Welcome to It-Slav.Net blog
Peter Andersson
peter@it-slav.net

I've already got a female to worry about. Her name is the Enterprise.
-- Kirk, "The Corbomite Maneuver", stardate 1514.0
02
Nov

Spamfighting

Posted by peter

I do not like spam.

This a problem that grows and there are many technologies how to fight it.

As I’m the sysadmin of my mailserver it makes it possible to use many approaches. The best way is to find out if it is a spam before it is accepted at the SMTP server. I’m using a Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Greylisting, Amavisd-new, SpamAssassin, Razor and DCC and it is very effective.

  • The first filter is to check if the receiver of the mail is valid. It might seem like a obvious first filter but in many cases the host that receives mails from internet only forward the mail to an inner mail server and suddenly invalid mails with probably incorrect from address is the receiving organizations problem. With this approach a valid mail but misspelled to address will bounce back to the sender. If it is a spam mail it will be the sending hosts problem how to handle. I graph this and it can be found here. A qualified guess is that more or less all of them are spams.
  • The second step is a little bit more complex, the mail is scanned before it is accepted. So if my spam scanner finds that the mail is a spam it will tell the sending mailserver that it-slav.net thinks that this mail is a spam and that it is not accepted. If nothing suspicious is found the mailserver accept the mail and it will be sent to my mailserver. The number of mails that are scanned and a spam is found is graphed and it can be found here.
  • A third technology I have used is greylistening, it is very effective but the technologies described above is good enough for me so I’m not using it now. It puts a little more burden on the sending host and the first time a host sends a mail to a new host it will take some extra time.
  • A promising technlogy is SPF, the idea is to guarantee that the sending mail comes from the place were it claims to come from, a good description can be found at wikipedia. Spamassassin use SPF. If you want to avoid that your domain can be used as the sender of a spam, add some extra lines to your DNS record.
  • To annoy spamsenders a good idea could be to start a tarpit. Send all spammsenders to your tarpitt and enjoy when they use their resources for nothing. It is included in OpenBSD in compination with greylistening.

Graphs

Update 2019-05-16
Got an email with a link to What SPF Resources Are Available Now That OpenSPF.org Is Gone?, I recommend reading it.


Leave a Reply

Filled Under: Geek stuff, graph, OpenBSD, spam, sysadmin




Book reviews
FreePBX 2.5
Powerful Telephony Solutions





Asterisk 1.6
Build a feature rich telephony system with Asterisk





Learning NAGIOS 3.0





Cacti 0.8 Network Monitoring,
Monitor your network with ease!