A Simple PERL Script To Help Stop SPAM
Blacklists won't stop everything, but you can limit the amount of unsolicited spam you receive by writing a small script to intercept your mail before it is written to your mailbox.
This is fairly simple to do, because sendmail always checks the .forward file in your home directory for the name of this script. The sendmail program then looks for the filename in the directory /etc/smrsh and executes it.
By default, PERL doesn't come with modules that are able to check e-mail headers and envelopes so you have to download them from CPAN (www.cpan.org). The most important modules are:
• MailTools
• IO-Stringy
• MIME-tools
• Mail-Audit
I have written a script called mail-filter.pl that effectively filters out spam e-mail for my home system. A few steps are required to make the script work:
1. Install PERL and the PERL modules you downloaded from CPAN.
2. Place an executable version of the script in your home directory and modify the script's $FILEPATH variable point to your home directory.
3. Update file mail-filter.accept, which specifies the subjects and e-mail addresses to accept, and file mail-filter.reject, which specifies those to reject.
4. Update your .forward file and place an entry in /etc/smrsh.
Mail-filter first rejects all e-mail based on the reject file and then accepts all mail found in the accept file. It then denies everything else.
For a simple script with instructions on how to install the PERL modules, see Appendix II, "Codes, Scripts, and Configurations".
Configuring Your POP Mail Server
Each user on your Linux box will get mail sent to their account's mail folder, but sendmail just handles mail sent to your my-site.com domain. If you want to retrieve the mail from your Linux box's user account using a mail client such as Evolution, Microsoft Outlook or Outlook Express, then you have a few more steps. You'll also have to make your Linux box a POP mail server.
Fedora Linux comes with the easy to use dovecot IMAP/POP server RPM package which requires very little configuration after installation.
Installing Your POP Mail Server
Most RedHat and Fedora Linux software products are available in the RPM format. You will need to make sure that the dovecot software RPM is installed. (Chapter 6, "Installing RPM Software", will tell you how.) When searching for the RPMs, remember that the filename usually starts with the software package name by a version number, as in dovecot-0.99.11-1.FC3.4.i386.rpm.
Starting Your POP Mail Server
You can use the chkconfig command to get dovecot configured to start at boot:
[root@bigboy tmp]# chkconfig dovecot on
To start, stop, and restart dovecot after booting, use
[root@bigboy tmp]# service dovecot start
[root@bigboy tmp]# service dovecot stop
[root@bigboy tmp]# service dovecot restart
Remember to restart the dovecot process every time you make a change to the configuration files for the changes to take effect on the running process. You can also test whether the dovecot process is running with the pgrep command:
[root@bigboy tmp]# pgrep dovecot
You should get a response of plain old process ID numbers:
The /etc/dovecot.conf File
You can define most of dovecot's configuration parameters in the /etc/dovecot.conf file. By default dovecot will act as a server for IMAP, secure IMAP (IMAPS), POP and secure POP (POPS). You can limit this list by editing the protocols line in the /etc/dovecot.conf file and then restarting dovecot for the change to take effect. In the example below dovecot is configured to serve only POP3.
#
# File /etc/dovecot.conf sample
#
# Protocols we want to be serving imap imaps pop3 pop3s
#protocols = imap imaps pop3 pop3s
protocols = pop3
You can then use the netstat command to do a simple preliminary test to make sure dovecot is serving POP3 only.
[root@bigboy tmp]# netstat -a
egrep -i 'pop
imap'
tcp 0 0 *:pop3 *:* LISTEN
[root@bigboy tmp]#
How To Configure Your Windows Mail Programs
All your POP e-mail accounts are really only regular Linux user accounts in which sendmail has deposited mail. You can now configure your e-mail client such as Outlook Express to use your use your new POP/SMTP mail server quite easily. To configure POP Mail, set your POP mail server to be the IP address of your Linux mail server. Use your Linux user username and password when prompted.
Next, set your SMTP mail server to be the IP address/domain name of your Linux mail server.
Configuring Secure POP Mail
If you need to access your e-mail from the mail server via the Internet or some other insecure location, you may want to configure POP to work over an encrypted data channel. For this, modify the protocols section of the /etc/dovecot.conf file to include pop3s and then restart dovecot. Encrypted POP runs on TCP port 995, so firewall rules may need to be altered as well.
Most POP clients support secure POP. For example, Windows configures it in the Advanced menu of the Outlook Express Account Configuration window.
How to handle overlapping email addresses.
If you have user overlap, such as John Smith (john@my-site.com) and John Brown (john@another-site.com), both users will get sent to the Linux user account john by default. You have two options for a solution:
• Make the user part of the email address different, john1@my-site.com and
john2@another-site.com for example, and create Linux accounts john1 and john2. If the users insist on overlapping names, then you may need to modify your virtusertable file.
