CN102356611A - Relay device, setting update method, and program - Google Patents
Relay device, setting update method, and program Download PDFInfo
- Publication number
- CN102356611A CN102356611A CN2010800125098A CN201080012509A CN102356611A CN 102356611 A CN102356611 A CN 102356611A CN 2010800125098 A CN2010800125098 A CN 2010800125098A CN 201080012509 A CN201080012509 A CN 201080012509A CN 102356611 A CN102356611 A CN 102356611A
- Authority
- CN
- China
- Prior art keywords
- message
- relay
- address
- setting data
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/214—Monitoring or handling of messages using selective forwarding
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
An access from a proper person who is authorized to customize a security setting of a relay device can be judged by an easier process. When a new e-mail address must be registered to an unwanted e-mail transmission source address list (16), the relay device (10) generates setting data to instruct a content of this update, and transmits the setting data to terminals (20-i) as an update notification e-mail message. When the relay device (10) receives an HTTP message containing the setting data from any of the terminals (20-i), and judges that the setting data contained in the HTTP message is valid, the relay device (10) performs a setting update process on the basis of the setting data.
Description
Technical field
The present invention relates to the technology that a kind of setting that is used to carry out relay is upgraded.
Background technology
Relay is to carry out the network equipment that data are passed on according to the agreement of the 3rd layer (network layer) and the 4th layer (transport layer) in OSI (the Open Systems Interconnection) reference model.Most of relays can carry out self-defined to following various settings from the computer of outside; Promptly; Refusal serves as the passing on of packet of sending source IP address or sending target ip address with certain IP address, or refusal is the passing on etc. of packet of sending the source port numbering or sending the target port numbering with certain port numbering.Self-defining user is carried out in setting to this relay; The URL of the setting utility program picture data from this relay of computer access that is connected with relay (Uniform Resource Locator), display setting utility program picture in computer.And user's accounts information that self is intrinsic is that ID and password are imported to setting utility program picture.Like this, computer sends this ID and password to relay.Relay is under a pair of ID that receives from computer and the password situation consistent with a pair of information of self login; This computer is considered as having the user of lawful authority; And, upgrade the setting (for example, with reference to patent documentation 1) of self according to the order of sending from this computer later on.
Patent documentation 1: TOHKEMY 2004-040164 communique
Summary of the invention
The administrative staff of this relay are giving when the setting of relay carried out self-defining authority to the user at every turn, carry out in relay, setting this user the operation of intrinsic accounts information.Therefore, self-defining authority is carried out in the setting of relay giving to a plurality of users, perhaps change after this has been endowed under the situation that the situations such as user of this authority take place, and the burden of the setting operation of the accounts information that is undertaken by administrative staff becomes big.On the other hand; In with relay, do not set any accounts information; The computer of URL of this settings utility program picture data of visit all is considered as having under the situation that the state of user of lawful authority moves, can't prevents that malicious persons from carrying out illegal setting and changing.
The present invention proposes under this background, and its purpose is, can judge the visit of the setting of relay having been carried out the competent person of self-defining authority from being endowed through more easy processing.
The present invention provides a kind of relay, and it has: generation unit, its generation are used to indicate the setting data of the setting content of relay; Dispatching Unit, it serves as to send destination address with the specified address in this relay subordinate's the communication network, sends the message that comprises the setting data that said generation unit generates; And updating block; Its communication network from said subordinate receives message; In the message that receives, comprise under the situation of the setting data identical,, upgrade the setting content of this relay according to the setting data that comprises in this message with the setting data that generates by said generation unit.
In the present invention; For relay; The situation of carrying out the setting content renewal of this relay if desired takes place; Then generate the setting data that is used to indicate its update content, this setting data is sent to the one or more user terminal address that for example have been endowed the authority that the setting of this relay is upgraded.Then, relay receives this setting data this point according to the terminal from the transmission target of the setting data that generates as self, should be considered as being endowed the renewal authority in the transmission source, upgrades the setting content of this relay according to this setting data.Therefore, through the transmission target of qualification setting data, thereby can get rid of illegal renewal request from the personnel that are not endowed authority.
Description of drawings
Fig. 1 is that expression comprises the of the present invention the 1st and the 2nd related relay of execution mode and the integrally-built figure of the Email conveyer system that constitutes.
Fig. 2 is the figure that is illustrated in the data structure of the e-mail message of sending/receiving in the Email conveyer system shown in Figure 1.
Fig. 3 is the block diagram of the structure of the relay in the expression Email conveyer system shown in Figure 1.
Fig. 4 is the flow chart of the action of the related relay of expression the 1st execution mode of the present invention.
Fig. 5 is the figure of an example of the mail picture that when receiving the update notification e-mail message, shown of the terminal in the expression Email conveyer system shown in Figure 1.
Fig. 6 is the flow chart of the action of the related relay of expression the 2nd execution mode of the present invention.
The explanation of symbol
10 ... Relay, 11 ... Communication interface, 12 ... Storage part; 13 ... Control part, 14 ... Volatile storage portion, 15 ... Non-volatile memories portion; 17 ... Control program; 19 ... Real-time clock, 20 ... The terminal, 30 ... Mail transfer server device; 31 ... Mailbox database; 32 ... Mailing list, 90 ... The Internet, 91 ... Circuit.
Embodiment
(the 1st execution mode)
Below, with reference to accompanying drawing, the 1st execution mode of the present invention is described.
Fig. 1 is that expression comprises the related relay 10 of the 1st execution mode of the present invention and the integrally-built figure of the Email conveyer system that constitutes.
Terminal 20-i for example is a personal computer.Given the authority that the security settings of relay 10 is upgraded to the user who utilizes terminal 20-i.Terminal 20-i is equipped with mailer.Mailer is the program of the processing of the generation that terminal 20-i carried out be used for the e-mail message of MIME (Multipurpose Internet Mail Extension) form, transmission/receptions, demonstration.In addition, here, the quantity of terminal 20-i is 3, but is not limited to this in the present invention, as long as configuration is more than or equal to 1 terminal (i=1~N, N: natural number).
Shown in the example of Fig. 2, the e-mail message of MIME form has mail head and email body.The mail head of this e-mail message has a plurality of fields, and in these fields, recording and narrating has: send the target email address, send information such as source email address, exercise question, date of shipping and time.In addition, in email body, various contents such as the image file of the text of e-mail message and this e-mail message institute apposition or audio files are recorded and narrated separately and are being called as the gathering in the zone of " section (part) ".
Section has content headers and content body.In the content body of each section, record and narrate the coded data have after the character string of the text that becomes e-mail message and other various contents are encoded.In the content headers of each section, the character string of the data type of the content that the content body that recording and narrating has these sections of expression is recorded and narrated etc.
In Fig. 1, in the 20-1 of terminal, be set with the e-mail address (XXXexample1.net) of distributing to its user.In the 20-2 of terminal, be set with the e-mail address (YYYexample1.net) of distributing to its user.In the 20-3 of terminal, be set with the e-mail address (ZZZexample1.net) of distributing to its user.
Mail transfer server device 30 is server units of performance following action; That is, as the effect of the SMTP in the net territory (example1.net) under the 20-i of terminal (SimpleMail Transfer Protocol) server and as the effect of POP (Post Office Protocol) 3 servers.Mail transfer server device 30 is equipped with SMTP and POP3.SMTP sends relevant agreement with the e-mail message that terminal 20-i carries out.The e-mail message that POP3 is with terminal 20-i carries out receives relevant agreement.Mail transfer server device 30 has mailbox database 31 and mailing list (mailing list) 32.Mailbox database 31 is mailbox aggregates of terminal 20-i.In each mailbox of mailbox database 31, storage is with the e-mail message of 20-i e-mail address separately in terminal as transmission target email address.In addition; In mailing list 32; Will be as " XXXexample1.net " of the e-mail address of terminal 20-1, as " YYYexample1.net " of the e-mail address of terminal 20-2 and as the group of " ZZZexample1.net " of the e-mail address of terminal 20-3, with represent they 3 the representative e-mail address promptly " LISTexample1.net " be associated and login.In addition, in mailing list 32, need not login all above-mentioned addresses of items of mail.
According to SMTP; Whether 20-i or relay 10 receive e-mail message from the terminal for mail transfer server device 30, be that some in the e-mail address of terminal 20-i judged to the transmission target email address of the e-mail message that receives.And; Mail transfer server device 30 is stored this e-mail message in the mailbox corresponding with this terminal 20-i in mailbox database 31 under receiving the some situation as the e-mail message of sending the target email address in the e-mail address of terminal 20-i.In addition; Receiving under the situation of e-mail address that is not with terminal 20-i as the e-mail message of sending the target email address; Construct with this e-mail message and be pay(useful) load portion, serve as the packet that sends target ip address, and the packet data delivery that constructs is delivered to relay 10 with the IP address of the POP3 server (not shown) in the territory of identical net with this e-mail address.This packet is had POP3 server (not shown) reception of this transmission target ip address, and is stored in its mailbox in that to be transferred to the Internet from relay 10 via circuit 91 after 90s.
In addition; Mail transfer server device 30 is under " LISTexample1.net " situation as the e-mail message of sending the target email address at the representative e-mail address that receives mailing list 32; This e-mail message is duplicated with the quantity identical with terminal 20-i; And the target email of the transmission separately address of the e-mail message after will duplicating, be stored in the mailbox corresponding in the mailbox database 31 with each terminal 20-i.
According to POP3,20-i receives separately accounts information, is user ID and password from the terminal for mail transfer server device 30, utilizes the accounts information that receives to carry out authentication processing.Then; Mail transfer server device 30 will be the e-mail message of sending the target email address with the e-mail address of the terminal 20-i that passed through the accounts information authentication; Corresponding mailbox from mailbox database 31 is read, and is delivered to this terminal 20-i.
Fig. 3 is the block diagram of the structure of expression relay 10.Relay 10 has communication interface 11-k (k=1~4), storage part 12, control part 13 and real-time clock 19.Communication interface 11-k is NIC (Network Interface Card).At least one of the communication interface 11-k of relay 10 (for example communication interface 11-1) is connected with terminal 20-i and mail transfer server device 30, and remaining at least one (for example communication interface 11-2) is connected with circuit 91.Communication interface 11-1,11-2 receive MAC Address with this communication interface 11-1,11-2 as Ethernet (registered trade mark) frame (being designated hereinafter simply as " frame ") that sends destination-mac address, and the packet that comprises in this frame is sent to control part 13.In addition, here, the quantity of interface 11-k is 4, but is not limited to this in the present invention, as long as configuration is more than or equal to 1 interface (k=1~N, N: natural number).
The signal of real-time clock 19 output expression current times.
Storage part 12 comprises volatile storage portion 14 and non-volatile memories portion 15.Volatile storage portion 14 is RAM (Random Access Memory), for control part 13 provides the service area.Non-volatile memories portion 15 for example is hard disk or FlashROM.In this non-volatile memories portion 15, except represent this relay 10 the ID data of intrinsic ID, also store tabulation 16 of spam transmission source address and control program 17.
Spam transmission source address tabulation 16 is to be used for logining the tabulation of this relay 10 as the e-mail address of the transmission source processing of spam.
Control program 17 has 4 functions shown in following.
A. spam is discarded function
Its role is to; The pay(useful) load portion of the packet of sending from communication interface 11-2; The e-mail address that comprises with terminal 20-i is the e-mail message of sending the target email address; And the transmission source email address of this e-mail message is logined under the situation in spam transmission source address tabulation 16, discarded this e-mail message.
B. setting data systematic function
Its role is to; Do not logined in spam transmission source address tabulation 16 in the transmission source email address of e-mail message; And comprise in its email body under the situation of the regulation character string that is against social ethics; Generate setting data, the transmission source email address that this setting data is meant this e-mail message with to the relevant order of spam transmission source address tabulation 16 login e-mail addresses this to data.
C. setting data distribution function
Its role is to; Generation comprise the setting data that the action through the setting data systematic function generates e-mail message, be the update notification e-mail message; With the representative e-mail address in the mailing list 32 promptly " LISTexample1.net " send this update notification e-mail message as transmission target email address.
D. setting content update functions
Its role is to; After sending the update notification e-mail message; 20-i receives HTTP (Hyper Text Transfer Protocol) message from the terminal; Comprise in the HTTP message that receives under the situation of the identical setting data of the setting data that generates with action through the setting data systematic function; According to this setting data, the setting content that carries out this relay 10 upgrades.
Below, the action of this execution mode is described.Fig. 4 is the flow chart of the action of the relay 10 in this execution mode of expression.The control part 13 of relay 10 is at every turn from communication interface 11-1, when 11-2 sends packet, carry out action shown in Figure 4.In a series of processing shown in Figure 4; Step S100~S130 is the processing of being carried out by control part 13 through the action of the discarded function of spam; Step S140~S150 is the processing of being carried out by control part 13 through the action of setting data systematic function; Step S160~S170 is the processing of being carried out by control part 13 through the action of setting data distribution function, and step S180~S230 is the processing of being carried out by control part 13 through the action of setting content update functions.
In Fig. 4; If send packet from communication interface 11-1,11-2; Then the control part 13 of relay 10 is judged in the pay(useful) load portion of this packet, and whether comprise with some in the e-mail address of terminal 20-i serve as the e-mail message (S100) of transmission target email address.
In the pay(useful) load portion of packet, comprise under the situation of corresponding e-mail message (S100: be); Control part 13 takes out e-mail message from the pay(useful) load portion of this packet, stores (S110) to the storage area of in volatile storage portion 14, guaranteeing (being called " will judge the email storage zone ").Then, control part 13 judges whether the transmission source email address that is stored in the e-mail message that will judge in the email storage zone has logined to the tabulation 16 of spam transmission source address (S120).Then, logined under the situation to the spam transmission source address (S120: be) sending the source email address, control part 13 is with this e-mail message discarded (S130).
In addition; Do not login in the transmission source email address that is stored in the e-mail message that to judge in the email storage zone (S120: not), control part 13 judges in the email body of this e-mail message, whether to comprise the regulation character string (S140) that is against social ethics under the situation to the spam transmission source address.Judgement among this step S140 for example is to contrast and carry out through the character string that email body is recorded and narrated and the judging rubbish mail content of including with dictionary file.
Control part 13 is judged to be and is stored under the situation that does not comprise the character string that is against social ethics in the email body that will judge the e-mail message in the email storage zone (S140: not), pass on processing (S300) in step S140.In this passed on processing, it was the packet of pay(useful) load portion that control part 13 constructs to be stored in the e-mail message that will judge in the email storage zone, and the frame that will comprise this packet sends from communication interface 11-1.
Control part 13 is judged to be and is stored in (S140: be) under the situation that comprises the character string that is against social ethics in the email body that will judge the e-mail message in the email storage zone in step S140, carries out setting data and generates processing (S150).Generate in the processing at this setting data; Control part 13 will indicate the order (being called " address log on command ") of login e-mail address in spam transmission source address tabulation 16 and to judge the e-mail message in the email storage zone the transmission source email address that the mail head recorded and narrated this to data, as setting data.
Then, control part 13 carries out encryption (S160).In this encryption, control part 13 is read the ID data that non-volatile memories portion 15 is stored.Then; Control part 13 utilize this relay 10 intrinsic private key; The data set of 4 kinds of data that the time span data that are set in the express time length this relay 10 by the setting data that generates the ID data of reading from non-volatile memories portion 15, the step S150, when it generates from the moment data of the expression current time of real-time clock 19 outputs and as valid expiration date of setting data are constituted is encrypted, and generates encrypted data thus.
Control part 13 send to be handled back (S170) carrying out the update notification mail, gets into the above-mentioned processing (S300) of passing on.During update notification mail in step S170 sends and handles; Generate new e-mail message in the storage area that control part 13 is guaranteed (being called " new mail storage area ") in volatile storage portion 14; In this e-mail message, duplicate the mail head of the e-mail message that will judge that the email storage zone is stored and the text segment in its email body.Then, after the text character string in this text segment, the URL of the character string that record is entrusted the affirmation of update content (being called " upgrade and confirm to entrust character string ") and this relay 10.Upgrade and confirm to entrust character string can be made as following content, that is, " this mail is judged as the suspicion of spam.Through with the login of the transmission source address of this mail in tabulation, be that the mail in transmission source will be rejected with this address.Under the situation of hope login in tabulation, please be uploaded to following URL.”。
Send in the processing at the update notification mail; Control part 13 adds new section in the email body of the e-mail message that the new mail storage area is stored; The encrypted data that will generate through the encryption of step S160 is as the content body of this section of appending and record and narrate.In addition, the transmission target email message of recording and narrating among the mail head with this e-mail message, the representative e-mail address that is replaced into mailing list 32 i.e. " LISTexample1.net ", with this e-mail message as the update notification e-mail message.The generation of update notification e-mail message if control part 13 is through with, the packet that then to make up with this update notification e-mail message be pay(useful) load portion, and the frame that will comprise the packet that constructs sends from communication interface 11-1.
If mail transfer server device 30 is obtained the update notification e-mail message from relay 10; Confirm that this transmission target email address is " LISTexample1.net " for the representative e-mail address; Then with the quantity copy update informing E-mail message identical with terminal 20-i; With the update notification e-mail message of duplicating, be stored in respectively in the mailbox of each the terminal 20-i in the mailbox database 31.Above-mentioned update notification e-mail message is delivered to each terminal 20-i respectively according to POP3, and the e-mail message that each terminal 20-i will obtain separately shows as the mail picture.
Fig. 5 be expression as the terminal 20-1 of one of transmission target of update notification e-mail message (e-mail address: XXXexample1.net), the figure of an example of the mail picture that when obtaining the update notification e-mail message, is shown.In the example of Fig. 5; In the header display field 51 of mail picture; Each character string of data representing receiver, addresser, exercise question, date of shipping and time; The information that the mail head recorded and narrated at separately the right display update informing E-mail message; That is, send target email address, transmission source email address, exercise question and date of shipping and time.
In addition, in the text display field 52 of this mail picture, show to be stored in the text that will judge the e-mail message in the email storage zone, that is, " photo of SSS ..., how wait." character string.Then, show that thereunder " this mail is judged as the suspicion of spam.Through with the login of the transmission source address of this mail in tabulation, be that the mail in transmission source will be rejected with this address.Under the situation of hope login in tabulation, please be uploaded to following URL." character string and the character string of " http: // 133.176.74.1/decode.mail " of expression URL.Above-mentioned character string is recorded and narrated by the control part 13 of relay 10.
Transmission source email address in the header display field 51 of the mail picture that user's reference terminal 20-i separately of terminal 20-i is shown and the body matter in the text display field 52 judge whether this transmission source email address to be logined to spam transmission source address tabulation 16.And, if being judged as, the user can login to spam transmission source address tabulation 16 sending the source email address, then mouse pointer mp is moved to the URL in the text display field 52, carry out the operation that double-click on a left side.
If terminal 20-i detects and mouse pointer mp is moved to URL in the text display field 52 goes up and carried out this situation of double click operation; Then obtain the IP address that is associated with this URL this server from DNS (Domain Name System) server (not shown); That is the IP address of relay 10.Then, terminal 20-i takes out encrypted data from the update notification e-mail message that this terminal 20-i is obtained, and generates the HTTP message that comprises this encrypted data.In addition, terminal 20-i makes up with this HTTP message and is pay(useful) load portion, serves as the packet that sends target ip address with the IP address of relay 10, and the frame that comprises the packet that constructs is sent.The frame that the communication interface 11-1 receiving terminal 20-i of relay 10 is sent, and the packet that comprises in this frame sent to control part 13.Because in the pay(useful) load portion of this packet, the e-mail address that does not comprise with terminal 20-i is the e-mail message of sending the target email address, so the result of determination among the step S100 of Fig. 4 becomes " denying ".In the case, whether contain the HTTP message in the pay(useful) load portion of 13 pairs of packets of control part and judge (S180).
Control part 13 is judged to be under the situation that comprises the HTTP message in the pay(useful) load portion of packet (S180: be) in step S180, judges (S190) to whether comprising encrypted data in this HTTP message.
Control part 13 is in step S190; Be judged to be (S190: be) under the situation that comprises encrypted data in the HTTP message; Place (S210) is deciphered in back (S200) in this encrypted data being stored to the storage area of in volatile storage portion 14, guaranteeing (being called " wanting the data decryption storage area ").In this decryption processing; Control part 13 utilize this relay 10 intrinsic private key; Decipher being stored in the encrypted data of wanting in the data decryption storage area, thus, with ID data, the data set recovery of data, time span data and these 4 kinds of data of setting data constantly.
Then, control part 13 is judged the data set of 4 kinds of data of restoring through the decryption processing of step S210 whether should go out of use (S220).In more detail; Under the situation of at least one in the data set of 4 kinds of data of restoring through decryption processing does not meet the following conditions a, b of control part 13; The data set of these data is considered as the data set that discard; Under the two situation of a that satisfies condition, b, be considered as the active data group that should not discard.
A. form 4 kinds of data of restoring through decryption processing data set the ID data be stored in the ID data consistent in the non-volatile memories portion 15.
B. the represented time span of time span data of forming the data set of 4 kinds of data of restoring through decryption processing; Time span than till the represented moment to the moment of having carried out decryption processing of the moment data of forming this data set (current time of exporting from real-time clock 19 when specifically, decryption processing begins) is long.
