Fight Spam on the Cheap - Tech Learning

Fight Spam on the Cheap

St. Francis High School is a small independent school with its own Exchange server and approximately 20 active Exchange/Outlook Email users. After several relatively spam-free years of operation, deliveries of spam to our users' mailboxes escalated sharply in February 2005. Some of the most afflicted users pleaded
Author:
Publish date:

St. Francis High School is a small independent school with its own Exchange server and approximately 20 active Exchange/Outlook Email users. After several relatively spam-free years of operation, deliveries of spam to our users' mailboxes escalated sharply in February 2005. Some of the most afflicted users pleaded for a suitable solution.

We’re a small school, and our IT budget is proportionally small, too. We have three servers, two with Windows 2000 Server and one with Whitebox Enterprise Linux, which among them handle various network duties quite adequately. There was really no money available for a standalone hardware solution, such as those that Barracuda and Symantec offer, or for a commercial software solution. So, I looked to open-source applications for a suitable anti-spam application.

The solution I settled on was a set of Perl scripts, the Antispam SMTP Proxy, or ASSP. Written by John Hanna, ASSP sits between the Internet and a mail server and scans each incoming message for features common to spam. Like an artificial intelligence, ASSP learns to distinguish between good Email and bad Email. The good messages are relayed to the mail server; the bad ones are stopped at the gate. As a result, our spam delivery rate has dropped to practically zero, and the load on our site-wide installation of Symantec Antivirus Corporate Edition has become minimal.

Knowing that there are more than 2,000 ASSP installations reassures me that ASSP is effective even though its free of charge. Mr. Hanna's sourceforge site displays statistics automatically forwarded by each ASSP host to the central statistics repository. Together those 2,000-plus ASSP servers have stopped more than 875,000,000 spams, an average of more than 437,500 per installation, which is a mindboggling number.

Our statistics at St. Francis' are not quite that phenomenal, but still indicative of the spam problem all organizations face. Our ASSP has been running almost continuously for more than 98 days, except for necessary Windows update restarts and one power outage. In that time, it has processed more than 27,000 messages from external sources, of which almost 60% were classified as spam. Since none of my users have complained about “good” messages being lost, I can assume that ASSP is correct in calculating that proportion. That's thousands of time-wasting messages our users do not have to read and delete. ASSP also caught 28 viruses, 224 scripts and 35 attachments that otherwise would have (probably) been intercepted by Symantec AV. In general, ASSP has been without a doubt a success for us.

ASSP is a low-impact application, tying up very little CPU time. It can run on its own server, or on the same machine as Exchange. Since installing ASSP on our Linux box would have required setting up sendmail or qmail as well – a time-consuming task – I chose to install ASSP in the single-server mode. This setup requires the administrator to change the SMTP ports that Exchange uses, as well as to create a virtual SMTP server to handle outbound mail.

Since ASSP relies on Perl, administrators must install Perl on their mail servers. We are using NumenInestPerl, but Active Perl is also a good distribution. Both are free downloads and are easy to install.

On our Pentium-4 mail server, ASSP runs in the background, intercepting incoming mail on the standard SMTP port 25, analyzing it, then sending the good mail on its way through port 26 to Exchange. Users then receive their mail as usual using Outlook, Outlook Web Access or a POP or IMAP mail client. Spam is shuttled to a separate folder and never delivered.

Hanna has designed ASSP to learn from its mistakes and to learn from mail users' own messages. Critical to this function is ASSP being able to intercept outbound mail using SMTP. Microsoft Outlook, however, sends messages directly to Exchange using the MAPI protocol, which ASSP does not understand and just ignores. The solution is to reconfigure Exchange's outbound message handling. Exchange uses an additional virtual SMTP server, listening on a new port and sending on port 25, to deliver outbound mail.

