Tarkblog

Our work website receives its fair share of SPAM. However, bulk spamming is more of a problem than direct user SPAM. And today, I did something about it.

I get my fair share of all of the junk, just like the next person. But what becomes more incredibly difficult to get around is when a spammer begins sending mails to random @aei-tech.com addresses, like “aap3mf@aei-tech.com”. What is problematic about this, beyond the fact that it wastes CPU time, is that these emails would go into the system as “unknown addresses” primed to be sent back to the sender. However, since the sender was usually a faked address, there was no place for it to realistically go, and these double-bounces ended up getting forwarded on to the system administrator: me.

I could tell when the spammers started an attack - I start seeing a large number of these “cannot do anything with these emails” emails. They usually roll into my Inbox around 10 a minute and last for 24 hours or more.

We use a email server called qmail, which is a wonderful free email handling program. qmail comes with a large number of configuration items, and today I finally sat down and configured it to do the “right thing”.

The first thing it does is maintain blacklist of bad addresses, so that it knows what to reject. It creates this list by appending every “bad address” that gets sent to it - a bad address being one that isn’t already in use on the system. The neat thing about this is that the rejection is done at before the email is accepted. Typically, we would accept the whole email, then perform checks on it (is the file size too big? does it contain a virus?) using scripts to determine whether to reject it or continue passing it along. This new setup checks the blacklist just as soon as the message is read, and will deny the connecting mailserver to even start passing anything on to our system.

So, before if you sent an email to a non-account on our system you would see:

Hi. This is the qmail-send program at aei-tech.com.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.

<carl@aei-tech.com>:
No such user here.

Now, it doesn’t even get that far:

Hi. This is the qmail-send program at yahoo.com.
I’m afraid I wasn’t able to deliver your message to the following
addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.

<carl @aei-tech.com>:
216.153.235.25 failed on DATA command.
Remote host said: 550 sorry, this message is not deliverable (#5.7.1)

Note that the first email was processed and rejected by our server. The second email never even made it to our server, we rejected it before the data was even set, putting the burden on the server who was sending the email in the first place.

Sscore one for me today in an effort to keep our system just a little cleaner.

This entry was posted on Tuesday, November 16th, 2004 at 2:30 pm and is filed under Random Thoughts. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.