• Create the user accounts john1 and john2 and point virtusertable entries for john@my-site.com to account john1 and point john@another-site.com entries to account john2. The POP configuration in Outlook Express for each user should retrieve their mail via POP using john1 and john2, respectively.
With this trick you'll be able to handle many users belonging to multiple domains without many address overlap problems.
Troubleshooting POP Mail
The very first troubleshooting step is to determine whether your POP server is accessible on the POP TCP port 110 or the secure POP port of 995. Lack of connectivity could be caused by a firewall with incorrect permit, NAT, or port forwarding rules to your server. Failure could also be caused by the xinetd process being stopped or the configuration files being disabled. Test this from both inside your network and from the Internet. (Troubleshooting TCP with TELNET is covered in Chapter 4, "Simple Network Troubleshooting")
Linux status messages are logged to the file /var/log/messages. Use it to make sure all your files are loaded when you start xinetd. Check your configuration files if it fails to do so. This example starts xinetd and makes a successful secure POP query from a remote POP client: (Linux logging is covered in Chapter 5, "Troubleshooting Linux with syslog").
Aug 11 23:20:33 bigboy xinetd[18690]: START: pop3s pid=18693 from=172.16.1.103
Aug 11 23:20:33 bigboy ipop3d[18693]: pop3s SSL service init from 172.16.1.103
Aug 11 23:20:40 bigboy ipop3d[18693]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0
Aug 11 23:20:40 bigboy ipop3d[18693]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0
Aug 11 23:20:40 bigboy xinetd[18690]: EXIT: pop3s pid=18693 duration=7(sec)
Aug 11 23:20:52 bigboy xinetd[18690]: START: pop3s pid=18694 from=172.16.1.103
Aug 11 23:20:52 bigboy ipop3d[18694]: pop3s SSL service init from 172.16.1.103
Aug 11 23:20:52 bigboy ipop3d[18694]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0
Aug 11 23:20:52 bigboy ipop3d[18694]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0
Aug 11 23:20:52 bigboy xinetd[18690]: EXIT: pop3s pid=18694 duration=0(sec)
Reference
"http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linux_Mail_Servers"
Blacklists won't stop everything, but you can limit the amount of unsolicited spam you receive by writing a small script to intercept your mail before it is written to your mailbox.
This is fairly simple to do, because sendmail always checks the .forward file in your home directory for the name of this script. The sendmail program then looks for the filename in the directory /etc/smrsh and executes it.
By default, PERL doesn't come with modules that are able to check e-mail headers and envelopes so you have to download them from CPAN (www.cpan.org). The most important modules are:
• MailTools
• IO-Stringy
• MIME-tools
• Mail-Audit
I have written a script called mail-filter.pl that effectively filters out spam e-mail for my home system. A few steps are required to make the script work:
1. Install PERL and the PERL modules you downloaded from CPAN.
2. Place an executable version of the script in your home directory and modify the script's $FILEPATH variable point to your home directory.
3. Update file mail-filter.accept, which specifies the subjects and e-mail addresses to accept, and file mail-filter.reject, which specifies those to reject.
4. Update your .forward file and place an entry in /etc/smrsh.
Mail-filter first rejects all e-mail based on the reject file and then accepts all mail found in the accept file. It then denies everything else.
For a simple script with instructions on how to install the PERL modules, see Appendix II, "Codes, Scripts, and Configurations".
Configuring Your POP Mail Server
Each user on your Linux box will get mail sent to their account's mail folder, but sendmail just handles mail sent to your my-site.com domain. If you want to retrieve the mail from your Linux box's user account using a mail client such as Evolution, Microsoft Outlook or Outlook Express, then you have a few more steps. You'll also have to make your Linux box a POP mail server.
Fedora Linux comes with the easy to use dovecot IMAP/POP server RPM package which requires very little configuration after installation.
Installing Your POP Mail Server
Most RedHat and Fedora Linux software products are available in the RPM format. You will need to make sure that the dovecot software RPM is installed. (Chapter 6, "Installing RPM Software", will tell you how.) When searching for the RPMs, remember that the filename usually starts with the software package name by a version number, as in dovecot-0.99.11-1.FC3.4.i386.rpm.
