POP-Before-SMTP Anti-Spam Configuration
The demise of
big "spamhaus" operations like Cyber Promo has caused the spamming community to
resort to "hit-and-run" spamming through open SMTP relays. This malicious technique is advantageous
to spammers since a single spam can be sent from a
throwaway dialup account and then be exploded out to 50 or more e-mail addresses
by a fast and open SMTP server.
By default all Virtual Servers are closed to SMTP relaying. This
Solution to the Internet Spam Problem is implemented
by the "POP-before-SMTP" anti-spam configuration, which is specifically
designed to prevent SMTP relaying by spammers.
All Virtual Servers created since March 1, 1998 include this configuration.
Some of our Virtual Server customers have been contacted by
ORBS (Open Relay Behaviour-modification System)
advising them that their Virtual Server is an open SMTP relay.
Usually, the customer has disabled the POP-before-SMTP anti-spam configuration
on their Virtual Server.
If you have been contacted by ORBS
and wish to be removed from the ORBS database you must
re-enable the POP-before-SMTP anti-spam configuration and then submit your Virtual Server IP address
to ORBS for testing and approval.
Of course, it is
not mandatory to do this, but doing so will get ORBS off of your back.
How It Works
Every time someone successfully enters a correct
username and password to your Virtual Server POP or IMAP server
(i.e. checks an e-mail account that is configured on your Virtual Server), the server records
the IP address of the remote client. The IP
address and a timestamp are stored in the ~/etc/relayers.db database file.
The database serves as a list of IP addresses that are
allowed to perform an SMTP relay.
A simple rule set in the "check_rcpt" section of
the ~/etc/sendmail.cf file causes sendmail to refuse to relay e-mail
from any IP address that is not listed in the ~/etc/relayers.db database file.
You will need to add this Rule Set if it is missing from your ~/etc/sendmail.cf file.
Even though the POP and IMAP authentication will automatically cause an IP address to be added
to the ~/etc/relayers.db file, you may on occasion want
to manually add or clean the database yourself. To do this we have created a utility program named
vsmtprelay that allows you to add, delete, expire, or list IP addresses in the ~/etc/relayers.db file.
vsmtprelay 1.1.0 usage (optional items in ):
% vsmtprelay command [arg] [...]
where "command [arg] [...]" can be one of the following:
"add ip [ticks]" insert address with current timestamp (or ticks)
"delete ip [...]" remove specified address(es)
"expire [n]" expire all old (or older than n minutes) entries
"list [n]" list all old (or older than n minutes) entries
"dump" list every entry, including the future timestamped
IP addresses are expressed as ASCII "dotted quads", e.g. "10.11.12.13".
All timestamps are stored as ASCII strings representing a count of seconds
elapsed since 0 hours, 0 minutes, 0 seconds, January 1, 1970, Coordinated
Universal Time (the common UNIX epoch).
The ~/etc/relayers.db database is implemented as a "Berkeley DB hash file" with IP addresses as keys and
timestamps as the data (all as ASCII strings).
The vsmtprelay list output is intentionally produced in a form that can be edited manually and rebuilt by makemap(8) if
Although the ~/etc/relayers.db database does not use up a lot of
disk space on a Virtual Server, you may wish to automatically expire
entries on a periodic basis to keep the database small. This can be done
using the Cron
program scheduler. For example, the following crontab entry would expire
all of the day-old ~/etc/relayers.db database entries every
night at 3:15 AM.
15 3 * * * /usr/local/bin/vsmtprelay expire 1440
Site Map | Contact Us!
Copyright © 1998-2001 Bright Builders, Inc. All rights reserved.
Last Modified: Wed Mar 21 16:33:03 2001 GMT
Page Built: Mon Jul 2 19:57:21 2001 GMT