|2020ok Directory of FREE Online Books and FREE eBooks|
Slamming Spam A Guide for System Administrators Dec 2004
by Robert Haskins and Dale Nielsen
If you are the author or the publisher, and would like to link to your site here, please contact us.
Spam makes up more than half of all e-mail sent worldwide, and more than 70percent in the United States. The cost of spam is escalating for enterprises asthe amount of unsolicited e-mail being sent continues to reach new heights.Analysts estimate businesses lose up to $10 billion each year in lost productivityand services.Slamming Spam is an administrator's "how to" stop spam book. It is very handson,with none of the "why people spam" or other topics that are found in otherbooks and usually only peripherally interesting or useful to a mail administrator.Most books out there now are for end-users; this book is for in-the-trenchessys admins. The authors examine how anti-spam methods are implemented onthe client-side (covering Outlook, Outlook Express, Eudora, and UNIX mailclients), server side (covering Exchange and Lotus Notes), and outsourcedoptions including Brightmail and Postini. There is also coverage ofSpamAssassin, a widely deployed open source mail filter which uses a set ofrules to decide how probable it is that a piece of mail is spam.
From the Back Cover
Real Anti-Spam Help for System Administrators
In Slamming Spam, two spam fighters show you how to fight backâand win. Unlike most spam books, this one is written specifically for in-the-trenches system administrators: professionals who need hands-on solutions for detecting, managing, and deterring spam in Unix/Linux and/or Microsoft Windows environments.
The authors offer deep, administrator-focused coverage of the most valuable open-source tools for reducing spam's impact in the enterpriseâespecially SpamAssassin. Drawing on their extensive experience in developing and implementing anti-spam tools, the authors present expert insights into every leading approach to fighting spam, including Bayesian filtering, distributed checksum filtering, and email client filtering.
Whatever your IT environment and mail platform, Slamming Spam's defense in-depth strategies can help you dramatically reduce spam and all its attendant costsâIT staff time, network/computing resources, and user productivity.
Â© Copyright Pearson Education. All rights reserved.
About the Author
ROBERT HASKINS works for Renesys Corporation, a leader in real-time Internet connectivity monitoring and reporting. He has been a Unix system administrator since graduating from the University of Maine with a degree in computer science. Robert has fought spam in many environments, including enterprises, cable modem ISP, network equipment manufacturer, wholesale dialup ISP, competitive local exchange carrier, and traditional ISP. He has presented on the topic of fighting spam at NANGOG, FBI Boston Infragard, and LISA. Robert writes a regular technical column called "ISPadmin" on service provider topics for USENIX's ;login:. He is a member of USENIX, SAGE, and IEEE.
DALE NIELSEN is a partner in Avacoda, LLC, a consulting company specializing in systems administration and software development. He has worked as a systems administrator since receiving his degree in computer science from the University of Massachusetts. He has more than twenty years of experience administering Unix- and Linux-based mail servers, firewalls, and workstations. He has worked in a variety of engineering and software development environments, and has taught courses in systems administration at Sun Microsystems. Recently, he's done consulting work for clients including Nortel Networks and Ziplink. He has written about Linux-based firewalls for the Linux Journal.
Robert and Dale have developed a patent-pending method to reduce spam for Ziplink, Inc.
Â© Copyright Pearson Education. All rights reserved.
Excerpt. © Reprinted by permission. All rights reserved.
This book is meant to be a reference for the email system administrator who has been asked to implement an anti-spam solution for their organization. This is an administrator's "how to" stop spam book. It is very hands on, with none of the "why people spam" or other topics which are usually only peripherally interesting or useful to a mail administrator.
Fighting spam is a complex problem, with many potential technical, legislative, and social solutions. No book could ever hope to cover them all in a reasonable amount of space. In fact, when considering only the possible technical spam-fighting solutions, it isn't possible to give them all the coverage they require. Our focus in this book is on the widely used open source anti-spam solutions available for major mail transfer agents (email servers).
Be sure to check out the web site for this book at http://www.slammingspam.com. It has all the latest information on the book, including updated URLs, errata, and other useful information in the fight against spam.
Who This Book Is For
The reader is assumed to have a limited knowledge of Linux/Unix. In most cases, step-by-step instructions are provided for the covered package or approach. These "cookbook" examples are meant to work for most installations, with minimal changes and/or customizations. While some knowledge is assumed of the mail-transfer agent software used (such as Sendmail), the administrator doesn't need to be a mail server expert or Linux guru to implement the solutions outlined here.
You will learn about the best current anti-spam methods and software available. Most of the methods are open source and freely available (as in free beer). These open source solutions offer the "best of breed" anti-spam solutions available today. Implementing open source solutions requires more work than commercial solutions, but often the administrator ends up with a more flexible, better solution than is otherwise available.
We initially thought we would discuss anti-spam services such as Postini and Symantec's Brightmail in the book. However, we found that most of the commercial anti-spam solutions (such as anti-spam firewalls) and services were documented quite well and didn't require additional coverage. As a result, most commercial solutions are only mentioned in the Introduction. The only non-open source anti-spam solution covered here (McAfee SpamKiller) is directly related to the commercial mail servers coveredIBM/Lotus Notes/Domino and Microsoft Exchange.
