CN102356611B - Relay device, setting update method, and program - Google Patents
Relay device, setting update method, and program Download PDFInfo
- Publication number
- CN102356611B CN102356611B CN201080012509.8A CN201080012509A CN102356611B CN 102356611 B CN102356611 B CN 102356611B CN 201080012509 A CN201080012509 A CN 201080012509A CN 102356611 B CN102356611 B CN 102356611B
- Authority
- CN
- China
- Prior art keywords
- relay
- setting
- address
- data
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/214—Monitoring or handling of messages using selective forwarding
Abstract
An access from a proper person who is authorized to customize a security setting of a relay device can be judged by an easier process. When a new e-mail address must be registered to an unwanted e-mail transmission source address list (16), the relay device (10) generates setting data to instruct a content of this update, and transmits the setting data to terminals (20-i) as an update notification e-mail message. When the relay device (10) receives an HTTP message containing the setting data from any of the terminals (20-i), and judges that the setting data contained in the HTTP message is valid, the relay device (10) performs a setting update process on the basis of the setting data.
Description
Technical field
The present invention relates to the technology that a kind of setting for carrying out relay upgrades.
Background technology
Relay is the network equipment carrying out data transfer according to the agreement of the 3rd layer (network layer) and the 4th layer (transport layer) in OSI (Open Systems Interconnection) reference model.Most of relay can carry out self-defined to following various setting from the computer of outside, namely, refuse with certain IP address for sending source IP address or sending the passing on of packet of target ip address, or refusal with certain port numbering for transmission source port numbering or the passing on of packet sending target port numbering.Self-defining user is carried out to the setting of this relay, from the URL (Uniform Resource Locator) of the setting utility program picture data this relay of the computer access be connected with relay, display setting utility program picture in a computer.Further, user by self intrinsic accounts information and ID and password to the input of setting utility program picture.Like this, this ID and password send to relay by computer.Relay is when a pair ID received from computer is consistent with a pair information that self logs in password, this computer is considered as the user with lawful authority, and according to the later order sent from this computer, upgrade the setting (for example, referring to patent documentation 1) of self.
Patent documentation 1: Japanese Unexamined Patent Publication 2004-040164 publication
Summary of the invention
The administrative staff of this relay each to user give self-defining authority is carried out to the setting of relay time, carry out the operation setting the intrinsic accounts information of this user in relay.Therefore, to multiple user's imparting, self-defining authority is being carried out to the setting of relay, or when after this changing the generation such as the situation that has been endowed the user of this authority, the burden of the setting operation of the accounts information undertaken by administrative staff becomes large.On the other hand, any accounts information is not set in relay, when the state computer of URL of this setting utility program picture data of access being all considered as the user with lawful authority carries out action, cannot prevent malicious persons from carrying out illegal setting and change.
The present invention proposes under this background, its object is to, can by processing more easily and judging from being endowed the access setting of relay being carried out to the competent person of self-defining authority.
The invention provides a kind of relay, it has: generation unit, and it generates the setting data being used to indicate the setting content of relay; Dispatching Unit, it for sending destination address, sends the message comprising the setting data that described generation unit generates with the specified address in the communication network of this relay subordinate; And updating block, its communication network from described subordinate receives message, when comprising the setting data identical with the setting data generated by described generation unit in the message received, according to the setting data comprised in this message, upgrade the setting content of this relay.
In the present invention, for relay, if the situation needing the setting content carrying out this relay to upgrade occurs, then generate the setting data being used to indicate its more fresh content, this setting data is sent to the one or more user terminal address be such as endowed the authority that the setting of this relay upgrades.Then, relay receives this setting data this point according to the terminal of the transmission target from the setting data generated as self, this transmission source is considered as being endowed renewal authority, upgrades the setting content of this relay according to this setting data.Therefore, by limiting the transmission target of setting data, thus the illegal update request from the personnel not being endowed authority can be got rid of.
Accompanying drawing explanation
Fig. 1 is the integrally-built figure representing the relay comprised involved by the of the present invention 1st and the 2nd execution mode and the Email conveyer system formed.
Fig. 2 represents the figure carrying out the data structure of the e-mail message that send/receive in the Email conveyer system shown in Fig. 1.
Fig. 3 is the block diagram of the structure of the relay represented in the Email conveyer system shown in Fig. 1.
Fig. 4 is the flow chart of the action of the relay represented involved by the 1st execution mode of the present invention.
Fig. 5 is the figure of an example of the terminal represented in the Email conveyer system shown in Fig. 1 mail picture shown when receiving update notification e-mail message.
Fig. 6 is the flow chart of the action of the relay represented involved by the 2nd execution mode of the present invention.
The explanation of symbol
10 ... relay, 11 ... communication interface, 12 ... storage part, 13 ... control part, 14 ... volatile storage portion, 15 ... non-volatile memories portion, 17 ... control program, 19 ... real-time clock, 20 ... terminal, 30 ... mail piece server unit, 31 ... mailbox database, 32 ... mailing list, 90 ... the Internet, 91 ... circuit.
Embodiment
(the 1st execution mode)
Below, with reference to accompanying drawing, the 1st execution mode of the present invention is described.
