JP2005210455A - E-mail relay device - Google Patents

Abstract

PROBLEM TO BE SOLVED To reduce the processing load of an electronic server by efficiently filtering electronic mail.
An e-mail relay device is a relay device that transfers an e-mail received via a network to an e-mail server. The communication unit 110 receives an e-mail and extracts its transmission destination address. The communication unit 110 further acquires from the external database a list of addresses set so as to be able to receive e-mails at the e-mail server. The data processing unit 140 determines whether or not the extracted transmission destination address exists in the acquired list. The data processing unit 140 determines whether to transfer the received e-mail to the e-mail server based on the determination result. The communication unit 110 transfers the email determined to be transferred to the email server.
[Selection] Figure 2

Description

  The present invention relates to a technique for transferring an e-mail to an e-mail server, and more particularly to a technique for selecting an e-mail and changing an e-mail process according to the result.

  In recent years, with the spread of computers and the advancement of network technology, the exchange of electronic information via the network has become popular. As a result, many of the business processes that have been conventionally performed on a paper basis are being replaced by network-based processes. A typical example of such a communication tool is e-mail.

  E-mail is transmitted / received via a server device called an e-mail server mainly according to a protocol such as SMTP (Simple Mail Transfer Protocol) or POP (Post Office Protocol). This explosive increase in email increases the processing load on the email server. In addition, the storage capacity of the e-mail server is constantly urged to be increased in response to an increase in e-mails sent and received.

  Furthermore, the increase in spam mails called spam mails increases the processing load on the electronic mail server and the pressure on storage capacity. In particular, junk e-mail has become a serious problem in e-mail using mobile phones. In one mobile phone network, about 1 billion e-mails are sent and received per day, of which 800 million are said to be junk e-mails with unknown destinations.

As a countermeasure against the problem associated with the increase in the number of e-mails, there is a method of selecting e-mails received by the e-mail server. For example, the e-mail server sets so that e-mail sent from a specific transmission source is discarded upon reception. As a result, the electronic mail server prevents the storage capacity from being compressed by receiving the junk mail. Various proposals have been made as a method by which an e-mail server sorts e-mails.
JP 2003-18324 A

  However, for example, a large-scale mobile phone network constructed for each mobile phone company includes a large number of electronic mail servers. The fact that all of a large number of e-mail servers in such a large-scale network are equipped with an e-mail selection function has a heavy maintenance load. There is also a problem that the processing load of the electronic mail server is increased in order to perform selection of electronic mail. As described above, in the conventional electronic mail system, it is difficult to completely prevent junk mail.

  The present invention has been made in view of such a background, and an object thereof is to provide a technique for efficiently selecting e-mails transferred to an e-mail server in a large-scale network.

In order to solve the above problems, an electronic mail relay apparatus according to an aspect of the present invention is a relay apparatus that transfers an electronic mail received via a network to an electronic mail server. This device
When the e-mail is received, the destination address of the received e-mail is extracted. In addition, a list of addresses set so as to be able to receive e-mails is acquired from an external database. Then, based on the result of determining whether or not the extracted transmission destination address exists in the acquired list, it is determined whether or not to transfer the received electronic mail to the electronic mail server. The e-mail that has been determined to be transferred is transferred to the e-mail server.

  The “address” may be an e-mail address of a terminal that is an e-mail transmission source or a terminal that is a transmission destination, or may be an IP (Internet Protocol) address. Alternatively, it may be an address such as an e-mail server or a router through which the e-mail passes.

  According to this aspect, the e-mail relay device temporarily blocks an e-mail that has arrived via an external network when it is transferred to the e-mail server. Then, the e-mail relay device refers to a preset list of e-mail recipients, and determines whether to transfer the received e-mail to the e-mail server. E-mails with unknown destinations that do not exist in this list are eliminated before they are transferred to the e-mail server. Thereby, the processing load of the electronic mail server is reduced.

  After e-mail filtering by the e-mail relay device, e-mail filtering may be performed on the e-mail server based on other conditions. In this case, the e-mail relay device may perform filtering from a viewpoint common to all e-mail servers. The electronic mail server may perform finer filtering according to the client terminal in charge of the electronic mail server. Thereby, the burden by the filtering process of an electronic mail server can be reduced compared with the conventional method. In addition, since the guidelines for filtering e-mails by the e-mail relay device are centrally managed, there is an effect that the maintenance burden on the entire system is reduced as compared with the case where settings are made for each e-mail server. In particular, for a large number of electronic mail servers in a cellular phone network, the effect of providing the electronic mail relay device according to the aspect of the present invention is great.

  Another aspect of the present invention is also a relay device that transfers an e-mail received via a network to an e-mail server. When this apparatus receives an e-mail, it extracts the source address of the received e-mail. In addition, a list of addresses set in advance as source addresses to which transfer should be rejected is acquired from an external database. Based on the result of determining whether or not the extracted transmission source address exists in the acquired list, it is determined whether or not to transfer the received electronic mail to the electronic mail server. The e-mail that has been determined to be transferred is transferred to the e-mail server.

  When the sender address that is the source of the spam mail is specified, the sender address may be set as the sender address to be rejected. With reference to the list of source addresses to which transfer should be rejected, e-mails transmitted from the corresponding source address are excluded. Thereby, the electronic mail from the transmission source used as the transmission source of junk mail can be excluded effectively. Since the e-mail relay device installed not in the e-mail server but in front of the e-mail server eliminates, the processing load of the e-mail server is reduced.

