Introducing Policyd, Spam filtering, and Backup MX

image0

It’s been a busy week for cock.li.

Near the beginning of the mail server, there was an influx of users registered from Ghana that had a field day pumping out spam using cock.li accounts. They were identified and banned, but more kept coming. It eventually became so bad that I had to ban the entire country of Ghana (later Nigeria, too). Research led me to learn about Sakawa, and how the E-mail being sent from my mail server was likely because of this. It’s fascinating stuff, and an interesting intersection of technology and superstition, but it’s also extremely annoying.

Why am I writing about this now, nearly a year after this happened? The Ghanans have evolved and are now using proxies to register for accounts using cock.li, then sending email to their heart’s content. This puts me in a really shitty situation because I’m the one that has to mop up all this mess. Every day I would wake up and check and find thousands of E-mails rejected because of flood limits, and those are only the ones that got rejected (I have not checked, and do not want to check, the number of E-mails they sent). The accounts were banned, and the mail queue cleared, but they just keep on coming.

Policyd and Outgoing E-mail Limits

Policyd is a daemon that serves to impose limits on incoming and outgoing E-mail. I had enabled this in the past, but due to a bug, every E-mail was being delayed by 1-3 seconds. This basically broke the mailing list, because a single post could take between 3 and 9 minutes to send and show in peoples’ mail clients. When this event happened with the spammers, though, I decided to enable it and ask the mailing list’s patience while I try to fix it.

It turns out the issue was fixed in a later version of policyd (which cbpolicyd –help told me I was running, but rpm -qa said otherwise). Fixing this means that the mailing list and policyd can coexist peacefully. This also means that cock.li now enforces outgoing mail limits. I’ve set the limits high enough that normal users likely won’t hit the limit, but low enough to hopefully deter spammers from abusing the service. If you ever hit this limit you can send me an E-mail (which bypasses the quotas) asking for it to be increased, and I’ll gladly increase it for you.

Spamhaus ZEN Spam Filtering

SpamAssassin was disabled a while back for delaying E-mail all of the sudden, and I didn’t have time to troubleshoot it. It never got re-enabled, and I’ve decided to take a different approach to filtering spam. Cock.li now queries the Spamhaus ZEN blocklist to determine if an E-mail came from a known-spamming IP address. All spam I seem to be getting personally seems to be coming from IPs blocked by ZEN, so I figure it’s worth a shot. Unlike spamassassin, this will block the message from reaching the user’s inbox. The check is based only on the IP address the E-mail is coming from, so you shouldn’t have to worry about E-mail disappearing randomly. E-mails will also be rejected with a message confirming it was rejected because they’re listed in ZEN, so there shouldn’t be any confusion on the sender’s end, either.

Please forward any spam you receive to me. I will look into it, see if there’s a popular blocklist that would have caught this before getting to your inbox, and add it if it’s worth it.

New Backup MX Server

I recently ordered am in the process of configuring a backup MX server for cock.li. This means that in the event of downtime, due to my own idiocy or DDoS, mails will be delivered to the backup MX server, and forwarded once the main mail server is accessible again. That is the only function of this server, and does not maintain a backup of any email once it’s been delivered. E-mail servers, when they are unable to deliver a message (soft fail), will typically hold the message and retry a number of times. While this will save most E-mails, some E-mails may be lost, depending on how long the server is down for. The installation of a backup MX server means that a server is always online to accept E-mail (provided both aren’t attacked or otherwise down at the same time). This incurs a $4.07 increase in monthly expenses.