Fig. 1 is the integrally-built figure representing the relay 10 comprised involved by the 1st execution mode of the present invention and the Email conveyer system formed.
Relay 10 forms LAN (Local Area Network) together with terminal 20-i (i=1 ~ 3) and mail piece server unit 30.Relay 10 is the devices playing following effects, that is, carry out relaying to the terminal 20-i of this relay 10 subordinate and the packet-switching via circuit 91 between mail piece server unit 30 and the Internet 90.The detailed content of this relay 10 describes below.
Terminal 20-i is such as personal computer.The authority that the security settings of relay 10 is upgraded is imparted to utilizing the user of terminal 20-i.Terminal 20-i is provided with mailer.Mailer is the program making terminal 20-i perform the process for the generation of the e-mail message of MIME (Multipurpose Internet MailExtension) form, sending/receiving, display.In addition, here, the quantity of terminal 20-i is 3, but is not limited to this in the present invention, as long as configuration is more than or equal to 1 terminal (i=1 ~ N, N: natural number).
As shown in the example of figure 2, the e-mail message of MIME form has mail head and mail body.The mail head of this e-mail message has multiple fields, and describing in these fields has: send the information such as target email addresses, transmission source e-mail address, exercise question, date of shipping and time.In addition, in mail body, the various contents such as the image file of the text of e-mail message and this e-mail message institute apposition or audio files describe separately and are being called as the gathering in region of " section (part) ".
Section has content headers and content body.In the content body of each section, describe and have the coded data after the character string of the text becoming e-mail message and other various contents are encoded.In the content headers of each section, describe the character string etc. having the data type representing the content that the content body of these sections describes.
In FIG, in terminal 20-1, be set with the e-mail address (XXX@example1.net) distributing to its user.The e-mail address (YYY@example1.net) distributing to its user is set with in terminal 20-2.The e-mail address (ZZZ@example1.net) distributing to its user is set with in terminal 20-3.
Mail piece server unit 30 is the server units playing following effects, that is, as the effect of SMTP (SimpleMailTransfer Protocol) server in the net territory (example1.net) belonging to terminal 20-i and the effect as POP (Post Office Protocol) 3 servers.Mail piece server unit 30 is provided with SMTP and POP3.SMTP sends relevant agreement to the e-mail message that terminal 20-i carries out.POP3 receives relevant agreement to the e-mail message that terminal 20-i carries out.Mail piece server unit 30 has mailbox database 31 and mailing list (mailing list) 32.Mailbox database 31 is mailbox aggregates of terminal 20-i.In each mailbox of mailbox database 31, store the respective e-mail address of terminal 20-i as the e-mail message sending target email addresses.In addition, in mailing list 32, using the group of " ZZZ@example1.net " of " the XXX@example1.net " of the e-mail address as terminal 20-1, " the YYY@example1.net " as the e-mail address of terminal 20-2 and the e-mail address as terminal 20-3, and represent their representative e-mail address i.e. " LIST@example1.net " of 3 and be associated and log in.In addition, do not need to log in all above-mentioned addresses of items of mail in mailing list 32.
According to SMTP, whether mail piece server unit 30 receives e-mail message from terminal 20-i or relay 10, be that some in the e-mail address of terminal 20-i judges to the transmission target email addresses of the e-mail message received.And, mail piece server unit 30 is some as when sending the e-mail message of target email addresses when what receive in the e-mail address of terminal 20-i, in the mailbox corresponding with this terminal 20-i in mailbox database 31, store this e-mail message.In addition, not using the e-mail address of terminal 20-i as when sending the e-mail message of target email addresses when receiving, construct and be pay(useful) load portion with this e-mail message, be the packet sending target ip address with the IP address of the POP3 server (not shown) in net territory identical with this e-mail address, and the packet data delivery constructed is delivered to relay 10.This packet, to be transferred to the Internet from relay 10 via circuit 91 after 90s, received by the POP3 server (not shown) with this transmission target ip address, and is stored in its mailbox.
In addition, mail piece server unit 30 is when receiving the e-mail message of the representative e-mail address of mailing list 32 i.e. " LIST@example1.net " as transmission target email addresses, this e-mail message is copied with the quantity identical with terminal 20-i, and by the respective transmission target email addresses of the e-mail message after copying, be stored in the mailbox corresponding with each terminal 20-i in mailbox database 31.
According to POP3, mail piece server unit 30 receives respective accounts information, i.e. user ID and password from terminal 20-i, utilizes the accounts information received to carry out authentication processing.Then, mail piece server unit 30 is by the e-mail message of the e-mail address of the terminal 20-i have passed through accounts information certification for transmission target email addresses, read from the corresponding mailbox mailbox database 31, and be delivered to this terminal 20-i.
