Parallels H-Sphere Documentation System Administrator Guide

 

Fighting Spam

 
 

Related Docs:   Qmail Configuration SpamGuard Setup

Last modified: 27 Dec 2007

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

This document discusses methods of spam identification at the server level and corresponding Qmail configuration options. As you establish certain antispam policies, you should notify your users about the rules that affect the mail they do or don't receive.

 

Rejecting SMTP connections at the network level from hosts with bad DNS

This method is based on identifying general network traffic based on certain criteria, commonly referred to "host-based access control" and commonly implemented using the tcp_wrappers package. In some of these installations, network traffic from hostnames that do not map to valid IP addresses is blocked. While not an e-mail specific measure, this is one way to cut down on e-mail from hosts that have misconfigured their DNS, and therefore are thought by some to be more likely to be spam-friendly.

 

Using your SMTP daemon to reject "known" spammers

This method uses databases of email addresses In the ucspi-tcp package there is the rblsmtpd package, an alternative to the usual qmail-smtpd, and works with any SMTP server that runs under tcpserver. (If you want to "flag" instead of "reject", see the variations section below. I've found qqrbl to be a great solution for ISPs and web hosting companies.)

 

Detecting Spammer on a Web Server

If the spam is sent out from a web server, do netstat -n. You should see bunch of outgoing connections to port 25. You can find who is doing that by ps -auxww. You will usually see a bunch of perl interpreters running, see who the user is and what are the scripts that he is running. Usually the scripts fork a bunch of processes that are used for spamming.

 

Further Steps

Once you figure out who sends the spam, you should suspend the account. In most cases, spammers will use stolen credit cards, and it should be 100% in any case against your AUP.

To prevent such style of attacks, enable iptables (ipchains) on your server, and prevent any outgoing connections to port 25, to any IP but your mailserver IP.

You might also want to set up SpamGuard or SpamAssasin on the mail server or configure Qmail with antispam add-ons.


Related Docs:   Qmail Configuration SpamGuard Setup



© Copyright 2017. Parallels Holdings. All rights reserved.