Starting Your POP Mail Server
You can use the chkconfig command to get dovecot configured to start at boot:
[root@bigboy tmp]# chkconfig dovecot on
To start, stop, and restart dovecot after booting, use
[root@bigboy tmp]# service dovecot start
[root@bigboy tmp]# service dovecot stop
[root@bigboy tmp]# service dovecot restart
Remember to restart the dovecot process every time you make a change to the configuration files for the changes to take effect on the running process. You can also test whether the dovecot process is running with the pgrep command:
[root@bigboy tmp]# pgrep dovecot
You should get a response of plain old process ID numbers:
The /etc/dovecot.conf File
You can define most of dovecot's configuration parameters in the /etc/dovecot.conf file. By default dovecot will act as a server for IMAP, secure IMAP (IMAPS), POP and secure POP (POPS). You can limit this list by editing the protocols line in the /etc/dovecot.conf file and then restarting dovecot for the change to take effect. In the example below dovecot is configured to serve only POP3.
#
# File /etc/dovecot.conf sample
#
# Protocols we want to be serving imap imaps pop3 pop3s
#protocols = imap imaps pop3 pop3s
protocols = pop3
You can then use the netstat command to do a simple preliminary test to make sure dovecot is serving POP3 only.
[root@bigboy tmp]# netstat -a
egrep -i 'pop
imap'
tcp 0 0 *:pop3 *:* LISTEN
[root@bigboy tmp]#
How To Configure Your Windows Mail Programs
All your POP e-mail accounts are really only regular Linux user accounts in which sendmail has deposited mail. You can now configure your e-mail client such as Outlook Express to use your use your new POP/SMTP mail server quite easily. To configure POP Mail, set your POP mail server to be the IP address of your Linux mail server. Use your Linux user username and password when prompted.
Next, set your SMTP mail server to be the IP address/domain name of your Linux mail server.
Configuring Secure POP Mail
If you need to access your e-mail from the mail server via the Internet or some other insecure location, you may want to configure POP to work over an encrypted data channel. For this, modify the protocols section of the /etc/dovecot.conf file to include pop3s and then restart dovecot. Encrypted POP runs on TCP port 995, so firewall rules may need to be altered as well.
Most POP clients support secure POP. For example, Windows configures it in the Advanced menu of the Outlook Express Account Configuration window.
How to handle overlapping email addresses.
If you have user overlap, such as John Smith (john@my-site.com) and John Brown (john@another-site.com), both users will get sent to the Linux user account john by default. You have two options for a solution:
• Make the user part of the email address different, john1@my-site.com and
john2@another-site.com for example, and create Linux accounts john1 and john2. If the users insist on overlapping names, then you may need to modify your virtusertable file.
• Create the user accounts john1 and john2 and point virtusertable entries for john@my-site.com to account john1 and point john@another-site.com entries to account john2. The POP configuration in Outlook Express for each user should retrieve their mail via POP using john1 and john2, respectively.
With this trick you'll be able to handle many users belonging to multiple domains without many address overlap problems.
Troubleshooting POP Mail
The very first troubleshooting step is to determine whether your POP server is accessible on the POP TCP port 110 or the secure POP port of 995. Lack of connectivity could be caused by a firewall with incorrect permit, NAT, or port forwarding rules to your server. Failure could also be caused by the xinetd process being stopped or the configuration files being disabled. Test this from both inside your network and from the Internet. (Troubleshooting TCP with TELNET is covered in Chapter 4, "Simple Network Troubleshooting")
Linux status messages are logged to the file /var/log/messages. Use it to make sure all your files are loaded when you start xinetd. Check your configuration files if it fails to do so. This example starts xinetd and makes a successful secure POP query from a remote POP client: (Linux logging is covered in Chapter 5, "Troubleshooting Linux with syslog").
Aug 11 23:20:33 bigboy xinetd[18690]: START: pop3s pid=18693 from=172.16.1.103
Aug 11 23:20:33 bigboy ipop3d[18693]: pop3s SSL service init from 172.16.1.103
Aug 11 23:20:40 bigboy ipop3d[18693]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0
Aug 11 23:20:40 bigboy ipop3d[18693]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0
Aug 11 23:20:40 bigboy xinetd[18690]: EXIT: pop3s pid=18693 duration=7(sec)
Aug 11 23:20:52 bigboy xinetd[18690]: START: pop3s pid=18694 from=172.16.1.103
Aug 11 23:20:52 bigboy ipop3d[18694]: pop3s SSL service init from 172.16.1.103
Aug 11 23:20:52 bigboy ipop3d[18694]: Login user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0/0
Aug 11 23:20:52 bigboy ipop3d[18694]: Logout user=labmanager host=172-16-1-103.my-site.com [172.16.1.103] nmsgs=0 ndele=0
Aug 11 23:20:52 bigboy xinetd[18690]: EXIT: pop3s pid=18694 duration=0(sec)
Reference
"http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linux_Mail_Servers"
No comments:
Post a Comment