Fig. 3 is the block diagram of the structure representing relay 10.Relay 10 has communication interface 11-k (k=1 ~ 4), storage part 12, control part 13 and real-time clock 19.Communication interface 11-k is NIC (Network Interface Card).The communication interface 11-k of relay 10 at least one (such as communication interface 11-1) is connected with terminal 20-i and mail piece server unit 30, and remaining at least one (such as communication interface 11-2) is connected with circuit 91.Communication interface 11-1,11-2 receive Ethernet (registered trade mark) frame (hereinafter referred to as " frame ") of the MAC Address of this communication interface 11-1,11-2 as transmission destination-mac address, are sent to control part 13 packet comprised in this frame.In addition, here, the quantity of interface 11-k is 4, but is not limited to this in the present invention, as long as configuration is more than or equal to 1 interface (k=1 ~ N, N: natural number).
Real-time clock 19 exports the signal representing current time.
Storage part 12 comprises volatile storage portion 14 and non-volatile memories portion 15.Volatile storage portion 14 is RAM (Random Access Memory), for control part 13 provides service area.Non-volatile memories portion 15 is such as hard disk or FlashROM.In this non-volatile memories portion 15, except the ID data representing the ID that this relay 10 is intrinsic, also store spam transmission source address list 16 and control program 17.
Spam transmission source address list 16 is the lists for logging in as the e-mail address of the transmission source process of spam in this relay 10.
Control program 17 has 4 functions shown below.
A. spam discards function
Its role is to, in the pay(useful) load portion of the packet sent from communication interface 11-2, comprise with the e-mail address of terminal 20-i for sending the e-mail message of target email addresses, and the transmission source e-mail address of this e-mail message is when being logged in spam transmission source address list 16, this e-mail message discarded.
B. setting data systematic function
Its role is to, be not logged in spam transmission source address list 16 at the transmission source e-mail address of e-mail message, and when comprising the regulation character string be against social ethics in its mail body, generate setting data, this setting data refer to this e-mail message transmission source e-mail address and to log in spam transmission source address list 16 the relevant order of e-mail address this to data.
C. setting data distribution function
Its role is to, generate the e-mail message, i.e. the update notification e-mail message that comprise the setting data generated by the action of setting data systematic function, using the representative e-mail address in mailing list 32 i.e. " LIST@example1.net " as transmission target email addresses, send this update notification e-mail message.
D. setting content more New function
Its role is to, after transmission update notification e-mail message, HTTP (Hyper Text Transfer Protocol) message is received from terminal 20-i, when comprising the identical setting data of the setting data that generates with the action by setting data systematic function in the HTTP message received, according to this setting data, the setting content carrying out this relay 10 upgrades.
Below, the action of present embodiment is described.Fig. 4 is the flow chart of the action of the relay 10 represented in present embodiment.The control part 13 of relay 10, when sending packet from communication interface 11-1,11-2 at every turn, carries out the action shown in Fig. 4.In a series of process shown in Fig. 4, step S100 ~ S130 is the process that the action of discarding function by spam is performed by control part 13, step S140 ~ S150 is the process performed by control part 13 by the action of setting data systematic function, step S160 ~ S170 is the process performed by control part 13 by the action of setting data distribution function, and step S180 ~ S230 is the process performed by control part 13 by the action of setting content more New function.
In the diagram, if send packet from communication interface 11-1,11-2, whether then the control part 13 of relay 10 judges in the pay(useful) load portion of this packet, comprise with the some e-mail message (S100) for sending target email addresses in the e-mail address of terminal 20-i.
When comprising corresponding e-mail message in the pay(useful) load portion of packet (S100: yes), control part 13 takes out e-mail message from the pay(useful) load portion of this packet, carries out storing (S110) to the storage area guaranteed in volatile storage portion 14 (being called " will judge email storage region ").Then, control part 13 determining storage will judge whether the transmission source e-mail address of the e-mail message in email storage region has logged in spam transmission source address list 16 (S120).Then, when transmission source e-mail address has logged in spam transmission source address (S120: yes), control part 13 is by this e-mail message discarded (S130).
In addition, when the transmission source e-mail address being stored in the e-mail message that will judge in email storage region does not log in spam transmission source address (S120: no), control part 13 judges in the mail body of this e-mail message, whether comprise the regulation character string (S140) be against social ethics.Judgement in this step S140 is such as contrasted carried out by the content of including of the character string that mail body described and judging rubbish mail dictionary file.
Control part 13 is in step S140, be judged to be stored in the mail body of the e-mail message that will judge in email storage region when not comprising the character string be against social ethics (S140: no), carry out passing on process (S300).Pass in process at this, control part 13 constructs to be stored in and will judge the packet of the e-mail message in email storage region as pay(useful) load portion, is sent by the frame comprising this packet from communication interface 11-1.
Control part 13 is in step S140, be judged to be stored in the mail body of the e-mail message that will judge in email storage region when comprising the character string be against social ethics (S140: yes), carry out setting data generating process (S150).In this setting data generating process, control part 13 by indicate the order (being called " address registration order ") logging in e-mail address in spam transmission source address list 16 and the mail head of e-mail message that will judge in email storage region to describe transmission source e-mail address this to data, as setting data.
