SPAM

Recently there was a post to an email list I’m on for Chatham county that I responded to, and I thought I’d include it here too:

> Hey all y’all savvy folk.
> I have been getting hit by unwanted, unsolicited, and
> apparently, untraceable emails from accounts that appear to
> be randomly generated.

Multiple layers of defense are needed. I run my own server so I have an advantage over using an ISP or free mail account in that I can tweak things in many ways, but I’ll run through my list anyway and say what ISPs/free mail folks are likely also doing. If you don’t have your own server, look at the last item to get the most bang for your buck. For those that run your own servers, I’ll include my postfix set up for spam at the bottom.

The latest big trick is sending emails with just 1 image, but altering the size, color, etc, so that it is not easy to detect. See #9 below for one way to handle these and other spam.

1. On the server, set up the mail system to reject mail from bad from/reply to addresses, ill-formed domains, etc. Most mail providers also do this.

2. Subscribe to free “real time blacklist” services. These list IP’s known to be sending spam, and the server rejects mail from those IP’s right way. Most mail providers do something like this.

3. On the server, set up greylisting. These means you reject all incoming mail the 1st time you see the sender. Real mail systems will attempt to re-send within a minute or two, and once that happens, the sender is validated. This catches a huge amount of current spam since much of it comes from compromised hosts (bot nets) that just send mail but never listen for incoming messages (such as rejects). Some mail providers do this.

4. On the server, set up a spam analyzing program that uses baseyan filters, such as spam assassin. Have it put headers in the mail before it puts them in the inbox that identify it as spam. Many mail providers do this, and they take the additional step of putting it in a spam folder. But then take the next step of having your mail client, which you said was thunderbird, “listen to spam headers from your server.” This is under tools -> junk mail controls -> trust mail from spam assassin.

5. As a final trick on the server side, I run postfix, which lets me use addresses like “sean+business@” That way whenever I sign up for something or order something from “business” I use that address. If I ever get spam to that address, I know which business gave out my email, and I can stop doing busines with them.

—- From here on you can do things like this on your mail client, this is specific to thunderbird since that is what I use for personal email, but I have similar items in place for outlook at work. —-

6. Set up thunderbird’s adaptive junk mail detection. Tools -> junk mail controls -> adaptive filter. And then train it! Every time a junk mail shows up in your inbox, tag it as junk.

7. I also like to have thunderbird just delete things when i mark them as junk. tools -> junk mail controls -> handling -> when I manually mark messages as junk -> delete them.

8. For mail that thunderbird tags as junk, I have it place it in the junk mail folder and automatically delete it after 3 days. Tools -> junk mail controls -> handling -> move incoming messages determined to be junk -> other -> junk mail -> delete after 3 days.

9. Configure your mail client to not display html emails, but to let you have it show html once you open the email only if you want to. And then tell it not to load images unless you want to.

—- postfix settings —-

For anyone that runs your own server and postfix, here are my settings. Some of these can just be turned on with no set up, while some do need other apps to be installed and running.

smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/db/pop-smtp,
check_recipient_access hash:/etc/postfix/db/access,
reject_unauth_destination
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
reject_rbl_client relays.ordb.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
check_policy_service inet:127.0.0.1:xxxxx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s