The IBM Lotus Domino and Microsoft Exchange administrator has a choice. An anti-spam solution can be implemented directly as part of the mail server, since both IBM Lotus and Microsoft Exchange support plug-ins. To supplement or as an alternative to a tightly integrated solution (like McAfee SpamKiller), additional open source email servers can be deployed specifically to perform spam filtering or virus checking. These anti-spam/virus servers would process the message before sending it on to the Domino/Exchange server for delivery to the recipient.
While adding to the "box count" an administrator needs to manage, this approach does enable an open source best-of-breed solution to these otherwise "closed" commercial email servers. A hybrid approach can reduce the out-of-pocket cost while giving the administrator much flexibility in tweaking the anti-spam solution.
What You Will Need
The solutions in this book focus on Linux, on the server side. There is some coverage of the client side, but primarily the client coverage is meant to complement the server implementations we examine. Although the solutions presented here have been tested on Debian and/or Fedora Core Linux, they should work on almost every version of Linux available without too many modifications.
The covered mail transfer agents (MTAs) are Sendmail, Postfix, qmail, IBM Lotus Domino, and Microsoft Exchange. We assume the reader has a previously installed and working MTA, as the task of installing and configuring a single MTA can be a book unto itself. SMTP authentication support for Postfix, Sendmail, and qmail may require the recompilation of the MTAs in order to implement. Having a previously installed compiled and working MTA makes SMTP AUTH much easier.
We assume the reader has root access to the machine(s) they want to implement the anti-spam solutions covered here. Although many of the solutions do not require root access and can be installed and run as a "regular" user (though sometimes this requires configuration changes), we assume root access in our examples. You will see the use of root only when absolutely necessary. You won't see us compiling or installing anything as the root user, unless there is no other way to do it.
Often, we use the sudo command in order to run privileged commands which otherwise would require the root password. sudo is potentially a better way of giving out root access, without disclosing the root password. The commands prefixed by sudo could just as easily be run as root, assuming the root user's path is identical to the unprivileged user's path. For many examples, we assume the user performing the installation tasks has write access to /usr/local.
A few notes regarding other Linux/Unix command assumptions. We presume the reader has access to and knowledge of the following Linux utilities:
We presume you have a recent version of gcc on the system to build the anti-spam utilities outlined here. Some of the packages covered here specifically require GNU make. Most Linux distributions come with GNU make. If you are building these solutions on a BSD derivative such as FreeBSD, or another platform such Sun Solaris or HP-UX, you may need to install GNU make for the spam-fighting utilities that require it.
In this book, we often mention maildir and mbox (or mailbox) formatted files. You should be aware which type of mailbox your email server software uses. The configuration for many anti-spam utilities covered in this book will vary depending upon which mailbox format is used. (Lotus Domino and Microsoft Exchange use their own internal format, so the mailbox format doesn't apply to those email servers.)
The mbox format stores the messages for a particular user in one file per folder. Because mbox was the original (and at one time only) mailbox format, it has wide support. Sendmail and Postfix use mbox formatted mailboxes by default. Mailboxes in the mbox format work fine in many installations, but can pose problems for some administrators in some cases. For example, mbox formatted mailboxes on NFS-mounted filesystems have locking issues that can result in mailbox corruption.
Maildir stores each message as individual files, with unique names in a directory structure with a directory for each folder. In many cases, a "/" after a filename parameter will indicate maildir formatted message directory, and the lack of a "/" will indicate that a mailbox is in mbox format. qmail uses maildir formatted mailboxes by default. Postfix can be configured easily to use maildir formatted mailboxes. If Procmail is used as the mail delivery agent, Procmail can easily be configured to use maildir format by specifying the folder name with a trailing "/".
How This Book Is Organized
This book can be read cover to cover in order to give the reader a hands-on view of the many methods to fight spam. However, the individual chapters are self-contained, so if there are specific anti-spam solutions you want to implement, you can just skip to those particular chapters.
Chapter 1, "Introduction," is an overview of some of the currently available major anti-spam technologies. It is useful for putting the solutions provided in the rest of the book in context. The focus is designing an anti-spam infrastructure for an organization's network, walking through policy, information gathering, design questions, and goals. If you are interested in designing an anti-spam architecture from scratch, Chapter 1 is an excellent starting point.
Chapter 2, "Procmail, " is a tool often used as a mail-delivery agent by anti-spam software to complete the job of fighting spam. For example, many statistical analysis tools depend upon procmail to perform the filtering of messages into the spam or non-spam folders. If the anti-spam tools of interest require the use of procmail, this chapter should be read if the reader is not familiar with the procmail utility.
Chapter 3, "SpamAssassin," covers the widely known and used spam classifier program. This chapter contains a treatment of the popular anti-spam scoring program, from installing the required packages to configuring SpamAssassin, and ruleset (scoring) creation. If the reader is planning to utilize a general purpose anti-spam filter, SpamAssassin is an excellent choice.
Chapter 4, "Native MTA Anti-Spam Features," covers the native anti-spam capabilities included with the covered open source MTAs. Topics covered here include whitelisting/blacklisting, blackhole listing services, tweaking the MTA to help block spam, and other functions native to the modern MTA. If you wonder what the access database is, or how to tweak Postfix's configuration to block the PIPELINE command, then this is a good chapter for you.
Chapter 5, "SMTP AUTH and STARTTLS," shows how to s...
Related Free eBooks