spamd.alloweddomains. I have at times written at length about spam countermeasures, and I must take responsibility for sometimes going into too much detail about options and nuances that are on offer if you enjoy fighting back at the spammers and watching them fail.
So it was a bit refreshing to be reminded that you can, in fact,
make good use of the OpenBSD spam deferral
daemon spamd(8) without
maintaining lengthy lists of anything or even pulling in externally
generated data, unless you want to.
The key to the simplest version of spam fightng life
with spamd(8)
is to put a list of the domains you do want to receive mail
for in a file called spamd.alloweddomains,
in /etc/mail/ if your system
runs OpenBSD, and
in /usr/local/etc/spamd/ if you are setting up on
a FreeBSD system. Make sure
the file is readable for the user that runs
the spamd(8)
process, and restart or reload your spamd.
The result will be that any host that tries to deliver mail to
addresses that are not listed
in spamd.alloweddomains will be greytrapped and
added to your spamd-greytrap. The host will be stuttered
at until it gives up.
If you have no use for external blocklists or allowlists, you can
even
empty spamd.conf
if you want (or comment out any content with # hash
characters). The spamd
process will run fine without one.
Here is an example lifted from my nxdomain.no
server recently:
Jan 23 15:18:27 skapet spamd[84681]: (GREY) 193.222.96.180: <test@bsdly.net> -> <director_ericmoore@hotmail.com>
Jan 23 15:18:27 skapet spamd[4259]: Trapping 193.222.96.180 for tuple 193.222.96.180 win-4tti4dh7sgh.domain <test@bsdly.net> <director_ericmoore@hotmail.com>
Jan 23 15:18:27 skapet spamd[4259]: new greytrap entry 193.222.96.180 from &kt;test@bsdly.net>M to <director_ericmoore@hotmail.com>, helo win-4tti4dh7sgh.domain
Needless to say I am
not Microsoft,
so hotmail.com is not in nxdomain.no's
/etc/mail/spamd.alloweddomains.
If you want to pull in external blocklists or pass lists, you can
pull in
a spamd.conf
with content. One useful starting point is
the default
version, or if you want you can stat with mine,
which pulls in some other resources.
Finally, if you want to run a mail service, do yourself a favor and not only read the relevant man pages, but also sign up for the mailop mailing list, read the Mailop FAQ and the Best Services for Servers document.
Thanks to Michael Lucas, who wrote a message on the mailop mailing list that spurred me to write this article.
If you want to dig deeper in matters related to spam, greytrapping and the OpenBSD
spamd(8) program
in general, here are a few resources for you:
In The Name Of Sane Email: Setting Up OpenBSD's spamd(8) With Secondary MXes (also with trackers)
Badness, enumerated by robots (also with trackers)
Goodness, Enumerated by Robots. Or, Handling Those Who Do Not Play Well With Greylisting (also with trackers)
Three Minimalist spamd Configurations for Your Spam Fighting Needs (With Bonus Points at the End) (also with trackers
Maintaining A Publicly Available Blacklist (tracked only, sorry)
Effective Spam and Malware Countermeasures - Network Noise Reduction Using Free Tools (also tracked only, sorry)
The Book of PF, 3rd edition (now again available as physical copies)
Posts
No comments:
Post a Comment
Note: Comments are moderated. On-topic messages will be liberated from the holding queue at semi-random (hopefully short) intervals.
I invite comment on all aspects of the material I publish and I read all submitted comments. I occasionally respond in comments, but please do not assume that your comment will compel me to produce a public or immediate response.
Please note that comments consisting of only a single word or only a URL with no indication why that link is useful in the context will be immediately recycled so those poor electrons get another shot at a meaningful existence.
If your suggestions are useful enough to make me write on a specific topic, I will do my best to give credit where credit is due.