the djb way

you've got spam!


introduction

You've got qmail, before you know it, you've got spam!

This is that evil wicked crap that starts filling your users' mailboxes, uninvited, unwanted, voluminous.

There are two basic approaches used for dealing with spam:

  1. Filter message content.
  2. Block spam senders.

In the first approach, the mail is accepted from the remote host. But before queueing it for delivery to the local recipient, the message is parsed and analyzed for the kinds of undesirable content that spam often contains. If the analysis matches the local definitions for spam, the message is then either quarantined for further human inspection, or discarded altogether.

In the second approach, known spam senders are blocked at the gate. The qmail server is configured to simply refuse mail from hosts with a history of spamming.

Of the two methods, the second is far more efficient. Little cpu time and no disk space is wasted on the spammer. If you already know who has been sending out spam, just refuse the connection, or limit the connection dialogue to a minimum, but never accept the message itself for delivery.

The question, then, is how to recognize a known spammer? Although they are devious, cunning and constantly on the move, spammers by their nature cannot avoid making their presence known quickly. As soon as legitimate mail servers start seeing thousands of similar messages arriving from a particular IP address, this address may be quickly, automatically, and definitively identified as a spam relay.

Mail administrators from many large sites collaborate to share the IP addresses of these known spammers. This collaboration results in the publication of lists via special DNS records, in a protocol known as a Realtime Blackhole List, or RBL.

The tools Bernstein provides to fight spam work with RBLs, and are designed to help block spam at the gate. These tools include:

Thanks to the benevolence and foresight of djb, these tools are already included in your installation, at no extra cost. The rblsmptd program is included with the ucspi-tcp package; the rbldns utilities are included in the djbdns package.

In our experience, we find these tools are both easy to use and very effective in blocking the vast majority of spam. Small sites may need nothing else.

Of course for maximum spam relief, the battle may require other tools and the addition of message filtering strategies. Although Bernstein himself doesn't provide any tools in this category, several alternatives from third party developers are available for qmail installations. These will be described in later sections.


Copyright © 2003, 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.09.25, wcm.