Spam
Spam and other useful email has been filling the spam boxes of everyone for a long, long time. This is because, even though maybe only .1% of people reply to spam, it is very cheap to send a million messages. So, if I send out a million emails advertising product Foo and .1% of people reply buying Foo, I have sold a thousand products. At my hosting company, 1GB of traffic is less than $.11 (amount of monthly traffic allocated, overage is about $2/GB). If we also consider most spam to be around 25KB in size (an average taken from my spam folder plus some size for protocol overhead between servers), I can well send out a million emails for less than $.11. There are other things to take into account, but for the most part, it is really cheap to send spam compared to all other forms of advertising.
This presents some problems, because most of us do not want to spend time in a day reading about Mystery Product Foo or genital enhancements or special little pills... There are many tricks to stopping this scourge, I like these:
Greylisting: This is a trick using some loopholes in the mail transfer protocol. Since most spammers these days use compromised PC's to do their dirty work, they also write slimmed down versions of mail servers to run on their victims. Full mail servers know that the servers they may try to contact could be very busy. So, if the mail server gets a response while attempting to send a message of "Hey, I'm really busy right now, try again a little later," most real mail servers will take a hike and try again a little later. Most spam servers will just give up and move onto down the list of email addresses. If a server performs correctly, a greylisting agent on your mail server assumes it's a real server and lets the mail through.
To implement this "feature", Debian has a package called postgrey. It is a perl daemon that runs in the background and keeps track of servers as they attempt to send mail to you. Here's how I implemented it:
- apt-get install postgrey
- added "check_policy_service inet:127.0.0.1:60000" to my postfix's main.cf under smtpd_recipient_restrictions
- added known good hosts to /etc/postgrey/whitelist_clients
- /etc/init.d/postgrey restart
- /etc/init.d/postfix restart
Some potential things to watch out for.. Using this method, postfix will reject mail if postgrey isn't running. That could be very bad.. So, you might want to use a cron job or something to check for this condition! Also, for a little while, you might want to watch /var/log/mail.info to see when mail gets accepted and rejected just to make sure things work correcly.
Now, another method I use.. This is almost a little hairbrained. I also use the spamhaus blacklist. The idea behind this is that if a bunch of spam gets reported from a number of users, then we can consider that server as one that only sends out spam messages and we should ignore it. Now, in the past, blacklisting services have been overzealous in their perceived god-given "right" to declare a server on their list. At one time, even my server got on a blacklist when I had a shared hosting account. The blacklister had my hosting provider's server's IP address, and it took my domain with it. That made me a little.... Angry. Since my school was using that list to filter emails. Very hard to turn in assignments or ask questions when your mail gets rejected without notice. I've looked at spamhaus, and they don't seem very overzealous in their listing of machines. Plus, they offer their service for free to small sites. Here's how I added this filter to Postfix:
- added "reject_rbl_client sbl-xbl.spamhaus.org" to smtpd_recipient_restrictions in my postfix's main.cf file
- /etc/init.d/postfix reload
I added the spamhaus stuff before the greylisting rule, since postgrey is perl (which is usually pretty slow) and sending all these "come again later" responses uses up resources and bandwidth. The order makes sense, though, again, you have to be really careful and probably check the mail logs to ensure important mail isn't getting caught and rejected.