  It should be noted that any combination of the above-described constituent elements and a conversion of the expression of the present invention between a method, an apparatus, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.

  According to the present invention, it is possible to reduce the load on the electronic mail system by efficiently filtering the electronic mail.

  FIG. 1 is a hardware configuration diagram of an electronic mail relay device 100 according to an embodiment. The electronic mail relay device 100 receives an electronic mail from the outside via the Internet 12. The e-mail relay device 100 performs e-mail filtering, and transfers e-mails that are allowed to pass through the e-mail to the e-mail server group 200 connected via the network line. The e-mail server group 200 is an MTA (Message Transfer Agent) group including a plurality of server devices (hereinafter simply referred to as “e-mail server 202”) such as an e-mail server 202a, an e-mail server 202b, and an e-mail server 202c. It is.

  The electronic mail server group 200 is connected to the client terminal group 300 via a network line. The client terminal group 300 is a MUA (Mail User Agent) group composed of a plurality of terminals (hereinafter simply referred to as “client terminals 302”) such as a client terminal 302a, a client terminal 302b, a client terminal 302c, and a client terminal 302d. .

  Each electronic mail server 202 is responsible for a plurality of client terminals 302 and has a storage area called a mailbox corresponding to each of the client terminals 302 in charge. The client terminal 302 transmits / receives e-mails via a mail box corresponding to the e-mail server 202 in charge of the client terminal 302. Hereinafter, sending an e-mail from the client terminal 302 via the e-mail server 202 and the e-mail relay apparatus 100 is referred to as “transmission to the outside”, and via the e-mail relay apparatus 100 and the e-mail server 202. The reception of an electronic mail by the client terminal 302 is referred to as “reception from the outside”.

  The electronic mail relay device 100 is connected to the address database 210. The address database 210 is a database in which the address of the client terminal 302 is registered. Only the client terminal 302 having an address registered in this database can receive an external e-mail. Hereinafter, this address list held by the address database 210 is referred to as a “receivable address list”. The e-mail relay apparatus 100 itself may have this receivable address list. When the electronic mail relay apparatus 100 receives an electronic mail from the outside, the electronic mail relay apparatus 100 searches whether or not the transmission destination address is registered in the receivable address list. If it is not registered, it is discarded as an email with unknown destination (hereinafter simply referred to as “destination unknown email”). Hereinafter, the reception of the email with unknown transmission destination by the electronic mail relay device 100 is referred to as illegal reception.

  The electronic mail relay device 100 further performs filtering on the electronic mail whose transmission destination has been identified. This filtering is executed from the viewpoint of adjusting the amount of communication in view of the processing load of the email server group 200. Then, the e-mail relay device 100 transfers the e-mail permitted to be transferred to the e-mail server group 200 by filtering to the corresponding e-mail server 202 mailbox. The client terminal 302 acquires e-mail from the outside in accordance with POP from the mail box of the e-mail server 202.

  When sending an e-mail to the outside, the client terminal 302 sends the e-mail to the mailbox of the e-mail server 202 in accordance with SMTP. The e-mail server 202 transmits the e-mail acquired from the client terminal 302 to the transmission destination via the e-mail relay apparatus 100.

  FIG. 2 is a functional block diagram of the electronic mail relay device 100. Each component of the electronic mail relay device 100 includes a CPU, a memory of a computer, a program for realizing the components of this figure loaded in the memory, a storage unit such as a hard disk for storing the program, and a network connection interface. Although it is mainly realized by an arbitrary combination of hardware and software, it will be understood by those skilled in the art that there are various modifications in the implementation method and apparatus. Each drawing described below shows a functional unit block, not a hardware unit configuration.

  The electronic mail relay device 100 includes a communication unit 110, a user interface processing unit 130, a data processing unit 140, and a data storage unit 160. The communication unit 110 is mainly in charge of communication processing with the Internet 12 and the electronic mail server 202. The user interface processing unit 130 receives an operation input by the user and displays information to the user. The user performs control related to the operation of the electronic mail relay apparatus 100 such as activation and stop of the electronic mail relay apparatus 100 via the user interface processing unit 130. The electronic mail relay device 100 may be executed by multi-process processing or may be executed by single process processing. The user switches these operations via the user interface processing unit 130. In response to an instruction from the communication unit 110 or the user interface processing unit 130, the data processing unit 140 processes the data stored in the data storage unit 160. More detailed functional blocks of the communication unit 110 and the data processing unit 140 will be described later with reference to FIGS. 3 and 4, respectively. The data storage unit 160 stores various data.

  The data storage unit 160 includes an address filter condition storage unit 162, a traffic filter condition storage unit 164, a transfer destination table storage unit 166, an unauthorized reception number storage unit 170, and a log file storage unit 168. The address filter condition storage unit 162 stores address filter condition setting information. The traffic filter condition storage unit 164 stores traffic filter condition setting information. The address filter condition is a condition for filtering based on a transmission destination address or a transmission source address of an electronic mail. The traffic filter condition is a condition for filtering based on the reception status of electronic mail. The unauthorized reception count storage unit 170 stores, for each address of a transmission source (hereinafter referred to as “illegal transmission source”) that transmits an unknown email address, the number of unknown emails received from the unauthorized transmission source (hereinafter, “ Stores the number of illegal receptions). The data structures of the address filter condition storage unit 162, the traffic filter condition storage unit 164, and the unauthorized reception frequency storage unit 170 will be described later in detail with reference to FIGS.

