A single dedicated server can play the role of a mail server to handle mails
for all web sites or domains. Since it is convenient to send email messages from your
administrative desktop computer to the server to be relayed to the correct recipient,
you need to make sure that whoever asks the server to relay email messages are authorized.
If you deploy email service on your dedicated server, additional measures need to be considered
to protect the server from spam and unauthorized email forwarding, also known as email relaying.
An email server sends mails via SMTP (Simple Mail Transfer Protocol). SMTP uses TCP port 25.
Anyone can determine the SMTP server for your domain name, by looking at the MX (Mail eXchange)
DNS record of your domain. To eliminate email security risks, all relaying activities (sending
out mail) must originate from specific user id on the server or from specific remote IP addresses
such as your administrative desktop computer. This restriction will eliminate unauthorized relaying
activities from other computers to send spam emails using your server as the relaying machine
while allowing legitimate senders such as your web server to send mail.
Disabling unauthorized relaying prevents your server from sending spam email originated from
unauthorized sources. However, this would not stop your email server from receiving spam emails
once the email server is associated with your registered domain name. A simple greylisting mail
filter can effectively remove most, if not all spam emails. You can set up the mail server to
delete automatically all emails sent to unknown recipients.
Sendmail can be set up to handle auto-forwarding or to send auto-respond replies. All emails
received for unknown recipients should be deleted or rejected before they get to clutter the
server's mailboxes. It is a good idea to implement a simple but effective greylisting filter
for sendmail. Greylisting introduces a short delay (typically 2 minutes) to your legitimate
senders and ask the sender to resend the mail after this delay period.
The advantage of greylisting is that it is not an intrusive mechanism and does not
generate false alarms. It is very effective to prevent almost 90 percent of the illegitimate
mails before they get to you server. If a spammer manages to bypass the server's greylisting
filter with a consistent email address or IP location (by resending the rejected mail),
information recorded in the auto whitelist may be used to reject the spammer.
It is an important part of your daily server administration task to look at the email server log
at /var/log/maillog to see if there are unauthorized activities or repeated attempts to access
your email server from a specific IP address. Those undesirable IP addresses can be added to your
email server's or firewall's banned IP list.
The email messages originated and received by each email user are stored in a single file at
/var/mail/user_name for each user. If you use a remote mail client such as Microsoft Outlook
to access your email messages, this file will be modified when the email server receives new
messages or when the remote client deletes old messages.
It is recommended that the remote client keeps the messages on the server for at least several
days before deleting so that the server can properly back up these email message files. It is
tedious and error prone to perform this administrative task manually. Linux provides an excellent
environment to automate this task transparently.
This section discusses in detais the following topics.
Automatic rejection of email sender based upon IP address, domain name, subject, and recipient.
Verify email relaying is disabled to prevent anonymous email relaying via telnet.
Sendmail configuration to reach an email relaying server in case your hosting provider blocks
SMTP port 25.
Advanced configurations for a greylisting filter to reduce spam.