Fighting Spam
Unsolicited commercial e-mail (UCE or spam) can be annoying, time consuming to delete, and in some cases dangerous when they contain viruses and worms. Fortunately, you can use your mail server to combat spam.
Using Public Spam Blacklists with sendmail
There are many publicly available lists of known open mail relay servers and spam generating mail servers on the Internet. Some are maintained by volunteers, others are managed by public companies, but in all cases they rely heavily on complaints from spam victims. Some spam blacklists simply try to determine whether the e-mail is coming from a legitimate IP address.
The IP addresses of offenders usually remain on the list for six months to two years. In some cases, to provide additional pressure on the spammers, the blacklists include not only the offending IP address but also the entire subnet or network block to which it belongs. This prevents the spammers from easily switching their servers' IP addresses to the next available ones on their networks. Also, if the spammer uses a public data center, it is possible that their activities could also cause the IP addresses of legitimate e-mailers to be black listed too. It is hoped that these legitimate users will pressure the data center's management to evict the spamming customer.
You can configure sendmail to use its dnsbl feature to both query these lists and reject the mail if a match is found. Here are some sample entries you can add to your /etc/sendmail.mc file; they should all be on one line:
RFC-Ignorant: A valid IP address checker.
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from "
$&{client_addr} " refused. Rejected for bad WHOIS info on IP
of your SMTP server - see http://www.rfc-ignorant.org/"')
Easynet: An open proxy list.
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1
ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl
DNSBL (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
The Open Relay Database: An open mail relay list.
FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due
to sending server misconfiguration - see
http://www.ordb.org/faq/\#why_rejected"')dnl
Spamcop: A spammer blacklist.
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from "
$`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
Spamhaus: A spammer blacklist.
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see
http://spamhaus.org/')dnl
Be sure to visit the URLs listed to learn more about the individual services.
spamassassin
Once sendmail receives an e-mail message, it hands the message over to procmail, which is the application that actually places the e-mail in user mailboxes on the mail server. You can make procmail temporarily hand over control to another program, such as a spam filter. The most commonly used filter is spamassassin.
spamassassin doesn't delete spam, it merely adds the word "spam" to the beginning of the subject line of suspected spam e-mails. You can then configure the e-mail filter rules in Outlook Express or any other mail client to either delete the suspect message or store it in a special Spam folder.
Downloading and Installing spamassassin
Most Red Hat and Fedora Linux software products are available in the RPM format. When searching for the RPMs, remember that the filename usually starts with the software package name and is followed by a version number, as in spamassassin-2.60-2.i386.rpm. (For help downloading, see Chapter 6.)
Starting spamassassin
You can use the chkconfig command to get spamassassin configured to start at boot:
[root@bigboy tmp]# chkconfig --level 35 spamassassin on
To start, stop, and restart spamassassin after booting:
[root@bigboy tmp]# service spamassassin start
[root@bigboy tmp]# service spamassassin stop
[root@bigboy tmp]# service spamassassin restart
Configuring procmail for spamassassin
The /etc/procmailrc file is used by procmail to determine the procmail helper programs that should be used to filter mail. This file isn't created by default.
spamassassin has a template you can use called /etc/mail/spamassassin/spamassassin-spamc.rc. Copy the template to the /etc directory:
[root@bigboy tmp]# cp /etc/mail/spamassassin/spamassassin-spamc.rc
/etc/procmailrc
This file forces all mail arriving for your mail server's users through Spamassasin.
Configuring spamassassin
The spamassassin configuration file is named /etc/mail/spamassassin/local.cf. You can customize this fully commented sample configuration file to meet your needs:
###################################################################
# See 'perldoc Mail::SpamAssassin::Conf' for
# details of what can be adjusted.
###################################################################
#
# These values can be overridden by editing
# ~/.spamassassin/user_prefs.cf (see spamassassin(1) for details)
#
# How many hits before a message is considered spam. The lower the
# number the more sensitive it is.
required_hits 5.0
# Whether to change the subject of suspected spam (1=Yes, 0=No)
rewrite_subject 1
# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM*****
# Encapsulate spam in an attachment (1=Yes, 0=No)
report_safe 1
# Use terse version of the spam report (1=Yes, 0=No)
use_terse_report 0
# Enable the Bayes system (1=Yes, 0=No)
use_bayes 1
# Enable Bayes auto-learning (1=Yes, 0=No)
auto_learn 1
# Enable or disable network checks (1=Yes, 0=No)
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - english
ok_languages en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en
Be sure to restart spamassassin for your changes to take effect.
Startup spamassassin
The final steps are to configure spamassassin to start on booting and then to start it.
[root@bigboy tmp]# chkconfig spamassassin on
[root@bigboy tmp]# service spamassassin start
Starting spamd: [ OK ]
[root@bigboy tmp]#
A Simple PERL Script to Help Stop Spam
Blacklists won't stop everything, but you can limit the amount of unsolicited spam you receive by writing a small script to intercept your mail before it is written to your mailbox.
This is fairly simple to do, because sendmail always checks the .forward file in your home directory for the name of this script. The sendmail program then looks for the filename in the directory /etc/smrsh and executes it.
By default, PERL doesn't come with modules that are able to check e-mail headers and envelopes so you have to download them from CPAN (www.cpan.org). The most important modules are:
MailTools IO-Stringy MIME-tools Mail-Audit
I have written a script called mail-filter.pl that effectively filters out spam e-mail for my home system. A few steps are required to make the script work:
1. | Install PERL and the PERL modules you downloaded from CPAN.
| 2. | Place an executable version of the script in your home directory and modify the script's $FILEPATH variable point to your home directory.
| 3. | Update file mail-filter.accept, which specifies the subjects and e-mail addresses to accept, and file mail-filter.reject, which specifies those to reject.
| 4. | Update your .forward file and place an entry in /etc/smrsh.
|
Mail-filter first rejects all e-mail based on the reject file and then accepts all mail found in the accept file. It then denies everything else.
For a simple script with instructions on how to install the PERL modules, see Appendix II, "Codes, Scripts, and Configurations."
| 