  The transfer destination table storage unit 166 stores a transfer destination table set for the e-mail server 202 to which e-mail received from the outside is to be transferred. When the electronic mail server group 200 is an MTA group in a mobile phone network of a mobile phone company, each electronic mail server 202 may be assigned to each mobile phone company. For example, if the e-mail received from the outside is an e-mail transmitted from the cell phone network of the cell phone company A, an e-mail server 202 corresponding to the cell phone network is assigned. If the email is an email transmitted from the cellular phone network of the cellular phone company B, another email server 202 corresponding to the cellular phone network is assigned. In this case, the electronic mail server 202 is assigned according to the address of the transmission source of the electronic mail received from the outside. At this time, the transfer destination table records the IP address of the sender of the email received from the outside and the IP address of the email server 202 in association with each other.

  The log file storage unit 168 stores a log file. The log file here includes, for example, the time when the communication unit 110 receives an email, the IP address of the client terminal 302 that is the transmission source and the email server 202 that is the transfer destination, the email address of the transmission source, and the transmission destination In addition to a log related to sending / receiving e-mail such as an e-mail address, this file records a log related to operations of the e-mail relay device 100 such as activation, stop, and error. The user acquires the log file stored in the log file storage unit 168 via the user interface processing unit 130.

  FIG. 3 is a functional block diagram showing the functions of the communication unit 110 in more detail. The communication unit 110 includes a mail reception unit 112, a header extraction unit 114, a server transfer unit 116, a mail transmission unit 118, a communication load detection unit 120, and a receivable address list acquisition unit 126. The mail receiving unit 112 receives an e-mail. The external e-mail server 202 through which the e-mail has been received by the e-mail receiving unit 112 adds the IP address to the e-mail header as header information. Hereinafter, this IP address is referred to as a “routed IP address”. The via IP address includes the IP address of the transmission source terminal.

  The header extraction unit 114 extracts header information given to the electronic mail received by the mail reception unit 112. The header extraction unit 114 includes a transmission source address extraction unit 128 and a transmission destination address extraction unit 138. The transmission source address extraction unit 128 extracts the transmission source address of the electronic mail received by the mail reception unit 112. The transmission source address here also includes a routed IP address of the email server 202 through which the email receiver 112 has received the email. The transmission destination address extraction unit 138 extracts the transmission destination address of the email received by the mail reception unit 112. Based on the transmission source and transmission destination addresses extracted by the header extraction unit 114, the data processing unit 140 determines whether the electronic mail received by the mail reception unit 112 is an external electronic mail or an external electronic mail.

  If the received e-mail is an e-mail to the outside, the mail transmission unit 118 transmits the e-mail to the Internet 12. If the received e-mail is an e-mail from the outside, the server transfer unit 116 transfers the received e-mail to the e-mail server 202 in accordance with an instruction from the data processing unit 140. Whether or not transfer is possible and the e-mail server 202 as the transfer destination are specified by the data processing unit 140.

  When the mail receiving unit 112 receives an e-mail from the outside, the receivable address list obtaining unit 126 accesses the address database 210 and obtains a receivable address list. An e-mail to a destination address that does not exist in the receivable address list is rejected by the data processing unit 140 as unauthorized reception.

  The communication load detection unit 120 detects a communication load related to reception of electronic mail. The communication load detection unit 120 includes a session number detection unit 122 and a mail number detection unit 124. The session number detection unit 122 detects the number of sessions for the electronic mail relay device 100 to receive electronic mail. A session refers to a communication path established for e-mail transmission between the e-mail relay apparatus 100 and the client terminal 302 that has transmitted the e-mail to the e-mail relay apparatus 100 from the outside.

  The session number detection unit 122 may detect the number of sessions established when the mail reception unit 112 receives an email. Alternatively, the session number detection unit 122 may detect the number of sessions established per unit time set in advance. For example, the number-of-sessions detection unit 122 detects the number of sessions established in the period from the time when the e-mail is received to the time that goes back by this preset unit time. Even if a session established within this unit time is disconnected, the number of sessions does not decrease. That is, the session established per unit time here means the total number of sessions established within this unit time.

  The mail number detection unit 124 detects the number of e-mails received by the e-mail relay device 100 per unit time set in advance. For example, the mail number detection unit 124 detects the number of e-mails received during a period from the e-mail reception time to a time that goes back by the preset unit time. The mail number detection unit 124 may detect the total information amount of the electronic mail received per unit time. Further, the mail number detection unit 124 may detect the number of e-mails transmitted by the e-mail relay device 100 per unit time, or may detect the total amount of information.

  FIG. 4 is a functional block diagram showing the functions of the data processing unit 140 in more detail. The data processing unit 140 includes a transfer determination unit 150, a transfer destination determination unit 156, an unauthorized reception number counting unit 142, a threshold number determination unit 144, and a log generation unit 158. The transfer determination unit 150 determines a method for processing an email received from the outside based on the receivable address list, the address filter condition, and the traffic filter condition. The transfer determination unit 150 includes a transfer availability determination unit 152 and a transfer method determination unit 154. The transfer enable / disable determining unit 152 determines whether or not an electronic mail received from the outside should be transferred to the electronic mail server 202. The transfer method determination unit 154 determines a processing method when transferring an electronic mail received from the outside to the electronic mail server 202.

