Back to article
Admin Digest: Stopping Spam with Linux
March 24, 2003
If you have used email at all you have seen spam: unsolicited and unwanted email. The way that email works means that it is very easy to send out bulk mailings at a very low cost. The cost is low because largely it is the receiver of the email that pays. If you read email on a dialup modem line or pay for your Internet connection, then in a real sense you are paying for the spam you get.
Often it is difficult for ISPs to block spam to everyone. This is because the ISPs do not know which email items you want to receive and which ones you do not. The ISP cannot predict in advance what email you have an expectation of getting and from where. It would also be inappropriate for ISPs to screen the content of the messages. There would also be privacy issues. However, there are certain approaches that can be taken at the email server side. If you have recently installed Linux and are thinking of running your own email server, then you should carefully consider the problem of spam.
Focus on sendmail
Sendmail is the most widely used MTA (Mail Transport Agent) on the Internet. It's an old, large, complex and not particularly efficient program. In particular it has a bad reputation for being difficult to configure. Whatever email server program you choose to use, though, blocking spam is still an important issue. The concepts outlined below are applicable to any type of server program. If you already run sendmail, I would recommend upgrading to the latest version. That way you can take advantage of any security patches or new features.
The most basic thing you should do is prevent your machine from being used as a place from which to send spam. Fortunately, as of sendmail version 8.9, forwarding is turned off, by default. That's a big help, but does require some configuration to allow forwarding. You sure don't want other people using your email server to do their dirty work. Take a look at www.sendmail.org for information on how to set up sendmail to forward messages.
The next level of sophistication is to keep a list of addresses and sites to block. For instance if you notice that a lot of junk email is coming in from 'cyberpromo.com' you will want to block that site. The way to do this is with the 'check_mail' rules set. This method will prevent delivery from the sites you list. However, it may be difficult to keep track of where the spam is coming from and time-consuming to maintain a current list of sites that allow spam. Paul Vixie maintains a MAPS Realtime Black-hole List which is accessible via the DNS Server (non-technical explanation: it works from anywhere on the Internet quickly and with minimal fuss) and to use this you only need add a couple of lines to your 'check_mail' rules set.
Vipul's Razor does a similar job. It uses an extensive set of rules to figure out what is spam and what isn't. It goes a step further, than the 'check_mail' approach and updates a network database that tracks spam signatures. As users identify new spam messages, the server databases are updated. Subsequent users have the benefit of an updated database of spam messages, that then can be filtered locally on their machines.
spamassassin.org takes a look at mail headers and text content to see if it matches a particular spam signature. It then can tag the mail message in question for filtering by the user's email reader program. Spamassassin is a great compliment to Vipul's Razor.