Anti-spam basic settings under Linux system

Source: Internet
Author: User
Tags mail linux

Junk e-mail has become one of the most vexing problems in people. In the Windows operating system you may have tasted the pain of spam, and don't think it's important to avoid the harassment of spam in the Linux operating system platform, and to counter and filter spam. Here are some of the most widely used anti-spam technologies in Linux.

(1) SMTP user authentication

A common and very effective method is to authenticate a sender of the Internet from outside the local network on the message transfer agent (mail Transport Agent,mta), allowing remote forwarding only from authenticated users. This can effectively prevent the mail transfer proxy from being used by spammers and facilitating employees who travel or work from home. If SMTP authentication is not taken, it is possible to set up Internet-facing web mail network Guan Ye without sacrificing security. In addition, if the SMTP service and the POP3 service are integrated on the same server, POP3 access verification (POP before SMTP) before the user attempts to send a message is a more secure approach, but when applied, consider the current number of mail client programs that support this authentication method.

(2) Reverse name resolution

Regardless of the authentication, the goal is to prevent the messaging proxy server from being exploited by spammers, but still have no alternative to sending spam to local users. The simplest and most effective way to solve this problem is to reverse name resolution of the sender's IP address. The DNS query is used to determine whether the sender's IP is consistent with its purported name, for example, its purported name is mx.hotmail.com and its connection address is 20.200.200.200, and its DNS records do not match. This method can effectively filter out the spam from the dynamic IP, for some users who use dynamic domain name, can also be shielded according to the actual situation. However, the above method is still invalid for the use of open relay spam. A further technique is to assume that legitimate users use only the mail delivery proxy server with a legitimate Internet name in this domain to send e-mail. For example, if the sender's e-mail address is someone@yahoo.com, the Internet name of the mail delivery proxy that it uses should have a yahoo.com suffix. This restriction does not conform to the SMTP protocol, but in most cases it is effective. It should be noted that reverse name resolution requires a large number of DNS queries.

(3) Real-time blacklist filtering

The precautionary measures described above are still not valid for spam messages that use their own legal domain name. A more effective way to do this is to use the blacklist service. Blacklist service is based on user complaints and sampling accumulation of the establishment of a domain name or IP database, the most famous is RBL, DCC and razor, etc., these databases keep frequent send spam host name or IP address, for the MTA real-time query to decide whether to reject the corresponding message. However, it is difficult to guarantee the correctness and timeliness of various blacklist databases at present. For example, the RBL and DCC in North America contain a large number of host names and IP addresses in the country, some of which were caused by early open relay, and some by false positives. But these delays have not been rectified, to some extent hinder our country and North America's mail link, also hindered our country's users to use these blacklist services.

(4) Content filtering

Even with the technology in many of the previous links, there will still be a considerable amount of spam. The most effective way to do this is to filter the content of the message header or body. An easy way to do this is to combine the content scanning engine to filter through information such as the common title of Spam, the name of the recipient of the spam, the phone number, the Web address, and so on. A more complex but at the same time more intelligent approach is the content filtering based on Bayesian probabilistic theory, which was first proposed by Paul Graham (http://www.paulgraham.com/spam.html) and implemented using the arc language of his own design. The theory of this method is based on the analysis of the common keywords in a large number of spam mails, and then the statistical model of the distribution is derived, and the probability of the target mail being spam is calculated. This method has a certain adaptive and self-learning ability, and has been widely used in the present. The most famous spam content filter is SpamAssassin, which is implemented using the Perl language, integrates both of these filtering methods and can be integrated with the current major MTA. Content filtering is the most computational resource in all of the above methods, and it needs to be used with High-performance server in large mail traffic.

SendMail is a mail delivery agent for Redhat Linux and most Unix-like operating systems, so it is currently the most widely configured mail server. Here are some specific ways to deal with spam, as an example of the sendmail used by Redhat Linux 9.0.

(1) Turn off the relay function of SendMail

The so-called relay means that someone can use this SMTP mail server to send a letter to anyone, so that the malicious spammers can use this mail server a large number of spam, and the last person complained about is not the spammers, but this server, so must close the relay. The way is, to the Linux server/etc/mail directory edit Access file, remove the "*relay" and so on, leaving only "localhost relay" and "127.0.0.1 Relay" two. Note that when you modify an Access file, you also use the command to make the changes take effect: Makemap hash access.db < access.

(2) Add RBL function in SendMail

RBL (Realtime Blackhole list) is a real-time blacklist. Some foreign agencies to provide RBL services, commonly used RBL server address relays.ordb.org, dnsbl.njabl.org, Bl.spamcop.net, sbl.spamhaus.org, Dun.dnsrbl.net and Dnsbl.sorbs.net. Query and delete the IP address in the RBL to http://openrbl.org/and http://ordb.org. RBL will collect the Chinese spam IP address into their blacklist, as long as in SendMail to add RBL authentication function, will make the mail server in each receipt automatically to RBL server to verify, if the letter from the blacklist, then SendMail will reject mail, So that the unit's users less suffering from spam. To add RBL authentication to the SendMail, you need to add the following to SENDMAIL.MC:

FEATURE(`dnsbl',`relays.ordb.org',`″Email blocked using ORDB.org - see _addr}″">″')

The final implementation of the "M4 SENDMAIL.MC>SENDMAIL.CF" and "service SendMail restart" two orders to make the relevant sendmail changes in effect.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.