  As processing methods, there are five types of “delayed transmission”, “retransmission request”, “reception refusal”, and “discard” in addition to “normal transfer” which is normal transfer. In the case of “delayed transmission”, the transfer permission / non-permission determining unit 152 sends the received e-mail to the e-mail server after a preset delay time has elapsed from the time when the mail receiving unit 112 received the e-mail from the outside. 202. In the case of “retransmission request”, the transfer enable / disable determining unit 152 discards the received electronic mail. Then, the sender is requested to resend the same email as the received email. The source e-mail server that has received the retransmission request transmits the same e-mail to the e-mail relay apparatus 100 again. The client terminal 302 of the transmission source may retransmit the same electronic mail again after a predetermined time has elapsed after receiving the retransmission request from the electronic mail relay device 100. The transfer enable / disable determining unit 152 may include an instruction for requesting that the client terminal 302 serving as the transmission source perform retransmission after a predetermined time has elapsed in the retransmission request.

  In the case of “reception refusal”, the transfer possibility determination unit 152 discards the received electronic mail. Then, the sender is notified that the reception of the e-mail has been rejected. Even in the case of “discard”, the transfer enable / disable determining unit 152 discards the received e-mail. In this case, the sender is notified that the e-mail has been received in the same manner as when the e-mail was received normally. When a “reception refusal” is notified to a sender who sends junk mail, the sender may send the same junk mail from another transmission source. However, if the sender is notified by “discarding” as if the junk e-mail has been normally received, the sender is less likely to notice that the junk e-mail has not been received normally. Therefore, “destroy” is particularly effective as a countermeasure against spam mail.

  The transfer determination unit 150 searches the receivable address list acquired by the receivable address list acquisition unit 126, and determines that the transfer is rejected when the received electronic mail is a mail with unknown destination. If it is not a destination unknown mail, the forwarding determination unit 150 further determines whether forwarding is possible based on the address filter condition and the traffic filter condition. When the transfer determination unit 150 determines to transfer the e-mail to the e-mail server 202, the transfer destination determination unit 156 refers to the transfer destination table to determine the e-mail server 202 that is the transfer destination. The server transfer unit 116 transfers the e-mail received from the outside to the e-mail server 202 as the transfer destination determined by the transfer destination determination unit 156 according to the transfer method determined by the transfer method determination unit 154. The log generation unit 158 generates the various log files described above.

  The unauthorized reception count section 142 counts the unauthorized reception count. The unauthorized reception count section 142 counts the number of unauthorized receptions for each transmission source address of an unauthorized email. The number of fraudulent receptions may be a cumulative number after starting the electronic mail relay device 100, or may be the number of times per unit time. The threshold number determination unit 144 determines whether or not the number of illegal receptions exceeds a predetermined threshold (hereinafter referred to as “threshold number”). The threshold number is set by the user via the user interface processing unit 130, for example, “5 times per minute”. If the number of illegal receptions of an email received illegally from a certain source address exceeds the threshold number, the transfer permission / non-permission determining unit 152 subsequently determines that the email sent from the source address is not an unknown destination email. Decide not to transfer.

  FIG. 5 is a diagram showing a filter condition display screen 400 that displays filter conditions to the user. The filter condition display area 402 shows a list of filter conditions in which setting information is stored in the address filter condition storage unit 162 and the traffic filter condition storage unit 164. The filter condition ID column 404 indicates a filter condition ID that is an ID number for identifying the filter condition. The address type column 406 indicates the type of address used when the transfer determination unit 150 determines whether the address filter condition is satisfied. The type of address referred to here is any of a via IP address, a source e-mail address and a destination e-mail address, or any combination thereof. The target address column 408 indicates a setting value of an e-mail address or an IP address when the transfer determination unit 150 determines whether the address filter condition is satisfied. The traffic setting column 410 indicates the setting contents for the transfer determination unit 150 to determine whether the traffic filter condition is satisfied. The process setting column 412 shows a method for processing the received e-mail when these filter conditions are satisfied.

  When the new addition button 414 is pressed, a screen for setting and registering a new filter condition is displayed. When a predetermined filter condition is selected from the filter conditions displayed in the filter condition display area 402 by operating the mouse cursor and then the edit button 416 is pressed, a screen for editing the contents of the filter condition is displayed. Is done. These screens will be described in detail with reference to FIG. When a delete button 418 is pressed after selecting a predetermined filter condition from the filter conditions displayed in the filter condition display area 402, a confirmation message is displayed to the user, and then the selected filter condition is deleted. .

  In the figure, for example, in the case of a filter condition whose filter condition ID shown in the filter condition ID column 404 is “02”, the transit IP address described as the header information of the received electronic mail is “192.194.0. *”. ”And the e-mail address of the e-mail transmission source is“ yyy@xxx.com ”, if the number of sessions per 5 minutes exceeds 30, the e-mail is rejected. It is processed. Here, “*” is a wild card and represents an arbitrary number.

  FIG. 6 is a diagram showing a filter condition setting screen 420 for setting the filter conditions. The filter condition setting screen 420 is displayed when a new addition button 414 or an edit button 416 is pressed on the filter condition display screen 400. The address filter condition setting area 468 is an area for setting an address filter condition among the filter conditions. The address filter condition is satisfied when all the conditions set for the three addresses of the via IP address, the transmission source electronic mail address, and the transmission destination electronic mail address are satisfied. The address filter condition may be satisfied when any of the conditions set for these three addresses is satisfied.