Control part 13 is judged to be under the situation that the data set of 4 kinds of data should go out of use (S220: be) in step S220, does not get into later processing and end process.
In addition, control part 13 is judged to be (S220: not), set update processing (S230) under the situation that the data set of 4 kinds of data should not go out of use in step S220.In the setting update processing of this step S230; The address log on command that setting data comprised in 4 kinds of data that control part 13 will restore through decryption processing is taken out; Through carrying out the address log on command taken out, thereby the e-mail address that this setting data comprised is logined to spam transmission source address tabulation 16.
Control part 13 is in step S180; The pay(useful) load portion that is judged to be packet does not comprise (S180: not) under the situation of HTTP message; Or in step S190, be judged to be the HTTP message and do not comprise that (S190: not), execution in step S200 does not get into step S300 to step S230 under the situation of encrypted data.For example; The pay(useful) load portion of the packet of sending from communication interface 11-1,11-2; Comprise the request of sending from dns server (not shown) or the www server (not shown) of terminal 20-i to the Internet 90, or from these servers under the situation of the response that terminal 20-i sends; Control part 13 directly gets into step S300 from step S180 or step S190, carries out the following processing of passing on.At first, control part 13 is through the transmission target ip address with reference to the packet of sending from communication interface 11-1,11-2, thereby confirms the target of passing on of this packet.Then; Having sent with the IP address some or mail transfer server device 30 among the 20-i of terminal serves as when sending the packet of target ip address; The frame that comprises this packet is sent from communication interface 11-1; Having sent with other IP addresses outside terminal 20-i and the mail transfer server device 30 serves as when sending the packet of target ip address, the frame that comprises this packet to be sent from communication interface 11-2.
Shown in as described above; In this execution mode; The control part 13 of relay 10 under the situation that need take place to the situations of the new e-mail address of spam transmission source address tabulation 16 logins, generation with this e-mail address to the indications of these tabulation 16 logins setting data as setting content.Then; Control part 13 will be to this setting data, ID data, the data set of data and these 4 kinds of data of time span data is encrypted and the encrypted data that obtains constantly, sends with multiple addressing to this relay 10 subordinaties' terminal 20-i as the update notification e-mail message.Then; ID data in 4 kinds of data that from the HTTP message that terminal 20-i receives, comprise afterwards as data set; (condition a) with being stored in self ID data consistent in the non-volatile memories portion 15; Than the time span till the represented moment to the current time of the moment data of forming this data set; Form under the long situation of the represented time span of the time span data of this data set (condition b); According to the setting data of forming this data set, the new e-mail address of login in spam transmission source address tabulation 16.Therefore; Send the transmission target of update notification e-mail message through limiting with multiple addressing, thereby can get rid of the illegal renewal indication that personnel's the computer of the renewal authority of the spam transmission source address tabulation 16 that never is endowed this relay 10 sends simply from relay 10.
In addition; In this execution mode; Through condition a is set; As confirming according to the condition of setting data to the new e-mail address of spam transmission source address tabulation 16 logins; Thereby can prevent the generation of following problems; That is, relay 10 upgrades spam transmission source address tabulation 16 according to the setting data that device generated outside this relay 10.In addition, through condition b is set, thereby can prevent the generation of following problems, that is, relay 10 according to passed through when generating quite long-term between and lose the setting data of value already, upgrade spam transmission source address tabulation 16.
In addition; According to this execution mode; Can prevent the generation of following problems; Promptly; To should not be judged to be the e-mail message of spam at relay 10; Be judged to be mistakenly under the situation of spam, send the e-mail message of sending the source email address from this later on and continue by relay 10 discarded.
(the 2nd execution mode)
Below, with reference to accompanying drawing, the 2nd execution mode of the present invention is described.In addition, in the explanation of this execution mode, for the identical part of the 1st execution mode structure, use identical label, omit detailed explanation.
In this execution mode; Relay 10 is under the situation that need take place to the situation of the new e-mail address of spam transmission source address tabulation 16 logins; Set update processing and carry out this e-mail address is logined the processing to the spam transmission source address tabulation 16 as the 1st, will indicate the setting data of cancellation the 1st setting update processing to send then as the update notification e-mail message.Then; Relay 10 receives the HTTP message from this relay 10 subordinaties' terminal 20-i; In this HTTP message, comprise with as the update notification e-mail message under the situation of the identical setting data of setting data that terminal 20-i sends; As the 2nd setting update processing, carry out the processing of from this tabulation 16, deleting with to the e-mail addresses of spam transmission source address tabulation 16 logins.
Fig. 6 is the flow chart of the action of the relay 10 in this execution mode of expression.In action shown in Figure 6, the control part 13 of relay 10 is that execution in step S141 gets into next procedure then under the situation of " being " in the result of determination of step S140.In step S141, control part 13 carries out the 1st and sets update processing.Set in the update processing the 1st, control part 13 will be stored in the transmission target email address of the e-mail message that will judge in the email storage zone, login to spam transmission source address tabulation 16.
In addition, in flow chart shown in Figure 6, step S150, S170 and the step S230 of the flow chart shown in Fig. 4 (the 1st execution mode) is replaced into step S151, S171, S231.
If illustrate in greater detail; Then the setting data at step S151 generates in the processing; Control part 13 will indicate from spam transmission source address tabulation 16 delete an e-mail the address order (being called " address delete command ") and to judge the e-mail message the email storage zone the transmission source email address that the mail head recorded and narrated this to data, as setting data.
