 |
Server Help
Community forums for Subgame, ASSS, and bots
|
| Author |
Message |
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
 Posted: Tue Aug 29, 2006 4:22 am Post maybe stupid Post subject: Own a *nix server? Here's some help on fighting mail spam. |
 |
 |
|
|
Source.
| Quote: |
building a better spam trap
I've spent a lot of time over the past couple of months trying out some new (and some not so new) anti-spam techniques. Note that this article assumes some familiarity with sendmail m4 macros; see $CFDIR/README for background and all sorts of details on these, where $CFDIR is one of:
- /etc/mail/cf on Solaris 10
- /usr/lib/mail on Solaris 7, 8 or 9
- the cf sub-directory of the sendmail distribution for people "rolling their own"
These techniques are in the form of FEATURE and HACK m4 macros (the difference being that the former are provided and blessed by sendmail.org / Solaris whereas the latter are not, though a HACK may evolve into a FEATURE in a future release). For a HACK, one would use
HACK(`hack-name')dnl
in one's .mc file, likewise
FEATURE(`feature-name')dnl
When installing hacks, one must create $CFDIR/hack (if it does not already exist) and place hack-name.m4 in that directory. Note that the sendmail distribution comes with such a sub-directory but Solaris does not.
Also, to explain some terms used below: the access list is enabled by the FEATURE(`access_db') macro; details on this are in $CFDIR/README, both in its sub-section in the FEATURES section, and in the ANTI-SPAM CONFIGURATION CONTROL section. And FEATURE(`delay_checks') is strongly recommended, as it is needed to enable the overrule by an OK entry in the access list that I mention in a few places; this feature is also described in its subsection in the FEATURES section, as well as in the "Delay all checks" sub-section of the ANTI-SPAM CONFIGURATION CONTROL section.
Anyway, onto the details. In the order I started deploying them:
The first is HACK(`block _bad_helo'), written by Neil Rickert, a professor in the Computer Science Department at Northern Illinois University and a volunteer sendmail.org contributor. SMTP clients are supposed to send the client FQHN (fully qualified host name) as the HELO/EHLO parameter, but many broken clients send the server FQHN (or IP address) instead, or something without a ".". This rejects any such transmissions. The upside is that I have found it to block a good amount of spam, with no false positives for me. A couple of users of my personal domain have had some small number of false positives with it, though. And the down side is that it cannot be overruled by an OK entry in the access list. Bart has had a lot of troubles with this rule; apparently old versions of Netscape and early version of Mac's Mail.App got this wrong.
The second is a regular feature: DNS-based black-lists. I use (note: line wrapped for readability)
FEATURE(`enhdnsbl', `bl.spamcop.net',
`"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}',
`t')dnl
while Bart uses
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org')dnl
Both have proven extremely effective with very few false positives, and this feature, using whichever list, has the added virtue of allowing an OK override in the access list.
The last is HACK(`require_rdns'), also written by Neil Rickert. I enhanced Neil's original version so that it would allow an OK override in the access list. This enhanced version has been unbelievably effective, in sheer numbers, while also so far amazingly accurate (I estimated a false positive rate of 0.5% after a few weeks, but I think that may have gone even lower since I white-listed a few sites). As the name suggests, it requires that the SMTP client's IP address reverse map to some name, and also that the name forward map to the same address. (An IP address can have multiple A records; this merely requires that the original IP address is one of them.) This is the single most effective anti-spam rule I have ever deployed.
|
|
|
| Back to top |
|
 |
Maverick
Age:41
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
| Posted: Tue Aug 29, 2006 8:05 am Post maybe stupid Post subject: |
|
|
|
|
Too bad I have qmail on my server and absolutely no familiarity with sendmail m4 macros .
However, I am already using DNS-based black-lists like spamcop.net .
I deactivated reverse DNS lookup of qmail since it rendered a long pause when sending an email in Outlook Express with POP3/IMAP but I'm thinking of re-enabling it now because of that last tip.
_________________
|
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:42
Gender:
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline
|
| Posted: Tue Aug 29, 2006 2:55 pm Post maybe stupid Post subject: |
|
|
|
|
Want something better? SpamAssassin will catch tons of crap, and not be limited to a couple of blacklists, some of which are horrible. So you set their point values low, and be done with it.
And setup SPF for every domain name you own. |
|
| Back to top |
|
|
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
| Posted: Tue Aug 29, 2006 2:56 pm Post maybe stupid Post subject: |
|
|
|
|
| I can use zonealarm's mail treatment functions just the same. |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Software by php BB © php BB Group
Server Load: 37 page(s) served in previous 5 minutes. |
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
Encrypt a folder? 