  The via IP address setting area 422 is an area for setting a condition for the via IP address among the address filter conditions. The target address setting selection area 424 is an item for selecting setting of the via IP address, and can be selected from “none” and “designation”. When “None” is selected, the condition for the transit IP address among the address filter conditions is satisfied regardless of the transit IP address of the email received by the mail reception unit 112. When “designation” is selected, the user inputs the via IP address in the address setting area 426. The e-mail having the transit IP address input to the address setting area 426 as header information satisfies the condition regarding the transit IP address among the address filter conditions. In the address setting area 426, a plurality of via IP addresses may be input. In addition, the user may input a unique via IP address in the address setting area 426, such as “198.112.2.0”, or “198.112. *. *”, A plurality of via IP addresses may be input using a wild card.

  The sender mail address setting area 428 is an area for setting a condition for the email address of the sender client terminal 302 among the address filter conditions. The target address setting selection area 430 is an item for selecting the setting of the e-mail address of the transmission source, and can be selected from “none” and “designation”. When “None” is selected, the condition for the source email address is satisfied regardless of the source email address of the email received by the email receiver 112. When “designation” is selected, the user inputs the e-mail address of the transmission source in the address setting area 432. An e-mail having the sender's e-mail address input to the address setting area 432 as header information satisfies the condition for the sender's e-mail address among the address filter conditions. In the address setting area 432, a plurality of sender e-mail addresses may be input. In addition, the user may input a unique e-mail address of the sender, such as “yyy@zzzz.com”, in the address setting area 432, or a wild such as “*@zzzz.com”. You may enter multiple sender email addresses using a card.

  The transmission destination mail address setting area 434 is an area for setting conditions regarding the electronic mail address of the transmission destination client terminal 302 among the address filter conditions. The target address setting selection area 436 is an item for selecting the setting of the destination e-mail address, and can be selected from “none” and “designation”. If “None” is selected, the condition for the destination e-mail address is satisfied regardless of the destination e-mail address of the e-mail received by the mail receiver 112. When “designation” is selected, the user inputs the destination e-mail address in the address setting area 438. The e-mail having the destination e-mail address input to the address setting area 438 as header information satisfies the condition for the destination e-mail address among the address filter conditions. In the address setting area 438, a plurality of sender e-mail addresses may be input. Similarly to the sender mail address setting area 428, the user may input a unique e-mail address in the address setting area 438, or may input a plurality of e-mail addresses using wildcards. Good.

  The traffic filter condition setting area 440 is an area for setting a traffic filter condition among the filter conditions. In the traffic filter condition setting selection area 470, the user selects whether to set a traffic filter condition already stored in the traffic filter condition storage unit 164 as a traffic filter condition or to newly set a traffic filter condition. When calling an existing traffic filter condition, the user presses a setting call button 442 to display a screen for selecting a traffic filter condition stored in the traffic filter condition storage unit 164. When a new traffic filter condition is set, the user inputs settings for each item in the simultaneous session number setting area 444, the unit time session number setting area 448, and the unit time mail number setting area 456. When the check box of each item is checked, the setting input to each item is validated. If any of the checked setting conditions in each of these items is satisfied, the traffic filter condition is satisfied.

  The simultaneous session number setting area 444 is an item for setting a condition based on the number of sessions established when the mail receiving unit 112 receives an e-mail. The session number input area 446 accepts an input by the user of a threshold value for the number of sessions established simultaneously. In the figure, when the number of sessions established when the mail receiving unit 112 receives an e-mail exceeds 20, the traffic filter condition is satisfied.

  The unit time session number setting area 448 is an item for setting a condition based on the number of sessions established per unit time. The time input area 450 is a column for setting the length of this unit time. The session number input area 452 accepts an input by the user of the threshold value of the number of sessions established per unit time set in the time input area 450. In the figure, the traffic filter condition is satisfied when the number of sessions established in the period from the time when the mail receiving unit 112 receives the e-mail to the last 5 minutes exceeds 30.

  The unit time mail number setting area 456 is an item for setting a condition based on the number of electronic mails received by the electronic mail relay device 100 per unit time. The time input area 458 is a column for setting the length of this unit time. The session number input area 460 accepts input by the user of the threshold value for the number of e-mails received per unit time set in the time input area 458. In the figure, the traffic filter condition is satisfied when the number of e-mails received in the period from the time the e-mail receiving unit 112 receives e-mails up to 30 minutes before this time exceeds the transfer determination unit 150. .

  The process setting area 462 is an area for setting the contents of processing to be executed when both the address filter condition set in the address filter condition setting area 468 and the traffic filter condition set in the traffic filter condition setting area 440 are satisfied. It is. The processing here corresponds to the processing setting column 412 and any one of “normal transmission”, “retransmission request”, “reception refusal”, “delayed transmission”, and “discard” is selected.

  When the registration button 464 is pressed, the above settings are registered in the address filter condition storage unit 162 and the traffic filter condition storage unit 164 as filter conditions. In the case of new registration, a filter condition displayed in the filter condition display area 402 is newly added. When editing and re-registering the filter condition on the filter condition display screen 400, the display content of the filter condition selected in the filter condition display area 402 is updated. When the cancel button 466 is pressed, the filter condition registration is not performed and the screen returns to the filter condition display screen 400.

  FIG. 7 is a diagram illustrating a data structure of the address filter condition storage unit 162. The address filter condition ID column 480 indicates an address filter condition ID that is an ID for identifying an address filter condition. The via IP address column 482 indicates the via IP address. A transmission source mail address column 484 indicates an electronic mail address of the transmission source client terminal 302. The transmission destination mail address column 486 indicates the electronic mail address of the client terminal 302 that is the transmission destination. A traffic filter ID column 488 indicates a traffic filter condition ID that is an ID for identifying a traffic filter condition. The processing type column 490 indicates the processing content to be executed when the filter condition is satisfied. The process type column 490 corresponds to the process setting area 462. The traffic filter condition ID shown in the traffic filter ID column 488 will be described in detail with reference to FIG.

