Hack and / - Spam: the Ham Hack

by Kyle Rankin

When you think about it, all spam really is, is hacked ham. This is true for both meanings of the word. In the food sense, it is composed of hacked-up bits of pork that are reassembled to resemble (sort of) ham. In the e-mail sense, spam is just hacked-up bits of text that are reassembled so they somewhat resemble a legitimate e-mail you want to read (ham).

Countless articles talk about the open-source tools you can use to reduce the amount of spam in your inbox, so I'm not going to write yet another article about SpamAssassin, Razor/Pyzor, Spam Blackhole Lists (SBLs) or even grey-listing, although I recommend looking into those countermeasures if you haven't already done so. Instead, I assume you already have these measures in place, so I'm going to discuss a few extra tools that make spam management a bit more, well, manageable.

Virtual Addresses in Postfix

I'm not a huge fan of Web-based e-mail, although for the longest time, I did think it was a great tool for spam-catching. I would set up a free Web e-mail account, and whenever I bought something on-line, I used that e-mail address as a contact. Of course, whenever I bought something new, I'd have to go into the account first and purge the mountain of spam that had accumulated since the last time I used the account. The other downside was that I still never knew which companies had sold out my e-mail address and which ones kept it protected.

Since then, I've found an even better solution with virtual addresses in Postfix. Now that I run my own mail server, I can set up as many e-mail addresses as I want for free and have them all land in the same inbox. Not only does this make it easier to find all my on-line receipts later, but also because of the way I set it up, I easily can find out which companies sold me out and block only their e-mail messages.

Virtual addresses in Postfix work much like aliases work in most mail servers. It provides you a way to set up a large series of To addresses that your mail server will accept and map those addresses to one or more real addresses on the server, or even forward e-mail to addresses on a completely different server. All you have to do is set up a new database that defines the mapping between virtual and real addresses, and then tell Postfix to use it.

For this example, let's assume I have a mail server that already accepts mail for example.net, and my personal account is kyle@example.net. Whenever I set up a new account, either on a social network or an on-line retailer (anything that could potentially send me spam), I set up a new virtual address named after them and the year. Let's assume I created an account on CompanyX's site, so I could buy a T-shirt and also registered a new profile on TweetBookSpace—the new hip social-networking-meets-cell-phones-meets-LOLcats site.

First, I would create a regular text file called /etc/postfix/virtual that contained the following entries:

# System accounts that should exist
kyle@example.net                  kyle@localhost
root@example.net                  kyle@localhost

# Spam-catching accounts
companyx2009@example.net          kyle@localhost
tweetbookspace2009@example.net    kyle@localhost

All of the addresses in the left column correspond to addresses for which Postfix will accept mail, and the right column tells Postfix to which real account to forward the mail. Instead of an @localhost address, I also could forward it to some other external e-mail address, or even list multiple addresses separated by commas. Once I set up the file and whenever I make any changes, I need to run the postmap command against it, so that it creates the custom database file Postfix actually will read:

$ sudo postmap /etc/postfix/virtual

Finally, I just need to add some new lines to my /etc/postfix/main.cf to define what domains I will use for my virtual aliases and tell it to use the file I just created. I added only one domain here, but if you already have multiple domains defined in your mydestination line, move as many as you want managed by this file over to the virtual_alias_domains setting:

virtual_alias_domains = example.net
virtual_alias_maps = hash:/etc/postfix/virtual

Then, I can run sudo postfix reload to reload my settings. If I start to notice that I'm getting spam sent to companyx2009@example.net, all I have to do to block that address is comment out that line in /etc/postfix/virtual and run postmap again. Although it's not necessary to add the year to the e-mail address, I've found that helps when I periodically go through my old throwaway e-mail addresses and comment them out—after all, I always can uncomment them the next time I want to order something.

Spam Tips for Mutt Users

I know plenty of people use whiz-bang graphical e-mail programs, and many of them also have fancy buttons and icons that flash when e-mail might be spam. Well, if you didn't already know from my prior columns, I'm a big fan of mutt, and I didn't want to be left out of all these fancy spam-managing techniques. Once again, mutt's powerful customization comes to the rescue.

Colorize Borderline Spam

Although I do have spam filters set up on my personal account, sometimes messages get through my defenses. It's always a delicate balancing act when you tweak your spam thresholds, so I not only wanted to see how close spam that made it through was to the threshold, but I also wanted to know if any of my legitimate e-mail was close.

I have SpamAssassin configured so that it adds the score to my e-mail headers via the custom X-Spam-Status header. Let's say that my spam threshold was a score of 6; I then set up two rules: one to color any messages with a score of 2 or 3 red and another to color messages with a score of 4 or 5 bright red. That way, both types of messages would stand out—especially the messages right on the tip of my threshold. Here are the folder-hook rules I added to my mutt config:

folder-hook . "color index red default '~h 
 ↪\"X-Spam-Status:.*score=(2|3)\.\"'"
folder-hook . "color index brightred default '~h 
 ↪\"X-Spam-Status:.*score=(4|5)\.\"'"

Now, like many people, I have a special spam folder set aside so I can train SpamAssassin. I go in there from time to time to look for any false positives, so I also wanted to highlight any messages that were right above the threshold. The following rule colors any messages that have a score of 6, 7 or 8 magenta:

folder-hook . "color index magenta default '~h
 ↪\"X-Spam-Status:.*score=(6|7|8)\.\"'"
Quick Macro to Save to the Spam Folder

Now, whenever I go through my inbox and see a message with a suspicious Subject line, if I notice it's colored red or bright red, I might not even bother to open it. Because I know it's close to the threshold, I simply can move it to my spam folder. In mutt, you can do this with just a few keystrokes, but of course, that doesn't stop me from automating it a bit further. After all, why do a few keystrokes when I can bind the S key to save to my spam folder automatically? All I had to do was add the following to my mutt config:

# make S automatically save spam to the spam folder
macro index	S "simaps://mail.example.net/INBOX.spam"
macro pager	S "simaps://mail.example.net/INBOX.spam"

Of course, change imaps://mail.example.net/INBOX.spam so that it points to the spam folder on your IMAP server, but once you do, you either can press S to save an individual message to the spam folder or you can tag all of the spam in your inbox with the T key, and press ;S to save it all to the spam folder at once.

Sure, it would be great if we never had any spam to begin with, but although I can choose what canned food I buy at the grocery store, I may never fully get rid of spam in my inbox. After all, one man's hacked-up pork by-product is another man's tasty canned-ham substitute. If people didn't order those male-enhancement pills, they wouldn't advertise them. At least with a few extra steps, I can make managing spam take less time.

Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for O'Reilly Media. He is currently the president of the North Bay Linux Users' Group.

Load Disqus comments

Firstwave Cloud