Then, control part 13 is encrypted (S160).In this encryption, control part 13 reads the ID data that non-volatile memories portion 15 stores.Then, the private key that control part 13 utilizes this relay 10 intrinsic, the data group of 4 kinds of data that the time span data being set in the expression time span this relay 10 to the time data by the setting data generated in the ID data read from non-volatile memories portion 15, step S150, its expression current time exported from real-time clock 19 when generating and the valid expiration date as setting data are formed is encrypted, and generates encrypted data thus.
Control part 13, after carrying out the process of update notification mail sending (S170), enters above-mentioned process (S300) of passing on.In update notification mail sending process in step S170, new e-mail message is generated in the storage area (being called " new mail storage area ") that control part 13 is guaranteed in volatile storage portion 14, in this e-mail message, copy the text segment in the mail head and its mail body that will judge the e-mail message that email storage region stores.Then, after the text character string in this text segment, describe the URL of character string (being called " upgrade and confirm to entrust character string ") and this relay 10 that the confirmation of more fresh content is entrusted.Upgrade and confirm to entrust character string can be set to following content, that is, " this mail is judged as the suspicion of spam.By being logged in lists by the transmission source address of this mail, the mail being transmission source with this address will be rejected.When hope logs in list, following URL please be uploaded to.”。
In the process of update notification mail sending, section additional new in the mail body of the e-mail message that control part 13 stores at new mail storage area, the encrypted data that encryption by step S160 is generated, as this additional section content body and describe.In addition, by the transmission target email addresses described in the mail head of this e-mail message, the representative e-mail address being replaced into mailing list 32 is " LIST@example1.net ", using this e-mail message as update notification e-mail message.If control part 13 finishes the generation of update notification e-mail message, then the packet that to build with this update notification e-mail message be pay(useful) load portion, and the frame comprising the packet constructed is sent from communication interface 11-1.
If mail piece server unit 30 obtains update notification e-mail message from relay 10, confirm that i.e. " LIST@example1.net " this transmission target email addresses for representing e-mail address, then with the quantity copy update informing E-mail message identical with terminal 20-i, by the update notification e-mail message copied, be stored in respectively in the mailbox of each terminal 20-i in mailbox database 31.Above-mentioned update notification e-mail message is delivered to each terminal 20-i respectively according to POP3, and the e-mail message obtained separately shows as mail picture by each terminal 20-i.
Fig. 5 is the terminal 20-1 (e-mail address: XXX@example1.net) of one of the transmission target represented as update notification e-mail message, the figure of an example of the mail picture shown when obtaining update notification e-mail message.In the example of fig. 5, in the header display field 51 of mail picture, display represents receiver, addresser, exercise question, date of shipping and each character string of time, in the information that the mail head of respective the right display update informing E-mail message describes, that is, target email addresses, transmission source e-mail address, exercise question and date of shipping and time is sent.
In addition, in the text display field 52 of this mail picture, display is stored in the text of the e-mail message that will judge in email storage region, that is, and " photo of SSS ..., how wait." character string.Then, " this mail is judged as the suspicion of spam in thereunder display.By being logged in lists by the transmission source address of this mail, the mail being transmission source with this address will be rejected.When hope logs in list, following URL please be uploaded to." character string and represent the character string of " http: // 133.176.74.1/decode.mail " of URL.Above-mentioned character string is described by the control part 13 of relay 10.
The user of terminal 20-i, with reference to the transmission source e-mail address in the header display field 51 of the mail picture shown by respective terminal 20-i and the body matter in text display field 52, judges whether this transmission source e-mail address to be logged in in spam transmission source address list 16.Further, if user is judged as transmission source e-mail address to be logged in in spam transmission source address list 16, then mouse pointer mp is moved to the URL in text display field 52, carry out the operation of left double-click.
If terminal 20-i to detect on the URL that to be moved to by mouse pointer mp in text display field 52 and has carried out this situation of double click operation, then obtain from DNS (Domain NameSystem) server (not shown) the IP address be associated with this URL this server, that is, the IP address of relay 10.Then, terminal 20-i takes out encrypted data from the update notification e-mail message acquired by this terminal 20-i, generates the HTTP message comprising this encrypted data.In addition, terminal 20-i build with this HTTP message be pay(useful) load portion, with the IP address of relay 10 for sending the packet of target ip address, and the frame comprising the packet constructed to be sent.The frame that the communication interface 11-1 receiving terminal 20-i of relay 10 sends, and the packet comprised in this frame is sent to control part 13.Due in the pay(useful) load portion of this packet, do not comprise with the e-mail address of terminal 20-i for sending the e-mail message of target email addresses, so the result of determination in the step S100 of Fig. 4 becomes "No".In the case, whether judge (S180) containing HTTP message in the pay(useful) load portion of control part 13 pairs of packets.
Control part 13, in step S180, when being judged to comprise HTTP message in the pay(useful) load portion of packet (S180: yes), judges (S190) whether comprising encrypted data in this HTTP message.
Control part 13 is in step S190, when being judged to comprise encrypted data in HTTP message (S190: yes), this encrypted data being stored to (S200) after in the storage area (being called " wanting data decryption storage area ") guaranteed in volatile storage portion 14, be decrypted process (S210).In this decryption processing, the private key that control part 13 utilizes this relay 10 intrinsic, wanting the encrypted data in data decryption storage area to be decrypted to being stored in, thus, the data group of ID data, time data, time span data and these 4 kinds of data of setting data being restored.
