specific implementation, for example, if it is assumed that the total size of the mail is 200M, if security check is performed every 20M data is received, the size of each data portion of the mail may be considered to be 20M; if it is set to perform security check every time 50M of data is received, the size of each mail data portion can be considered to be 50M.
203. And if the mail data part meets the safety condition after the safety check flow is executed, sending the mail data part to a target MTA.
Wherein, the sending of each mail data part in the embodiment is also separately performed; for example, after the security check of a1 is completed, if it is determined that a1 meets the security condition, a1 can be directly sent to the target MTA, and the transmission does not need to wait until the checks of a1 to a4 are completed as in the prior art. The security condition may be set by the user, for example, if it is set that a certain information is carried in the mail, the mail is not allowed to be sent, and if it is checked that the mail does not contain the information, it indicates that the mail meets the security condition.
As described above, the mail processing apparatus sequentially receives a1, a2, a3, and a4, and performs security check and status of sending respectively, as with a streaming processing manner, see fig. 3, fig. 3 is a schematic processing status diagram in an embodiment of the mail processing method of the present invention, and for a certain mail, the processing manner performed by the mail processing apparatus on the mail is similar to streaming processing of sending while checking while receiving, which is equivalent to performing security check during the sending of the mail; when the mail data part is received, the security check is executed, and when the security check is finished, the mail data part is also sent out, so that the mail processing efficiency is high.
Example two
The present embodiment mainly describes a security check flow executed by the mail processing device in the foregoing embodiment, and fig. 4 is a schematic view of a security check flow in another embodiment of the mail processing method of the present invention, as shown in fig. 4, the flow includes:
401. receiving a network byte stream;
the network byte stream represents the received mail, and as shown in fig. 3, the mail data portions of the mail are actually received one by one when the mail is received, similar to streaming reception, so the network byte stream may be referred to as a network byte stream.
402. Analyzing the mail data part according to a mail protocol to obtain basic mail information;
in this step, the mail processing device analyzes the received mail data part according to the SMTP protocol, so as to obtain the basic information of the mail. The basic information of the mail includes, for example: the basic information of the mail can be stored in the memory of the mail processing device, for example.
In this step, the mail processing apparatus further constructs a mail stream object, which includes the above-mentioned basic information, and does not process data other than the basic information included in the mail data portion.
403. Judging whether a target inspection object corresponding to the mail data part exists or not according to the mail basic information and a preset inspection rule;
the mail processing device may determine whether there is a target inspection object corresponding to the mail data portion according to the basic mail information obtained by the analysis, and actually determine whether there is an observer interested in the mail, where the observer is equivalent to the target inspection object.
For example, the following steps are carried out: assuming that a user a in a certain enterprise wants to perform security check on any mail whose recipient is 11122163.com, the user a may set a check rule in the mail processing device, where the check rule includes a correspondence relationship between the basic mail information and the target check object, for example, 11122163.com corresponds to the user a. After the mail processing device analyzes the basic information of the mail, the receiver in the basic information is 11122163.com, and it can be known by inquiring the check rule that the user a is interested in the mail with the receiver of 11122163.com, the user a is called as the target check object, and the execution continues to 404; otherwise, if there is no target inspection object corresponding to the mail data portion, 405 may be performed directly.
404. Sending the mail data part to a safety check processor corresponding to the target check object, wherein the safety check processor performs safety check on the mail data part;
referring to fig. 4, there may be a plurality of processors corresponding to the target inspection object, for example, for the mail with the receiver 11122163.com, not only user a but also user B and user C may be interested, and each user corresponds to one safety inspection processor, so there are three processors. In a specific implementation, sending the mail data portion to the processors means sending to the three processors in parallel, the three processors being processed in parallel.
Specifically, in this embodiment, a mail streaming object copy may be constructed and sent to each processor, where the mail streaming object copy represents a manner of sending a mail data portion to the processor, each processor only needs to request the mail streaming object copy to acquire the mail data portion to be processed, and how to acquire the mail data portion is determined by the mail streaming object copy, and each processor only needs to be responsible for performing security check on the mail data portion according to its own processing logic in parallel. The security check refers to, for example, finding whether sensitive information is contained in the mail according to a keyword, an expression and the like, and how to perform the security check is a conventional technology and is not described in detail.
