POP-Before-SMTP Anti-Spam Configuration

Support

POP-Before-SMTP Anti-Spam Configuration
The demise of big "spamhaus" operations like Cyber Promo has caused the spamming community to resort to "hit-and-run" spamming through open SMTP relays. This malicious technique is advantageous to spammers since a single spam can be sent from a throwaway dialup account and then be exploded out to 50 or more e-mail addresses by a fast and open SMTP server.

By default all Virtual Private Servers are closed to SMTP relaying. This Solution to the Internet Spam Problem is implemented by the POP-before-SMTP anti-spam configuration, which is specifically designed to prevent SMTP relaying by spammers. All Virtual Private Servers created since March 1, 1998 include this configuration.

How It Works
Every time someone successfully enters a correct username and password to your POP or IMAP server (i.e. checks an e-mail account that is configured on your Virtual Server), the server records the IP address of the remote client. The IP address and a timestamp are stored in the ~/etc/relayers.db database file. The database serves as a list of IP addresses that are a llowed to perform an SMTP relay. A simple rule set in the check_rcpt section of the ~/etc/sendmail.cf file causes sendmail to refuse to relay e-mail from any IP address that is not listed in the ~/etc/relayers.db database file. You will need to add this Rule Set if it is missing from your ~/etc/sendmail.cf file.

vsmtprelay
Even though the POP and IMAP authentication will automatically cause an IP address to be added to the ~/etc/relayers.db file, you may on occasion want to manually add to or clean the database yourself. To do this we have created a utility program named vsmtprelay that allows you to add, delete, expire, or list IP addresses in the ~/etc/relayers.db file.

% vsmtprelay
vsmtprelay 1.1.0 usage (optional items in []):
    % vsmtprelay command [arg] [...]
where "command [arg] [...]" can be one of the following:

    "add ip [ticks]"   insert address with current timestamp (or ticks)
    "delete ip [...]"  remove specified address(es)
    "expire [n]"       expire all old (or older than n minutes) entries
    "list [n]"         list all old (or older than n minutes) entries
    "dump"             list every entry, including the future timestamped

IP addresses are expressed as ASCII "dotted quads", e.g. "10.11.12.13".
All timestamps are stored as ASCII strings representing a count of seconds
elapsed since 0 hours, 0 minutes, 0 seconds, January 1, 1970, Coordinated
Universal Time (the common UNIX epoch).

The ~/etc/relayers.db database is implemented as a "Berkeley DB hash file" with IP addresses as keys and timestamps as the data (all as ASCII strings). The vsmtprelay list output is intentionally produced in a form that can be edited manually and rebuilt by makemap(8) if desired.

Although the ~/etc/relayers.db database does not use up a lot of disk space, you may wish to automatically expire entries on a periodic basis to keep the database small. This can be done using the Cron program scheduler. For example, the following crontab entry would expire all of the day-old ~/etc/relayers.db database entries every night at 3:15 AM.

15 3 * * * /usr/local/bin/vsmtprelay expire 1440