Tuesday, August 25, 2009

Check Your Sockets! Often.

So, I open my mailbox this morning and find that my box is flooded with SPAM that I would not normally see.  I have a fairly rigid set of instructions and counter-measures on my home e-mail server to help combat the increasing tide of unsolicited bulk mail and for some reason over the past several days... it has been rising.


I employ some RBL lists to combat the 'flagrant' spammers while utilizing GREYLISTING to help deter/slow down the 'new' spammers that are not categorized as spammers yet.


What is GreyListing?  Grey Listing, simply put, is a 30 minute delay placed upon the incoming mail.  A block, if you would that helps prevent the unsolicited bulk mail from reaching your mailbox.  A typical mail server negotiates and communicates with other mail servers and for the most part, they all get along just fine:



INTERNET: I have a message for Bill


MY SERVER: I can handle that request for you, who are you?


INTERNET: I am a mail server at GOOGLE.COM


MY SERVER: I have verified you as being correct, please give me the message.


INTERNET: Here you go


MY SERVER: Thank you, I will deliver it now after I check for viruses



And that is a very typical transaction.  What Grey Listing does is it adds another step after the initial handshake:



INTERNET: I have a message for Bill


MY SERVER: I can handle that request for you, who are you?


INTERNET: I am a mail server at GOOGLE.COM


MY SERVER: I don't have you on my list of acceptable providers, please come back later


INTERNET: Oklie-Doklie



And what happens then is Google will keep trying every 'x' minutes - typically 5-10 minute intervals are the standard, and my server will keep rejecting the request until my threshold is set (30 minutes) and then it will accept the message, but only for the persistent mail servers. 


WHY DOES THIS MATTER?


Most Unsolicited Bulk Mail senders do not want to QUEUE up their mail on there end 'waiting' for an interval of any type - they want to blast their message and be done with it.  If a Bulk mailer sends a message to me and my server rejects, 9 times out of 10, the bulk mailer will simply dump the message and I will never hear from or see that message again.


Anyway - after perusing my log files on my LINUX host, I found that my poor Grey List process (which blocks the mail) was not communicating with itself properly... therefore, it let everything in:



Aug 24 16:44:01 artemis sendmail[27148]: n7ONi1pc027148: Milter (greylist): error connecting to filter: Connection refused by /var/milter-greylist/milter-greylist.sock



Quick restart of the process cured the issue - SPAMMERS BEGONE!



Powered by Qumana

No comments:

Post a Comment