www.digitaldaze.com
POP-Before-SMTP Anti-spam Configuration

NOTE: New Virtual Private Servers use SMTP-Auth instead of POP-Before-SMTP to prevent unauthorized relays. Because SMTP-Auth is more reliable and has fewer maintenance requirements, you may want to look into using it. Older Virtual Private Servers configured with POP-Before-SMTP can be updated by following the instructions on the SMTP-Auth page.

The demise of big "spamhaus" operations like Cyber Promo has caused the spamming community to resort to "hit-and-run" spamming through open SMTP relays. This malicious technique is advantageous to spammers since a single spam can be sent from a throwaway dialup account and then be exploded out to 50 or more E-Mail addresses by a fast and open SMTP server. POP-Before-SMTP is a method for blocking spammers from using your Virtual Private Server as an SMTP relay.

How It Works

Every time someone successfully enters a correct username and password to your POP or IMAP server (i.e. checks an E-Mail account that is configured on your Virtual Server), the server records the IP address of the remote client. The IP address and a timestamp are stored in the ~/etc/relayers.db database file. The database serves as a list of IP addresses that are allowed to perform an SMTP relay. A simple rule set in the check_rcpt section of the ~/etc/sendmail.cf file causes sendmail to refuse to relay E-Mail from any IP address that is not listed in the ~/etc/relayers.db database file.

vsmtprelay

Eventhough the POP and IMAP authentication will automatically cause an IP address to be added to the ~/etc/relayers.db file, you may on occasion want to manually add to or clean the database yourself. To do this we have created a utility program named vsmtprelay that allows you to add, delete, expire, or list IP addresses in the ~/etc/relayers.db file.

% vsmtprelay
vsmtprelay 1.1.0 usage (optional items in []):
    % vsmtprelay command [arg] [...]
where "command [arg] [...]" can be one of the following:

    "add ip [ticks]"   insert address with current timestamp (or ticks)
    "delete ip [...]"  remove specified address(es)
    "expire [n]"       expire all old (or older than n minutes) entries
    "list [n]"         list all old (or older than n minutes) entries
    "dump"             list every entry, including the future timestamped
IP addresses are expressed as ASCII "dotted quads", e.g. "10.11.12.13". All timestamps are stored as ASCII strings representing a count of seconds elapsed since 0 hours, 0 minutes, 0 seconds, January 1, 1970, Coordinated Universal Time (the common UNIX epoch).

NOTE: If the relayers.db file is deleted it can be recreated by running the vsmptrelay command. Any IP addresses you want to relay through the server will need to be added manually. The IP address of your Virtual Private Server as well as "localhost" are needed for email to relay from the server and must also be added.

Non-expiring entires can be added to the relayers.db. To add an entry with a non-expiring timestamp run the following:

# vsmtprelay add IP.ADD.RE.SS 2147483647

The ~/etc/relayers.db database is implemented as a "Berkeley DB hash file" with IP addresses as keys and timestamps as the data (all as ASCII strings). The vsmtprelay list output is intentionally produced in a form that can be edited manually and rebuilt by makemap(8) if desired.

Although the ~/etc/relayers.db database does not use up a lot of disk space, you may wish to automatically expire entries on a periodic basis to keep the database small. This can be done using the Cron event scheduler. For example, the following crontab entry would expire all of the day-old ~/etc/relayers.db database entries every night at 3:15 AM.

15 3 * * *  /usr/local/bin/vsmtprelay expire 1440
 
[ Home | Order Processing | Competitive Comparison | Virtual Server Extensions ]
[ Technical Support | Comments | Contacting Us ]

[Legal Notice]
http://www.digitaldaze.com