  In the figure, in the case of the address filter condition whose address filter condition ID is “02”, the via-IP address of the received e-mail is “192.194.0. *” And the e-mail address of the transmission source is “yyy @ xxx.com ”, the address filter condition is satisfied. At this time, when the traffic filter condition with the traffic filter condition ID “04” is satisfied, the transfer permission / inhibition determining unit 152 executes the above-described “reception refusal” process on the received electronic mail.

  FIG. 8 is a diagram illustrating a data structure of the traffic filter condition storage unit 164. The traffic filter condition ID column 500 indicates a traffic filter condition ID. This corresponds to the traffic filter ID column 488 in FIG. The number of simultaneous sessions column 502 indicates traffic filter conditions for the number of simultaneous sessions. This corresponds to the simultaneous session number setting area 444 of 420. The unit time session number column 504 indicates a threshold value of the number of sessions established per unit time. This corresponds to a unit time session number setting area 448 of 420. A time column 508 indicates the time set in the time input area 450. The session number column 510 indicates the threshold value of the session number set in the session number input area 452. The unit time mail number column 512 indicates a threshold value of the number of e-mails received per unit time. This corresponds to a unit time mail count setting area 456 420. The time column 514 indicates the time set in the time input area 458. The mail number column 516 shows a threshold value of the number of e-mails set in the session number input area 460.

  In the figure, in the case of the traffic filter condition with the traffic filter condition ID “01”, the traffic filter condition is satisfied when the number of sessions established at the time of receiving the e-mail exceeds 30. Alternatively, if the session is established 15 times or more in the period from the time of receiving the e-mail to 5 minutes before, the traffic filter condition is satisfied. Alternatively, if the mail receiving unit 112 receives 30 or more e-mails during the period from the time of receiving the e-mail to 10 minutes before, the same traffic filter condition is satisfied.

  For example, it is assumed that the transfer determination unit 150 determines that the address filter condition with the address filter condition ID “01” in FIG. 7 is satisfied when an e-mail is received. In this case, the forwarding determination unit 150 reads the traffic filter condition corresponding to the traffic filter condition ID indicated in the traffic filter ID column 488 from the traffic filter condition storage unit 164. Then, the transfer determination unit 150 further determines whether or not the corresponding traffic filter condition is satisfied. If the traffic filter condition is satisfied, the process shown in the process type column 490 is executed. According to FIG. 7, the processing when the address filter condition whose address filter condition ID is “01” and the traffic filter condition whose traffic filter condition ID is “02” is satisfied is “discard”. The transferred e-mail is discarded by the transfer enable / disable determining unit 152.

  FIG. 9 is a diagram illustrating a data structure of the unauthorized reception number storage unit 170. The unauthorized reception count storage unit 170 stores the unauthorized reception count for an email with unknown destination. The unauthorized transmission source address column 520 indicates the transmission source address of the unauthorized transmission source that has transmitted the destination unknown mail. The unauthorized reception count column 522 indicates the unauthorized reception count for each unauthorized transmission source. When transfer permission / prohibition determination unit 152 detects unauthorized reception, it adds the transmission source address extracted by transmission source address extraction unit 128 to unauthorized transmission source address column 520 as an unauthorized transmission source. If the transmission source address of the unauthorized transmission source is already registered in the unauthorized transmission source address field 520, the unauthorized reception number counting unit 142 increments the unauthorized reception number in the unauthorized reception number field 522. The threshold number determination unit 144 reads out the number of unauthorized receptions in the unauthorized reception number column 522 and makes a determination by comparing the number with the threshold number.

  FIG. 10 is a flowchart illustrating a process in which the electronic mail relay device 100 receives and processes an electronic mail from the outside. The header extraction unit 114 extracts the header of the email received by the mail reception unit 112 (S40). From this extracted header, the source address extracting unit 128 and the destination address extracting unit 138 further extract the source and destination addresses, respectively (S42). The receivable address list obtaining unit 126 obtains a receivable address list from the address database 210, and the transfer enable / disable determining unit 152 searches whether the transmission destination address is registered in the receivable address list (S44).

  If the transmission destination address is not registered in the receivable address list (Y of S46), the unauthorized reception number counting unit 142 sets the email as the unknown transmission destination email and sets the unauthorized reception number in the unauthorized reception number storage unit 170. Increment (S48). In S48, if the unauthorized transmission source is not registered in the unauthorized transmission source address field 520, the unauthorized reception frequency counting unit 142 sets the transmission source of the unknown destination mail as the unauthorized transmission source address field 520. Register new. The transfer possibility determination unit 152 discards the transmission destination unknown mail (S50). The transfer enable / disable determining unit 152 instructs the mail transmission unit 118 to notify the unauthorized transmission source as if the transmission destination unknown mail was normally transferred (S52). As a result, the unauthorized transmission source that sent the junk mail cannot determine the success or failure even if the junk mail does not actually arrive, which is effective in preventing the junk mail.

  If the transmission destination address is registered in the receivable address list in S46 (N in S46), the transfer enable / disable determining unit 152 determines whether the transmission source address is registered in the unauthorized transmission source address column 520 as an unauthorized transmission source. It is determined whether or not (S54). If the transmission source address is registered as an unauthorized transmission source (Y in S54), the process proceeds to S50. If the transmission source address is not registered as an unauthorized transmission source in S54 (N in S54), the transfer determination unit 150 further filters the received electronic mail (S56).

