- 论坛徽章:
- 0
|
qmail Anti-Spam
Author: clark DOT liu [AT] howau DOT org
Version: 0.40409
1. Introduction
2. Who Should Be Reading this Document
3. General Issues
Spam is defined here as unsolicited commercial e-mail, usually sent in bulk. In other words, spam is simply electronic junk mail. Dealing with spam is, at best, a very difficult task. This is mostly true because spammers have a wide array of tools and circumstances available to then that make it easy for then to send you mail but difficult for you to communicate back with then or any authority over them. Spam is also difficult to deal with because it almost always comes in under the guise of being a normal e-mail message. No amount of technology can automatically decide what content is undesirable to you, but there are many ways to use technology to reduce the amount of unwanted e-mail you or your users receive.
4. Specific Issues of Policy
Is the prevention of spam worth the time and resources required to reach a given level of spam reduction?
Is the prevention of spam the responsibility of a system administrator or the responsibility of the end user, of some combination of those?
Should email identified as potential spam be flatly rejected, or just tagged as spam and routed accordingly?
Should system administrators who have misconfigured their systems be held responsible for any problems that result?
Should you reject email messages that are legitimate in content but that do not conform to known and accepted standards?
Should you accept for delivery mail that does not have valid reply information (either in the envelope or From address)?
What criteria should be met before an individual or ISP is justifiably classified as “spam-friendly”?
5. Basic Things You Can do to Prevent/Reduce Spam
Avoid publishing your private email address
Don’t give your email address to organizations you don’t trust
Don’t respond to spam
Don’t use a dot-qmail-default file in a lazy way
Report any spam that you do get
Educate
Make sure your system is properly configured and secured
6. Commonly Held Views About Spam
Spam Can’t Be Stopped
Spam Prevention is the Responsibility of the End-User
Spam Prevention is the Responsibility of the System Administrator
Variations
Some people believe that any messages from senders who have been listed in one of the various “black hole lists” should be rejected without exception. Others sometime believe that these black hole lists are not always fair or just in their criteria for inclusion, and that depending on these lists would result in too many legitimate emails being rejected. Even others disagree with the use of the black hole lists because of grievances with the methodology the owners use to develop and maintain the lists.
Some people believe that messages not conforming to known standards for mail delivery should be rejected or identified as potential spam. The most common example of this involves “From” headers or “envelope” addresses. These addresses are necessary to handle the “bouncing” of messages and for any sort of reply. For a variety of reasons, many spam messages do not have valid From or envelope headers. So, while some believe that any such message should be rejected, others hold that there are too many exceptions where these headers might be invalid but the content or intent of the message is legitimate.
7. Options for Individual Users
Mail Client Junkmail Filtering (Bayesian filtering, etc.)
Other Basic Filtering Tools (procmail, etc.)
Realtime Third-Party Black-hole Lists (rblcheck, qqrbl, etc.)
Third-party black-hole lists are databases of computers/mail senders on the Internet that have been identified in some way as “spam-friendly”; they’re open relays, repeat offenders, innocent bystanders infected by a virus, etc. These lists are the source of much controversy because the criteria for being “listed” can vary so widely depending on the mission (and sometimes, personal preferences) of the people or organization maintaining them. Users are encouraged to find blacklists that are in line with their views about spam, and to review those choices regularly. Further, it’s often preferable just to tag and filter a message that has senders in a blacklist as potential spam, rather than discard the message unseen.
Whitelist-centric Strategy (TMDA)
An increasingly common approach to dealing with spam is to only allow messages through that are form known “good” senders. This method exploits a spammer’s assumption that they have unrestricted access to your mailbox. With a whitelist-centric strategy, an initial list of acceptable senders is established. When these senders send a message, it goes through with no problem. Unknown senders must confirm the legitimacy of their message to you before it gets through. Various aspects of this approach can be used to minimize the percentage of senders who are asked to confirm their message.
Bayesian Filtering (Bogofilter is one of these that can easily integrate with qmail via a user’s dot-qmail file, or more complex recipes)
Another increasingly popular technique is Bayesian filtering, in which you train the software to recognize undesirable content based on your personal mail reading habits. This is appealing because you’re not longer constrained in your filtering technique by what some other person thinks is or isn’t spam, and your actual filtering is based on statistical precedent, instead of abstract guessing about what might be spam.
Content and Sender-based Filter Combinations
A few options exist that try to combine and balance all of these methods, and remove the technical complexities that are often barriers for end users.
* SpamAssassin, uses a wide range of heuristic tests on mail headers and body text to identify spam. Once identified, the mail can then be optionally tagged as spam for later filtering using the user’s own mail user-agent application.
* SpamBouncer, an extensive set of recipes for procmail designed for the novice procmail user. To use SpamBouncer, just follow the instructions provided with the software. After SpamBouncer is installed, you can modify the lists of good and bad senders to meet your needs.
Author’s Testimony (TMDA)
8. Options for qmail Administrators
This section discusses options for system administrators who want to implement anti-spam mechanisms at the system-wide level. Please note that you should resolve the specific issues listed above before implementing any of these solutions, and that you should always notify your users of any changes to the system that affect the mail they do or don’t receive.
Rejecting SMTP connections at the network level from hosts with bad DNS
Using your SMTP daemon to reject “known” spammers (rblsmtpd, qqrbl, etc.)
Using qmail-smtpd to reject mail with invalid envelope or From headers
Make it hard to spam from your system to the outside world
There are a variety of ways to make it difficult for your users to create spam. This is an important effort; while most of this document focuses on avoiding incoming spam, don’t forget that a lot of incoming spam is generated because of overly lax mail sending policies (tarpit)
Variations
X-Spam-Warning header patch
qqrbl
log attempted relay attempts
spam throttle
reject relay probes
SpamAssassin
Blackhole
9. Other Resources
Real-time Third-Party Blocking Solutions
comparison page
Third Party Spam Reporting Services
SpamCop
Abuse.net
More Links from abuse.net
Appendix A: Anti-Spam Recommendations for SMTP MTAs
Appendix B: Technical and Legal Approaches to Unsolicited Electronic Mail
Appendix C: qmail Anti-Spam HOWTO
Appendix D: rblcheck
Appendix E: qqrbl
Appendix F: Tagged Message Delivery Agent
Appendix G: Bayesian
Appendix H: A Plan for Spam
Appendix I: Better Bayesian Filtering
Appendix J: Spam Filters
Appendix K: SpamAssassin
Appendix L: SpamBouncer
Appendix M: qpsmtpd |
|
免费注册
发表于 2004-04-09 14:31