Spam is fun. Watching spammers in action is even more fun. Via a friend, I have a very old domain that for which I handle mail. Since only one address is legitimate, it’s easy to use a wild card alias to catch and analyze spam. I implemented some Policies via Policyd2, aka “ClueBringer” (linux kids are cute, aren’t they?) Basically, I added a 20/hour recipient quota, and a 5/hour /24 based sender quota, hoping to bounce a few messages. It never happens. The bot network that sends these messages implements a simple, but effective interpolation scheme where the same address NEVER receives mail from the same ip address, and it always jumps /24s after 2 messages. It’s fascinating to watch.
Spam is the bane of all email servers and services. As I wrote in my email entry, I use Maia, which is a frontend to Amavis, which is a daemon that ties various anti-spam and anti-virus programs together. When I originally set things up, I followed a guide on NEOHAPSIS. That guide was written in Russian, but had English examples. Basically, you set up Amavis, have Postfix route mail to it (it acts as an ESMTP server) and Amavis takes care of the rest. My anti-virus program is ClamAV. It works, it’s fairly painless, and simple. My anti-spam choice, SpamAssassin, was not quite as easy.
SpamAssassin is basically a Perl script, maintained by the Apache group, that incorporates various config scripts to filter out spam. There are several modules that you can incorporate, including DKIM checking, URI scanning and, RBL incorporation. You can customize your scoring of each component, making it very flexible. The default modules include SA-Blacklist, a massive blacklist that should not be used. Ever. Disable it, otherwise you will monopolize the CPU on your server. Maia integrates with SpamAssassin very well, allowing for quarantining, with digests and reminders, statistics on each rule for customization, and end user blacklisting/whitelisting, setting up honeypots, among other options. It’s very useful, effective, and not prone to false positives.
I host mail for a few friends and family. I use Postfix as my MTA with Dovecot as my SASL/LDA/POP/IMAP server. Users are authenticated via MySQL and PAM, so I can have local, and virtual accounts. To manage things, I user PostfixAdmin, with a few¬† tweeks to accomodate my virtual user’s file structure. Logins are either the full email address (virtual accounts) or the username.
I use a combination of SQLGrey and ClamAV and Maia(SpamAssassin frontend) for my anti-spam/anti-virus protection. SquirrelMail and RoundCube are both availible for webmail. Mutt and Alpine are installed on the server as well.
The Settings are as follows:
The POP3/IMAP4¬† and SMTP server is mail.chronophage.net
SMTP Authentication is ON
Ports are: 110/993* 143/995* and 25/587/465* for SMTP.
After switching LDA and SASL over to Dovecot, I have magnanimously set up Sieve scripting for my valuable users. And it works for both virtual and shell accounts.
Shell accounts can use either Squirrelmail, or upload Sieve scripts via the Sieve Thunderbird plugin or place them in your .sieve folder.
Virtual accounts will either have to use Squirrelmail or a program that can speak Sieve (standard port, 2000)
Sieve scripts DO count against your quota, so be careful Virtual Users.
This is LDA level filtering, so I can’t see what it’s doing via my logs, so watch your filters!
There are a lot of Sieve scripts out there, have fun!
Procmail and Maildrop are installed on the system, and can be used for shell users via a .forward file.
http://mail.chronophage.net for SquirrelMail
http://mail.chronophage.net/ for RoundCube
http://mail.chronophage.net/admin redirects to https://mail.chronophage.net/postfixadmin
Shell users should be able to log in with their email address but passwords don’t sync with local passwords.
Send me an email to change passwords.