  FIG. 11 is a flowchart showing in more detail the filtering in S56 of FIG. First, the transfer determination unit 150 refers to the address filter condition stored in the address filter condition storage unit 162 and determines whether or not the received e-mail satisfies the address filter condition (S14). When the address filter condition is not satisfied (N in S14), the transfer destination determining unit 156 determines the e-mail server 202 to which the e-mail is to be transferred with reference to the transfer destination table (S24). The server transfer unit 116 transfers the e-mail to the e-mail server 202 which is the determined transfer destination (S26), and the process is completed.

  If it is determined in S14 that the address filter condition is satisfied (Y in S14), the transfer determination unit 150 further determines whether or not the received e-mail satisfies the traffic filter condition (S16). . If not satisfied (N in S16), the process proceeds to S24. When satisfied (Y in S16), the transfer method determination unit 154 determines whether or not the process set in the process type column 490 is normal transmission (S18). If it is normal transmission (Y in S18), the process proceeds to S24. If it is not normal transmission (N in S18), the transfer method determination unit 154 determines whether or not it is delayed transmission (S20).

  If it is determined in S20 that the transmission is delayed (Y in S20), the transfer method determination unit 154 waits to transfer the received e-mail until a preset delay time elapses (S22). . At this time, the electronic mail relay device 100 does not wait as a whole, but waits as a process assigned for each process of the received electronic mail. When the set delay time elapses after the mail receiving unit 112 receives the e-mail, the process proceeds to S24. If it is determined in S20 that the transmission is not delayed transmission (N in S20), the transfer method determination unit 154 determines whether or not to request a retransmission to the client terminal 302 that is the transmission source of the email (S28). .

  If it is determined in S28 that retransmission should be requested (Y in S28), the transfer enable / disable determining unit 152 discards the received e-mail (S29), and then sends an e-mail to the client terminal 302 that is the transmission source. Is requested to be retransmitted (S30). If it is not determined in S28 that retransmission should be requested (N in S28), the transfer method determination unit 154 determines whether or not to notify the sender of the e-mail of reception rejection (S32).

  If it is determined in S32 that the reception should be rejected (Y in S32), the transfer permission determination unit 152 discards the received e-mail (S33) and then sends the e-mail to the transmission source client terminal 302. A notification that reception is rejected is sent (S34). If it is not determined that the reception should be rejected (N in S32), the transfer enable / disable determining unit 152 discards the e-mail (S36), and notifies the transmission source client terminal 302 of the normal reception. (S38).

  Note that a transmission source authentication server for authenticating the transmission source of the electronic mail may be further added to the electronic mail relay apparatus 100 in the present embodiment. This source authentication server may be connected to a plurality of electronic mail relay devices 100. This transmission source authentication server is a server for authenticating the transmission source of the electronic mail. The client terminal 302 acquires an email from the mailbox of the email server 202 according to the POP. When the client terminal 302 acquires an e-mail from the e-mail server 202, the e-mail server 202 is requested to authenticate with a password. If the password authentication is successful, the client terminal 302 is permitted to access the mailbox of the electronic mail server 202. Since the client terminal 302 normally accesses the client terminal 302 during startup, password authentication is executed each time.

  When password authentication by this POP is executed in the e-mail server 202, the e-mail relay apparatus 100 acquires the authentication time that is the authentication time and the IP address of the client terminal 302 that has been authenticated. Then, the transmission source authentication server configured to be added to the electronic mail relay device 100 in the present embodiment acquires the authentication time and the IP address of the client terminal 302 that has received the authentication from the electronic mail relay device 100, The data is stored in the associated storage medium.

  The transmission source authentication server permits transmission of an e-mail from the client terminal 302 having the corresponding IP address until a predetermined time set in advance from the authentication time elapses. Normally, when the client terminal 302 is activated, authentication with the client terminal 302 is periodically performed, so that the authentication time is periodically updated. Therefore, there is a possibility that an e-mail transmitted from the client terminal 302 having an IP address corresponding to the authentication after a long time has passed since the authentication time is an unauthorized e-mail. This is because an e-mail is transmitted from the client terminal 302 that has not been authenticated for a long period of time, because there is a possibility that a third party impersonates the client terminal 302 and transmits the e-mail. The electronic mail relay device 100 can prevent an unauthorized electronic mail from being transmitted to the outside by discarding an electronic mail from a transmission source that is not authenticated by the transmission source authentication server.

  As described above, in the embodiment, email filtering is not performed by the email server 202, but email filtering is performed centrally by the email relay apparatus 100 in the previous stage when the email server 202 accesses the Internet 12. As a result, the maintenance burden related to filtering condition setting is reduced. In particular, when the electronic mail server group 200 includes a large number of electronic mail servers 202, the processing load of the entire electronic mail system is reduced rather than executing electronic mail filtering under the same conditions for each electronic mail server 202. Can be made. In particular, by introducing the e-mail relay device 100, it is possible to effectively eliminate a large amount of junk mail while having a simple configuration with almost no load on the e-mail server 202.

  Further, the e-mail relay apparatus 100 can control the amount of e-mail transferred to the e-mail server 202 according to the e-mail transmission source from the outside. For example, for an e-mail sent from a mobile phone network of a certain mobile phone company, a relatively large communication capacity is transferred to the e-mail server group 200, and an e-mail sent from the mobile phone network of another mobile phone company is assigned. With regard to, it is possible to set a relatively small communication capacity to be transferred to the electronic mail server group 200. This makes it easy to set communication capacity allocation control according to a contract for each mobile phone company. Further, the e-mail relay apparatus 100 can perform settings related to the control of the transfer amount according to the processing performance of the e-mail server 202 that transfers the received e-mail.

