Preventing Spams and Relays

The smtpd package is a useful mail daemon for stopping spam, thereby saving money and resources.
Configuring smtpd

The mail proxy reads its configuration from a file (smtpd_check_rules) in the /etc directory, in our example, /home/smtpd/etc/smtpd_check_rules. Each line in the file beginning with a # is a comment. Blank lines are allowed. Rules have the following format (one line):

[allow|deny|noto]:SourceList:FromList:ToList[:XXX message]

where XXX is the error message number. The first rule that matches will be taken and the check ended, so placement of rules should be done carefully.

The first field states the action to either allow an SMTP connection, deny the SMTP connection and close the session or noto which will return an error for the matching rule but will still continue for the session.

The second field is a list of IP addresses and/or host names to match the source SMTP connection. IP addresses may be specified with a netmask to include a whole network. The format of this is XX.XX.XX.XX/bits where bits is the netmask bits for the network. For instance, a network 192.168.0.0 with netmask 255.255.255.0 would be written as 192.168.0.0/24. A few special reserved identifiers that can be used are:

  • ALL: any IP address and host name

  • KNOWN: only IP and host names which are DNS resolvable

  • UNKNOWN: IP and host names which are not DNS resolvable

  • EXCEPT: exceptions

  • *: wild-card character

The third and fourth fields are used to match e-mail addresses and have the format user@host. The special word ALL can also be used in these fields.

The fifth field is optional and is used to return error messages from deny and noto to the SMTP client. The following special variables can be used to return information in the error messages:

  • %F: mail from address

  • %T: recipient address

  • %H: connecting host name

  • %I: connecting IP address

  • %U: user from the host

All three fields (SourceList, FromList and ToList) must be matched in order for action to be taken.

Listing 1 is an example of a set of rules that assumes the internal network is 10.0.0.0 and a mail hub is at 10.0.0.9. Note that noto_delay will pause for a certain amount of seconds before action is taken. This option was introduced to delay relayers and spammers and the parameters that control this timeout are set in the Makefile:

NOTO_DELAY = 60
DENY_DELAY = 60

A few other configurations can be done that I have not shown here, namely the NS= pattern-check and the use of the IDENT protocol for identifying users. Users who need a more detailed setup of this file should read the file smtpd_address_check.txt in the source directory. Examples for filtering spams and relays can be downloaded from Obtuse's FTP site.

Running smtpd

After creating the configuration file, the running mail daemon must be stopped and replaced with smtpd/smtpfwdd. For Sendmail, this can be done by typing:

> ps ax | grep sendmail
24569 ? S 0:00 sendmail: accepting connections on port 25
> kill 24569

This will effectively shutdown the mail daemon. Now, check for queued mail that the daemon has not yet sent out by issuing the command:

/usr/lib/sendmail -bp
If the mail queue is not empty, flush the queue by typing:
/usr/lib/sendmail -q
If mail is still in the queue after awhile, this command can be resent at a later time so the installation of smtpd/smtpfwdd can continue. No new mail will be accepted while the mail daemon is down.

Start the smtpd daemon by issuing the command:

/usr/local/sbin/smtpd -c /home/smtpd -d /spool\
-u daemon -g daemon -D
-L

The smtpd daemon will start accepting mail and spool it to the /home/smtpd/spool directory. The parameters on the command line are defined as follows:

  • -c /home/smtpd: the smtpd home directory

  • -d /spool: the directory where spooled mail should be stored

  • -u daemon -g daemon: user/group smtpd

  • -D: instruction to run as daemon and listen on the SMTP port

  • -L: instruction to suppress children in daemon mode from making an openlog call

Once smtpd is running, check the directory—it will be full of files with the prefix smtp. These files are the spooled mail messages and need to be processed by the MTA. This is the job of smtpfwdd. We run smtpfwdd by typing:
/usr/local/sbin/smtpfwdd -d /home/smtpd/spool -u\
daemon -g daemon
Once it begins running, smtpfwdd will check the spool directory /home/smtpd/spool and starts processing the spooled mail by running the MTA, in this case Sendmail.

A good idea is to run the MTA in such a way that it periodically processes its mail queue and sends out any mail present. Note that we actually have two spool directories here: one used by smtpd and the other by sendmail (usually in /var/spool/mqueue). To run sendmail in non-daemon mode in order to process the queue every 15 minutes, type:

/usr/lib/sendmail -q15m

Once everything is running fine, edit your startup files to run smtpd/smtpfwdd by default instead of sendmail.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState