Wednesday, June 9, 2010

Controlling E-mail Spam

Email spam blocking techniques fall into one of two broad areas. The first area, common in small to midsize sites, is to add spam blocking technology into the Mail Transfer Agent (MTA) - Exchange, Sendmail, Postfix and Communigate are all examples of MTAs. The second technique is more commonly used by large sites and sites with dedicated mail administrators, and that is to put a mail-blocking appliance between the MTA and the Internet. Both techniques have in common some sort of automatic update mechanism so that the MTA or appliance is kept up-to-date against the latest spam sites, patterns and attacks. One of the more popular anti-spam software titles for these purposes is GFI MailEssentials. GFI MailEssentials can be installed directly on the mail server or be installed on a dedicated machine to create a low-cost appliance solution.

Blocking in the MTA has the advantage that no additional hardware is required. Also, the learning curve can be quite short, as the better packages just plug right into the mail server and need relatively little configuration. On the other hand, for the do-it-yourselfers running UNIX and sendmail, the learning curve can be just as long as you like.

Appliances are more commonly used by large and very large sites because they can handle extremely high volumes (millions of messages per day) and can be configured in redundant configurations so that no single failure will disable spam filtering. The appliances are basically high-quality PCs with custom mail software and special configuration front-ends. They are complex devices and generally require expert mail administrators to get the most out of them, although the vendors will configure and maintain them, for a fee. The very largest sites (AOL, Yahoo, Google and MSN Hotmail) essentially build their own custom appliances. Appliances will work in front of any MTA.

