Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Whither Spam?

When I switched to my new Slicehost server, I spent a while trying to decide what I wanted to do about email for my domains. I contemplated using Google’s domain email service, or some other third-party email hosting. But I just hated giving up that much control of my email setup. I’ve been administering my own email for (…thinking…) almost 15 years now. So, in the end, I just ended up routing email to my new web server.

The problem was that this added a significant amount of processing load to the server. Maily because I have been using the SpamBouncer procmail rules to filter my email. This set of procmail rules does a pretty good job of reducing the amount of spam that makes it to my inbox, but procmail is a notorious CPU hog. Whenever a batch of spam emails would arrive (when you host email for several domains and users, you notice that spam often arrives in ‘clumps’), several procmail processes would kick off, and the system load would shoot up by an order of magnitude for a brief time. The machine seemed to handle it okay, but it bugged me.

Recently, however, I was contacted by one Brad Garrison. He was also a customer with Slicehost, but he wasn’t as satisfied with them as I was. Brad was having some sort of problem with load on his server, and decided to try a different hosting provider. But he had some pre-paid credit that he could not get refunded. Being a visitor to my site, and seeing that I was at Slicehost, he generously arranged to transfer the remainder of his credit to my account (thanks, Brad!).

I decided to put this windfall to use by adding a second server to my account, to act as a dedicated email gateway and spam filter. First, I added a 256 Slice to my account, and set it up with Ubuntu 8.04. Once I had the base system up and running, with a few personal tweaks, I followed the instructions on HowToForge for building a SpamSnake server. When I was done, my server was running the Postfix MTA, MailScanner, Spamassassin, ClamAV, and MailWatch. I had problems with the greylist server, so I disabled gld and removed the associated bits from my postfix config.

Once it was all configured, I pointed the MX records for one of my lesser-used domains to the new server. Then I was able to send some test emails (which is how I ended up disabling gld), adjust and fix things I had missed in the initial setup, and get everything working just right. Once I was happy with it, I updated the DNS for the rest of my domains, to use the new server as their MX (Mail eXchange). After letting it run for a day, however, I found that the load on the new server was through the roof. MailScanner uses a *lot* of RAM, so the machine was in constant swap. So I upgraded the slice to 512MB of RAM. This process went smoothly. It probably took about 15 minutes from my initial request to the point that the machine was running in the new configuration, and it was only down for about 5 of those minutes. Score one for Xen virtual machines!

With the increased RAM, the machine was now happily munching on email, spitting the spams and virii into the bit bucket, and passing the rest of the messages along to my main server. I did, notice, however, that certain spammers were still sending emails directly to my mailbox server, instead of to the spamsnake gateway server. Naughty, naughty spammers! I fixed this by configuring the mailbox server to only accept connections from the gateway server. This took a little bit of research, but a user named Simon on the #exim channel in Freenode IRC pointed me in the right direction for setting up the ACL rules.

So, now my web server is happier because of the lower CPU load. And my inbox is happier because I get much less spam making it through filtering. I went from about 150 uncaught spams per night to about 12. I don’t even want to think about how many messages are getting blocked before I ever see a statistic on them (e.g., blocked by DNSBL, or other fingerprints, before any anti-spam content scanning takes place). For a while, I was actually worried that I had broken something, because I had been going so long without seeing new messages. I almost missed the constant dribble of spams! Almost :)

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Hardware, Linux, Servers, Services, Software, Spam, Tech and tagged , , , , , , , , , , , , , , , . Bookmark the permalink.

4 Responses to Whither Spam?

  1. Safenetting says:

    I highly recommend a SpamCop account. You still get the spam, but it’s moved over into a holding folder for further action. I filter my other addresses through the account — one which averages 600 to 800 spams every 8 hours. (Online since 1994) SpamCop does give some slight degree of pleasure by clicking “Report Spam” and knowing that a) the spam IS INDEED reported to abuse contacts, and b) is added to the more popular black holes.

    I love it… the interface and usability is second to none, my email never gets blocked and it is NEVER down. Everyone should have SpamCop email and a Knujon account.

  2. Phil Dufault says:

    I know it sounds like a copout, but I use gmail happily and see not a lot of spam. I do want a SpamCop account though…

  3. This sounds like a fun project but I can tell you that I use Google apps and absolutely love it. I got tired of receiving spam on my hosted accounts and was aware that Google does wonders with catching spam. Currently I could never think about going back to hosting my mail on my server and relying on Spamassassin or ClamAV. I used to access all my mail through Outlook also but its so easy now to just use the g-mail site as I never was a fan of Squirrel Mail or any of those. The best thing is the amount of space you get with the google apps system. I haven’t even used 1% of my quota yet.

    Now… if only spam would disappear. :)

  4. Reuben says:

    Like you I got tired of receiving spam. You know I use Gmail happily and I don’t receive a lot of spam. But I see that your web server became happier like you and it’s a very good news. You have chosen your own direction to avoid spam and I see the result from your article.

Leave a Reply

%d bloggers like this: