Home

Preventing Spams and Relays

Issue 56

From Issue #56
December 1998

Dec 01, 1998  By John Wong
 in
The smtpd package is a useful mail daemon for stopping spam, thereby saving money and resources.

The Internet has been around since the 1970s with people using it mainly for electronic mail (e-mail). This is still true even today as we see increasing numbers of multimedia-based applications on the Internet. People still use e-mail more than web browsers and file transfer programs. The reason is simple—it is a low-cost yet effective method for communicating with others all over the world. More and more people are getting onto the Internet, and the first thing they do is get an e-mail address.

Realizing this, certain individuals and even organizations have taken the opportunity to send unsolicited e-mail to Internet users. Most of this mail is commercial advertising. They send thousands of copies of the same message to a list of e-mail addresses obtained from either Usenet postings or companies' home pages. Such action is called spamming.

The consequence of spam is that the receiver ends up paying for the cost of the e-mail, since the ISP (Internet Service Provider) usually charges on the basis of connect time and downloading mail takes time. At companies where each employee has an e-mail address and the company has a fixed line for e-mail, that line can become quite expensive if it is targeted by spammers.

To hide their identity, spammers usually send from a forged e-mail address and use mail servers that have not been configured to prevent such activities. Relaying, as it is usually called, will cause the targeted e-mail server to send mail on behalf of the spammer to hundreds or even thousands of users. Spamming can seriously affect the performance of the mail server and cause massive bandwidth loss for the company affected. Not only will the mail server's performance be affected, but recipients of the spam will be given the impression that the company is in business with the spammer.

For more information on this, visit the number one anti-spam site on the Internet at http://spam.abuse.net/.

The smtpd Package

My company was recently the target of a spammer who used our mail server as a relay. The spammer was using an account from a well-known service provider, and my guess is that it was probably a trial account. I had not installed any preventions against such attacks and was thus targeted. When I discovered the attack, I dropped all my current work and began searching for a solution. I started by looking at the Sendmail home page (http://www.sendmail.org/). It had links that led to more tools and tips for spam prevention. I chose to implement the solution based on the smtpd package from Obtuse Systems Corporation for the following reasons:

  1. smptd is a small package with only two executable files to manage and one configuration file to tweak.

  2. It works nicely with my mail server (Sendmail v8.8.8).

  3. The configuration file is very flexible and easy to configure.

As of this writing, the smtpd package is at version 2.0 and can be obtained from ftp://ftp.obtuse.com/pub/smtpd/smtpd-2.0.tar.gz.

smtpd works with other MTAs (Mail Transport Agent), but I have been using only Sendmail. The latest Sendmail can be retrieved from ftp://ftp.sendmail.org/ucb/src/sendmail/sendmail.8.9.1.tar.gz.

Note that you must have a working MTA before installing smtpd. It acts only as a mail proxy, storing and forwarding mail to other MTAs for the actual delivery.

Briefly, here's how smtpd works: the smtpd daemon runs and accepts mail instead of your regular mail server. It accepts mail from the Internet as well as your own domain. smtpd can be configured to reject mail based on several criteria:

  1. IP address of the sender

  2. Host name or domain of sender

  3. E-mail address of sender

  4. E-mail address of receiver

Based on the configuration file, the mail is either rejected or accepted and spooled. The second program, smtpfwdd, will do the actual forwarding of the spooled mail to the MTA (Sendmail in this case).

Compiling and Installing the Package

Once you've obtained the package, unarchive the files to a directory. Assuming the files are to be put in the directory /usr/src/smtpd-2.0, do the following:

cd /usr/src
tar xvzf ~/smtpd-2.0.tar.gz
cd smtpd-2.0

Now, by typing ls, you'll see many files and subdirectories. Be sure to read README and INSTALL as these files contain valuable information on the installation of the mail proxy.

To compile the package, do the following:

  1. Choose a user and group for running the smtpd daemon. Your choice must be defined as a trusted user in the sendmail.cf file. I chose to use the user daemon. If you are not sure what to use as trusted user, check the /etc/sendmail.cf file for lines like this: 

    # Trusted users #
Troot
Tdaemon
Tuucp
    In this example, the trusted users are root, daemon and uucp. Do not use root. smtpd works without any root privileges; thus, it is more secure to run it as some other user.

  2. Create a directory in which smtpd can store spooled mail before smtpfwdd processes it. Change permissions and also the user/group of that directory so only that user has full rights to it. If you put it in the /home/smtpd/spool directory, execute these commands: 

    mkdir /home/smtpd
mkdir /home/smtpd/spool
chown -R daemon.daemon /home/smtpd
chmod 700 /home/smtpd
ls -lad /home/smtpd
    The output from ls will look like this: 
    drwx------ 3 daemon daemon 1024 Mar 26 01:34
 /home/smtpd/

  3. Edit the Makefile in the source directory to reflect your choice. The changes we need to make for our example are as follows: 

    SMTP_USER = daemon
SMTP_GROUP = daemon
SPOOLDIR = /home/smtpd
SPOOLSUBDIR = /spool
EHLO_KLUDGE=1
JUNIPER_SUPPORT=0
#LD_LIBS=-lresolv
CHECK_IDENT = 0
    EHLO_KLUDGE is needed to fix a bug in Netscape Communicator. JUNIPER_SUPPORT is set to 0 unless you're using Obtuse's Firewall Kernel. LD_LIBS is commented out, as my Linux distribution does not require the external library libresolv. CHECK_IDENT has been set to 0 to disable IDENT checking. I personally do not believe in IDENT checks—they take time and do not return any useful information.

    By default, the Makefile has been configured to be compiled on Linux, so no other changes need to be made.

  4. In the source directory, type make to compile smtpd and smtpfwdd.

  5. Once the compilation is finished, you will find two executable files in the directory. Copy them to another location in your PATH. To copy them to the /usr/local/sbin directory, type: 

    cp smtpd /usr/local/sbin
cp smtpfwdd /usr/local/sbin

  6. Create a few subdirectories under the /home/smtpd/ directory by typing: 

    cd /home/smtpd
mkdir etc usr
mkdir usr/lib
mkdir usr/lib/zoneinfo
    Because smtpd does a chroot to the directory /home/smtpd, we need to copy (or make symbolic links) into this directory some files that are required for the proper execution of smtpd/smtpfwdd. The files and the directory in which each should be located are:

    • /etc/resolv.conf -> /home/smtpd/etc/resolv.conf

    • /usr/lib/zoneinfo/localtime -> /home/smtpd/usr/lib/zoneinfo/localtime

    The file resolv.conf is needed so that smtpd can do DNS queries (look up IP addresses of hosts). The file localtime has your time zone setting and is required to put the proper time stamp on e-mail. The location of localtime may be different on your system, so you'll have to find the exact path and create a duplicate under the /home/smtpd directory.

  7. Configure smtpd and smtpfwdd to replace the running mail server.

______________________

White Paper
More Resources
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions