Wednesday, May 17, 2006

How to secure your inbox

Not too long ago, email was a wonderful thing. It provided a fast and easy method to communicate with family, friends, and co-workers, regardless of timezone or location. Unfortunately, due to spam and viruses, many people now find email almost unusable.

The first item on the agenda is eliminating spam. Spam, or unsolicited commercial email (UCE), is not only a nuisance, it's a productivity killer.

SpamAssassin (SA), which is distributed under the same license as Perl, helps put an end to this problem. Using its rule base, SA performs a wide range of heuristic tests on email headers and body text to identify and score spam. SA can also use blacklists and optional modules such as Razor, Pyzor, and a built-in Bayesian filter that learns new spam characteristics.

One of SpamAssassin's greatest assets is its flexibility. You can install SA in a wide variety of configurations, from a local install in your home directory (on a machine where you do not have root access), to a system-wide install that affects all users. You can also configure SA to allow each individual user to set their own rules, thresholds, and settings. And, because SpamAssassin tags messages by adding additional headers, it allows you to control what happens to each message.

To install SA, do the following as root:

# perl ?MCPAN ?e shell
cpan> install Mail::SpamAssassin

Alternatively, if you don't have root access, you can download the source from and do the following after unpacking the tarball:

% cd Mail-SpamAssassin-*
% perl Makefile.PL PREFIX=~/sausr
SYSCONFDIR=~/saetc; make; make install

After you install SA, look at the configuration file called This file allows you to whitelist certain addresses, tweak rules, add custom rules, enable/disable specific tests, and change a variety of other options.

You can also choose how you'd like to integrate SA into your MTA (if site-wide), or how you'd like to process your mail with SA (local install). SA works well with sendmail, qmail, PostFix, Exim, and most others. It can even be called via procmail, milter, AMaViS, MIMEDefang, or QMAILQUEUE.

If you installed SA in your home directory, you can put the following two rules in your procmailrc file to run SA on your mail and sort spam into a folder named caughtspam:

:0fw: spamassassin.lock
* ^X-Spam-Status: Yes

While running SpamAssassin as above is fine for small setups, most large or system-wide configurations should consider running spamd/spamc, which improves performance by avoiding the overhead of starting Perl for each message.


You may be thinking, "I use Linux, why do I need a virus scanner?" While it's true that not many viruses have targeted Linux, as Linux's popularity grows, it's likely that the number of viruses will increase. Beyond that, many people who run a Linux machine may have a mail server setup for a few friends and family. Some of these users likely use an operating system that is more prone to viruses. By scanning for viruses, you're not only doing them a favor, but are helping stop the spreading of viruses. After all, if everyone had an up-to-date virus scanner, the outbreaks that we've come to accept would be much less common.

Luckily, there is a free GPLed virus scanner called ClamAV (available from that keeps updated definitions. Like SpamAssassin, ClamAV can be run in both system-wide and local configurations, and allows easy integration with many MTAs. It can also be called via procmail, milter, AMaViS, MIMEDefang, or QMAILQUEUE, and allows you to either reject or quarantine infected messages.

As ClamAV integration can be quite specific to your environment, specific installation and configuration instructions are beyond the scope of this article, but the install is the standard ./configure && make && make install. After installation, become acquainted with the configuration file clamav. conf, and choose between using clamscan or clamd/clamdscan. ClamAV also comes with freshclam. It can be run as a daemon or via cron to keep virus definitions up-to-date.

No comments: