The mail system is an important part of Linux network applications. The complete mail system includes the underlying operating system, the Mail sending proxy MTA, the mail distribution proxy MDA, and the Mail User proxy MUA. Currently, the main danger facing the Linux email system is spam, Linux virus, and DoS attacks. This article focuses on Linux Emails
The mail system is an important part of Linux network applications. The complete mail system includes the underlying operating system, the Mail sending proxy MTA, the mail distribution proxy MDA, and the Mail User proxy MUA.
Currently, the main danger facing the Linux email system is spam, Linux virus, and DoS attacks. This article focuses on anti-spam policies for Linux mail servers.
Prevention of spam
Currently, the following anti-spam technologies are widely used:
(1) SMTP user authentication: a common and very effective method for SMTP authentication on the email sending proxy (MTA) for mail users from the Internet outside the local network, only authenticated users are allowed to perform remote forwarding. This not only effectively avoids the use of the email sending proxy server for spam senders, but also facilitates employees who work on a business trip or at home. Without SMTP authentication, it is also feasible to set up an Internet-oriented Web mail gateway without sacrificing security. In addition, if the SMTP service and POP3 service are integrated on the same server, it is safer to perform POP3 access authentication (POP before SMTP) on the SMTP service before the user attempts to send a mail.
(2) disable Open Relay: there are still not a few Open Relay servers. Therefore, disabling Open Relay has a significant effect on anti-spam.
(3) real-time blacklist filtering: the preventive measures described earlier do not apply to spams using their own valid domain names. in this case, you can use the blacklist service list. For each incoming email message, the MTA program obtains the address of the remote server and queries the remote Internet server to authenticate the address. If the address is in the spam host list, the MTA rejects the message. The following figure shows the process of using the PCIe authentication.
(4) content filtering: MTA, MUA, and MDA filtering have their own characteristics. these methods are usually used at the same time.
◆ MTA filtering: most MTA provides some filtering, because they are at the front end of the email, it is usually easier to control the arrival of the email.
◆ MDA filtering: most MTA does not filter mail content, and the filtering of Mail content is done by MDA. many complex filters use the MDA filter.
◆ MUA filtering: The MDA is located on the mail server, and many users want to manage filtering rules from the Mail interface, so they need MUA filtering. Mainstream MUA, such as Outlook, Foxmail in Windows, and Evolution in Linux, all have filtering functions.
◆ Dedicated tools: such as SpamAssassin.
◆ Commercial software: for example, Trend Micro IMSS 5.5 (spam prevention service is integrated ).
Application instance
Sendmail is a mail sending proxy for RedHat Linux and most Unix-like operating systems. Therefore, Sendmail is the most widely configured mail server. The following uses Sendmail in RedHat Linux 9.0 as an example to describe how to deal with the hazards of spam by using the above technologies. (1) disable the Relay function of Sendmail.
The so-called Relay means that someone else can use this SMTP mail server to send emails to anyone. in this way, spammers with ulterior motives can use this mail server to send a large number of spam mails. In the end, what others complain about is not spammers, but this server. Therefore, you must disable Relay.
The method is to edit the access file in the/etc/mail directory of the Linux server, remove the settings such as "* relay", and leave only "localhost relay" and "127.0.0.1 relay. Note: after modifying the access file, run the following command to make the modification take effect:
Makemap hash access. db <access
(2) add the RBL function to Sendmail.
RBL (Realtime Blackhole List) is a real-time blacklist. Common RBL server addresses include relays.ordb.org, bl.spamcop.net, dun.dnsrbl.net, and dnsbl.sorbs.net. Querying and removing IP addresses in RBL can go to http://openrbl.org and http://ordb.org.
RBL adds the IP addresses of the specially sent spam mails to their blacklists. as long as RBL authentication is added to Sendmail, the email server will automatically go to the RBL server to check the IP addresses of all emails, if the mail comes from the blacklist, Sendmail rejects the mail, so that the users in the organization are less suffering from spam.
To add RBL authentication to Sendmail, add the following content to Sendmail. mc:
FEATURE ('dnsbl, 'relays .ordb.org, '"Email blocked using ORDB.org-see ″)
Finally, run the "m4 Sendmail. mc> Sendmail. cf" and "service Sendmail restart" commands to make the modifications to Sendmail take effect. (3) open Sendmail's SMTP
◆ Server side settings
If the Relay function is disabled, you cannot use the client software to send emails. in this case, you need to configure Sendmail to enable its SMTP authentication function, and then enable SMTP authentication on the client, such as Outlook Express and Foxmail, in this way, the SMTP server is normal. In
It is very convenient to configure SMTP Authentication in RedHat Linux 9.0. first, run the command to check whether the cyrus-sasl software package is installed.