In addition; Update notification mail at step S171 sends in the processing; Control part 13 is to the e-mail message that generates in the new mail storage area; To being stored in after the mail head that will judge the e-mail message in the email storage zone and the text segment in the email body thereof duplicate; Text character string back in this text segment is recorded and narrated and " because this mail is judged as the suspicion of spam, is logined to tabulation so will send the e-mail address in source.Under the situation of not hoping to login, please be uploaded to following URL." like this renewal of content confirm to entrust the URL of character string and this relay 10, with this e-mail message as the update notification e-mail message.
In addition; In the 2nd setting update processing in step S231; Control part 13 takes out the address delete command from setting data, through carrying out the address delete command taken out, thereby with e-mail address deletion from spam transmission source address tabulation 16 that this setting data comprised.
In this execution mode; Also can prevent the generation of following problems; Promptly; To should not be judged to be the e-mail message of spam at relay 10; Be judged to be mistakenly under the situation of spam, send the e-mail message of sending the source email address from this later on and continue by relay 10 discarded.
More than, be illustrated to an embodiment of the invention, but the present invention can have other execution modes.For example, as shown in following.
(1) in the above-mentioned the 1st and the 2nd execution mode, in step S230 or step S231, is provided with 2 condition a, b to the new e-mail address of spam transmission source address tabulation 16 logins or the condition of deleting as confirming.But, also condition b can only be set.In this execution mode; As long as the control part 13 of relay 10 the data of the encryption that is comprised from the HTTP message to the ID data, after the data set of data, time span data, setting data restores constantly; In the represented time span of time span data of forming this data set; Than under the long situation of the time span till the represented moment to the current time of the moment data of forming this data set (under the situation of the b that satisfies condition), set update processing according to the setting data of forming this data set and get final product.
(2) in the above-mentioned the 1st and the 2nd execution mode, the control part of relay 10 13 use these relays 10 intrinsic private key carry out encryption and decryption processing.But, also can use this relay 10 intrinsic PKI carry out encryption, use with the paired private key of this PKI and carry out decryption processing.
(3) in the above-mentioned the 1st and the 2nd execution mode; The control part 13 of relay 10 sends as the update notification e-mail message data set of setting data, ID data, moment data, time span data to terminal 20-i, terminal 20-i sends as the HTTP message setting data that comprises in this update notification e-mail message to relay 10.But,, also can carry out with the mode of the message (message under for example, instant messaging, IP phone, push-type e-mail (Push e-mail) agreement) that meets other agreements for the transmission/reception of the setting data between this relay 10 and the terminal 20-i.
(4) in the above-mentioned the 1st and the 2nd execution mode; The control part 13 of relay 10 also can some (for example terminal 20-1) from the 20-i of terminal receive the HTTP message; The setting data that in according to this HTTP message, comprises; When having upgraded the setting of this relay 10; Not to be the terminal 20-2 in the transmission source of this HTTP message, the address of 20-3, to send as sending destination address and comprise expression and upgrade the finish message of data of the renewal of this situation that finishes by having sent among the terminal 20-i of update notification e-mail message according to multiple addressing.According to this execution mode, can notify the user of terminal 20-2,20-3 need not carry out following operation, that is, and indication login e-mail address or with its deletion in spam transmission source address tabulation 16.In addition; The control part 13 of relay 10 also can be from the terminal some (the for example terminal 20-1) of 20-i receive the HTTP message; The setting data that in according to this HTTP message, comprises; When having upgraded the setting of this relay 10; To comprise expression and upgrade the finish message of data of the renewal of this situation that finishes, send to all terminal 20-i as this relay 10 subordinaties.According to this execution mode, the user that can notify terminal 20-1 finishes to spam transmission source address tabulation 16 login e-mail addresses or with the action of its deletion smoothly.
(5) in the step S231 of the step S230 of the 1st execution mode or the 2nd execution mode, the control part 13 of relay 10 also can be in the following manner, and the data set of 4 kinds of data of restoring through the decryption processing b that whether satisfies condition is judged.At first, control part 13 will be formed the time span data of the data set of 4 kinds of data of restoring through decryption processing, the time span data of setting with self compare, and select short side.In addition; The time span that the time span data of this selection are represented, compare with time span till the represented moment to the moment of having carried out decryption processing of the moment data of forming this data set; Under the long situation of the represented time span of the time span data of this selection, be judged as the b that satisfies condition.
(6) also the server unit of control program 17 from the Internet 90 in the above-mentioned the 1st and the 2nd execution mode can be downloaded to the computer, this computer is worked as relay 10.In addition, also can after being stored in said procedure in the storage medium, distribute.
(7) in the above-mentioned the 1st and the 2nd execution mode; The example of setting data as the setting content of expression relay 10; The transmission source email address of having enumerated e-mail message with the login e-mail address is relevant in spam transmission source address tabulation 16 order this to data, but the setting data among the present invention is not limited thereto.That is, can enumerate following (A)-(D) as the example of setting data.
(A) change 1 of allocated bandwidth
In relay 10,, set the relative importance value of the packet that is sent, and in relay 10, carry out the division of classification (class) for when the QoS of bandwidth control mode (the Quality of Service) function action.At this moment, the control part 13 of relay 10 is kept watch on the traffic of each classification.Control part 13 generates the setting data that is used to change the amount of bandwidth allocation that sets under the situation of the deviation certain time between the traffic that is judged as a certain classification and the bandwidth that sets.Then, control part 13 sends the setting data that is generated to this relay 10 subordinaties' terminal 20-i.The user of terminal 20-i confirms the setting data that received, comprises the message of this setting data to relay 10 foldbacks.Thus, can ratify the sendout of such other bandwidth by the user of terminal 20-i.