Then, control part 13 judges whether the data group of 4 kinds of data of being restored by the decryption processing of step S210 go out of use (S220).In more detail, control part 13 is not when the data group of 4 kinds of data of being restored by decryption processing meets the following conditions at least one in a, b, the data group of these data is considered as the data group discarded, when satisfying condition both a, b, be considered as the effective data group should not discarded.
A. the ID data of the data group of 4 kinds of data of being restored by decryption processing and the ID data consistent be stored in non-volatile memories portion 15 is formed.
B. the time span represented by time span data of the data group of 4 kinds of data of being restored by decryption processing is formed, longer than the time span till the moment represented by the time data from this data group of composition to the moment (from the current time that real-time clock 19 exports when specifically, decryption processing starts) performing decryption processing.
Control part 13, in step S220, when being judged to be that the data group of 4 kinds of data should go out of use (S220: yes), not entering later process and ends process.
In addition, control part 13, in step S220, when being judged to be that the data group of 4 kinds of data should not go out of use (S220: no), carries out setting update process (S230).In the setting update process of this step S230, the address registration order that setting data in restored by decryption processing 4 kinds of data is comprised by control part 13 is taken out, by performing the address registration order of taking out, thus the e-mail address comprised by this setting data logs in in spam transmission source address list 16.
Control part 13 is in step S180, when being judged to be that the pay(useful) load portion of packet does not comprise HTTP message (S180: no), or when being judged to be that in step S190 HTTP message does not comprise encrypted data (S190: no), not performing step S200 and enter step S300 to step S230.Such as, in the pay(useful) load portion of the packet sent from communication interface 11-1,11-2, comprising the request sent from terminal 20-i to the dns server (not shown) the Internet 90 or www server (not shown) or the response sent from these servers to terminal 20-i, control part 13 directly enters step S300 from step S180 or step S190, carries out following process of passing on.First, control part 13 by referring to the transmission target ip address of the packet sent from communication interface 11-1,11-2, thus determines the target of passing on of this packet.Then, be when sending the packet of target ip address delivery of with the IP address of the some or mail piece server unit 30 in terminal 20-i, the frame comprising this packet is sent from communication interface 11-1, when delivery of the packet that other IP addresses outside with terminal 20-i and mail piece server unit 30 are transmission target ip address, the frame comprising this packet is sent from communication interface 11-2.
As described above, in the present embodiment, the control part 13 of relay 10, when needing the situation logging in new e-mail address to spam transmission source address list 16 to occur, generates the instruction that logged in this list 16 by this e-mail address setting data as setting content.Then, the encrypted data that control part 13 obtains being encrypted the data group of this setting data, ID data, time data and these 4 kinds of data of time span data, the terminal 20-i as update notification e-mail message to this relay 10 subordinate sends with multiple addressing.Then, ID data in the 4 kinds of data comprised as data group from the HTTP message that terminal 20-i receives afterwards, with the ID data consistent of self be stored in non-volatile memories portion 15 (condition a), compared to the time span of moment to current time represented by the time data from this data group of composition, form the time span represented by time span data of this data group longer when (condition b), according to the setting data of this data group of composition, in spam transmission source address list 16, log in new e-mail address.Therefore, by limiting the transmission target sending update notification e-mail message from relay 10 with multiple addressing, thus the illegal renewal instruction that the computer can getting rid of the personnel of the renewal authority of the spam transmission source address list 16 being never endowed this relay 10 simply sends.
In addition, in the present embodiment, by setting model a, as confirming the condition logging in new e-mail address according to setting data to spam transmission source address list 16, thus the generation of following problems can be prevented, that is, the setting data that generates according to the device outside this relay 10 of relay 10, upgrades spam transmission source address list 16.In addition, by setting model b, thus the generation of following problems can be prevented, that is, relay 10 according to from have passed through when generating quite long-term between and lose the setting data of value already, upgrade spam transmission source address list 16.
In addition, according to the present embodiment, the generation of following problems can be prevented, namely, the e-mail message of spam will should not be judged to be at relay 10, when being judged to be spam mistakenly, the e-mail message later sent from this transmission source e-mail address continues to be discarded by relay 10.
(the 2nd execution mode)
Below, with reference to accompanying drawing, the 2nd execution mode of the present invention is described.In addition, in description of the present embodiment, for the part identical with the 1st execution mode structure, use identical label, omit detailed description.
In the present embodiment, relay 10 is when needing to log in the situation generation of new e-mail address to spam transmission source address list 16, carry out this e-mail address to log in the process in spam transmission source address list 16 as the 1st setting update process, the setting data then instruction being cancelled the 1st setting update process sends as update notification e-mail message.Then, relay 10 receives HTTP message from the terminal 20-i of this relay 10 subordinate, when comprising the setting data identical with the setting data sent to terminal 20-i as update notification e-mail message in this HTTP message, as the 2nd setting update process, carry out the process of being deleted from this list 16 by the e-mail address logged in spam transmission source address list 16.
