sendmail Milters: A Guide for Fighting Spam

Description:

"Bryan and Marcia have not only provided tips and tricks for detecting and blocking spam and email fraud but have also written the first of its kind Milter reference guide. This book will help you start writing your own special-purpose mail filters quickly and easily."

--Gregory Neil Shapiro, coauthor of the Milter interface

As a Mail Administrator You Need to Understand How to Successfully Monitor and Fight Spam.

Milters are among the most powerful antispamming tools available. Until now, there has been no clear and helpful resource for you to learn how to set up and use Milters. sendmail Milters: A Guide for Fighting Spam is the first in-depth guide to writing powerful Milters to block even the most clever spammers.

Inside this definitive new reference, you will find

• An exhaustive description of the Milter interface

• Insightful details on what spam is, its harmful effects, and the diverse techniques used by spammers

• A step-by-step guide to luring spammers using a honeypot network

• Ways to decode the common encoding methods used in spam email

• A reference on the Milter library and its use

• Techniques for expanding software to deal with future spamming methods

This book is an indispensable aid to combating spam, now and in the future. If you administer a sendmail server, you need to own a copy.

All of the program code described in the book is available for download at http://spambook.bcx.org.

Table of Contents:

Preface xiii

Part I The Nefarious Spam Problem 1

Chapter 1 Gorilla Versus Guerrilla 3

1.1 When a Gorilla Sneezes 4

1.2 When a Guerrilla Masquerades as You 5

1.3 The Major Proposals for Standards 6

1.4 Email Fraud 7

1.5 The Cost of Spam Suppression 9

1.6 Vikings 10

Chapter 2 The Characteristics of Spam Email 11

2.1 Connection Behavior 12

2.2 Relaying through MX Servers 13

2.3 Falsifying the Envelope Sender Address 15

2.4 Disguising the Subject: Header 16

2.5 Camouflaging the HTML Body 18

2.6 Attempting to Fool Signature Detectors 23

2.7 Unnecessary Encoding 24

2.8 Grokking the Site 26

2.9 Loose Ends 38

2.10 Think Like a Spammer 38

Part II Creating a Test Environment 41

Chapter 3 Setting Up a Bait Machine 43

3.1 Choose Your Platform 44

3.2 Set Up DNS Records 47

3.3 Configure sendmail 50

3.4 Set Up Logging 54

3.5 Excluding Non-email Ports 56

3.6 Make Sure the Machine Reboots 58

Chapter 4 Baiting the Hook 61

4.1 Create Fake Recipients 61

4.2 Protect Good Email 64

4.3 Run a Web Server 65

4.4 Post to a Usenet Group 67

Chapter 5 Preventive Measures 75

5.1 Tell Users about Plus Addressing 75

5.2 Turn Off EXPN and VRFY 77

5.3 Mask Web Addresses 78

5.4 Watch Out for finger 81

Part III The Parts of a sendmail Milter 83

Chapter 6 The Roles and Flow of a Milter 85

6.1 A Milter's Role in the Middle 85

6.2 A Milter from the Point of View of sendmail 86

6.3 The Milter Flow 87

Chapter 7 The Milter-Library 97

7.1 Overview 97

7.2 main() 99

7.3 The smfi Data Access Routines 113

7.4 The smfi Modifier Routines 127

Chapter 8 The xxfi Handler Milter Functions 151

8.1 Overview 153

8.2 The xxfi Orientations 154

8.3 Abort Logic 155

8.4 xxfi_connect() Reviews the Connection 156

8.5 xxfi_helo() Reviews SMTP HELO/EHLO 161

8.6 xxfi_envfrom() Reviews SMTP MAIL FROM 165

8.7 xxfi_envrcpt() Reviews SMTP RCPT TO 171

8.8 xxfi_header() Reviews Headers 176

8.9 xxfi_eoh Reviews at End of Headers 182

8.10 xxfi_body Reviews Each Body Chunk 186

8.11 xxfi_eom Reviews at End of Envelope 190

8.12 xxfi_abort Handles Envelope Abort 197

8.13 xxfi_close Handles Connection Cleanup 200

Part IV Nuts and Bolts 205

Chapter 9 Milters and the Environment 207

9.1 Where to Run Your Milter 208

9.2 Your Milter's User ID 210

9.3 How to Start and Stop Your Milter 213

9.4 Put Your Milter into the Background 217

9.5 Handle Signals 219

9.6 Anticipate MX Servers 221

9.7 Status and Logging 225

9.8 Consider Portability Early 226

9.9 Avoid Memory Leaks 227

9.10 Final Words 229

Chapter 10 User and Temporal Feedback 231

10.1 Consider Architecture 231

10.2 Model the End User 233

10.3 Maintain a History 234

10.4 Possible Feedback Mechanisms 237

10.5 Whitelisting 241

10.6 Graylisting 242

10.7 Archive, Reject, or Pass Through Spam 244

10.8 Dynamic Configurations 246

10.9 In Summary 253

Chapter 11 Handy Routines for the Message Body 255

11.1 Parsing MIME-Encoded Boundaries 256

11.2 Decoding Base64 Encoding 258

11.3 Decoding Quoted-Printable Encoding 265

11.4 Decoding Character-Entity Encoding 269

11.5 Decoding URL-Encoding 277

11.6 Stripping HTML Comments 279

11.7 How to Use /etc/magic 284

11.8 How to Use /usr/share/dict/words 288

11.9 More 293

Appendix A Useful Source Code 295

Bibliography 297

Index 307