Optionally, the mail streaming object replica may be a copy streaming replica, that is, a copy of the mail data portion is sent to the processor, for example, an attachment data stream contained in the mail streaming object is copied to the mail streaming object replica. For the case of three processors in fig. 4, the mail data portion may be copied in triplicate, corresponding to three copies of the mail streaming object, sent to the three processors, respectively.
Optionally, the mail streaming object copy may be a reference streaming copy, i.e. the mail data portion is sent to the processor in a reference manner. For example, the mail stream object copies do not make any data stream copies, and each mail stream object copy only makes corresponding counts for each mail data part in the network byte stream; similarly, there is a counter in the copy of the mail stream object, the counter is a fixed-length queue, when there is free in the fixed-length queue, the mail stream object can put the reference of the received mail data part into the queue; if the queue is full, it cannot be put in. A particular mail data portion of a mail stream object may receive subsequent mail data portions after all of the duplicate objects have been placed therein. In fact, this way of reference is equivalent to providing a way for the processor to quickly obtain the data portion of the processed mail, and the copy of the mail streaming object is not the actual data, but a way of obtaining data through which the processor can quickly obtain the data portion of the mail.
405. And sending the mail data part to the target MTA.
Wherein when the mail data portion needs to be security checked by each of the plurality of processors, sending the mail data portion to the target MTA is performed only when each of the plurality of processors considers that the mail data portion satisfies the security condition. In specific implementation, for example, a corresponding flag bit may be set for a mail data portion to indicate whether the portion has completed security check and meets security conditions; the processor responsible for security checking the data portion of the mail may modify the flag based on the result of the check. When the unit responsible for sending the mail data portion to the target MTA sees that the flag bit has been modified to indicate that the portion has completed the security check and that the security condition is satisfied, the mail data portion may be sent out.
EXAMPLE III
The mail processing method of the embodiment of the invention not only improves the security check process, but also adopts the security check process for each mail data part, which is equivalent to the independent processing of each mail data part, and does not need to wait until all mail data parts are received; and some interactive flows between the mail processing equipment and the original MTA and the target MTA are changed. This embodiment mainly describes an interaction flow between an original MTA, a target MTA and a mail processing device, and fig. 5 is a schematic diagram of a mail processing signaling in another embodiment of the mail processing method of the present invention, as shown in fig. 5, including:
501. the original MTA sends the data part of each mail to mail processing equipment one by one;
before the original MTA sends the mail data part, the original MTA can send a new mail arrival message to the mail processing equipment to prompt that the preparation for receiving the mail is ready; since the mail processing device will start delivering to the target MTA in streaming after receiving each mail data portion, the mail processing device at this time also sends a new mail arrival message to the target MTA, prompting the target MTA to be ready to receive the mail.
The target MTA returns a message of ready-to-receive mail to the mail processing device, which indicates that the target MTA is ready to receive the mail, and accordingly the mail processing device returns a message of ready-to-receive mail to the original MTA, which indicates that the original MTA can start sending the mail. The original MTA starts sending mail.
502. The mail processing equipment executes a security check flow to each received mail data part;
the security check process in this section can refer to the process shown in fig. 4, and is not described in detail.
Alternatively, it is assumed that, for one of the mail data portions, if the inspection result of the security inspection flow of this step is that the mail data portion does not satisfy the security condition, the transmission of the mail data portion to the target MTA is stopped. Of course, in a specific implementation, the data may still be sent to the target MTA, and the MTA is subsequently notified that the part of the data is abnormal, so that the target MTA may also cancel the data.
Optionally, after the determining that the mail data part does not satisfy the security condition, the mail processing apparatus may further execute 503; optionally, the mail processing device may also execute 505; optionally, the mail processing device may also perform 506.
Of course, if the mail data portion satisfies the security condition as a result of the check of the security check flow of this step, 507 is executed.
503. The mail processing equipment sends a mail exception notification to the target MTA;
wherein the mail exception notification is sent so that the target MTA deletes the mail data portion received before the mail data portion according to the mail exception notification.
