SAGE ;login: - Spam, Email, Usenet, and Spam

Spam, Email, Usenet, and Spam

by Shawn Instenes
<[email protected]>

Shawn Instenes has been doing network support for over eight years. He has exceptional "Internet presence" experience, ranging from Java/CGI/FCGI/Javascript programming to firewalls to configuring routers.

Call it "Unsolicited Commercial Email" (UCE) or "Spam" (gosh but I bet Hormel is unhappy with the new usage of its trademark). By any name, it's annoying, and it's taking up more and more of my limited time. I'm not the only one; I have clients taking steps to prevent their servers from being used as email reflectors, clients changing their firewalls to protect their internal mailing lists from it, and friends with personal email accounts who are tired of it. The people who send this stuff glean email addresses from USENET news, Web pages, and mail list servers. They buy and sell addresses among themselves. Because the odds of getting your email addresses off of their bulk lists and keeping them off are near zero (despite their claims "email here to have your name removed"), I've got some advice and URLs to help ease your UCE suffering.

First off, USENET UCE: really the only thing you can do is to add the offending news feeders to your site's aliases; this will prevent those articles from being accepted, because the software assumes that you don't want to accept articles you've already seen. With INN, this involves adding the other hosts to the ME configuration line.

For SMTP, the cream of the current freeware crop seems to be SMTPD, from Obtuse Systems Corporation (as always, see Listing 1). This is normally a part of their Juniperfirewall software, but you can download and use it standalone by the terms of the GNU public license or their own license. SMTPD supports a variety of UCE-filtering methods. It allows or blocks mail by:

domain names that have no DNS A, NS, or MX records
domain names that have DNS served from a given address or network
regular expression
IP range

If you have a Trusted Information Systems Firewall Toolkit or Gauntlet-based firewall, there are some enhancements to the smap program you can apply to help you to rid yourself of UCE. It supports much of SMTPD's functionality.

If you'd rather not have the (perhaps considerable) overhead of a sendmail front end program like SMAPD or smap, sendmail itself has some settings to help you (if you have a recent version, of course, and if you don't, GET ONE RIGHT NOW because you almost certainly have some security-related bug in your version). You'll have to get your hands dirty in the sendmail.cf file, but it's for a noble cause, right?

Lastly, if you aren't the system administrator on a machine being spammed (UCE'd? Sometimes the acronym just doesn't fit), your choices are more limited. I use procmail as a mail filter program for other reasons anyway, and it works wonders for this, too.

There doesn't seem to be much out there to help those who don't use a UNIX host at least as an email gateway, but check the Web first. I predict a round of upgrades from the commercial providers of SMTP gateways and servers real soon now. At least one NT-based filter is available as I write this.

Until this sort of online harassment is made illegal in all countries (and while I'm dreaming, I'd like world peace and Bill Gates's fortune, please), software like this will be our best defense against those bloody vikings shouting "SPAM!"