OpenBSD Journal

Killing Spam with OpenBSD

Contributed by jose on from the spiced-ham dept.

A couple of interesting notes on using OpenBSD mail servers to help filter spam. This would be the kind of thing you could do for yourself or apply to a mail server for a group. Joshua Stein has an interesting piece on Fighting Spam with Procmail and Postfix with pretty good results. He mixes a few approaches for higher effectiveness than with any single approach. Daniel Hartmeier has an interesting article on Annoying spammers with pf and spamd , using the new tarpit that Theo wrote.

(Comments are closed)


Comments
  1. By Shane () on

    Daniel Hartmeier is the man. All of his stuff that I've read is always well done, and this article is no exception. I also think it's pretty cool that he responds to pf questions on comp.unix.bsd.openbsd.misc (and I'm sure in other places too). He's a valueable asset to the OpenBSD team both in terms of code and public relations. Thanks, Daniel.

  2. By thugwar () on

    have anyone done this kind of thing for sendmail?

    Comments
    1. By Anonymous Coward () on

      MailScanner (http://www.sng.ecs.soton.ac.uk/mailscanner/) combined with Spam Assassin is something that you can use with sendmail in order to filter spam. It's highly configurable, works really well, and the developer is very responsive to requests/bug reports (I found a bug and he fixed it and sent me a patch within hours). Highly recommended.

    2. By mirabile () mirabile@bsdcow.net on mailto:mirabile@bsdcow.net

      I've done bmf with sendmail and sudo, but without
      procmail - the OpenBSD-bmf-howto packaged with bmf
      depends on using procmail.

      Expect me to write a howto-alike tutorial within the
      next few days, but I may not be able to release it to
      the public before February - you may get it by emailing
      me, tho.

      Comments
  3. By Anonymous Coward () on

    I installed bmf 0.9.4 from source, but it doesn't seem to be working. All I'm trying to do is "bmf -n mbox" but the thing just hangs forever (even -v doesn't tell me anything useful). I'm running 3.2, and there isn't a package or port of bmf. I tried the package from the snapshots, but it understandably fails with:

    /usr/libexec/ld.so: bmf: libc.so.29.0: No such file or directory

    So, any ideas how I can run bmf on 3.2?

    Comments
    1. By Anonymous Coward () on

      It's not hanging, it's waiting for the mail on stdin :)

      Try bmf -n

      Comments
      1. By Anonymous Coward () on

        Retry with ext. transl. <br> <br> bmf -n <mbox, or better <br> formail -s bmf -n <mbox <br> (formail comes with procmail) <br>

        Comments
        1. By Anonymous Coward () on

          Aha! I thought it took a file as an argument. Thanks for pointing out that it expects stdin. I thought I was going crazy!

  4. By Inocid () inocid@tiscali.ch on http://home.tiscalinet.ch/inocid/

    is there a good anti-spam solution on openbsd that works well with manually compiled qmail?

    Comments
    1. By schubert () on

      well qmail-scanner+spamassassin+clamav works if you don't mind the overhead.

    2. By Leif () remove_leif@l3system.se on mailto:remove_leif@l3system.se

      You can filter out very much using rblsmtpd. This is a part of D.J.Bernsteins ucspi-tcp program. It makes lookups in databases.
      Check out:
      http://cr.yp.to/ucspi-tcp/rblsmtpd.html

  5. By tony () on

    i just use procmail with spamassassin. works great. im on a cable modem, so i dont care much about bandwidth, i just dont want to have to deal with it.

    here is the snippit from my .procmailrc file:
    :0 Wf
    | /usr/bin/spamassassin -a

    :0
    * ^X-Spam-Status: Yes
    spam

    if you want the full thing, head over to http://dark-intentions.net

  6. By trygve () on

    It sounds like Hartmeier's idea would work great on a personal mail server, where you can pick out any false-positives and account for their mis-categorizatoin. But what about multi-user systems? Only the intended recipient of a message can say if a message is indeed spam. And while 99.95% accuracy sounds great (I'm skeptical of that number he quoted, but I'll go with it), any legit email that's dropped will not go over well with your users, even if it's only a rare occurance.

    Comments
    1. By RC () on

      Give me a break.

