Router Configuration Tips

If you are an ISP and are worried about one of your users relay raping other mail servers (are you listening Compuserve, Netcom, UUNET?) you can easily prevent this. If you have a Cisco router (the most common router on the Internet) you can block all your users from connecting to someone else's port 25 with the following rules: 

	access-list 102 permit tcp [server range] any eq 25
	access-list 102 deny ip [rest of subnet] any eq 25
This will force your users to use your mail server and prevent all relay raping.

Another good practice is to require smtp authentication. This will prevent many worms or viruses from being able to propegate through email.

Blocking Spam

A new method has been developed which is very successful for blocking spam. The MAPS (Mail Abuse Protection System) implements a real-time blacklist. Subscription to this service is free and it has been proven to reduce the spamload. Even if you are not planning on using it, it's a good place to poke around. Also make sure you don't end up on the blacklist by having open relays. The MAPS blacklist can make your life miserable if you are unfortunate to get on it.

I have found the blacklists to be very good at blocking spam at the server and lowering the amount of spam that the content filters must process. I have found that the best RBLs are cbl.abuseat.org, sbl-xbl.spamhouse.org, bl.spamcop.net and relays.orbs.org. On my own mail server, I also block several countries, like Nigeria, Russia, and China (and a few other countries) since I do not know anyone there and likely will not have any contact with anyone from those countries. Information on RBLs for blocking various countries can be found at http://blackholes.us/.

Sendmail Recommendation

Sendmail is a very complicated beast. I suggest upgrading to a recent version. You can obtain sendmail and information on configuring it from http://www.sendmail.org.

Early versions of sendmail, especially 8.8.6 (Sun 8.6) do not provide a means of blocking relaying. In fact, I know the Sun 8.6 Sendmail will allow forging of the return path with no way to figure out the true source. If you have Sendmail 8.8.6 (Sun 8.6) or earlier, upgrade immediately.

Another excellent alternative is to use Postfix. It is typically much simpler to configure and has many powerful spam blocking features. Other good alternatives are Qmail and Exim.

All of these SMTP servers can tie into a good email backend. I have been very happy with Cyrus, which is a free highly scalable email solution that provides both POP3 and IMAP support, as well as the SSL variants of those protocols. It is very fast, even though I'm running it on a pretty low-end machine. Cyrus is also nice in that it supports the Sieve protocol, which allows for server-side email filtering, which is where filtering should occur if you're using IMAP or a web based interface.

Spam Filters

There are many good spam filters available, some free, like SpamAssassin or dspam. I have had very good luck with both of these. Spam Assassin uses a combination of techniques to detect spam but may require periodic updates as the spammers learn how to work around it. I personally run dspam, which I have found to be very effective. Unlike SpamAssassin, dspam must be trained since it is based on a bayes filter. I can attest to its accuracy in that in the last year I've run it I have only had one false positive out of many thousands of emails.

[Back]

Valid HTML 3.2!