How to defend against spam in Linux

I believe that most people who use emails will receive a lot of spam every day. As a network manager, I receive more than hundreds of spam mails every day, so it is imperative to prevent spam.

I. Environment Description

The server of the organization uses RedHat Linux 9.0 and the mail server uses Sendmail 8.12.8. This server is placed on the Intranet and connected to the Internet through a Win2000 Server. The gateway software uses WinRoute Pro 4.2.5.

Ii. Main modification measures

1. Disable the Relay function of Sendmail.

The so-called Relay means that someone else can use this SMTP mail server to send emails to anyone, so that spammers with ulterior motives can use this mail server of the author's organization to send a large number of spam mails, in the end, what others complain about is not the spammers, but the server of the Organization. Therefore, you must disable Open Relay by going to the/etc/mail directory of the Linux server, editing the access file, and removing settings such as "* relay, generally, only "localhost relay" and "127.0.0.1 relay" are available.

Note: After modifying the access file, run makemap hash access. db.

2. Enable SMTP authentication for Sendmail

If the Relay function is disabled, it doesn't matter if the teachers in the organization cannot use software such as OE to send emails. As long as the SMTP authentication function is configured for Sendmail, then enable SMTP authentication in OE, the SMTP server can be used anywhere.

It is very convenient to configure SMTP authentication in RedHat Linux 9.0. First, run the command rpm-qa | grep sasl to check whether the cyrus-sasl package has been installed by default ). If not, run the command rpm-ivh cyrus-sasl.rpm to install all packages, then open the/etc/mail/sendmail. mc file, and put the following three lines:

Dnl TRUST_AUTH_MECH 'digest-MD5 CRAM-MD5 login plain ') dnl Dnl define 'confauth _ MECHANISMS ', 'digest-MD5 CRAM-MD5 login plain') dnl DAEMON_OPTIONS 'port = smtp, Addr = 127.0.0.1, Name = MTA ') Change TRUST_AUTH_MECH 'digest-MD5 CRAM-MD5 login plain ') dnl Define 'confauth _ MECHANISMS ', 'digest-MD5 CRAM-MD5 login plain') dnl DAEMON_OPTIONS 'port = smtp, Addr = 0.0.0.0, Name = MTA ')

3. Add the RBL function to Sendmail.

RBLRealtime Blackhole List) is a real-time blacklist. Some foreign organizations provide RBL services. They add the IP addresses of the specially sent spam emails to their blacklists. We only need to add the RBL authentication function to Sendmail, in this case, our email server will automatically go to The RBL server for verification each time it receives the mail. If the mail comes from the blacklist, Sendmail will reject the mail, so that the users in the Organization will suffer less from spam.

The well-known RBL in foreign countries is http // www.ordb.org, whose RBL is available for free, and the domestic http // anti-spam.org.cn last year also provides similar services, but it must be registered before it can be used for free.

Add RBL authentication to Sendmail. mc adds the following sentence. The first sentence indicates that ORDB is added. the RBL service of ORG. The second sentence indicates that the RBL service of ANTI-SPAM is added. Note that the second one must be registered with the website before it can be used. If you want to add other RBL certifications, you can add a few more words in this case. Generally, it is enough to add two RBL certifications ):

① FEATURE 'dnsbl', 'relays .ordb.org ', 'new Email blocked using ORDB.org-see & Quot ″')
② FEATURE 'dnsbl', 'cblplus .anti-spam.org.cn ', '','' 451 Temporary lookup failurefor' $ & {client_addr} 'in cbl.anti-spam.org.cn ″')

Finally, run the m4 sendmail. mc> sendmail. cf and service sendmail restart commands to make the Sendmail modification take effect.

4. Disable Open Proxy

The gateway of the organization uses the WinRoute software. In order to improve the speed of Internet access, the WinRoute Proxy service is opened. However, most proxies are allowed to Connect to any TCP port using the HTTP Connect Method by default, in this way, when the Proxy does not limit the user and the corresponding TCP port, it is easy to give the spam sender a chance. They only need to use the Proxy of the Organization to connect to port 25 of another mail server and send specific SMTP commands to send a large number of spam messages.

I don't know, but I was shocked. As early as last December, the server was blacklisted abroad due to Open Proxy. What's more, because of the open proxy, the CPU usage of our gateway machine has been around 50%, and the gateway of our company has been obligated to do bad things for others.

The method to disable Open Proxy in WinRoute is also very simple, as long as you close the Proxy port connecting to the Internet Nic.

The procedure is as follows: click "Settings → Advanced → Packet Filter", select the Incoming panel, find the NIC connected to the Internet, and click the Add button. The Add Item dialog box is displayed, and select Protocol as TCP, port = 3128 in Destination and Deny1 in Action ).

Figure 1
5. Disable external port 25

I checked the Sendmail LOG, but I didn't find many spam mails sent from the Organization. When I was depressed, it suddenly reminds me that during this time, the Internet sky "NetSky" and "MyDoom" viruses are making a lot of spam mails, especially in the network sky, it comes with the SMTP service function. You can send a mail directly without using Sendmail. Of course, no records are recorded in the Sendmail LOG of the organization. Therefore, immediately go to the WinRoute of the gateway machine and add the limit that the NIC connected to the Intranet cannot connect to the port number 25 outward. The specific setting is shown in step 2.

Figure 2

Note: This setting is added to the Intranet Nic, while the setting to disable Open Proxy is added to the Internet Nic.

6. Remove from the blacklist

Some time ago, due to my negligence, the IP address of my organization had been blacklisted by RBL outside China. You can query and delete IP addresses in RBL to http://openrbl.org/and http://ordb.org, and domestic http://anti-spam.org.cn/cbl_minus/query.htmlcan also be queried.