Last modified: 27 Dec 2007
WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the
official Parallels site.
This document discusses methods of spam identification at the server level and corresponding Qmail configuration options. As you establish certain antispam policies, you should notify your users about the rules that affect the mail they do or don't receive.
Rejecting SMTP connections at the network level from hosts with bad DNS
This method is based on identifying general network traffic based on certain criteria, commonly referred to "host-based access control" and commonly implemented using the tcp_wrappers package. In some of these installations, network traffic from hostnames that do not map to valid IP addresses is blocked. While not an e-mail specific measure, this is one way to cut down on e-mail from hosts that have misconfigured their DNS, and therefore are thought by some to be more likely to be spam-friendly.
Using your SMTP daemon to reject "known" spammers
This method uses databases of email addresses In the ucspi-tcp package there is the rblsmtpd package, an alternative to the usual qmail-smtpd, and works with any SMTP server that runs under tcpserver. (If you want to "flag" instead of "reject", see the variations section below. I've found qqrbl to be a great solution for ISPs and web hosting companies.)
Detecting Spammer on a Web Server
If the spam is sent out from a web server, do netstat -n.
You should see bunch of outgoing connections to port 25. You can find who
is doing that by ps -auxww. You will usually see a bunch of perl interpreters
running, see who the user is and what are the scripts that he is running.
Usually the scripts fork a bunch of processes that are used for spamming.
Once you figure out who sends the spam, you should suspend the account.
In most cases, spammers will use stolen credit cards, and it should
be 100% in any case against your AUP.
To prevent such style of attacks, enable iptables (ipchains) on your server,
and prevent any outgoing connections to port 25, to any IP but your mailserver IP.
You might also want to set up SpamGuard or SpamAssasin
on the mail server or configure Qmail with antispam add-ons.