(B) change 2 of allocated bandwidth
In relay 10, when the qos feature action of bandwidth control mode, the control part 13 of relay 10 is kept watch on the cpu load rate of self.Control part 13 confirms to make the classification of cpu load rate rising being judged as the cpu load rate above under the situation of pre-set threshold, generates the setting data that is used to change the amount of bandwidth allocation that this classification is set.Then, control part 13 sends the setting data that is generated to this relay 10 subordinaties' terminal 20-i.The user of terminal 20-i confirms the setting data that received, comprises the message of this setting data to relay 10 foldbacks.Thus, can ratify such other amount of bandwidth allocation by the user of terminal 20-i.
(C) switching on WAN (Wide Area Network) side line road
13 pairs of packets relevant with particular terminal through relay of the control part of relay 10 are kept watch on.Being judged as the packet packet loss relevant with this particular terminal at control part 13 increases; And for this particular terminal, compare with the delay of packet and more hope not have under the situation of packet loss, control part 13 generates the setting data that is used for the communication network (circuit of WAN side) of the packet relevant with particular terminal is switched to the less circuit of packet loss.Then, control part 13 sends the setting data that is generated to this relay 10 subordinaties' terminal 20-i.The user of terminal 20-i confirms the setting data that received, comprises the message of this setting data to relay 10 foldbacks.Thus, can be by the switching of user's approved circuit of terminal 20-i.In addition,, have from internet line road direction isdn line and switch as circuit-switched example, perhaps from isdn line to the satellite circuit switching etc.
(D) setting of restrict access change
Have at relay 10 under the situation of server capability, 10 pairs of visit situations from client terminal of relay are kept watch on all the time.Control part 13 is under the situation of the traffic more than or equal to threshold value that is judged as from certain terminal; To be judged to be DoS attack (Denial of Service Attack) from the visit of this client terminal, generation is used to utilize interface portion to cut off the setting data from the communication at this terminal.Then, control part 13 sends the setting data that is generated to this relay 10 subordinaties' terminal 20-i.The user of terminal 20-i confirms the setting data that received, comprises the message of this setting data to relay 10 foldbacks.Thus, can ratify by the user of terminal 20-i to cut off and this communication between terminals.
Claims (9)
1. relay is characterized in that having:
Generation unit, its generation are used to indicate the setting data of the setting content of relay;
Dispatching Unit, it serves as to send destination address with the specified address in this relay subordinate's the communication network, sends the message that comprises the setting data that said generation unit generates; And
Updating block; Its communication network from said subordinate receives message; In the message that receives, comprise under the situation of the setting data identical,, upgrade the setting content of this relay according to the setting data that comprises in this message with the setting data that generates by said generation unit.
2. relay according to claim 1 is characterized in that,
Also have real-time clock, it exports current time,
Said Dispatching Unit will comprise the message of time span data of moment data and the expression official hour length in the setting data that generated by said generation unit, moment that expression has generated said setting data, sends to said transmission destination address,
Said updating block comprises setting data the message that the communication network from said subordinate receives; Moment data; Under the time span data conditions; Time span till the current time that will export from represented moment of these moment data that message comprised that receive to said real-time clock; Compare with the said represented time span of time span data that message comprised that receives; Under the long situation of the represented time span of the said time span data that message comprised that receive, carry out the renewal of setting content according to the said setting data that message comprised that receives.
3. relay according to claim 1 is characterized in that,
Said updating block carries out the 1st and sets update processing,, before said Dispatching Unit sends said setting data, preestablishes the setting content of this relay that is,
Said updating block carries out the 2nd and sets update processing; Promptly; Receive message from said subordinate's communication network; In the message that receives, comprise under the situation of the setting data identical with the setting data that generates by said generation unit; According to the setting data that this message comprised, delete the setting content that upgrades in advance in this relay.
4. relay according to claim 1 is characterized in that,
The setting content of said relay is in the tabulation of spam transmission source address, to carry out the login of e-mail address.
5. relay according to claim 4 is characterized in that,
Said setting data comprises: the transmission source email address of regulation; And the address log on command, the transmission source email address of its indication this regulation of login in said spam transmission source address tabulation,
Said updating block receives message from said subordinate's communication network, in the message that receives, comprises under the situation of said address log on command the transmission source email address of the said regulation of login in said spam transmission source address tabulation.
6. relay according to claim 4 is characterized in that,
Said setting data comprises: send the source email address; And the address delete command, its indication should be sent the source email address from said spam transmission source address tabulation deletion,
Said updating block carries out the 1st and sets update processing, that is, and and the transmission source email address of login regulation in advance in said spam transmission source address tabulation,
Said updating block carries out the 2nd and sets update processing; Promptly; Receive message from said subordinate's communication network, in the message that receives, comprise under the situation of said address delete command, from the transmission source email address of the said regulation of said spam transmission source address tabulation deletion.
7. relay according to claim 1 is characterized in that,
Also have transmitting element, when it has carried out renewal at said updating block to the setting content of this relay, send to said subordinate's communication network and to comprise the message that upgrades the data that finish.