      Sure, the system HE uses to decide what is spam, and what is not, might not work for you, but that's nothing new... What's new is ``spamd" that wastes spammers' (or their relays') resources and time, which is better for everyone. Use whatever method you want to use to DETERMINE the blacklist, then use spamd, instead of plainly rejecting the email requests.

  7. By Anonymous Coward () on

    I know from a bad personal experience that spammers rely on open relays. Why not make the spammer think that they are using an open relay?
    What about something that detects, using a black list server, a spammer and then reports to be an open relay? Then instead of relaying the spam, it sends it to the bit bucket. Has this been done? That might save a lot of people a lot of spam...

    Comments
    1. By Anonymous Coward () on

      spamd already does that. If a spammer connects to you, and you redirect him to spamd, he'll see an MTA willing to relay openly. It's just very slow, and doesn't actually deliver. :)

  8. By Anonymous Coward () on

    Is it just me or is the documentation on using postfix with procmail very sketchy and assuming a high level of previous knowledge/fill-in-the-blanks for the person reading it?

    I tried to follow those directions long ago to get postfix working with procmail and I couldn't do it then. I've tried again now several months later after gaining much more experience with the OS but I still can't piece things together properly. There's just so much missing from the documentation.

    There are so many things in the documentation that are missing I don't even know where to begin. Just a few things I can remember off the top of my head:
    1. Where does the spamwall user come from? How is it created (with what settings)?

    2. When did we make that procmail_log file mentioned in the example procmailrc? How was it made?

    3. When did we do anything to create a /var/spam/current symlink that's rotated monthly and how was it made?

    Also, it seems likely there would be a population out there that wouldn't want to set up postfix/procmail on a seperate mailserver that acts as a dedicated spamfilter for a huge company with several other mail servers. For those of us that would want to run the mail server and this spamwall on the same server what would we have to do differently?

    Despite all this lacking explaination I've tried to perform the installation anyway and found it not to work... but when it fails I have no idea where to begin troubleshooting because there are so many open-ended problems to begin with.

    --A frustrated deadly.org fan

    Comments
    1. By jcs () on

      but in general, yes, the article does assume the reader has some experience with postfix and procmail.

      (on a side note, i didn't submit this article to deadly.org. the page was more or less to document how it works rather than provide a step-by-step guide on how to recreate it.)

      1. just 'adduser' it like any other user. make its home directory /home/spamwall or similar, put the procmail ruleset in this directory.

      2. procmail_log is what procmail writes to (as the user 'spamwall') when it encounters errors. you don't need to make the file, procmail will make it when it needs to. keep an eye on this file; if it ever grows, something's broken.

      3. it's just a simple shell script. it's not vital to the operation of the spamwall; you could just as easily make /var/spam/current a regular file and never rotate it.

      if you don't want to setup a dedicated server for this, it could just as easily send mail locally instead of back out again to another mail server. just configure the domain as a local domain (add to 'mydestination') and postfix will deliver it locally for the last step instead of sending it through smtp.

      if the setup doesn't work for you, check the postfix logs. they will probably detail what is happening when a piece of mail comes in. if you're still having problems, send me an email (listed on the document) and i'll try to help you out.

      Comments
      1. By Anonymous Coward () on

        Ahh thank you very much.
        I tried going back and setting it up once again and got it working. Just as an FYI the place where I was slipping up was in the creation of the spamwall user. When I created to user I set it so the user had no shell and couldn't log in as I figured it could perform it's duty like that. Re-created the user with a shell/password and it's working. I guess it was that easy, thanks!

      2. By arko sasongko () arkosaso@kawanlama.com on mailto:arkosaso@kawanlama.com

        i was wondering whether the site is dead?
        i clicked the link but i got a 404 not found error.
        if the site is dead could u please tell me where i can find your information about postfix+procmail+spamwall ?
        TIA

        regards,

        arko sasongko

  9. By arko sasongko () arkosaso@kawanlama.com on mailto:arkosaso@kawanlama.com

    hai
    i was wondering whether does the website about spamwall+procmail+postfix still exist?
    cause when i clicked the link what it came out was a 404 error with the message the "Not Found
    The requested URL /spamwall.phtml was not found on this server."
    if the website is down, where can i find a related site with the info about setting procmail+postfix+spamwall?
    thank you in advance

    regards,
    arko sasongko

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]