public marks

PUBLIC MARKS from camel with tags qmail & server

October 2008 - Opensource/magicmail/magic-smtpd/magic-smtpd

MAGIC-SMTPD is a drop in replacement for Dan Bernsteins qmail-smtpd, and was originally designed to be part of the LinuxMagic Magic Mail Server. This OpenSource version has been released to allow others to benefit from it's anti-spam components, and valid user checking to reduce server loads and spam volumes. It is designed to support stock qmail installations, qmail/vpopmail installations, as well as having database support. Designed for ISP service, this will work for all mail servers large and small. Comments are welcome. Support for other mailers is expected in the future. Complete support packages are also available.

August 2008

smtp-delay plug-in for qmail

smtp-delay is an add-on/plug-in intended for use with qmail. It was written primarily to add banner delays and antipipelining to qmail. These two features are known to be able to block certain types of spam and virus mail sent through non-rfc-compliant SMTP engines. When I looked around for programs to add this functionality to qmail, I found only one such program, and didn't like the way it was done. BTW...I have the same objections to the way its done in sendmail 8.13.x. Since banner delays (the server pausing for some time before issuing an SMTP banner) cause every SMTP connection to take longer, I thought it would be a good idea to somehow exempt "legitimate" mail servers...or at least not subject them to long banner delays. So I decided to tune the banner delay time based on the connecting IP's reverse DNS. IPs with no rDNS get treated the worst (longest banner delay). IPs with rDNS matching a regex intended to detect dynamic/end-user IPs get a moderate delay. All other IPs get a very short banner delay...just long enough to see if they immediately pipeline (send SMTP commands before the banner's been sent). The original intent for smtp-delay was that it should be run before rblsmtpd, and simply set the RBLSMTPD environment variable if applicable, letting rblsmtpd issue the 4xx response. Pretty early on, I realized smtp-delay should be able to run standalone (without dependence on rblsmtpd to do its talking) and issue a 4xx response on its own. Lately, the spam load against our mail cluster has gotten so bad that I've started running smtp-delay after rblsmtpd, based on the idea that there's no point waiting out a long banner delay holding an open socket to an IP we have no intention of accepting mail from anyway. This reduced our concurrency by about 20%.

Throttling qmail SMTP receive bandwidth |

I wrote the program "throttle.c," which you can insert into the tcpserver chain of commands for a qmail smtpd server. It takes one argument: the number of kilobytes per second to let through on the incoming file descriptor. Throttle does not throttle the outgoing file descriptor, because that's usually just status from your mail server. Additionally, throttle will set an alarm, so that any session longer than 15 minutes will expire and disconnect. This affords some amount of protection against lingering sessions that eat up your parallelism limit; I've seen such sessions from presumably trojaned DSL machines connecting to the mail server to send spam.

July 2008

April 2008

Qmail-Scanner - A Content Scanner for Qmail

by 2 others
Qmail-Scanner is an add-on that enables a Qmail email server to scan gatewayed email for certain characteristics (i.e. a content scanner). It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments).

Qmail/Postfix/ClamAV Dual MTA HOWTO

Here is a quick guide to implementing virus protection on an existing Qmail server by adding Postfix, ClamAV and amavisd-new. Readers may ask themselves why anyone would want to do this. There is an actual reason why this particular set up came about.

February 2008

Spam Links - spam filter server addons

Filtering add-ons to specific mail server applications and instructions on how to filter spam with specific servers. Remember that spam filters are also available that work with any mail server on a particular operating system, and that some spam filters can be found that function on any operating system, with any mail server.

December 2007

spamdyke: A drop-in connection-time spam filter for qmail

spamdyke is a filter for monitoring and intercepting SMTP connections between a remote host and a qmail server. Spam is blocked while the remote server (spammer) is still connected; no additional processing or storage is needed.

December 2006