504. The target MTA deletes the previously received mail data part according to the mail exception notification;
for example, the above-mentioned a1, a2, a3 and a4, if a1, a2 have already been sent to the target MTA, when the security check is performed on a3 and it is determined that a3 does not satisfy the security condition, the mail processing apparatus may stop sending the a3 and send a mail abnormality notification to the target MTA. The target MTA may delete the previously received a1, a2 based on the notification.
505. The mail processing apparatus stops the security check flow being executed by the mail data portion received after the mail data portion;
for example, the following steps are carried out: the above-mentioned a1, a2, a3 and a4, if a1, a2 have been sent to the target MTA, a3 and a4 are performing security check, and the flow of a3 precedes a 4; then, when it is determined that a3 does not satisfy the security condition, the mail processing apparatus may stop the security check flow of a 4. Of course, the implementation may not be stopped, and when all the a1, a2, a3 and a4 are processed, the target MTA may be notified of the a3 exception.
506. The mail processing equipment sends a mail blocking notice to the original MTA;
after receiving the mail blocking notification, the original MTA knows that some mail data parts in the mail do not satisfy the security condition, and then can stop transmitting the mail data parts which are not transmitted yet of the mail to which the mail data parts belong.
For example, a1, a2, a3, and a4 described above, if a1 has already been sent to the target MTA, a2 is performing a security check, and a3 and a4 have not yet been sent; then, when it is determined that a2 does not satisfy the security condition, the original MTA may stop sending subsequent a3 and a 4.
507. The mail processing equipment receives the mail transmission completion sent by the original MTA;
in this embodiment, if the checks of the above-mentioned a1, a2, a3 and a4 are completely normal, the original MTA sends a mail sending completion message to the mail processing apparatus after sending the above-mentioned mail, and notifies the mail processing apparatus that all mail data parts of the mail have been sent to the mail processing apparatus.
508. The mail processing equipment sends a mail to the target MTA and finishes sending the mail;
509. the target MTA returns a mail receiving completion notification to the mail processing equipment;
the mail reception completion notification is transmitted after the target MTA completes reception of the mail to which the mail data portion belongs, indicating that the target MTA has completed reception of the mail.
510. The mail processing equipment replies a mail receiving completion confirmation to the original MTA;
511. the original MTA deletes the mail.
Wherein, after receiving the mail receiving completion confirmation, the original MTA may delete the mail to which the mail data part belongs.
Compared with the prior art, the method and the device postpone the sending of the mail receiving confirmation to the original MTA, namely, the mail receiving completion confirmation is returned to the original MTA by the mail processing equipment after the mail receiving completion notification returned by the target MTA is received, and the mail is deleted by the original MTA; therefore, the mails do not need to be stored in the mail processing equipment, the storage and deletion operations of the mails in the mail processing equipment are cancelled, the use of a disk by the storage and deletion operations is avoided, the speed of mail processing is improved, and the problem caused by disk failure is avoided.
In this embodiment, data transmission is performed to the target MTA from the start of receiving data from the original MTA, so that when the mail processing device finishes checking the mail, actual data transmission to the target MTA is already completed; the existing serial operations of receiving, storing, checking, transmitting and deleting are changed into parallel operations of sending while receiving and checking simultaneously, and the passing speed of normal mails is shortened.
Example four
Fig. 6 is a schematic structural diagram of an embodiment of a mail processing apparatus of the present invention, where the mail processing apparatus may execute a mail processing method according to any embodiment of the present invention, as shown in fig. 6, the mail processing apparatus of the present embodiment may include: a mail receiving unit 61, a mail checking unit 62, and a mail transmitting unit 63;
a mail receiving unit 61, configured to receive, one by one, a plurality of mail data portions sent by an original mail transfer agent MTA, where a mail processed by the mail processing apparatus includes the plurality of mail data portions;
a mail inspection unit 62, configured to, for each of the mail data portions, start to perform a security inspection process after receiving the mail data portion;
and a mail sending unit 63, configured to send the mail data portion to the target MTA when it is determined that the mail data portion satisfies the security condition after the security check flow is executed.
