Spam Filtering with Sendmail

Spam Filtering is a necessity particularly with domains that have been around a while and Sendmail lends itself well to controlling the amount of unsolicited emails your users will receive. Although Sendmail has several built in mechanisms to determine the legitimacy of the mail it handles there remains a large amount of spam that will still get through. We must take great pains to assure the reader that this is not a shortcoming of Sendmail but a sad reflection on the state of email and spam in general, after all over 90% of emails sent are spam and filtering out 90% of your mail servers traffic without losing legitimate mail is something of a challenge.

There are many methods of filtering spam however after well over a decade of mail server administration I can honestly say that no one method by itself will provide a complete solution. I use three well known open source antispam measures in conjunction with each other for most production mail servers I am involved in and the results are spectacular. Sadly, your mail server's users will still receive a spam email now and then but still far less than they would receive otherwise.

Block Known Spam Sources with a DNSBL A DNSBL is a DNS based blacklist (or block list) is a list of IP addresses published through the internet Domain Name Service that contains sources of known spam. A DNSBL is an excellent first line of defense for preventing spam even being received by your mail server. There are several DNSBL's in existence and each uses a slightly different approach to listing and delisting addresses thought to be sources of spam. Most include in their lists zombie spam relays, IP addresses associated with ISP's known to house spammers and addresses which have sent spam to a honeypot email address. Two I have used quite successfully are Spamhaus and Spamcop, both of which offer free use of their block lists to low volume users and noncommercial entities.

Adding a DNSBL to Sendmail involves editing your sendmail.mc and creating a new sendmail.cf as described in our article on Configuring Sendmail. Using Spamcop as an example simply add the following line to sendmail.mc and then build your sendmail.cf and you will see the difference in the amount of spam you receive immediately. Most DNSBL's have instructions available on their website describing how to use their service.

FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl

Milter-Greylist

Milter-greylist is an excellent second stage for your Sendmail spam filtering. Milter-greylist is a milter that implements greylisting, that is to say it is an addon to Sendmail (written independantly of Sendmail) that works by assuming that a fair proportion of spam engines will not attempt to resend their junk after being rejected by a temporary error. A legitimate mail transport agent will attempt redelivery after a certain time period, so mail is not lost merely delayed. Milter-greylist records the senders IP address, email address and the recipients email address (called a tuple) in a database. When delivery is reattempted the milter can see that this is more likely to be legitimate email and allows the email to be delivered. It also whitelists the tuple so that futher mail from the sender is not delayed for a fixed period of time, usually 24 hours.

Milter-greylist is an excellent way to reduce the amount of spam your users receive without the mail server having to process it to any high degree. It does have a slight disadvantage in that the first email from a particular sender is slightly delayed however this is more than compensated for by the overall reduction in spam traffic.

Spamassassin

Spamassassin is a spam filter written in the Perl programming language that filters spam based on content-matching rules. Spamassassin runs the emails received through a series of tests based on a large set of rules that examines the emails contents. Each test has a score value that will be assigned to the message if it matches the tests criteria. Once the message has been run through all of the available tests the scores from each test are added together into a global score. The higher the score the higher the probability the message is spam. Once the score passes a threshhold which you can determine it is discarded or marked as spam depending on how you choose to configure spamassassin.

Spamassassin is a must for any mail server that supports it. Its effectiveness at accurately sorting ham from spam has earned it a well deserved reputation and it can be considered to be one of the best antispam measures for sendmail, postfix and other Linux mail servers.