Anti-spam technology widely used in Linux

Spam email has become one of the biggest headaches for people. In the Windows operating system, perhaps you have already tasted the pain of spam. Don't think that in the Linux operating system platform, you can avoid the harassment caused by spam emails. Countering and filtering spam emails is a Very important work. Here are some anti-spam technologies that are widely used in Linux.

(1) SMTP User Authentication

The current common and very effective method is to send a message to the Internet from a mail transport agent (MTA) from outside the local network. Perform SMTP authentication and allow only remote authentication by authenticated users. This can effectively prevent the mail delivery proxy server from being used by spammers, and it is convenient for employees who are traveling or working at home. If SMTP authentication is not adopted, it is feasible to set up an Internet-facing Web mail gateway without sacrificing security. In addition, if the SMTP service and the POP3 service are integrated on the same server, it is a safer method to perform POP before SMTP before the user tries to send a message, but in the application, it is necessary to consider the current support. There are not many mail client programs for authentication methods.

(2) Reverse name resolution

Regardless of which type of authentication, the purpose is to prevent the mail delivery proxy server from being used by spammers, but still for spam sent to the local Nothing to do. The easiest and most effective way to solve this problem is to perform reverse name resolution on the sender's IP address. The DNS query is used to determine whether the sender's IP is consistent with its claimed name. For example, if the claimed name is mx.hotmail.com and its connection address is 20.200.200.200, it will be rejected if it does not match its DNS record. This method can effectively filter out spam from dynamic IP. For some senders who use dynamic domain names, they can also be shielded according to the actual situation. But the above method is still ineffective for spam with Open Relay. In this regard, a further technique assumes that legitimate users only use the mail transfer proxy server whose domain has a legitimate Internet name to send e-mail. For example, if the sender's email address is [email protected], the Internet address of the mail transfer proxy server it uses should have the suffix of yahoo.com. This restriction does not comply with the SMTP protocol, but it is effective in most cases. It should be noted that reverse name resolution requires a large number of DNS queries.

(3) Real-time blacklist filtering

The precautions described above are still invalid for spam using its legal domain name. A more effective way to do this is to use a blacklist service. The blacklist service is a database consisting of domain names or IPs based on user complaints and sampling accumulation. The most famous ones are RBL, DCC, and Razor. These databases store the host name or IP address of the spam that is frequently sent to the MTA. Perform a real-time query to decide whether to reject the corresponding message. However, it is difficult to ensure the correctness and timeliness of various blacklist databases. For example, RBL and DCC in North America contain a large number of host names and IP addresses in China, some of which were caused by early Open Relay and some due to false positives. However, these delays have not been corrected, which has hindered the mail connection between China and North America to a certain extent, and has also hindered the use of these blacklist services by users in China.

(4) Content Filtering

Even with the technology in the previous links, there will still be a large part of spam leaking. In this case, the most effective method at present is to filter based on the content of the message header or body. A relatively simple method is to combine the content scanning engine to filter according to the common headline of spam, the name of the spam beneficiary, the phone number, and the web address. A more complex but at the same time more intelligent approach is content filtering based on Bayesian probability theory, which was first proposed by Paul Graham (http://www.paulgraham.com/spam.html). And use his own design of the Arc language. The theoretical basis of this method is to obtain a statistical model of the distribution of common keywords in a large number of spam, and to estimate the possibility that the target mail is spam. This method has certain adaptive and self-learning capabilities and has been widely used. The most famous spam content filtering is Spamassassin, which is implemented in Perl language and integrates the above two filtering methods, which can be integrated with current mainstream MTAs. Content filtering is the most expensive of all the above methods. In the case of large mail traffic, it needs to be used with high-performance servers.

Sendmail is the mail transfer agent for Redhat Linux and most Unix-like operating systems, so it is the most widely configured mail server. Let's take Sendmail, which is used by Redhat Linux 9.0, as an example to introduce several specific methods for dealing with spam.

_art_center>

(1) Turn off the Relay function of Sendmail

The so-called Relay means that someone else can use this SMTP mail server to send a message to anyone, so that you have ulterior motives. The sender can use this mail server to send spam in bulk, and finally the other person complains about not the spammer, but the server, so the relay must be closed. The method is to edit the access file in the /etc/mail directory of the Linux server, and remove the settings such as "*relay", leaving only "localhost relay" and "127.0.0.1 relay". Note that after modifying the access file, you must use the command to make the changes take effect: makemap hash access.db < access.

(2) Add RBL function in Sendmail

RBL (Realtime Blackhole List) is a real-time blacklist. Some foreign institutions provide RBL services. The commonly used RBL server addresses are relays.ordb.org, dnsbl.njabl.org, bl.spamcop.net, sbl.spamhaus.org, dun.dnsrbl.net and dnsbl.sorbs.net. Querying and deleting IP addresses in the RBL can be found at http://openrbl.org/and http://ordb.org. RBL adds the IP address of the collected spam to their blacklist. As long as the RBL authentication function is added to Sendmail, the mail server will automatically check the RBL server every time it receives the message, if the letter comes from In the blacklist, Sendmail will reject the email, which will make the users of the organization less vulnerable to spam. To add RBL authentication to Sendmail, you need to add the following to sendmail.mc:

FEATURE(`dnsbl',`relays.ordb.org',`"Email blocked using ORDB.org - see _addr}" >"')

Finally, execute the "m4 sendmail.mc>sendmail.cf" and "service sendmail restart" commands to make the changes to Sendmail take effect.