sendmail, exim, smail, qmail, postfix, PMDF MMDF, PP, Macintosh, Microsoft Exchange, Microsoft Windows, any (or many) MTA(s).
  • [sendmail]: Sendmail, the most commonly found UNIX-based mailer, has information on spam blocking here.
  • [sendmail]: sendmail MTAs which accept SMTP email from currently active POP clients should read details of POP before SMTP to avoid spurious relaying, or an alternative.
  • [sendmail]: have their own rules to cause mail from named site to be returned to sender.
  • [sendmail 8.8.2 and 8.8.3]: Wolfgang Rupprecht has supplied a routine using check_compat that can be used to block spam mail or prevent all third-party relaying.
  • [sendmail]: Pete Ashdown has contributed a procedure for dropping spam mail. His procedure accepts the SMTP mail and then drops it during the delivery phase.
  • [sendmail 8.8.2 and later]: Claus AƟmann has put together a very detailed write-up of using the check_* routines.
  • [sendmail + compatibles]: Christian Alice Scarborough's perl5 package splam-2.0 [ Used to be called `ignore-spam' ]
  • [sendmail + compatibles]: Ian Leicht's PERL5 package the NAGS Spam Filter can reject spam mail automatically, sending a rejection letter with details of how to get past the block.
  • [sendmail]: another example of how to block spam
  • [sendmail]: Dansie Spam Net is a commercial score-based filtering system for sendmail with perl. It is web-manageable and so suitable for hosted e-mail environments.
  • [Sendmail]: ScanMail is a commercial general mail filter package, useful for spam and virii.
  • [Sendmail]: E-mail Processing Agent is a mail server software add-in that controls incoming and outgoing, Internet and intranet e-mail to eliminate 100% of unwanted e-mails (including "spam").
  • [sendmail/rbl]: MAPS is now Trend Micro Message Security.
  • [Sendmail]: Milter-greylist is a sendmail milter that implements "greylisting" - refusing mail from never-before-seen hosts with a temporary failure. Legitimate mailers requeue and retry the message, while much spamware does not.
  • [Sendmail]: The greylisting paper discusses greylisting in detail and provides a perl-based sample implementation of a sendmail milter.
  • [exim/rbl]: If you can change your mailer from (e.g.) sendmail but need to keep the mailbox format (etc) unchanged, you may care to look at exim(overview) which is a ``drop in replacement'' for sendmail, a `next generation' smail, which can use the MAPS RBL to block spam domains from version 1.735.
  • [smail]: Since, smail can restrict which addresses can relay email, e.g. `smtp_remote_allow = 194.64.4.*:194.163.56.*'
  • [qmail/rbl]: If you can completely change the way email is processed, you may care to look at qmail. There is info on how to use rbl.
  • [qmail]: Mikio Okawa's dynamail is a package for qmail that allows ordinary users to create temporary, access limited e-mail addresses.
  • [qmail]: SPAMbaffle is spam filtering software which can be set up either by indiviaul users on a Qmail system, or by the system administrator. It filters based on email headers, the message body, and the MIME types or filenames of attachments, and can either drop or bounce messages that it catches, with customized bounce messages.
  • [postfix]: Postfix, by Wietse Venema, installs with relaying and volume controls set to sane values by default; is under very active development to make controls for relaying easy to set correctly if the default values won't do, and difficult to set in such a way as to allow unauthorized relaying; and is supported by an extremely active users' mailing list (including active participation by Venema) that's extremely anti-spam.
  • [PMDF]: says that to block mail from, you need to edit the mapping file PMDF_TABLE:MAPPINGS (for VMS) or /pmdf/table/mapping (for Solaris and Digital Unix), e.g.
         SEND_ACCESS              *|*|*|*    $N              *|*|*|*    $N
  • [PMDF]: As well as rejecting e-mail (at the SMTP or TCP level) from rogue sites, pmdf (from Process Software, available for VMS, Digital UNIX and Solaris) can be told only to allow a certain percentage of incoming calls from specified sites, providing some protection from mail floods.
  • [MMDF]: Ed Hew's write-up on refusing email
  • [PP AKA Isode Internet/X.400 Message Switch]: Details of how to block spam and relaying can be fond in IC-1103 Administrator's Guide: Message Handling Services
  • [Macintosh]: It has been reported that CommuniGate and Stalker Internet Mail Server from Mill Valley, Calif.-based Stalker Software Inc. and the newly shipping Eudora Internet Mail Server 2.0 from San Diego-based Qualcomm Inc. can prevent spam relaying.
  • [Microsoft Exchange]: GFI MailEssentials is a server-based anti-spam & email management solution for Microsoft Exchange Server and other mail servers.
  • [Microsoft Exchange]: Open Relay Filter is a tool that prevents relaying through Microsoft Exchange servers.
  • [Microsoft Exchange]: is a site with anti-spam information for MS Exchange administrators.
  • [Microsoft Windows]: Megaphat Philter is a Windows server-based product which uses DNSBL technology to block blacklisted spam.
  • [Microsoft Windows]: Macallan Mail Solution is a Mail Server for Windows XP/2K that can determine the spam originator and send a mail to the organization that have been abused by the spammer.
  • [Any]: The Spamhaus Project runs the SBL and ROKSO, a DNS-based blocklist that can be integrated into virtually any modern mailer, and a listing of repeat/unrepentant spammers.
  • [Any]: BlackMail (old) can be used if your MTA cannot be made to filter -- it sits between your MTA and the outside world.
  • [Any]: MailShield is a commercial program which blocks spam and relaying, and works with your current mail server.
  • [Any]: Declude JunkMail offers spam control for mail servers, including heuristic spam detection, and can be configured separately for each domain or user.
  • [Any]: Postini is an Application Service Provider (ASP) with a range of high-reliability e-mail services, including spam and virus filtering.
  • [Any]: blq is a tool for querying DNS blocklists (BLs) from the UNIX command line, useful for figuring out why mail is bouncing.
  • [Any]: Meridius Mail Relay is a dedicated mail server appliance with anti-relay and spam-blocking features.
  • [Any]: SpamFilter is a proxy with simple DNS blocklist functionality that works with your existing mailserver.
  • [Any]: Extensible Messaging Platform is a commercial SPAM filtering firewall server application. Protects SMTP mail servers from Internet SPAM, e-mail-borne viruses (including dangerous auto-launch viruses) and other objectionable content. Filters mail using complex contextual signatures (not simple keyword lists).
  • [Any]: Mirapoint provides email security through intelligent anti-spam and anti-virus filtering with end user controls as to how to handle spam.
  • [Any]: Symantec Brightmail Anti-Spam blocks spam for corporate customers and service providers, using accurate, effective and patented spam fighting technology.
  • [Any]: CleanMessage can safely remove up to 98% of incoming spam so that it never reaches your inbox. Their SpamCheck Module protects against corporate productivity loss, infrastructure consumption, and liability resulting from unsolicited commercial email overload.
  • [Any]: provides a comprehensive money back guaranteed spam filtering service for domains. With no hardware, software or maintenance required, this service is for organizations that prefer to outsource spam filtering for their domains.
  • [Any]: Sender Policy Framework (SPF) is a mechanism for identifying authorized outgoing mailhosts for a domain. It doesn't really address spam directly; it is an attempt to stop domain forgery.
  • [Any]: ITA Secure Messaging Server is a multi-pronged spam detection and filtering system for enterprises and ISPs.
  • [Any]: ASSP is a mail proxy system for multiple mail servers on multiple platforms.
  • [Any]: SublimeMail is a domain level spam filter preventing spam from reaching end-users mail boxes. There is no software or hardware to install. Simply point MX records to their server and their filters will eliminate up to 97% of all inbound spam.
  • [Many]: SpamAssassin can be installed by administrators on a site wide basis; it works with SendMail, qmail, Postfix, MIMEDefang and other tools.
  • [Many]: Hexamail Guard is a server side filtering tool that works with various Windows and Linux mail server packages.
  • [Many]: CanIt is a UNIX mail server filtering tool which traps suspected spam for review.
  • [Many]: Scanmail for UNIX is a program that blocks spam by keywords, phrases, addresses, IP addresses and networks.
  • [Many]: Singlefin comprehensive message management is an external filtering solution.
  • [Many]: Project UCEPROTECT is a spamtrap-driven blacklist and commercial (UNIX) blocking software.
  • [Many]: Trimmail network appliance filters spam, dangerous content, and protects your e-mail server from being used as an open relay by junk mailers.
  • [Many]: TMDA is an open source software application designed to significantly reduce the amount of spam (Internet junk-mail) you receive. It is a UNIX-based Message Delivery Agent; it does not work with Windows.
  • [Many]: ClearMX filters, stops and eliminates 99.9% of unwanted email and viruses before before they reach your network. Free 15 Day Trial. Free Setup.
  • [Many]: VircoM's Modus3 anti-spam solution catches 98.2% of spam and delivers 99.99% protection against false positives.
  • [Many]: SpamCannibal is a perl-based tarpitting tool for Linux users.
  • [Many]: OpenRBL is site to lookup IP addresses against multiple DNSBLs at once. It is not a DNSBL itself.
  • [Many]: MailScanner is a spam and virus scanner for various UNIX mailers.

No comments:

Post a Comment