Fig. 7 is a schematic structural diagram of another embodiment of the mail processing apparatus of the present invention, and as shown in fig. 7, the apparatus further includes, on the basis of the structure shown in fig. 6, a mail inspection unit 62: parser 621, listener 622, and processor 623; wherein,
the analyzer 621 is configured to analyze the mail data portion according to a mail protocol to obtain basic mail information;
a listener 622, configured to determine whether a target inspection object corresponding to the mail data portion exists according to the basic mail information and a preset inspection rule, where the inspection rule includes a correspondence between the basic mail information and the target inspection object; if the judgment result is yes, the mail data part is sent to a processor corresponding to the target inspection object;
and a processor 623 configured to perform security check on the mail data portion.
Further, the parser 621 is further configured to store the basic mail information in a memory after the basic mail information is obtained by parsing the mail data portion;
the listener 622 is further configured to obtain the basic mail information from the memory before determining whether a target inspection object corresponding to the mail data portion exists.
Further, the listener 622 includes at least one of the following two subunits: a first sending subunit, configured to send the partial copy of the mail data to the processor; and the second sending subunit is used for sending the mail data part to the processor in a reference mode.
Further, the mail sending unit 63 is further configured to stop sending the mail data portion to the target MTA when it is determined that the mail data portion does not satisfy the security condition after the security check flow is executed.
Fig. 8 is a schematic structural diagram of a mail processing apparatus according to another embodiment of the present invention, and as shown in fig. 8, the apparatus further includes, based on the structure shown in fig. 6: a notification transceiving unit 64, configured to send a mail exception notification to the target MTA after the determination that the mail data portion does not satisfy the security condition, so that the target MTA deletes the mail data portion received before the mail data portion according to the mail exception notification.
Further, the mail inspection unit 62 is further configured to stop the security inspection process being performed on the mail data portion received after the mail data portion after the determination that the mail data portion does not satisfy the security condition.
Further, the notification transceiver unit 64 is further configured to, after determining that the mail data portion does not satisfy the security condition, send a mail blocking notification to the original MTA, so that the original MTA stops transmitting the mail data portion, which is not transmitted yet, of the mail to which the mail data portion belongs according to the mail blocking notification.
Further, the notification transceiver unit 64 is further configured to receive a mail reception completion notification sent by the target MTA after the mail data portion is sent to the target MTA, where the mail reception completion notification is sent by the target MTA after the mail to which the mail data portion belongs is received; and after receiving the mail reception completion notification, sending a mail reception completion confirmation to the original MTA, so that the original MTA deletes the mail to which the mail data part belongs after receiving the mail reception completion confirmation.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (16)
1. A mail processing method, characterized in that the mail processed by the mail processing method comprises a plurality of mail data parts, the mail processing method comprises:
receiving the plurality of mail data parts sent by the original mail transmission agent MTA one by one;
for each mail data part, after receiving the mail data part, starting to execute a security check flow;
if the mail data part meets the safety condition after the safety check flow is executed, the mail data part is sent to a target MTA;
the executing the security check process includes:
analyzing the mail data part according to a mail protocol to obtain mail basic information, wherein the mail basic information comprises: the sender, the receiver, the copy and the hidden transmission information;
judging whether a target check object corresponding to the mail data part exists or not according to the mail basic information and a preset check rule, wherein the check rule comprises a corresponding relation between the mail basic information and the target check object;
and if the mail data part exists, sending the mail data part to a processor corresponding to the target inspection object, and carrying out security inspection on the mail data part by the processor.
2. The method according to claim 1, wherein after analyzing the mail data portion to obtain the basic mail information, and before determining whether there is a target inspection object corresponding to the mail data portion, further comprising:
and storing the basic information of the mail in a memory.
3. The method of claim 1, wherein sending the mail data portion to a processor corresponding to the target inspection object comprises:
sending the partial copy of the mail data to the processor;
or sending the mail data part to the processor in a reference mode.
4. The method of claim 1, further comprising, after said performing a security check procedure:
and if the mail data part is determined not to meet the safety condition after the safety check flow is executed, stopping sending the mail data part to the target MTA.
5. The method of claim 4, further comprising, after the determining that the portion of the mail data does not satisfy the security condition:
and sending a mail exception notification to the target MTA, so that the target MTA deletes the mail data part received before the mail data part according to the mail exception notification.