  The present invention has been described based on the embodiments. The embodiments are exemplifications, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are within the scope of the present invention. .

  As such a modification, for example, a plurality of electronic mail relay devices 100 may be connected to the electronic mail server group 200. For example, even if the first e-mail relay device 100 filters e-mail received from the outside, and the second e-mail relay device 100 further filters e-mail that has passed through the first e-mail relay device 100. Good. Alternatively, a server for checking the virus of the e-mail that has passed through the e-mail relay device 100 may be installed, and the e-mail system may be configured such that the e-mail that has passed the check of the server is transmitted to the e-mail server 202 Good.

It is a hardware block diagram of the electronic mail relay apparatus which concerns on embodiment. It is a functional block diagram of an electronic mail relay apparatus. It is a functional block diagram of the communication part of FIG. FIG. 3 is a functional block diagram of a data processing unit in FIG. 2. It is a figure which shows the filter condition display screen which displays a filter condition to a user. It is a figure which shows the filter condition setting screen for setting filter conditions. It is a figure which shows the data structure of the address filter condition storage part of FIG. It is a figure which shows the data structure of the traffic filter condition storage part of FIG. FIG. 3 is a diagram illustrating a data structure of an unauthorized reception number storage unit in FIG. 2. It is a flowchart which shows the process in which an electronic mail relay apparatus receives and processes an electronic mail from the outside. It is a flowchart which shows the filtering in S56 of FIG. 10 in further detail.

Explanation of symbols

  100 E-mail relay device, 110 communication unit, 112 mail reception unit, 114 header extraction unit, 116 server transfer unit, 118 mail transmission unit, 120 communication load detection unit, 122 session number detection unit, 124 mail number detection unit, 130 user Interface processing unit, 132 Condition setting unit, 140 Data processing unit, 142 Unauthorized reception count unit, 144 Threshold count determination unit, 150 Transfer determination unit, 152 Transfer enable / disable determination unit, 154 Transfer method determination unit, 156 Transfer destination determination unit, 160 data storage unit, 162 address filter condition storage unit, 164 traffic filter condition storage unit, 166 transfer destination table storage unit, 202 e-mail server, 302 client terminal.

Claims (7)

A relay device that forwards an email received via a network to an email server,
A mail receiver for receiving e-mail;
A destination address extracting unit for extracting a destination address of the received e-mail;
An address list acquisition unit for acquiring a list of addresses set so as to be able to receive e-mails from an external database;
A transmission destination determination unit that determines whether or not the extracted transmission destination address exists in the acquired list;
A transfer determination unit that determines whether to transfer the received e-mail to the e-mail server based on the determination result;
An e-mail transfer unit that transfers the e-mail determined to be transferred to the e-mail server;
An electronic mail relay device comprising: A source address extracting unit for extracting a source address of the received e-mail;
A mail counter that counts the number of emails received for a destination address that does not exist in the acquired list for each of the extracted source addresses;
A threshold determination unit that determines whether the counted number of receptions exceeds a predetermined threshold for any of the extracted source addresses,
The transfer determination unit determines that an e-mail transmitted from a transmission source address determined that the counted number of receptions has exceeded a predetermined threshold is not transferred to the e-mail server. The electronic mail relay device described in 1.   The transfer determination unit determines to transfer an e-mail transmitted from a transmission source address determined that the counted number of receptions has exceeded a predetermined threshold to the e-mail server after a preset delay time has elapsed. The electronic mail relay device according to claim 2, wherein A relay device that forwards an email received via a network to an email server,
A mail receiver for receiving e-mail;
A source address extracting unit for extracting a source address of the received e-mail;
An address list acquisition unit for acquiring a list of addresses set in advance as a source address to be rejected from an external database;
A transmission source determination unit that determines whether or not the extracted transmission source address exists in the acquired list;
A transfer determination unit that determines whether to transfer the received e-mail to the e-mail server based on the determination result;
An e-mail transfer unit that transfers the e-mail determined to be transferred to the e-mail server;
An electronic mail relay device comprising:   The forwarding determination unit discards the email when the received email is not forwarded to the email server, and notifies the sender of the email that the forwarding has been successful. 5. The electronic mail relay device according to claim 1, wherein A computer program for executing processing for transferring an e-mail received via a network to an e-mail server,
The ability to receive emails;
A function of extracting a destination address of the received e-mail;
A function of acquiring a list of addresses set to be able to receive e-mails from an external database in the e-mail server;
A function of determining whether the extracted destination address exists in the acquired list;
A function for determining whether to transfer the received e-mail to the e-mail server based on the result of the determination;
A function of transferring the email determined to be transferred to the email server;
An e-mail relay program characterized by causing a computer to demonstrate A computer program for executing processing for transferring an e-mail received via a network to an e-mail server,
The ability to receive emails;
A function of extracting a source address of the received e-mail;
A function of acquiring a list of addresses set in advance as a source address to be rejected from an external database;
A function of determining whether the extracted source address exists in the acquired list;
A function for determining whether to transfer the received e-mail to the e-mail server based on the result of the determination;
A function of transferring the email determined to be transferred to the email server;
An e-mail relay program characterized by causing a computer to demonstrate

Images