Fig. 6 is the flow chart of the action of the relay 10 represented in present embodiment.In the action shown in Fig. 6, the control part 13 of relay 10, when the result of determination of step S140 is "Yes", performs step S141, then enters next step.In step s 141, control part 13 carries out the 1st setting update process.In the 1st setting update process, control part 13 will be stored in the transmission source e-mail address of the e-mail message that will judge in email storage region, log in in spam transmission source address list 16.
In addition, in the flow chart shown in Fig. 6, step S150, the S170 of the flow chart shown in Fig. 4 (the 1st execution mode) and step S230 are replaced into step S151, S171, S231.
If illustrated in greater detail, then in the setting data generating process of step S151, control part 13 by instruction from spam transmission source address list 16 delete an e-mail transmission source e-mail address that the order (being called " address delete command ") of address and the mail head of e-mail message that will judge email storage region describe this to data, as setting data.
In addition, in the update notification mail sending process of step S171, control part 13 is for the e-mail message generated in new mail storage area, after the text segment be stored in the mail head of the e-mail message that will judge in email storage region and mail body thereof is copied, describe after text character string in this text segment " because this mail is judged as the suspicion of spam, so the e-mail address of transmission source is logged in in list.When not wishing to log in, following URL please be uploaded to." like this renewal of content confirm the URL entrusting character string and this relay 10, using this e-mail message as update notification e-mail message.
In addition, in the 2nd setting update process in step S231, control part 13 takes out address delete command from setting data, and by performing the address delete command taken out, thus the e-mail address comprised by this setting data is deleted from spam transmission source address list 16.
In the present embodiment, also the generation of following problems can be prevented, namely, the e-mail message of spam will should not be judged to be at relay 10, when being judged to be spam mistakenly, the e-mail message later sent from this transmission source e-mail address continues to be discarded by relay 10.
Above, be illustrated for an embodiment of the invention, but the present invention can have other execution modes.Such as, as shown in following.
(1) in the above-mentioned 1st and the 2nd execution mode, in step S230 or step S231,2 condition a, b are provided with as confirming to log in new e-mail address to spam transmission source address list 16 or carry out the condition of deleting.But, also can only setting model b.In the present embodiment, as long as after the control part 13 of relay 10 restores the data group of ID data, time data, time span data, setting data in the data of the encryption comprised from HTTP message, in the time span represented by the time span data of this data group of composition, longer than the time span of moment to current time represented by the time data from this data group of composition (satisfy condition b when), carry out setting update process according to the setting data of this data group of composition.
(2) in the above-mentioned 1st and the 2nd execution mode, the control part 13 of relay 10 uses the intrinsic private key of this relay 10 to be encrypted and decryption processing.But, the intrinsic PKI of this relay 10 also can be used to be encrypted, to use the private key paired with this PKI to be decrypted process.
(3) in the above-mentioned 1st and the 2nd execution mode, the data group of setting data, ID data, time data, time span data sends as update notification e-mail message to terminal 20-i by the control part 13 of relay 10, and the setting data comprised in this update notification e-mail message sends as HTTP message to relay 10 by terminal 20-i.But, for the sending/receiving of the setting data between this relay 10 and terminal 20-i, also can carry out in the mode of the message (message under such as, instant messaging, IP phone, push-type e-mail (Push e-mail) agreement) meeting other agreements.
(4) in the above-mentioned 1st and the 2nd execution mode, the control part 13 of relay 10 also can receive HTTP message from some (such as the terminal 20-1) terminal 20-i, according to the setting data comprised in this HTTP message, when have updated the setting of this relay 10, not the terminal 20-2 of the transmission source of this HTTP message, the address of 20-3 have sent according to multiple addressing in the terminal 20-i of update notification e-mail message, sending the message comprising and represent the complete data of renewal upgrading this situation complete as sending destination address.According to the present embodiment, the user of notification terminal 20-2,20-3 can not need to carry out following operation, that is, indicate and in spam transmission source address list 16, log in e-mail address or deleted.In addition, the control part 13 of relay 10 also can receive HTTP message from some (such as the terminal 20-1) of terminal 20-i, according to the setting data comprised in this HTTP message, when have updated the setting of this relay 10, to the message representing the complete data of renewal upgrading this situation complete be comprised, send to all terminal 20-i as this relay 10 subordinate.According to the present embodiment, can notification terminal 20-1 user to spam transmission source address list 16 log in e-mail address or the action of being deleted complete smoothly.
(5) in the step S230 of the 1st execution mode or the step S231 of the 2nd execution mode, the control part 13 of relay 10 also can in the following manner, judges the data group of 4 kinds of data of being restored by the decryption processing b that whether satisfies condition.First, control part 13 by form the data group of 4 kinds of data of being restored by decryption processing time span data, compare with the time span data of setting themselves, select a shorter side.In addition, by the time span represented by the time span data of this selection, compare with the time span from moment to the moment performing decryption processing represented by the time data forming this data group, when the time span represented by the time span data of this selection is longer, be judged as the b that satisfies condition.
