Search

CN-122027206-A - Integrated security disposal method and device, storage medium and electronic equipment

CN122027206ACN 122027206 ACN122027206 ACN 122027206ACN-122027206-A

Abstract

The disclosure provides an integrated security disposal method and device, a storage medium and electronic equipment, and relates to the technical field of network security. The method comprises the steps of deploying a transmission agent plug-in on a mail server, triggering an event response program in the transmission agent plug-in to suspend a current internal mail in response to receiving complete mail data when the mail server processes the internal mail, acquiring a complete mail data stream of the current internal mail to the internal mail through the event response program, packaging the complete mail data stream into a mail file, sending the mail file to a mail security gateway for security detection, receiving a result of the mail security gateway for security detection of the mail file, and disposing the suspended current internal mail to the internal mail according to the result. The mails are intercepted and detected before being stored and delivered, so that the real-time and active protection of the mails from the inside to the inside is realized, and the safety blind area is effectively filled.

Inventors

  • FENG SEN
  • GUO XINGXING
  • RUI CHEN
  • Lv Rongnan
  • ZHU ZHONGQI
  • Hao sai
  • CHEN LONG
  • LI YAN
  • WANG YING
  • ZHANG KAIYUE
  • XUE GANG
  • MENG XIANGZHEN
  • XUE KE
  • LIANG JIANRUI
  • LI PEILUN
  • YANG RUI

Assignees

  • 中国交通信息科技集团有限公司

Dates

Publication Date
20260512
Application Date
20251230

Claims (10)

  1. 1. An integrated safety disposal method, comprising: Deploying a transmission agent plug-in on a mail server; When the mail server processes the internal mail to the internal mail, the mail server responds to the received complete mail data and triggers an event response program in the transmission proxy plugin to suspend the current internal mail to the internal mail; Acquiring the complete mail data stream from the current internal mail to the internal mail through the event response program, and packaging the complete mail data stream into a mail file; sending the mail file to a mail security gateway for security detection; receiving a result of carrying out security detection on the mail file by the mail security gateway; And according to the result, handling the suspended current internal-to-internal mail.
  2. 2. The integrated security handling method of claim 1, wherein the transport agent plug-in is built based on a receive phase transport agent extension mechanism and registered as an executable component in a mail processing pipeline by configuration.
  3. 3. The integrated security handling method of claim 1, wherein the mail server, upon processing an internal-to-internal mail, in response to receiving complete mail data, triggers an event response program in the transport agent plug-in to suspend a current internal-to-internal mail, comprising: When the mail server processes the mail from the inside to the inside passing through the SMTP receiving end, the mail server reaches a mail data receiving completion event and receives complete mail data, wherein the complete mail data is stored in a memory and is not subjected to persistent storage or route delivery; And in response to receiving the complete mail data, triggering an event response program in the transmission agent plug-in, and suspending the internal-to-internal mail currently receiving the complete mail data.
  4. 4. The integrated security handling method of claim 1, wherein sending the mail file to a mail security gateway for security detection comprises: the mail file is sent to a mail security gateway through a communication channel for security detection; receiving a result of the mail security gateway performing security detection on the mail file, including: and receiving the result of the mail security gateway for carrying out security detection on the mail file through a communication channel.
  5. 5. The integrated security handling method of claim 1, wherein the mail security gateway performs security detection including one or more of anti-spam detection, anti-phishing detection, anti-virus detection, content filtering.
  6. 6. The integrated safety handling method according to claim 1, wherein the results include pass, reject; And according to the result, handling the suspended current internal-to-internal mail, including: If the result is that the mail is released, the transmission agent plug-in unit puts the suspended current internal mail into a mail processing and delivering process; If the result is refusal, the transmission agent plug-in will terminate the suspended current internal to internal mail, refusal to deliver the current internal to internal mail and feed back refusal reason to sender.
  7. 7. An integrated safety disposal device, comprising: The plug-in deployment module is used for deploying the transmission agent plug-in on the mail server; The event response program triggering module is used for triggering an event response program in the transmission proxy plug-in to suspend the current internal mail to the internal mail in response to receiving complete mail data when the mail server processes the internal mail to the internal mail; the mail encapsulation module is used for acquiring the complete mail data stream from the current internal mail to the internal mail through the event response program and encapsulating the complete mail data stream into a mail file; The security detection module is used for sending the mail file to a mail security gateway for security detection; the result feedback module is used for receiving the result of the mail security gateway for carrying out security detection on the mail file; and the handling module is used for handling the suspended current internal mail to the internal mail according to the result.
  8. 8. An electronic device, comprising: Processor, and A memory for storing executable instructions of the processor; Wherein the processor is configured to perform the integrated safety handling method of any one of claims 1-6 via execution of the executable instructions.
  9. 9. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the integrated safety handling method of any of claims 1 to 6.
  10. 10. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the integrated safety handling method of any of claims 1-6.