6. The method of claim 4, further comprising, after the determining that the portion of the mail data does not satisfy the security condition:
stopping the security check flow being performed by the mail data portion received after the mail data portion.
7. The method of claim 4, further comprising, after the determining that the portion of the mail data does not satisfy the security condition:
and sending a mail blocking notice to the original MTA, so that the original MTA stops transmitting the undelivered mail data part of the mail to which the mail data part belongs according to the mail blocking notice.
8. The method of claim 1, wherein after said sending the mail data portion to the target MTA, further comprising:
receiving a mail receiving completion notification sent by the target MTA, wherein the mail receiving completion notification is sent after the target MTA receives a mail to which the mail data part belongs;
and after receiving the mail receiving completion notification, sending a mail receiving completion confirmation to the original MTA, so that the original MTA deletes the mail to which the mail data part belongs after receiving the mail receiving completion confirmation.
9. A mail processing apparatus characterized by comprising:
a mail receiving unit, configured to receive, one by one, a plurality of mail data portions sent by an original mail transfer agent MTA, where a mail processed by the mail processing apparatus includes the plurality of mail data portions;
a mail inspection unit for starting to execute a security inspection flow after receiving the mail data part for each of the mail data parts;
the mail sending unit is used for sending the mail data part to a target MTA when the mail data part meets the safety condition after the safety check flow is executed;
the mail inspection unit includes:
the analyzer is used for analyzing the mail data part according to a mail protocol to obtain mail basic information, wherein the mail basic information comprises: the sender, the receiver, the copy and the hidden transmission information;
the monitor is used for judging whether a target check object corresponding to the mail data part exists or not according to the mail basic information and a preset check rule, wherein the check rule comprises a corresponding relation between the mail basic information and the target check object; if the judgment result is yes, the mail data part is sent to a processor corresponding to the target inspection object;
and the processor is used for carrying out security check on the mail data part.
10. The mail processing apparatus according to claim 9,
the analyzer is further configured to store the basic mail information in a memory after the basic mail information is obtained by analyzing the mail data portion;
and the listener is further configured to obtain the basic mail information from the memory before determining whether a target inspection object corresponding to the mail data portion exists.
11. Mail processing device according to claim 9, characterized in that the listener comprises at least one of the following two subunits:
a first sending subunit, configured to send the partial copy of the mail data to the processor;
and the second sending subunit is used for sending the mail data part to the processor in a reference mode.
12. The mail processing apparatus according to claim 9,
and the mail sending unit is further configured to stop sending the mail data portion to the target MTA when it is determined that the mail data portion does not satisfy the security condition after the security check flow is executed.
13. The mail processing apparatus according to claim 12, characterized by further comprising:
a notification transmitting and receiving unit, configured to send a mail exception notification to the target MTA after the determination that the mail data portion does not satisfy the security condition, so that the target MTA deletes the mail data portion received before the mail data portion according to the mail exception notification.
14. Mail processing apparatus according to claim 12,
the mail checking unit is further configured to stop the security check flow being executed by the mail data portion received after the mail data portion after the determination that the mail data portion does not satisfy the security condition.
15. The mail processing apparatus according to claim 13,
the notification sending and receiving unit is further configured to send a mail blocking notification to the original MTA after determining that the mail data portion does not satisfy the security condition, so that the original MTA stops transmitting the mail data portion, which is not transmitted yet, of the mail to which the mail data portion belongs according to the mail blocking notification.
