"POP(IMAP)-before-SMTP" Anti-spam Measure

Blue Reef has recently upgraded the email services on each Virtual Server to include a "POP(IMAP)-before-SMTP" anti-spam measure. With the demise of the big spamhaus operations like CyberPromo, the spamming community has resorted to "hit-and-run" spamming through open SMTP relays, the advantage being that a spammer can send a single copy of his or her spam from a throwaway dial-up account and have the fast and well-connected SMTP server "explode" the message out to 50 or more addresses per original send. Also, since there are many, many open SMTP relays around the world, spammers can easily circumvent spam blocking measures by bouncing their spams off an unsuspecting relay.

When implemented correctly, a POP(IMAP)-before-SMTP policy should all but eliminate this form of unauthorized SMTP relaying. POP(IMAP)-before-SMTP relaying works like this: every time someone successfully enters a correct username and password to the POP server or IMAP server, the server records the IP address of remote client for later use by the SMTP server. This IP address is stored in a .db file (etc/relayers.db) with a timestamp of the login. This database will serve as a list of IP addresses that are allowed to perform an SMTP relay and is used by sendmail during an SMTP transaction. Placing a simple set of rules in the "check_rcpt" section of the sendmail.cf file will cause sendmail to refuse to relay except for IP addresses recorded by either the POP daemon or the IMAP daemon. With the addition of the "vsmtprelay" utility command that is used to expire addresses from the database as their validity runs out, the solution is complete. Database cleanup and address expiration can be automated via a cron entry, making the solution self-maintaining and requiring no manual intervention or maintenance.

NOTE: Some of our Virtual Server customers have been contacted by ORBS (Open Relay Behaviour-modification System) advising them that their Virtual Server is an open e-mail relay. Usually, this is because the customer has disabled the POP-before-SMTP anti-spam feature on their Virtual Server. If you have been contacted by ORBS and wish to be removed from the ORBS database you must re-enable POP-before-SMTP and then submit your Virtual Server IP address to ORBS for testing and approval. Report a Closed Relay Of course, it is not mandatory to do this, but doing so will get ORBS off of your back.