Hack and / - Spam: the Ham Hack

Check out a few simple spam-fighting tweaks to two of my favorite open-source programs: mutt and Postfix.

When you think about it, all spam really is, is hacked ham. This is true for both meanings of the word. In the food sense, it is composed of hacked-up bits of pork that are reassembled to resemble (sort of) ham. In the e-mail sense, spam is just hacked-up bits of text that are reassembled so they somewhat resemble a legitimate e-mail you want to read (ham).

Countless articles talk about the open-source tools you can use to reduce the amount of spam in your inbox, so I'm not going to write yet another article about SpamAssassin, Razor/Pyzor, Spam Blackhole Lists (SBLs) or even grey-listing, although I recommend looking into those countermeasures if you haven't already done so. Instead, I assume you already have these measures in place, so I'm going to discuss a few extra tools that make spam management a bit more, well, manageable.

Virtual Addresses in Postfix

I'm not a huge fan of Web-based e-mail, although for the longest time, I did think it was a great tool for spam-catching. I would set up a free Web e-mail account, and whenever I bought something on-line, I used that e-mail address as a contact. Of course, whenever I bought something new, I'd have to go into the account first and purge the mountain of spam that had accumulated since the last time I used the account. The other downside was that I still never knew which companies had sold out my e-mail address and which ones kept it protected.

Since then, I've found an even better solution with virtual addresses in Postfix. Now that I run my own mail server, I can set up as many e-mail addresses as I want for free and have them all land in the same inbox. Not only does this make it easier to find all my on-line receipts later, but also because of the way I set it up, I easily can find out which companies sold me out and block only their e-mail messages.

Virtual addresses in Postfix work much like aliases work in most mail servers. It provides you a way to set up a large series of To addresses that your mail server will accept and map those addresses to one or more real addresses on the server, or even forward e-mail to addresses on a completely different server. All you have to do is set up a new database that defines the mapping between virtual and real addresses, and then tell Postfix to use it.

For this example, let's assume I have a mail server that already accepts mail for example.net, and my personal account is kyle@example.net. Whenever I set up a new account, either on a social network or an on-line retailer (anything that could potentially send me spam), I set up a new virtual address named after them and the year. Let's assume I created an account on CompanyX's site, so I could buy a T-shirt and also registered a new profile on TweetBookSpace—the new hip social-networking-meets-cell-phones-meets-LOLcats site.

First, I would create a regular text file called /etc/postfix/virtual that contained the following entries:

# System accounts that should exist
kyle@example.net                  kyle@localhost
root@example.net                  kyle@localhost

# Spam-catching accounts
companyx2009@example.net          kyle@localhost
tweetbookspace2009@example.net    kyle@localhost

All of the addresses in the left column correspond to addresses for which Postfix will accept mail, and the right column tells Postfix to which real account to forward the mail. Instead of an @localhost address, I also could forward it to some other external e-mail address, or even list multiple addresses separated by commas. Once I set up the file and whenever I make any changes, I need to run the postmap command against it, so that it creates the custom database file Postfix actually will read:

$ sudo postmap /etc/postfix/virtual

Finally, I just need to add some new lines to my /etc/postfix/main.cf to define what domains I will use for my virtual aliases and tell it to use the file I just created. I added only one domain here, but if you already have multiple domains defined in your mydestination line, move as many as you want managed by this file over to the virtual_alias_domains setting:

virtual_alias_domains = example.net
virtual_alias_maps = hash:/etc/postfix/virtual

Then, I can run sudo postfix reload to reload my settings. If I start to notice that I'm getting spam sent to companyx2009@example.net, all I have to do to block that address is comment out that line in /etc/postfix/virtual and run postmap again. Although it's not necessary to add the year to the e-mail address, I've found that helps when I periodically go through my old throwaway e-mail addresses and comment them out—after all, I always can uncomment them the next time I want to order something.


Kyle Rankin is Chief Security Officer at Purism, a company focused on computers that respect your privacy, security, and freedom. He is the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu