Blocking mail pests with open source

Speaking at the Digital Pest Symposium in Melbourne this week, Sing outlined the array of Open Source tools used by Ionix to clean incoming mail for itself and its clients.

No message should simply disappear, he said. It should be rejected at the SMTP level (eg because it does not appear to be coming from a bona fide mail server), bounced, quarantined, or delivered.

The first category is handled by rblsmtpd, which uses a realtime blackhole list (or RBL, hence the name) to ignore spammy mail servers. Several lists are available, but according to Sing the Spamhaus list seems fair, embodies lots of research, and automatically expires entries if no further complaints are received. Blacklists have a "huge potential to wreak havoc on e-mail delivery," he said, so it is important to choose carefully.

Accepted e-mails are handled by qmail and examined by qmail-scanner. In Ionix' installation, this performs virus and spam detection using ClamAV and SpamAssassin, and also blocks certain attachments according to their file extension or if the extension is not consistent with the MIME type. Viruses are automatically quarantined, and other messages are marked with appropriate headers to indicate spamminess and queued for delivery.

This layered approach is reinforced by a greylist: connection attempts from previously unknown mail servers are blocked with a soft error. If the server retries correctly, it will be added to a whitelist after 30 minutes. Sing explained that this approach checks that the server concerned is reasonably compliant with RFC2821, and recognises that spammers typically give up immediately or retry for a short period. The greylist also acts as a 'tarpit' -- connections are throttled to one byte per second, which won't bother a server that backs off correctly after a soft error, but does inconvenience spammers who retry repeatedly for a short period.

Anecdotal evidence from users suggests this approach has reduced spam by a factor of 100. -Net result: a lot of happy customers," said Sing.

• Related stories

• Alerts

Add your opinion

This is hardly news. This tech ...Anonymous -- 10/02/05

This is hardly news. This technology has been around for a very long time. This article sounds more like an "advertorial" to me. But in this space, it is not well placed. Maybe try the local paper or a space which is not frequented by geeks and sysadmins, who'll say..."Yeah, and..?"

• Reply to comment
• Reply to story
• Report offensive content

I've had great results with th ...Anonymous -- 10/02/05

I've had great results with the combination of postfix (MTA), amavisd-new (filtering engine), clamav (virus scanner) and Spam********in (anti-spam).

Postfix supports the direct use of RBLs, so I reject on some trustworth RBLs. I let Spam********in use the less trusted RBLs to weight the spam score of the message. Spam is tagged, then delivered into a separate per-user Junk mailbox by the Cyrus delivery filters (many use procmail for the same thing). Viruses are quarantined. Non-virus forbidden files like .exe are quarantined and a notice sent to the recipient.

It all works very nicely.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials