Posts Tagged ‘sendmail’

Do not use xinetd to create an obscure port for SMTP

Monday, February 27th, 2012

Years ago I created a simple xinetd rule to use a custom port for SMTP.

I set this up  years ago when my local ISP started to block outbound SMTP connections on port 25 as an anti-spam measure. I had been using our web server for SMTP relay for several years before this because this same ISP had quite poor uptime in the past. When my ISP blocked port 25, my email stopped going out. I could either switch to the ISPs mail servers, or find another way to get my mail to our web server.

I can’t recall the exact reasoning, IIRC, the ISP also required that you use an email address from their domain in either the from or reply-to lines. Whatever the reasons, I created a custom port to route email through our server to continue to bypass our ISP’s email system altogether.

I chose an unused, non-standard, low TCP port and set up the redirect in xinetd. Sendmail, our SMTP server, was previously configured to  relay for specific IP addresses, I didn’t change that.

That was at least 5 years ago. It was a simpler time and spammers stuck to searching on default ports for open email relays.

Well, today I can confirm that spammers will do a port scan to find open email relays – surely there are better ways to make money that come up with crazy ways to send a bit of spam?

I learned that I had created an open relay on a non-standard port by accident. When an inbound connection is relayed by xinetd to a different port number (at least the way I did it) the service has no idea what is the real  remote IP address. Sendmail thought it was relaying for email from localhost! Argh.

Unfortunately, for a few hours today our web server was relaying spam for some Brazil IP address and advertising something or other in Portuguese. The old relay rule was turned off as soon as I traced the hole.

 

Reducing Memory Used by Milter-Greylist

Monday, July 21st, 2008

Our VPS was running low on free memory the last few weeks.  After a bit of research, we realized that our email greylisting software, Milter-Greylist was using the most memory of everything installed on our server.  More than our database engine, web server, email server, and everything else (not combined)!

For those who don’t know, Grey Listing delays emails in an attempt to foil spammers which don’t typically follow standards for retrying email messages. Milter-greylist is a package that works with sendmail, our SMTP server. Milter-greylist is great, however, it keeps it’s working history in memory, which was OK for the two years that we have run it.  However, the amount of spam attempts continues to rise… why don’t home users notice that their computers have become SPAM zombies anyway?

So, the milter-greylist was storing tens of thousands of records in memory.  It had to be reduced.  Rather than switch to a database driven greylisting package, we decided to start blocking some SPAM attempts earlier in the process.

We enabled the outright blocking of inbound email attempts by any IP address listed on Spamhaus.org’s SBL+XBL list.  SBL+XBL are lists of computers (built by crazy wizardry) that one can use to blacklist email attempts.  I’m uncomfortable using blacklists like this, but, what can you do?  The odds of good mail being lost are very small, and hopefully, anyone who happens to get bounced unintentionally can phone us.

So, following the simple instructions here:

http://www.joeldare.com/papers/spamhaus.pdf

We were able to reduce the traffic to Milter-Greylist and it’s memory usage by 2/3 to 3/4!  Uptime and performance of our VPS and therefore everything hosted on it should be slightly better.

Spammers suck.