8. the setting update method of a relay is characterized in that, has following step, that is:
Generation is used to indicate the step of setting data of the setting content of relay;
Address with the regulation in this relay subordinate's the communication network serves as to send destination address, the step of sending the message that comprises the setting data that generates in the said generation step; And
Receive message from said subordinate's communication network, in the message that receives, comprise with said generation step under the situation of the identical setting data of the setting data that generates, according to the setting data that this message comprised, upgrade the step of the setting content of this relay.
9. program, it makes the following unit of computer realization, that is:
Generation unit, its generation are used to indicate the setting data of the setting content of relay;
Dispatching Unit, it serves as to send destination address with the specified address in this relay subordinate's the communication network, sends the message that comprises the setting data that said generation unit generates; And
Updating block; Its communication network from said subordinate receives message; In the message that receives, comprise under the situation of the setting data identical,, upgrade the setting content of this relay according to the setting data that comprises in this message with the setting data that generates by said generation unit.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2009-062499 | 2009-03-16 | ||
| JP2009062499A JP5417914B2 (en) | 2009-03-16 | 2009-03-16 | Relay device and program |
| PCT/JP2010/054455 WO2010107031A1 (en) | 2009-03-16 | 2010-03-16 | Relay device, setting update method, and program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102356611A true CN102356611A (en) | 2012-02-15 |
| CN102356611B CN102356611B (en) | 2015-05-06 |
Family
ID=42739691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201080012509.8A Active CN102356611B (en) | 2009-03-16 | 2010-03-16 | Relay device, setting update method, and program |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP5417914B2 (en) |
| CN (1) | CN102356611B (en) |
| WO (1) | WO2010107031A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114389872A (en) * | 2021-12-29 | 2022-04-22 | 卓尔智联(武汉)研究院有限公司 | Data processing method, model training method, electronic device, and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116033413B (en) * | 2023-01-30 | 2023-08-29 | 广州爱浦路网络技术有限公司 | Privacy security enhancement method for relay communication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004070614A1 (en) * | 2003-02-10 | 2004-08-19 | Guang Feng | Communication method and communication system in which called person has the initiative |
| JP2004254034A (en) * | 2003-02-19 | 2004-09-09 | Fujitsu Ltd | System and method for controlling spam mail suppression policy |
| JP2005251230A (en) * | 2005-05-10 | 2005-09-15 | Nec Corp | Mail server |
| JP2008139926A (en) * | 2006-11-30 | 2008-06-19 | Database Consultants Corp | Email server apparatus and email server program |
-
2009
- 2009-03-16 JP JP2009062499A patent/JP5417914B2/en active Active
-
2010
- 2010-03-16 WO PCT/JP2010/054455 patent/WO2010107031A1/en active Application Filing
- 2010-03-16 CN CN201080012509.8A patent/CN102356611B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004070614A1 (en) * | 2003-02-10 | 2004-08-19 | Guang Feng | Communication method and communication system in which called person has the initiative |
| JP2004254034A (en) * | 2003-02-19 | 2004-09-09 | Fujitsu Ltd | System and method for controlling spam mail suppression policy |
| JP2005251230A (en) * | 2005-05-10 | 2005-09-15 | Nec Corp | Mail server |
| JP2008139926A (en) * | 2006-11-30 | 2008-06-19 | Database Consultants Corp | Email server apparatus and email server program |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114389872A (en) * | 2021-12-29 | 2022-04-22 | 卓尔智联(武汉)研究院有限公司 | Data processing method, model training method, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2010107031A1 (en) | 2010-09-23 |
| JP5417914B2 (en) | 2014-02-19 |
| CN102356611B (en) | 2015-05-06 |
| JP2010219731A (en) | 2010-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8819410B2 (en) | Private electronic information exchange | |
| Kent | Internet privacy enhanced mail | |
| US9917828B2 (en) | Secure message delivery using a trust broker | |
| US7774411B2 (en) | Secure electronic message transport protocol | |
| US20050152378A1 (en) | Method of providing guaranteed delivery through the use of the internet for priority e-mail, files and important electronic documents | |
| CN103181124A (en) | System and method for secure use of messaging systems | |
| US20140052626A1 (en) | Secure email | |
| US20060101124A1 (en) | Method and apparatus for mass email transmission | |
| AU2009299539B2 (en) | Electronic communication control | |
| CN106105109A (en) | Rich content scanning for the non-serving account of email delivery | |
| KR20080037605A (en) | System, method and device for trapping mass-delivery electronic messages | |
| JP5206220B2 (en) | Relay device and program | |
| CN102356611A (en) | Relay device, setting update method, and program | |
| WO2008005188A2 (en) | Message control system in a shared hosting environment | |
| Erickson et al. | The Effectiveness of Whitelisting: a User-Study. | |
| CN1875599B (en) | System for enhancing the transmission security of the e-mails in the internet network | |
| Roman et al. | Protection against spam using pre-challenges | |
| Yasin | Spam Reduction by using E-mail History and Authentication (SREHA) | |
| Fahrnberger | A detailed view on securestring 3.0 | |
| CA2328548A1 (en) | Privacy system | |
| Shukla et al. | Open PGP based secure web email | |
| JP6931906B2 (en) | Programs and servers | |
| GB2463532A (en) | Email filtering based upon security information embedded in mail or provided through web based challenge response system | |
| Duan et al. | DMTP: Controlling spam through message delivery differentiation | |
| Schwenk | Email: Protocols and SPAM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |