SPAM is a tinned meat product, that judging from its longevity, must be enjoyed by some people. Spam on the other hand is universally hated, and apparently now accounts for over 95% of all email that is sent, or in excess of 200 billion emails a day. 80% of those are sent by one of only 200 or so spammers around the world. As a result of this the IT industry wastes an inordinate amount of time, money and resources filtering out the vast majority of this rubbish before it ever reaches the end-users of most email systems. The former became associated with the latter by way of a 1970’s sketch from Monty Pythons Flying Circus.
Why do I mention this? Well, for historical reasons, I run my own mailserver here at home. This has advantages and disadvantages. The main disadvantage is that setting one up is quite complex, and getting it exactly right is essential, otherwise you can easily set up what is known as an open relay, which allows anyone to send email using your email server – and the people who would quickly take advantage of this are spammers. A faster way to get your ISP connection terminated is probably hard to find.
The advantage for me was that it was the only way I could provide economic email for my family while I was using the IBM-supplied broadband package. Now that I have switched to my own ISP the need is not so pressing, but we’d all need to change our personal email addresses, and update the many people who use them. So it’s just easier for me to keep running the system, especially as it’s been a completely trouble-free experience for the last 3 or 4 years.
Except when I went to collect my personal email this morning, rather than the 2 or 3 emails I’d normally expect I found well over a hundred emails, all of which were spam, advertising the types of products that I’d mostly rather not even know about, let alone take advantage of. I have to take quite enough drugs already thanks – no need for any more, especially from unknown, unverifiable sources.
Why the sudden increase? Well, to be honest, it’s partly my own fault. I set up a secure email server that can’t be used to relay email, but I didn’t make any effort to make it particularly resilient to someone who wanted to harvest my email addresses and then target them with spam. And we’ve been flying under the radar ever since. Except it looks like someone has lowered the radar; they’ve obviously scanned my IP address, found an email server, tried to use it as a open relay (and failed) and then rather than moving on, have worked out the email addresses that my server supports, and put them onto a large number of mailing lists. Gee, thanks a lot.
So my job this afternoon is to significantly upgrade the configuration on my email server to ensure that I filter out all the spam that is starting to arrive. After all, its bad enough that I should see some of this rubbish, let alone have it being sent to my wife and daughters too.
Well, as seems to often be the way at the moment, I didn’t mange to get started on this when I expected. But when I did get around to it (mid-evening instead) I was surprised just how much work has been put into my mailserver (postfix) to make it trivial to harden. The server is incredibly modular, with open interfaces that make it easy to hook up to external “helper” applications. By installing a couple of extra packages using the Ubuntu package management system I was then able to make about 20 lines of changes to my postfix configuration files that should stop almost all the spam that I’ve been receiving. The only slight concern is that I may have hardened the server to the point where I occasionally discard some good email too – something to watch out for.
But so far so good; I still pass the open relay checkers on the web, and appear to be successfully sending and receiving normal emails. Just no sign of any more spam. Which I am currently interpreting as being a good thing.