Basic Anti-Spam functions in Linux

Source: Internet
Author: User
Tags md5 digest email account spamassassin
Article Title: Basic Anti-Spam skills in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Spam has become one of the biggest headaches. In the Windows operating system, you may have had enough trouble with spam to avoid spam harassment on the Linux operating system platform, it is very important to counter and filter junk emails. The following describes some anti-spam technologies widely used in Linux.
  
   (1) SMTP User Authentication
  
Currently, the common and effective method is to perform SMTP authentication on the Mail Transport Agent (MTA) for Mail users from the internet outside the local network, only Authenticated Users are allowed to perform remote forwarding. This not only effectively avoids the use of the email sending proxy server for spam senders, but also facilitates employees who work on a business trip or at home. If SMTP authentication is not adopted, it is feasible to set up an Internet-Oriented Web Mail Gateway without sacrificing security. In addition, if the SMTP service and POP3 Service are integrated on the same server, performing POP3 access authentication (POP before SMTP) on the SMTP service before the user attempts to send a mail is a safer method, however, there are not many email client programs that currently support this authentication method in the application.
  
   (2) reverse name resolution
  
No matter which type of authentication, the purpose is to prevent the mail sending proxy server from being used by spammers, but it is still helpless for the Spam Sent to the local. To solve this problem, the simplest and most effective method is to reverse name the sender's IP address. The DNS query is used to determine whether the sender's IP address is the same as the name it claims. For example, if the sender's name is mx.hotmail.com and its connection address is 255.200.200.200, it is rejected if it does not match the DNS record. This method can effectively filter out spam from dynamic IP addresses. For some senders using dynamic domain names, it can also be blocked based on the actual situation. However, the above method is still ineffective for spam via Open Relay. In this regard, the further technique is to assume that valid users only use the email sending proxy server with a valid Internet name in the domain to send emails. For example, if the sender's mail address is a someone@yahoo.com, the Internet Name of the mail proxy server it uses should have a suffix of yahoo.com. This restriction does not comply with the SMTP protocol, but is effective in most cases. It should be noted that reverse name resolution requires a large number of DNS queries.
  
   (3) Real-time blacklist Filtering
  
The preceding preventive measures are still invalid for spams using their own valid domain names. The more effective method is to use the blacklist service. The blacklist service is a database composed of domain names or IP addresses established based on user complaints and samples. The most famous database is RBL, DCC, and Razor, these databases store host names or IP addresses that frequently send spam messages for the MTA to perform real-time queries to determine whether to reject the emails. However, it is difficult to ensure the correctness and timeliness of various blacklist databases. For example, RBL and DCC in North America contain a large number of host names and IP addresses in China, some of which are caused by early Open Relay and some by false positives. However, these latencies have not been corrected, which has hindered China's contact with emails in North America to some extent and the use of these blacklist services by Chinese users.
  
   (4) Content Filtering
  
Even with the technology in the previous sections, there will still be a considerable number of spam leaks. In this case, the most effective method is to filter the content based on the mail title or body. A simple method is to use the content scanning engine to filter information such as the common title language of spam, the name, phone number, and Web address of the spam beneficiaries. The more complex but more intelligent method is the content filtering based on Bayesian probability theory. This algorithm was first proposed by Paul Graham (http://www.paulgraham.com/spam.html ), and use the self-designed Arc language for implementation. The theoretical basis of this method is to analyze the common keywords in a large number of spam mails to obtain the statistical model of their distribution, and then calculate the possibility that the target email is a spam email. This method has certain adaptive and self-learning capabilities and has been widely used. Spamassassin is the most famous spam content filtering method. It is implemented in Perl and integrates the above two filtering methods, which can be integrated with various mainstream MTA. Content filtering is the most computing resource-consuming among all of the above methods. When the mail traffic is large, it must be used with high-performance servers.
  
Sendmail is a mail sending proxy for Redhat Linux and most Unix-like operating systems. Therefore, Sendmail is the most widely configured mail server. The following uses Sendmail in Redhat Linux 9.0 as an example to describe how to deal with spam.
  
   (1) disable the Relay function of Sendmail.
  
The so-called Relay means that someone else can use this SMTP mail server to send emails to anyone. In this way, spammers with ulterior motives can use this mail server to send a large number of spam mails. In the end, what others complain about is not spammers, but this server. Therefore, you must disable Relay. The method is to edit the access file in the/etc/mail directory of the Linux server, remove the settings such as "* relay", and leave only "localhost relay" and "127.0.0.1 relay. Note: After modifying the access file, use the command to make the modification take effect: makemap hash access. db <access.
  
   (2) Add the RBL function to Sendmail.
  