(6) also can the control program 17 in the above-mentioned 1st and the 2nd execution mode be downloaded in computer from the server unit the Internet 90, this computer is worked as relay 10.In addition, also can distribute said procedure is stored in after in storage medium.
(7) in the above-mentioned 1st and the 2nd execution mode, as the example of the setting data of the setting content of expression relay 10, enumerated e-mail message transmission source e-mail address and to log in spam transmission source address list 16 the relevant order of e-mail address this to data, but the setting data in the present invention is not limited thereto.That is, the example as setting data can enumerate following (A)-(D).
(A) change 1 of allocated bandwidth
In relay 10, in order to when QoS (Quality ofService) function action of bandwidth control mode, set the relative importance value of the packet sent, and in relay 10, carry out the division of classification (class).Now, the traffic of control part 13 to each classification of relay 10 monitors.When the deviation certain time of control part 13 between the traffic being judged as a certain classification and set bandwidth, generate the setting data for changing set amount of bandwidth allocation.Then, the terminal 20-i of generated setting data to this relay 10 subordinate sends by control part 13.The user of terminal 20-i confirms the setting data received, and comprises the message of this setting data to relay 10 foldback.Thus, the sendout of such other bandwidth can be ratified by the user of terminal 20-i.
(B) change 2 of allocated bandwidth
In relay 10, when the qos feature action of bandwidth control mode, the cpu load rate of control part 13 to self of relay 10 monitors.Control part 13, when being judged as that cpu load rate exceedes the threshold value preset, determines the classification that cpu load rate is raised, and generates the setting data for changing the amount of bandwidth allocation to this category setting.Then, the terminal 20-i of generated setting data to this relay 10 subordinate sends by control part 13.The user of terminal 20-i confirms the setting data received, and comprises the message of this setting data to relay 10 foldback.Thus, such other amount of bandwidth allocation can be ratified by the user of terminal 20-i.
(C) switching on WAN (Wide Area Network) side line road
The control part 13 of relay 10 monitors the packet relevant to particular terminal by relay.Be judged as that the packet packet loss relevant to this particular terminal increases at control part 13, and for this particular terminal with the Late phase of packet than when more wishing there is no packet loss, control part 13 generates the setting data being used for the communication network (circuit of WAN-side) of the packet relevant to particular terminal being switched to the less circuit of packet loss.Then, the terminal 20-i of generated setting data to this relay 10 subordinate sends by control part 13.The user of terminal 20-i confirms the setting data received, and comprises the message of this setting data to relay 10 foldback.Thus, can by the switching of user's approved circuit of terminal 20-i.In addition, as circuit-switched example, have and switch from the Internet line road direction isdn line, or from isdn line to satellite circuit switching etc.
(D) setting of restrict access is changed
When relay 10 has server capability, relay 10 monitors all the time to the access situation from client terminal.Control part 13 is when being judged as being more than or equal to threshold value from the traffic of certain terminal, access from this client terminal being judged to be DoS attack (Denial of Service Attack), generating for utilizing interface portion cut-out from the setting data of the communication of this terminal.Then, the terminal 20-i of generated setting data to this relay 10 subordinate sends by control part 13.The user of terminal 20-i confirms the setting data received, and comprises the message of this setting data to relay 10 foldback.Thus, can be ratified to cut off the communication between this terminal by the user of terminal 20-i.
Claims (8)
1. a relay, is characterized in that, has:
Generation unit, it generates the setting data being used to indicate the setting content of relay;
Dispatching Unit, it for sending destination address, sends the message comprising the setting data that described generation unit generates with the specified address in the communication network of this relay subordinate; And
Updating block, its communication network from described subordinate receives message, when comprising the setting data identical with the setting data generated by described generation unit in the message received, according to the setting data comprised in this message, upgrade the setting content of this relay.
2. relay according to claim 1, is characterized in that,
Also have real-time clock, it exports current time,
Described Dispatching Unit, by comprising the setting data generated by described generation unit, the message representing the time data generating the moment of described setting data and the time span data representing official hour length, sends to described transmission destination address,
Described updating block comprises setting data in the message received from the communication network of described subordinate, time data, when time span data, the time span of moment represented by the time data that the message received from this is comprised to the current time that described real-time clock exports, time span represented by the time span data comprised with the described message received compares, when the time span represented by the time span data that the described message received comprises is longer, the setting data comprised according to the described message received carries out the renewal of setting content.
3. relay according to claim 1, is characterized in that,
Described updating block carries out the 1st setting update process, that is, before described Dispatching Unit sends described setting data, preset the setting content of this relay,
Described updating block carries out the 2nd setting update process, namely, message is received from the communication network of described subordinate, when comprising the setting data identical with the setting data generated by described generation unit in the message received, according to the setting data that this message comprises, delete the setting content upgraded in advance in this relay.
4. relay according to claim 1, is characterized in that,
The setting content of described relay is, carries out the login of e-mail address in the list of spam transmission source address.
5. relay according to claim 4, is characterized in that,
Described setting data comprises: the transmission source e-mail address of regulation; And address registration order, its instruction logs in the transmission source e-mail address of this regulation in the list of described spam transmission source address,
Described updating block receives message from the communication network of described subordinate, when comprising described address registration order in the message received, logs in the transmission source e-mail address of described regulation in the list of described spam transmission source address.
6. relay according to claim 4, is characterized in that,
Described setting data comprises: transmission source e-mail address; And address delete command, its instruction deletes this transmission source e-mail address from the list of described spam transmission source address,
Described updating block carries out the 1st setting update process, that is, in the list of described spam transmission source address, log in the transmission source e-mail address of regulation in advance,
Described updating block carries out the 2nd setting update process, namely, receive message from the communication network of described subordinate, when comprising described address delete command in the message received, delete the transmission source e-mail address of described regulation from the list of described spam transmission source address.
7. relay according to claim 1, is characterized in that,
Also have transmitting element, it is when described updating block has carried out renewal to the setting content of this relay, and the communication network to described subordinate sends and comprises the message upgrading complete data.
8. a setting update method for relay, is characterized in that, has following step, that is:
Generate the step being used to indicate the setting data of the setting content of relay;
With the address of the regulation in the communication network of this relay subordinate for sending destination address, send the step comprising the message of the setting data generated in described generation step; And
Receive message from the communication network of described subordinate, when comprising the setting data identical with the setting data generated in described generation step in the message received, according to the setting data that this message comprises, upgrade the step of the setting content of this relay.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2009062499A JP5417914B2 (en) | 2009-03-16 | 2009-03-16 | Relay device and program |
| JP2009-062499 | 2009-03-16 | ||
| PCT/JP2010/054455 WO2010107031A1 (en) | 2009-03-16 | 2010-03-16 | Relay device, setting update method, and program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102356611A CN102356611A (en) | 2012-02-15 |
| CN102356611B true CN102356611B (en) | 2015-05-06 |
Family
ID=42739691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201080012509.8A Active CN102356611B (en) | 2009-03-16 | 2010-03-16 | Relay device, setting update method, and program |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP5417914B2 (en) |
| CN (1) | CN102356611B (en) |
| WO (1) | WO2010107031A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114389872A (en) * | 2021-12-29 | 2022-04-22 | 卓尔智联(武汉)研究院有限公司 | Data processing method, model training method, electronic device, and storage medium |
| CN116033413B (en) * | 2023-01-30 | 2023-08-29 | 广州爱浦路网络技术有限公司 | Privacy security enhancement method for relay communication |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004082251A1 (en) * | 2003-02-10 | 2004-09-23 | Guang Feng | Receiver-side-led communication method, communication apparatus and communication program |
| JP2004254034A (en) * | 2003-02-19 | 2004-09-09 | Fujitsu Ltd | System and method for controlling spam mail suppression policy |
| JP2005251230A (en) * | 2005-05-10 | 2005-09-15 | Nec Corp | Mail server |
| JP2008139926A (en) * | 2006-11-30 | 2008-06-19 | Database Consultants Corp | Email server apparatus and email server program |
-
2009
- 2009-03-16 JP JP2009062499A patent/JP5417914B2/en active Active
-
2010
- 2010-03-16 WO PCT/JP2010/054455 patent/WO2010107031A1/en active Application Filing
- 2010-03-16 CN CN201080012509.8A patent/CN102356611B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102356611A (en) | 2012-02-15 |
| JP2010219731A (en) | 2010-09-30 |
| JP5417914B2 (en) | 2014-02-19 |
| WO2010107031A1 (en) | 2010-09-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7774411B2 (en) | Secure electronic message transport protocol | |
| CN107533535B (en) | Centralized authentication of email senders through EHLO name and IP address targeting | |
| US9106684B1 (en) | System and method for packet profiling | |
| US8819410B2 (en) | Private electronic information exchange | |
| US7233997B1 (en) | Data communications | |
| US20090138711A1 (en) | Sender Email Address Verification Using Reachback | |
| EP1788770A1 (en) | A method for establishing a secure e-mail communication channel between a sender and a recipient | |
| US20050044156A1 (en) | Verified registry | |
| US20050044155A1 (en) | Method of authorizing email senders | |
| WO2008004064A1 (en) | Proxy server | |
| Saint-Andre | Best Practices to Discourage Denial of Service Attacks | |
| WO2005001733A1 (en) | E-mail managing system and method thereof | |
| CN102356611B (en) | Relay device, setting update method, and program | |
| JP5206220B2 (en) | Relay device and program | |
| US20070297408A1 (en) | Message control system in a shared hosting environment | |
| Riabov | SMTP (simple mail transfer protocol) | |
| Erickson et al. | The Effectiveness of Whitelisting: a User-Study. | |
| JP4276105B2 (en) | E-mail system | |
| CA2328548A1 (en) | Privacy system | |
| US11916873B1 (en) | Computerized system for inserting management information into electronic communication systems | |
| GB2463532A (en) | Email filtering based upon security information embedded in mail or provided through web based challenge response system | |
| Douglas | Circumvention of censorship of internet access and publication | |
| JP2009031976A (en) | E-mail system | |
| JP2022087410A (en) | server | |
| Venema | CPJ Koymans1, J. Scheerder2 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |