spam – Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 spam – 32 32 How to Fix an Open Relay in Postfix Fri, 16 Jul 2010 16:58:02 +0000 postfix

As I have been reiterating all week, an open relay is a bad idea. If your mail server is left open, anyone can use your SMTP service to send mail, and spammers will use it. This can result in your server being blacklisted and extraneous use of system resources that neither benefit you nor your users.

To secure Postfix, there are a number of functions you can add the configuration file /etc/mail/ Edit the file and add the following lines:

smtpd_helo_required = yes
smtpd_delay_reject = no
disable_vrfy_command = yes

smtpd_helo_restrictions = permit_mynetworks,

This will force incoming requests to pause and identify themselves before proceeding, and will allow properly authenticated users to pass through and send mail. To finish, save the file and restart Postfix:

/etc/init.d/postfix restart

How Do Spammers Send Spam from My Server? Thu, 15 Jul 2010 17:31:56 +0000 Wall of real spam
When your server has become a haven for spammers, it is never a pleasant ordeal. Your server will probably be blacklisted, causing many of the emails you send to bounce back, and you may have serious connection problems due to the spammer using valuable system resources.

There are a couple of ways in which spammers will use a server to send their emails. The first is through an open relay in your mail server. This is something that you can easily fix in both Postfix and Sendmail. I will post more about fixing an open relay tomorrow. The second method is by signing up for a legitimate hosting account with your web hosting service, but then using the account to send spam. By the time you figure out what they have done, they are usually long gone.

The third and probably most nefarious method of sending spam from your server is through an actual attack on your server. When a hacker finds a hole in your security, they will install a bot on the server. That bot will then act as a small mail server for the hacker, all without your knowledge. You may not even notice it unless it causes some side effects. All three methods should be fixed with increased security and careful scanning of your server for possible threats.

Photo Source: Flickr

Mail Server Causing High Server Load Thu, 15 Jul 2010 16:26:42 +0000 Mail letter iconQuestion: My CPU usage on my server is very high, and it seems to be originated from my mail server. What could be the problem?

Answer: If your mail server is sucking up valuable CPU power, there are a couple of possibilities, none of which are pleasant.

1. You or users on your server are getting a lot of emails, more than usual. Although it is possible that it is just a temporary thing, it could be a deliberate attack on your server.

2. Someone is sending spam from your server, using an open relay in your SMTP settings or exploiting a user’s account.

3. Your server is receiving a ridiculous amount of spam (i.e. spam attack). This could be an intentional attack or just a particularly bad day.

Usually, if the CPU upswing is substantial, you should be really concerned about your server’s security. Take a look at the mail server logs and see where the emails are originating and where they are being sent. Take note of IP addresses, user names, and any other useful information. If you cannot figure it out, you can take the data to a security expert who can help you solve the problem.

5 Indispensable DNS Tools Mon, 07 Jun 2010 14:46:21 +0000 DNS MX check
1. Traceroute – With this quick tool, you can trace the network path from your server to any destination, including your house. If you ever have connection problems with your website or server, this tool may give you clues.

2. IP Whois – Find out what a website’s true IP address is, where it originates, who owns it, and more.

3. Reverse DNS – Test reverse DNS to make sure your server is setup correctly according to Internet protocols.

4. SPAM DB Lookup – Is your website or server on the spam list? This tool will tell you if you need to do some housecleaning or beefing up of security.

5. DNS Lookup – Make sure all of your DNS records (A, CNAME, MX, and more) are setup correctly.

There are websites that have all of these tools available either for free or for small fees. You can also perform many of them from the Linux command line, if that is available to you.

E-mail Address vs Contact Form Tue, 18 May 2010 15:31:16 +0000 contact form
You want to make sure your website visitors can contact you, and you have made every effort to make sure they can find the “Contact Us” page, but what do you want to include on the page? Should you list your email addresses, have only a contact form, or provide both?

Both can potentially present security issues. An email address presented in text can be harvested by spam bots. A contact form can be hacked and used to send spam or gain access to the server. But both can be prevented with extra security measures. Furthermore, both can be setup to point to the same email account on your server.

The real advantage for contact forms is that you can customize them and lead users to provide certain information. This could help them formulate ideas and come up with better questions. You can also gain certain useful data from them that might help determine how best to assist them. Finally, a contact form script that collects statistical data can help you when it’s time to evaluate your website. Ideally, it is probably best to provide both options, just in case a user prefers one over the other.

When You Are Accused of Spamming… Mon, 17 May 2010 18:36:41 +0000 No SPAM
Question: My web host has accused me of being a spammer and has suspended my account. How do I prove I am not a spammer?