Description

Integrated security disposal method and device, storage medium and electronic equipment Technical Field The disclosure relates to the technical field of network security, and in particular relates to an integrated security disposal method and device, a storage medium and electronic equipment. Background In widely used mail servers, different types of mail streams are typically handled as follows: External to internal mail, internet mail- > mail security gateway- > mail server- > internal user mailbox. Internal to external mail, internal user mailbox- > mail server- > mail security gateway- > internet. Internal to internal mail internal user mailbox- > mail server- > internal user mailbox. Based on the above-described network architecture, Mail security gateways are typically deployed at the periphery of mail servers for detecting inbound mail from the internet and outbound mail to the internet. However, mail transmission between mailboxes inside the mail server does not pass through the mail security gateway because its communication path does not pass through the external network, which creates a security dead zone. When mailbox accounts of internal staff are broken (subsided) or stolen by hackers, an attacker can use the internal mailbox accounts to send junk mails, phishing mails or mails carrying malicious software in a large quantity in an enterprise, so that the junk mails, the phishing mails or the mails carrying malicious software cannot be timely discovered and blocked by the existing mail security gateway, and serious data security and operation risks are brought to the enterprise. It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art. Disclosure of Invention The present disclosure provides an integrated security handling method and apparatus, a storage medium, and an electronic device, which overcome, at least to some extent, the problem of no security detection due to internal-to-internal mail of the related art. Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure. According to one aspect of the present disclosure, there is provided an integrated safety handling method comprising: Deploying a transmission agent plug-in on a mail server; When the mail server processes the internal mail to the internal mail, the mail server responds to the received complete mail data and triggers an event response program in the transmission proxy plugin to suspend the current internal mail to the internal mail; Acquiring the complete mail data stream from the current internal mail to the internal mail through the event response program, and packaging the complete mail data stream into a mail file; sending the mail file to a mail security gateway for security detection; receiving a result of carrying out security detection on the mail file by the mail security gateway; And according to the result, handling the suspended current internal-to-internal mail. In some embodiments, the transport agent plug-in is built based on a receive phase transport agent extension mechanism and registered as an executable component in the mail processing pipeline by configuration. In some embodiments, when processing an internal-to-internal mail, the mail server, in response to receiving complete mail data, triggers an event response program in the transport agent plug-in to suspend the current internal-to-internal mail, comprising: When the mail server processes the mail from the inside to the inside passing through the SMTP receiving end, the mail server reaches a mail data receiving completion event and receives complete mail data, wherein the complete mail data is stored in a memory and is not subjected to persistent storage or route delivery; And in response to receiving the complete mail data, triggering an event response program in the transmission agent plug-in, and suspending the internal-to-internal mail currently receiving the complete mail data. In some embodiments, sending the mail file to a mail security gateway for security detection includes: the mail file is sent to a mail security gateway through a communication channel for security detection; receiving a result of the mail security gateway performing security detection on the mail file, including: and receiving the result of the mail security gateway for carrying out security detection on the mail file through a communication channel. In some embodiments, the mail security gateway performs security detection including one or more of anti-spam detection, anti-phishing detection, anti-virus detection, content filtering. In some embodiments, the results include release, rejection; And according to the result, handling the suspended