Campaign banner

Blocking mailed spam

Fortunately, blocking mailed spams is getting easier. You can do one of two different things. The first is straightforward and works well for all but the biggest sites. This is to block access to your SMTP port so it can't be used to inject spam. The other thing you do is to block spams from traversing your system. This is more difficult because older mailers don't give you a good way to look at the originating address.

You block your SMTP port by turning off your mailers SMTP daemon mode and run it out of inetd instead. If you combine this with running smap from the TIS Firewall Toolkit, your configurations look somewhat like this:

In /etc/inetd.conf: 

smtp	stream	tcp	nowait	root	/usr/local/etc/tcpd	smap
In /etc/hosts.allow:

smap : ALL
In /etc/hosts.deny:

smap : badsite.com .badsite.com ppp.qqq.rrr.0
In /usr/local/etc/netperm-table:

smap, smapd:            userid 32
smap, smapd:            directory /var/spool/smap
smapd:                  executable /usr/local/libexec/smapd
smapd:                  sendmail /usr/sbin/sendmail
This is a sample, your exact paths would vary. This combination is very powerful, and prevents badsite.com or anyone in the Internet range ppp.qqq.rrr.0 from accessing your SMTP server. Be aware, though, that this could load your mail server down. It will run a separate process for each incoming mail message. If your server is small relative to your load, you should investigate one of the other techniques listed here.

Craig Hagan has contributed a method for blocking third-party relaying with smap. Spammers often use third-party relaying to distribute spam via an intermediary party's mailer. Using this routine, you can prevent your mailer from being misused that way. They are starting to do this because the other blocking techniques are making it harder for them to reach their targets.

There are now a few techniques for blocking spam with sendmail. Axel Zinser has patches for blocking spam with sendmail versions 8.6.12, 8.7.3 or 8.8.2. Axel's patches allow blocking spam during the SMTP transaction phase.

Pete Ashdown has contributed a procedure for dropping spam mail. His procedure accepts the SMTP mail and then drops it during the delivery phase.

Wolfgang Rupprecht has supplied a routine using check_compat (for sendmail 8.8.2 and 8.8.3) that can be used to block spam mail or prevent all third-party relaying.

Claus Aßmann has put together a very detailed write-up of using the check_* routines in sendmail 8.8.2 and later.

Finally, Eric Allman (the author of sendmail) has started to publish some information on spam blocking and will be formalizing it in a future release.

Optionally, you can scrap sendmail and run something like qmail or exim instead. If you have the freedom to change mailers, several people say that qmail is an excellent solution.

Blocking Usenet spam for an entire site

Scott Hazen Mueller / scott@zorch.sf-bay.org