# Rpm-qa grep sasl
Cyrus-sasl-2.1.10-4
Cyrus-sasl-plain-2.1.10-4
Cyrus-sasl-devel-2.1.10-4
Cyrus-sasl-md5-2.1.10-4
If not, run the "rpm-ivh cyrus-sasl *. rpm" command to install all software packages. then open the/etc/mail/Sendmail. mc file and run the following command:
Dnl TRUST_AUTH_MECH ('Digest-MD5 CRAM-MD5 login plain) dnl
Dnl define ('confauth _ MECHANISMS, 'Digest-MD5 CRAM-MD5 login plain) dnl
DAEMON_OPTIONS ('Port = smtp, Addr = 127.0.0.1, Name = MTA) dn1
To:
TRUST_AUTH_MECH ('Digest-MD5 CRAM-MD5 login plain) dnl
Define ('confauth _ MECHANISMS, 'Digest-MD5 CRAM-MD5 login plain) dnl
DAEMON_OPTIONS ('Port = smtp, Addr = 192.168.1.200, Name = MTA) dn1
Then generate the cf file and perform the test:
# M4 Sendmail. mc> Sendmail. cf
# Service Sendmail restat
# Sendmail d0.1-bv root grep SASL
Netunix newdb nis pipelining sasl scanf starttls tcpwrappers # indicates that the modification is successful. in the next Test, Telnet to the TCP 25 Port:
# Telnet localhost 25
Ehlo localhost
Note that the following information appears:
250-xxxxxxxx
250-xxxxxxx
250-AUTH LOGIN CRAM-MD5 DIGEST-MD5
250-xxxxxx
Outlook Express and Foxmail use LOGIN authentication, while Netscape Mail uses PLAIN authentication.
◆ Client settings
In the Outlook Express main window, click the "tool (T)" menu and select "account (A)" from the drop-down menu )". In the "Internet account" window, select an email account and click "properties (P )". In the displayed "attributes" window, select the "servers" tab and select "my servers require authentication (V )". Click the "settings (E)" button next to it. in the "external mail server" window, select "use the same settings (U) as the receiving mail server )". After you press "OK", the settings are complete.
(4) use special tools to prevent spam
The installation process of SpamAssassin is relatively simple and will not be described here.
The configuration process is as follows:
SpamAssassin has many default rules, which can be found under/usr/share/spamassassin. to add your own rules, you can configure/etc/mail/spamassassin/local. cf file implementation. To add a whitelist (that is, you can be sure that the list of senders will not send spam ). The configuration code is as follows:
White elist_from_rcvd people@basic.com
Whitelist_from_rcvd @ people.com
The above two rules add the entire people@basic.com mailbox and @ people.com domain to the whitelist.
The following will also integrate SpamAssassin and Sendmail (here we use Sendmail as an example, Qmail and Postfix are slightly different. The simplest method is to use procmail to call the SpamAssassin filter. Procmail to call the SpamAssassin process.
Add the following content to the/etc/procmailrc file:
: 0fw
/Usr/bin/spamassassin
: 0
* X-Spam-Status: Yes
Spam
If you want SpamAssassin to not check large emails, you can restrict it by adding one line:
: 0fw * <1000000/usr/bin/spamassassin indicates that the email check size is limited to KB. SpamAssassin also provides a dedicated spamd background daemon, which can be set to automatically start when the system starts. There is a Mail-SpamAssassin-3 script under redhat-rc-script.sh.-0.2/spamd/to put this script under the RedHat Startup directory/etc/rc. d/init. d. You also need to modify the/etc/procmailrc file as follows:
: 0fw
/Usr/bin/spamc-s 100000
In this way, you can adjust the running status of the filter by controlling the spamd process. After the configuration is complete, you can send an email for testing. If several items related to spam check appear in the mail header, it indicates that SpamAssassin has started to play a role.
In addition to setting internal rules, SpamAssassin can also access other external spam filter rule sets to further enhance its applicability. Chinese_rules.cf is a Chinese spam filtering rule set for SpamAssassin. SpamAssassin has no filtering rules for Chinese characters in the past. The CCERT anti-spam research team launched the first Chinese spam filter rule set Chinese_rules.cf based on SpamAssassin. Copy Chinese_rules.cf to/usr/share/spamassassin by running the following command:
# Wget-N-P/usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf
Note that CCERT updates the rule set once a week, and updates the spam that have been processed within six months using the CCERT anti-spam service as a sample. Frequent updates to Chinese_rules.cf will improve the filtering performance.
Linux has a daemon called crond. its main function is to periodically check the content of a group of command files in the/var/spool/cron directory, and execute the commands in these files at the specified time. You can use the crontab command to create,