Tales from SPAM & Mail Server Upgrade Hell

Damn SPAMMERS. You gotta' love them a little to hate them. I mean, the persistance and viral nature of them is interesting. One spam company gets your email and then spreads it throughout the spam universe like the plague. Before you know it an email address you carefully guarded (kept off message boards, HTML pages, and hid in server code) becomes compromised. Finally,the load becomes so heavy that it fills your mail box with 2000 pieces of spam and then overloads your mailserver. In other words, you are stuck in the middle of a midievel seige on your castle.

This type of SPAM hell hit me really hard recently. In the past I simply took a SPAM sieged email address and turned it off. Most of the time the accounts that got hit were the ones I used for subscriptions, so turning them off were no big deal.

Then, they invaded. I got hit on one of my oldest email accounts @ illuminare...I surrendered and turned it off. That was too bad, but I accepted it because there was little I could do and it was an old account that I didn't use anymore. That was the norm until last week when my personal and private email account was selected for assimilation.

The onslaught of SPAM brought my PowerBook 500 email server to its knees and shut it down with a muderours scream eminating from it. I banged my head on the ceiling in the Server Closet in my attempt to reset it. I was pissed. Not only was the server dead, but I banged head to boot. So, I decided to fight back...hard. It was far time to put some serious server side spam and antivirus scanning in place on a new mail server. Unfortunately, this decision meant that I had to kindly kill my oldest PPC Mac that dated back to the dark college days of the early 90's.

I looked around at the different open source mail servers and decided upon a combination of Exim & Courier with a healthy dose of SpamAssassin and Clam Antivirus. All of it would tie into a SQL database for account management and server configuration. It litteraly is the holy grail to solving my problem.

I thought it would be an easy compile on OS X and there would be not permissions problem. I was dead wrong. Although the compile and upgrade of Per was easy, the permissions issues I ran into after the fact was pure bloody hell. First, Courier would not authenticate usernames into the account database. Next, the Exim Mail Daemon would fail to create an MailDir dynamically for new accounts upon receiving email for them (which is the way it is supposed to work).

It really sucked. I was in permissions hell...chmodding files, bouncing servers, the works to very late hours of the evening. When I fixed the authentication problem for Courier by upgrading to the latest release, I broke Exim's MailDir creation process. The only good news in the pit of dispair was the looking at all the Spam in the mail log that was wholesale rejected by the server...4000 pieces of mail...all bounced before hitting my in-box. SpamAssassin kicked some serious butt.

With that one bit of good news, I was determined to make it work all the way accross. I took the OS X server I was building the mail servers on and literally rebuilt the box from the OS X Server installation level up and then reinstalled the mail server apps. With that multi-hour process, I managed to get it to work. Turns out it was a security patch that was released to address holes with certain services was getting in the way. I turned off those services and skipped the patch...bang it worked.

Now I have a bullet proof mail server with AntiSpam, AntiVirus, and webmail. All of it open source and running on Mac OS X server's BSD unix. Now I have to set up the other services that used be running on the same box before the mail war. (I may not be a code monkey anymore, but with enough of incentive--SPAM--I will do everyhing possible to secure my network.)

The moral of the story is this: Either you let the SPAMMERS win by surrendering your email account, allow SPAMMERS into your mail box and clense the spam after you download it (thus sucking your bandwidth dry), or you fight back on the server side.

I tried the first 2 methods and the experience sucked. Your email address is like your phone number. If at all possible you don't want to change it because then you have to tell everyone that it has changed and they have to remember to use the new one. It is far better to fight back on the server side and win. This way you end up keeping your email and fight back the siege of SPAM at your doorstep.

Tales of a BeOS to Linux to Windows to OS X User

I ran across this great story by a former BeOS user that went through a varied OS hell journey on his way to using OS X. While the article is a little dated it points out the serious GUI flaws with most of the Linux distros and how OS X (in his opinion) is the only serious Deskop/DUI Unix distro worh using (This comes from a guy that bashed the Mac for years).

Well worth the read.

Happy New Year