16. The mail processing apparatus according to claim 13,
the notification receiving and sending unit is further configured to receive a mail reception completion notification sent by the target MTA after the mail data portion is sent to the target MTA, where the mail reception completion notification is sent by the target MTA after the mail to which the mail data portion belongs is received; and after receiving the mail reception completion notification, sending a mail reception completion confirmation to the original MTA, so that the original MTA deletes the mail to which the mail data part belongs after receiving the mail reception completion confirmation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310017086.4A CN103078787B (en) | 2013-01-17 | 2013-01-17 | Email processing method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310017086.4A CN103078787B (en) | 2013-01-17 | 2013-01-17 | Email processing method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103078787A CN103078787A (en) | 2013-05-01 |
| CN103078787B true CN103078787B (en) | 2015-11-25 |
Family
ID=48155196
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310017086.4A Expired - Fee Related CN103078787B (en) | 2013-01-17 | 2013-01-17 | Email processing method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103078787B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965095B (en) * | 2017-05-17 | 2021-03-30 | 北京京东尚科信息技术有限公司 | Mail analysis method, mail analysis system, electronic device and readable storage medium |
| CN108768820A (en) * | 2018-03-15 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of mail security grading management method and system |
| CN109617733A (en) * | 2018-12-24 | 2019-04-12 | 浪潮电子信息产业股份有限公司 | A kind of mail alarm method, device, server and computer readable storage medium |
| CN112836212B (en) * | 2021-01-22 | 2024-02-09 | 华云数据控股集团有限公司 | Mail data analysis method, phishing mail detection method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1367595A (en) * | 2001-01-23 | 2002-09-04 | 联想(北京)有限公司 | Method for filtering electronic mail contents in interconnection network |
| CN101222447A (en) * | 2008-01-23 | 2008-07-16 | 华为技术有限公司 | System and method for implementing mail filtering |
| CN101795273A (en) * | 2010-01-26 | 2010-08-04 | 联想网御科技(北京)有限公司 | Method and device for a filtering junk mail |
| CN102447649A (en) * | 2010-09-30 | 2012-05-09 | 佳能It解决方案股份有限公司 | Relay processing device and control method thereof |
-
2013
- 2013-01-17 CN CN201310017086.4A patent/CN103078787B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1367595A (en) * | 2001-01-23 | 2002-09-04 | 联想(北京)有限公司 | Method for filtering electronic mail contents in interconnection network |
| CN101222447A (en) * | 2008-01-23 | 2008-07-16 | 华为技术有限公司 | System and method for implementing mail filtering |
| CN101795273A (en) * | 2010-01-26 | 2010-08-04 | 联想网御科技(北京)有限公司 | Method and device for a filtering junk mail |
| CN102447649A (en) * | 2010-09-30 | 2012-05-09 | 佳能It解决方案股份有限公司 | Relay processing device and control method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103078787A (en) | 2013-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7854007B2 (en) | Identifying threats in electronic messages | |
| CN103078787B (en) | Email processing method and equipment | |
| US11539726B2 (en) | System and method for generating heuristic rules for identifying spam emails based on fields in headers of emails | |
| US9047182B2 (en) | Message service downtime | |
| US8205264B1 (en) | Method and system for automated evaluation of spam filters | |
| CN108011805A (en) | Method, apparatus, intermediate server and the car networking system of message screening | |
| KR102563888B1 (en) | Method, apparatus and computer program for deduplicating data frame | |
| US20100017485A1 (en) | Enforcing conformance in email content | |
| TWI756288B (en) | Method and apparatus for determining recipient during replying to e-mail | |
| CN109523241A (en) | A kind of E-mail communication method for limiting and system | |
| CN111651789A (en) | Multithreading safety batch feedback method and device based on scanning system | |
| US9800531B2 (en) | Email as a transport mechanism for activity stream posting | |
| US9722956B2 (en) | Managing electronic mail for an end-user that is unavailable | |
| US10356034B2 (en) | Electronically processing bounceback messages from communications networks | |
| US9923857B2 (en) | Symbolic variables within email addresses | |
| US12021808B2 (en) | Mail-relaying device, mail-relaying method, and mail-relaying program | |
| US20150365365A1 (en) | Method and apparatus for modifying message | |
| CA2797603C (en) | Apparatus, and associated method, for reporting delayed communication of data messages | |
| JP7380711B2 (en) | Information processing device, e-mail control method, and program | |
| KR20150054826A (en) | Method of random access message retrieval from first-in-first-out transport mechanism | |
| CN114979056B (en) | E-mail processing method and device, storage medium and electronic equipment | |
| US20090248811A1 (en) | Systems and methods of automatic retransmission of electronic mail | |
| KR102623101B1 (en) | Call processing method for unreceiving short message | |
| JP5573560B2 (en) | E-mail transmission method, system, and program | |
| JP5605193B2 (en) | E-mail transmission method, system, and client-side and server-side e-mail transmission program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151125 Termination date: 20190117 |