I am involved in a very personal war … a war on Spam not because I must, everybody else lives with it, but just because it makes me mad! Spam has made me so mad I have gone on a personal goal to cut the Spam on my servers to 0%…realistic, probably not. Die trying…yep that’s me.
I have to admit that some of my anger with Spam is the number of robo calls I received during the recent election…I mean wow I started casting my votes against the ones that called….yep the candidates that called me more than 6 times all got a vote against them. Really it is all basically the same thing, people are using you and your resources to get ahead.
So in this “adventure” of finding as many ways as possible to combat spam I continue to work with the excellent mail server Postfix. The more time I spend with Postfix the better I like it and the more features I find I can use and create unique ways to attack the Spam issue.
One of the things I like about Postfix is many options to deal with Spam. Using a combination of configuration options I have made huge inroads to meeting my goal of 0%. It was not really rocket science but more of making some additional effort to deal with several smaller issues. header checks is just one of the options available. One of the reasons that header checks can be so effective is that Postfix allows you to drop mail before you waste server resources on it. Yes…that is very important when you realize that between 70-95% of all mail you get is trashed. As a mail server administrator and as a person who must purchase the hardware for the server, that makes me frustrated because 70-95% of my costs are based on Spam.
Here are some ways I have dealt with SPAM:
( I will continue to document my war with Spam at Postfixmail.com a blog dedicated to Postfix.)
Content Filters
Address Verification
Blackholes
Networks
Block Country Subnets
Header checks with Postfix can be used to deal with unwanted mail before your server wastes time with it. Created the file /etc/postfix/header_checks and then add this line in your main.cf.
header_checks = pcre:/etc/postfix/header_checks
The format line for each header check follows this pattern:
/^HEADER:.*content_for_review/ ACTION
The HEADER that you usually will act on is the Subject header. However, you can also filter headers based on the X-Mailer. One idea is to DISCARD all mail that comes from typical X-Mailers that a Spammer will use. Here is a list of X-Mailers that you could place in your header_checks file. Note that often you will use REJECT to send a message back to the user but with these known mailers you probably do not want to send anything back to them. Note also, that this method is bound to create some false positives, so test it for yourself before you make any final decisions.
# Following is a list of known mass mailer programs.
/^X-Mailer: 0001/ DISCARD
/^X-Mailer: 007 Direct Email Easy/ DISCARD
/^X-Mailer: Advanced Mass Sender/ DISCARD
/^X-Mailer: Aristotle / DISCARD
/^X-Mailer: Aureate Group Mail/ DISCARD
/^X-Mailer: Avalanche/ DISCARD
/^X-Mailer: commercialmail / DISCARD
/^X-Mailer: Copia emailFacts / DISCARD
/^X-Mailer: Crescent Internet Tool/ DISCARD
/^X-Mailer: CyberCreek/ DISCARD
/^X-Mailer: DiffondiCool/ DISCARD
/^X-Mailer: Dynamic Opt-In Emailer / DISCARD
/^X-Mailer: DMailer / DISCARD
/^X-Mailer: eGroups Message Poster / DISCARD
/^X-Mailer: E-Mail Delivery Agent/ DISCARD
/^X-Mailer: Emailer Platinum/ DISCARD
/^X-Mailer: E-mail sender / DISCARD
/^X-Mailer: e-Merge / DISCARD
/^X-Mailer: Entity/ DISCARD
/^X-Mailer: Extractor/ DISCARD
/^X-Mailer: Floodgate/ DISCARD
/^X-Mailer: GMail2 / DISCARD
/^X-Mailer: GOTO Software Sarbacane/ DISCARD
/^X-Mailer: Inet_Mail_Out / DISCARD
/^X-Mailer: jfmailer / DISCARD
/^X-Mailer: Mail Bomber / DISCARD
/^X-Mailer: MailWorkz/ DISCARD
/^X-Mailer: MassE-Mail/ DISCARD
/^X-Mailer: MaxBulk.Mailer/ DISCARD
/^X-Mailer: MailKing / DISCARD
/^X-Mailer: Mailloop / DISCARD
/^X-Mailer: MailXSender / DISCARD
/^X-Mailer: MassE-Mail / DISCARD
/^X-Mailer: MultiMailer / DISCARD
/^X-Mailer: NetMasters SMTP / DISCARD
/^X-Mailer: Opt-In Lightning / DISCARD
/^X-Mailer: PersMail / DISCARD
/^X-Mailer: PLAUZIUM / DISCARD
/^X-Mailer: Power CGI Bulk / DISCARD
/^X-Mailer: Prospect Mailer / DISCARD
/^X-Mailer: News Breaker Pro/ DISCARD
/^X-Mailer: SmartMailer/ DISCARD
/^X-Mailer: Sparc12 / DISCARD
/^X-Mailer: StormPort/ DISCARD
/^X-Mailer: SuperMail-2/ DISCARD
/^X-Mailer: Super-Duper-FastMail/ DISCARD
{ 11 comments }
If you’d like to block the robophone spam then grab yourself a copy of asterisk and a card
to hook it up to your phoneline. You’ve got a couple of things you can do with it from there.
There is a particular tone that is emitted for disconnect lines. You can make Asterisk answer
and emit that. All the robocalls will think your phone number no longer exists and remove your
number for their database.
You can also implement a captcha type system. Where asterisk plays a message asking a
question. If you really want to narrow it down make it something semi-personal. Something
only somebody who actually knows you would know the answer to. Once that code is
entered then it allows the physical phone to ring.
Cheers,
Alan.
“I mean wow I started casting my votes against the ones that called”
Um, this may have been a big mistake. Some candidates made harassing robocalls ENDORSING THEIR OPPONENTS, just to achieve the exact results they achieved with you.
Yeah, you are so right. I really hate it, too. I got my mail address for more than 10 years now and 90-95% of my inbox is spam. I try to fight it with bogofilter but that doesn’t work very well. Please keep up your good work and publish your results.
Alex
That’s a lot of work. Wouldn’t an address verification be sufficient? I have used boxguard which validates incoming email against a white list then the black list. I have not had a single spam make it to my inbox for well over a year.
If you really want to get close to the goal of 0% spam. And you are not enmeshed in the Free Software Foundation vs OpenBSD imbroglio.
You have ‘Anjal’ an OpenBSD based appliance. Put it in front of your Mailserver and without much ado it stops spam in its tracks. It can safely be part of your network edge and do its job without intervention/management whatsoever.
http://gayatri-hitech.com/
I WISH TO COMPLETELY ELIMINATE ALL EMAILS FROM NIGERIA
I WANT TO HAVE BODYGUARD
THANK YOU
People are using Advance mass sender to send thousands of spam mail in my cyber and my ISP is threatening shut me down. How can i block or stop the use of Advance massl sender in my cafe.
I don’t often respond on blogs until now! I’ve added you to my reader, thanks
Get SpamCheetah ISO(commercial or free version), install on your network and don’t even allow spam to
enter your network.
You don’t have to deal with spam at all. It works automatically and is very effective.
You also have the choice of installing SpamCheetah to a hard disk or USB stick from the ISO. Check out
http://spam-cheetah.com/download.html
This is the ultimate answer to all e-mail related spam.
-Girish