Answer: Usually, you will only be accused of spamming in one of three situations: (1) you actually are a spammer, (2) your account is hosted on an unsecured mail server, or (3) You have a dedicated server or VPS, and you have left your mail server unsecured.

In the case of the first situation, I cannot help you. If you are in situation number 2, then you are truly one of the victims, and whoever is running the server needs to fix the problem. Usually this will happen if the server admin is someone different than the web host. Contact the web host and let them know that you are not in charge of the server but have been blacklisted.

In the third situation, you need to find the security hole in your server and fix it. You could have an open relay in your SMTP system. Another possibility is that a user account has been comprised. And the third unfortunate possibility is that one of your users may knowingly be a spammer. In any case, get the problem fixed first and then tell your web host. You should then automatically start dropping off of DNS blacklists, and everything will go back to normal.

Image: Wikimedia Commons

Catchall Email Addresses Mon, 10 May 2010 19:16:03 +0000 Spam in Gmail
In the world of web hosting, email addresses can either be real or aliases. A real email address is connected to a mailbox on the mail server. That mailbox will hold any messages sent to the address in queue, awaiting the user to either download it or access it from the Web. An alias is an email address that only holds the appearance of a real account. In reality, any messages sent to it will actually be forwarded elsewhere.

Some websites, particularly those owned by organizations or companies, may use a catchall feature on their mail server. Rather than create an email address for several departments, they may create five and have all other inquiries forwarded to a single address. For example, billing@domain.tld, finance@domain.tld, and stocks@domain.tld may all be handled by the same department. Rather than have an alias for each, the catchall for that domain could point to billing. This can also be useful for catching typos.

There are drawbacks to catchall email settings. Since any email address that does not have a valid mailbox will be accepted and forwarded to the specified account, your account might receive more spam. Some spam bots will seek out keywords like “admin” and “support” and automatically send spam to accounts on your domain with those prefixes. Individual website owners and small organizations will probably not see the benefits of catching extra spam.

Photo Source: Flickr

MailScanner: Anti-Virus and Anti-Spam Filter Tue, 04 May 2010 21:27:39 +0000 Email iconAs the name implies, MailScanner scans incoming mail sent to users on a server and flags them, and handles them according to the server administrators configurations. It is one of the most popular virus/spam filters It is written in Perl and links with other packages in order to accomplish its specified goals

For mail transport, MailScanner requires a mail server such as Sendmail or Postfix. For Anti-Virus, it relies on ClamAV or one of the many other supported solutions, and for Spam, it uses SpamAssassin. It creates a centralized control mechanism for all of these applications and acts as a mail sorter, filtering out the junk.

MailScanner is available for most major Linux distributions and several Unix-like operating systems, such as Solaris and BSD. The website provides binaries for Red Hat, CentOS, Fedora, Debian, and SuSE, and nearly all distributions provide packages in their repositories. MailScanner is free and open source software, released under the GPL.

Image Source: Wikimedia Commons

How to handle known spammers Wed, 31 Mar 2010 21:59:18 +0000 Cans of SPAM
When you are faced with relentless spamming, it is a good idea to use tools that go beyond simple filtering. One way to stop SPAM is to develop some type of proxy that stops known spammers before the messages reach the mail server. Another is to rely on DNS black lists that are periodically updated.

Whatever method you choose, it is important to contribute tot he fight against SPAM by reporting known spammers. The first place to report to is the spammers web hosting provider. The provider is most likely unaware of the spammer’s actions and will suspend their accounts once you tell them.

The second method to try is to contact their Internet service provider. Just as it is a violation of the terms of service for most web hosts, most ISPs will not tolerate SPAM either. Finally, you can contribute to global blacklists by reporting the spammer to SPAM prevention websites. This will ensure that offenders cannot get away with SPAM even if their providers allow it.

Photo Source: Flickr

How to create a tmp partition in Linux Wed, 31 Mar 2010 21:51:56 +0000 Tux, Linux mascot
As we mentioned in a previous post, setting up extra partitions beyond the standard Linux partitions can have certain security and performance benefits. One of the major directories that you should consider partitioning is the /tmp directory. In Linux, temporary files are stored there and accessed when applications need to use them.

Unfortunately, /tmp is also a prime spot for hackers to plant their malicious executables and use your server as the jumping off point for SPAM, bot attacks, and other malicious objectives. Follow these steps to separate /tmp from your root partition and make it non-executable.

If you wanted the partition to be 512MB for example:

# mkdir /filesystems
# dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=512 bs=1M
# mkfs.ext3 /filesystems/tmp_fs

Add the following line to /etc/fstab:

/filesystems/tmp_fs /tmp ext3 noexec,nosuid,loop 1 1

Then, mount the partition:

# mount /tmp

Source: Parallels
Photo: Flickr