This morning, Spamhaus posted some excellent advice on how to stop spammers from exploiting webservers. The Spamhaus Project based in Geneva, Switzerland& London, UK was founded in 1998 and is an international nonprofit organization that tracks Internet spam. The project is staffed with investigators, forensics specialists, and network engineers.
Spamhaus maintains a number of security intelligence databases and realtime spam-blocking databases (‘DNSBLs’) responsible for keeping back the vast majority of spam and malware sent out on the Internet. These include the Spamhaus Block List (SBL), the Exploits Block List (XBL), the Policy Block List (PBL) and the Domain Block List (DBL). Spamhaus DNSBLs are today used by the majority of the Internet’s Email Service Providers, Corporations, Universities, Governments and Military networks. —Spamhaus
Spamhaus states that keeping Linux/NIX webservers secure is a critical component of the fight against botnet and malware-related spam. They list 5 critical steps in securing a webserver:
- Keep applications updated
- Do not install software from untrusted sources
- Know your applications and secure your filesystems
- Wrap your SMTP daemon
- Block direct-to-mx sending
For each of the 5 critical components listed above, they go into greater detail on how to achieve this at their blog. In a previous article, they discussed spam through compromised passwords. Overall, they provide a comprehensive anti-spam plan (if implemented) that can significantly reduce spam within the next three to five years.
Open Relay Test
It is also a good idea to test your mail server configuration and make sure that it is not acting as an open relay. If you do have an open relay this will place a perma-smile on a third-party spammers face and can get your domain blacklisted and your reputation tarred.