21.1. Introduction

Spam and malware really take the fun out of the Internet. It seems that no human invention, no matter how cool, is immune from being spoiled by idiots.

Malware is a general term that covers viruses, Trojan horses, worms, malicious executables on web pages, and any other kind of nasty that can infect a system from a mail client or web browser. Currently, this means primarily Outlook, Outlook Express, and Internet Explorer. Eliminating these from a Windows system goes a long way toward making it less insecure.

This chapter covers adding a number of spam and virus-fighting tools to your Postfix server: Clam Anti-Virus, SpamAssassin, DNS blackhole lists, and whitelists. You can mix and match to your heart's content. Make sure you are running the latest versions of everything—especially Postfix, which should be Version 2.0 or newer.

There are three ways to apply restrictions on incoming mail:

SMTPD restrictions
Header/body checks
Content filters

The farther down the chain you go, the more work is placed on the server. There are limits to what can be effectively done at each level. Expect to invest a bit of time and do some tweaking until you get it right.

Your basic strategy is:

Protect your bandwidth.
Protect your mail server from being overloaded.
Protect your proxies and mail servers from being used to relay spam.
Keep yourself from being a source of contagion.

The last is the most important. No one else cares how messed up your system is, as long as you don't become a source of contagion to the entire Internet.

It's a ridiculous amount of effort to exert just to keep your inboxes reasonably free of pestilence, but if you have any Windows hosts on your network, you have to do it.

Do you need to do all this if you are not running any Windows systems? You can probably omit Clam Anti-Virus, though it doesn't hurt to have it running. Linux isn't immune from attack, though attacks via email viruses are highly unlikely. As of this writing, there are no significant Linux email viruses. Attacks on Linux systems usually come through the back door. An attacker has to find a way to gain access to the system, then gain enough privileges to commit mischief. Opening in document mode is the Linux standard, so even if you've configured your mail client to associate file types with applications, you still can't activate an executable directly from an email. And if an ordinary user should activate a malicious email attachment, by saving it to a directory, doing chmod +x, and then running it, it would still need root privileges to do anything significant. (Remember how Postfix insists that root's mail goes to an alias?)

Furthermore, even if a Linux email virus managed to install and propagate itself and infect other hosts, it would fizzle out pretty quickly. It simply would not find a warm welcome, not the way Windows viruses do. Still, it never hurts to be careful. All it takes is one evil genius to write a lethal exploit; armies of willing script kiddies will quickly take care of unleashing it on the world.

Again, taking care of the basics is fundamental:

Use the minimum necessary privileges for the job—do not take the name of root in vain.
Remember that strong passwords are effective.
Keep a tight leash on sudo users.
Be careful with file ownerships and permissions.

21.1.1 See Also

Virus Library, for a comprehensive, easily searchable collection of viruses, Trojan horses, worms, and so forth (http://www.viruslibrary.com)
Security Focus, home of the BugTraq list and many more excellent resources (http://www.securityfocus.com)
The SANS (SysAdmin, Audit, Network, Security) Institute (http://www.sans.org)

< Day Day Up >