The resulting path of outbound mail is circuitous, but it enables ASSP to be trained. Let's say an Outlook user sends a message to her mother. Outlook sends this message via MAPI to Exchange, which then sends it via SMTP to ASSP. The address of this message is added to a “white-list” of legitimate addresses. Now ASSP knows that future messages from that address are “good” mail.

ASSP then relays that message to the new virtual SMTP server, which then forwards the message to the Internet on the standard SMTP port 25.

To summarize, we are using ASSP on the same machine as Exchange. A secondary SMTP server application also runs on the Exchange machine. Incoming mail first comes to ASSP, which relays it to Exchange. Outbound mail passes through Exchange, then ASSP and finally to the secondary SMTP server. (See accompanying diagrams.) This configuration has worked very well for us.

The developer advises users to run ASSP in its “learning” mode for three weeks, so that ASSP can develop a useful set of spam and not-spam databases. Messages that are considered spam are labeled as such, but are still delivered to recipients. If a message is not classified correctly, the recipient forwards that message to special “not-spam” or “spam” mailboxes (contacts in Active Directory). Additionally, all outbound mail addresses are automatically added to the “not-spam” database. After three weeks of training, ASSP's autopilot can be turned on, and spam will be blocked automatically.

ASSP can also check messages for viruses and potentially hostile scripts. ASSP uses the open-source antivirus application, ClamAV, for those tasks. A Windows batch file, set up as a scheduled task, can automatically update the ClamAV virus database. In our experience, some viruses have slipped past ASSP and ClamAV, only to be caught by Symantec AV.

Spam has become a major threat to Email users' productivity, as well as the security of their computers. To minimize these threats, network administrators should install an antispam solution to intercept spam before it reaches the mail server. We chose Antispam SMTP Proxy (ASSP), an open-source set of Perl scripts, for use on our Exchange server. To date, this configuration has been very effective and certainly very affordable.

Email:John Wheaton

Featured

Related

Data Security: Fighting Off Cyber-Hackers

High-speed access to the Internet may be great for improved information retrieval, but it has its dark side. For example, do increasing numbers of pop-up ads appear in your browser window? Think they're totally innocuous? Think again! Pop-ups may be evidence of intruders infecting your computer with malicious software

Backup Outlook Email

Question: How can I back up all the Emails in Outlook's inbox? The IT Guy says: There are several options for backing up your Windows-based Microsoft Outlook Email. I recommend the instructions below for users of Outlook 2002 for Windows. From the file menu in Outlook 2002 choose IMPORT/EXPORT. Select EXPORT

Exchange Server Virus Scanning

Question: What product would you recommend for virus scanning on our Exchange mail server? The IT Guy says: Sybari's Antigen for Microsoft Exchange is a robust virus scanning solution for districts running MS Exchange. It provides the ability for real-time scanning of incoming and outgoing messages. The "worm

Educating People about Virus Emails

Question: I receive many Emails with strange attachments from people I don’t know. What are these Emails, where do they come from, and what should I do with them? The IT Guy says: If your school district is not filtering out spam at the server level, or if you are using a non-district Email service that does not

Exchange Server Sync and Mac Entourage

Question: I am using Microsoft Entourage with Macintosh OS X to connect to our district Exchange server, which I use for email, contacts, and my calendar. I have several hundred duplicate copies of certain calendar events now on my Palm and in Entourage's calendar. What caused this and how can I fix it? The IT

Image placeholder title

Spamming the cloud?

Education is the third most spammed industry; 82.6% of all email destined for the sector is considered spam, according to recent data from Symantec.cloud.

Automate Your E-mail Chores

“Thanks for your Email,” wrote a principal back to me. “I didn’t realize I’d missed that workshop. How can I review what workshops I’ve signed up for?” His Email acknowledged that he had missed a workshop, but more importantly, gave me the opportunity to empower him to review

Watch out for Spam

Tip: Spam floods the Internet with multiple copies of the same message — forcing that message on people who do not want it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send — most of the costs