Server Guide and Blog

Rock Your Linux

By

Project Honey Pot – Real Time Spam Traps

Project Honey Pot is a bridge that provides domain owners the ability to share email harvesting attempts with the community. On the website you can download a pre-made and customized script for implementation on your website. Go to:

http://www.projecthoneypot.org

Register yourself. Then click “install new honey pot”. Place it in a directory on your domain. Traverse to the directory in a browser. Select the button that completes the setup, and the continue following the instructions provided to you. When you add links to your website I recommend adding the nofollow rel tag. Albeit use of this tag is widely debated, I don’t think it can hurt. You will get statistics on your projecthoneypot.com homepage with the incident of email harvesters coming to your domain.

Set one up. Participate. If your domain receives any spam your website is most likely being visited by email harvesters.

By

Server Side Spam Filter – Sendmail – Dovecot – Procmail

I tried for a long time to get sieve to work with sendmail. I could not get it to work. I would try and create a custom .m4 mailer, as per the sieve pages on the dovecot website, but nothing would work. Ultimately I gave up and used client side mail filtering built into Thunderbird. But this has a big drawback. A desktop session has to be logged on to keep the graphical application running. Because of this large amounts of system resources are consumed and end up being swapped out. As I would sit down at night it would take a significant amount of time for the desktop session to become responsive as it is retreived from swap. I tried disabling swap, but this was a no no because of MythTV’s commercial flagging. It would cause problems and lead to random system instability. Even with 8 gigs of ram my virtual server would sometimes crash. I don’t want this. Now I keep swap enabled and figured out how to get procmail to do server side mail filtering.

It was easy. Simply go into your sendmail.mc file and change the mailer. The default mailers are likely:

MAILER(local)

or

MAILER(smtp)

Install procmail and change the mailer accordingly:

MAILER(procmail)

Now go into your users home directory and touch a new file:

touch .procmailrc

Open it:

nano .procmailrc

Add:

GNU nano 2.0.7 File: .procmailrc
:0:
* ^X-Spam-Flag: YES
$HOME/mail/Junk

With this particular rule all messages flagged as spam, as per spamassassin, will be deposited into the Junk folder in the mail directory. It works as expected. For more information about sendmail, and how to configure spamassassin and clamav, visit a previous post.

By

Spam – Filters and Eventual Prosecution

A spam kingpin was recently sentenced heavily for his actions. This is excellent. Everyone hates spam. Most people have some sort of spam filter to deal with it. I myself have dealt with is to the maximum, which I have discussed to a great extent in previous posts. Here is a good post about sendmail and how it integrates with spamassassin:

http://www.bgevolution.com/blog/ubuntu-debian-spamassassin-integrate-into-sendmail/

Ultimately you can practically eliminate spam but further introducing blackhole lists to sendmail:

http://www.bgevolution.com/blog/sendmail-blackhole-list-eliminate-most-spam/

http://www.bgevolution.com/blog/sendmail-more-domain-blacklisting-to-prevent-spam/

Some progress has been made on the other end of the spectrum.

One of the most notorious U.S.-based spammers was sentenced to more than four years in jail on Monday for a scheme that used spam to manipulate stock prices in order to make a profit.[Source]

By

Microsoft Windows – New OS Why? People Don’t Update Either Way

The problem with Internet security nowadays is largely in part because people do not know how to update their computers. I fix computers as a side job, and you’d be surprised that many people have told me they don’t click the Microsoft gold shield in their system tray because there is a virus going around. What absolute ignorance. The Gold shield will update your computer to protect you as much as possible with critical updates. I am continuously flabbergasted with genuine stupidity. The default setting in all MS Windows products should be to automatically install updates, because the general public simply does not understand the importance of keeping their software shiny new.

Every time you see the gold shield in the bottom right hand corner of your computer, it is your obligation to click it and process the updates. As a Windows user, if you have a virus, a Trojan, or anything in between you are contributing to the massive problems that plague the Internet nowadays. Spam, phishing and lots of other things are predominantly broadcast from exploited machines.

Recent exploits in old versions of Internet Explorer have resurfaced this very issue of security.

“Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7,” the company wrote on its Web site Saturday. “We expect that a fully-functional reliable exploit will be available in the near future.”[Source]

People have relatively new installations of Windows Vista and they are using Internet Explorer 6 and 7. Why? There is Internet Explorer 8? “Ohhh, I don’t like the new version”, they say. But the new version is more secure, and more up to date. Get used to change; accept change for the better. It is necessary.

There is another major problem. PC manufacturers like to sell antivirus software packages. They preinstall them on machines, and give 60 free trials, and then expect people to pay the subscription fees to keep them active. This is absurd. Who in their right mind will pay those fees? By far the vast majority of people do not pay those fees and are using high vulnerable, non up to date software. This is a shame because AVG, and other companies, offer free anti virus that is continuously updated! Yes, I said continuously updated. New updates are issued all the time for free; do you understand free does not cost money?

If you are using a Windows computer update your antivirus right now. Do the world a favor and remove that botnet from your computer. Stop sending out mass spam emails right now. Run S right now. Install it from www.spybot.com. Install the apps, update them, then reboot your computer in safe mode. Hold f8 when your booting and select safe mode! Run AVG, then Spybot, then AVG, and Spybot again. Clean your machine now!

Now this will take some time to clean your virus infested Windows machine thoroughly. Maybe a day or two. Maybe you will have to reinstall the entire OS alltogether. Either do this now, or download Ubuntu and never think about antivirus again.

By

Ubuntu – Debian Spamassassin Integrate into Sendmail

Ive had a mail server for a long time. Ive always used the built in Spamassasin that Thunderbird uses. I recently got a blackberry and was receiving the spam even though Thunderbird was successfully filtering the spam to the Junk folder. This is because the MTA, Dovecot in my instance, was transferring the mail to Thunderbird and the Blackberry at the same time leaving the mail unfiltered on the Blackberry. To resolve this I required server side spam labeling and filtering. First the mails needed to be labeled as spam. Spamassasin does this nicely. Install Spamassasin using:

sudo apt-get install spamassassin spamass-milter

Then in your sendmail.mc config file add:

 # spamassassin settings INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass/spamass.sock, F=,T=S:4m;R:4m;E:10m')dnl

Now your going to configure Spamassassin to label spam mails as such. Open the config file with:

sudo nano /etc/mail/spamassassin/local.cf

Remove the pound # sign to uncomment:

rewrite_header Subject *****SPAM***** required_score 5.0 use_bayes 1 bayes_auto_learn 1

Make sure you build the sendmail.cf file. Restart sendmail. Now you have to train Spamassassin. In Thunderbird you have to sort all known spam to a particular folder. Place 200 or so spam messages in the Junk folder completely without any good emails. Then run:

sa-learn --showdots --mbox --spam mail/Junk

 The above snipped is run from your users root directory. You can cd to the mail directory and run:

sa-learn --showdots --mbox --spam Junk

Then place known good emails in a particular directory and run:

sa-learn --showdots --mbox --ham mail/temp

Run this every once in a while to increase the accuracy of your spam filter. I have excellent spam detection after only a couple of days of training.

By

SPAM is Relentless and Practically Impossible to Get Rid of

I though by implementing some blackhole lists that spam would significantly reduce. Technically it has from several hundred to several dozen, but wow, spam is relentless. Spam still finds it way to my inbox, no matter how well trained Thunderbird is.  I currently have no 100% solution, and its driving me crazy. I usually figure things out, but to eliminate 100% of spam is proving to be an unsurmountable task. I mark new spam messages every day, but they still find there way in. Simply wow.