RBL (Realtime Blackhole List) is a real-time blacklist. Some foreign organizations provide RBL services. Common RBL server addresses include relays.ordb.org, dnsbl.njabl.org, bl.spamcop.net, sbl.spamhaus.org, dun.dnsrbl.net, and dnsbl.sorbs.net. To query and delete IP addresses in RBL, go to http://openrbl.org/and http://ordb.org. RBL adds the IP addresses of the specially sent spam mails to their blacklists. As long as RBL authentication is added to Sendmail, the email server will automatically go to The RBL server to check the IP addresses of all emails, if the mail comes from the blacklist, Sendmail rejects the mail, so that the users in the Organization are less suffering from spam. To add RBL authentication to Sendmail, add the following content to sendmail. mc:
  
FEATURE ('dnsbl', 'relays .ordb.org ', '」 Email blocked using ORDB.org-see') and finally execute "m4 sendmail. mc> sendmail. the commands cf "and" service sendmail restart "take effect for modifications to Sendmail.
  
   (3) Enable SMTP authentication for Sendmail
  
   Server Settings
  
If the Relay function is disabled, you cannot use the client software to send emails. In this case, you need to configure Sendmail to enable its SMTP authentication function, and then enable SMTP authentication on the client, such as Outlook Express and foxmail, in this way, the SMTP server is normal. It is very convenient to configure SMTP authentication in Red Hat Linux 9.0. First, run the command to check whether the cyrus-sasl package is installed.
  
# Rpm-qa | grep sasl
Cyrus-sasl-2.1.10-4
Cyrus-sasl-plain-2.1.10-4
Cyrus-sasl-devel-2.1.10-4
Cyrus-sasl-md5-2.1.10-4
  
If not, run the "rpm-ivh cyrus-sasl *. rpm" command to install all software packages. Then open the/etc/mail/sendmail. mc file and modify the following three lines:
  
Dnl TRUST_AUTH_MECH ('digest-MD5 CRAM-MD5 login plain ') dnl
Dnl define ('confauth _ MECHANISMS ', 'digest-MD5 CRAM-MD5 login plain') dnl
DAEMON_OPTIONS ('port = smtp, Addr = 127.0.0.1, Name = MTA ') dn1
  
To:
  
TRUST_AUTH_MECH ('digest-MD5 CRAM-MD5 login plain ') dnl
Define ('confauth _ MECHANISMS ', 'digest-MD5 CRAM-MD5 login plain') dnl
DAEMON_OPTIONS ('port = smtp, Addr = 192.168.1.200, Name = MTA ') dn1
  
Then generate the cf file and perform the test:
  
# M4 sendmail. mc> sendmail. cf
# Service sendmail restat
# Sendmail d0.1-bv root | grep SASL
Netunix newdb nis pipelining sasl scanf starttls tcpwrappers # mark of successful modification
  
In the next test, Telnet to TCP port 25:
  
# Telnet localhost 25
Ehlo localhost
Note that the following information appears.
250-xxxxxxxx
250-xxxxxxx
250-AUTH LOGIN CRAM-MD5 DIGEST-MD5
250-xxxxxx
  
Outlook Express and Foxmail use LOGIN authentication, While Netscape Mail uses PLAIN authentication.
  
   Client settings
  
In the Outlook Express main window, click the "tools (T)" menu and select "Account (A)" from the drop-down menu )". In the "Internet account" window, select an email account and click "properties (P )". In the displayed account "properties" window (SEE), select the "servers" tab and select "my servers require authentication (V )". Click the "Settings (E)" button next to it. In the "external mail server" window, select "use the same settings (U) as the receiving mail server )". After you press "OK", the settings are complete.
  
   (4) use special tools to prevent spam
In addition to sendmail's built-in functions, other dedicated tools can be used to prevent spam. The famous SpamAssassin (SA) released by Matt Sergeant, Craig Hughes and Justin Mason are listed below ). Currently, the latest version is 3.0.2, which is a popular anti-spam software. According to Deersoft, The SpamAssassin supplier, about 30 thousand Unix servers currently use SpamAssassin. SpamAssassin uses Perl to perform rule matching on the mail content, so as to filter out spam. This method is based on the score. That is to say, if this email meets a certain rule, a certain score is given. When the accumulated score exceeds a certain limit, the email is determined as spam. Applicable to various email platforms such as Sendmail, Qmail, Postfix, and Exim. When called by an end user or system administrator, it can be easily connected with most popular email processing systems. After applying rules to a letter, SpamAssassin generates a score to indicate its possibility of being spam. It can set hundreds of rules, including processing the mail header, processing the mail content, and processing the mail structure. Each rule corresponds to a score (positive or negative). The score of each letter is the sum of the scores of the matching rules. If the score is negative, it indicates that the letter is normal. If the score is positive, it indicates that the letter has a problem. If a default score is exceeded, the filter will identify that it can be used as spam and then hand it over to the user for final decision.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.