Easy spam-blocking with TMDA
Takeaway: Vincent Danen explains how the Tagged Message Delivery Agent works to knock out spam with managed blacklists and whitelists.
TMDA, or Tagged Message Delivery Agent, is a spam-fighting tool written in python that uses a challenge/response mechanism to combat spam. Instead of relying on dictionaries of good and bad words that spammers are daily attempting to poison, TMDA relies on black and white lists of e-mail addresses and address-based filtering. In other words, if TMDA receives a message from an address in your blacklist, the e-mail is immediately dropped. If it finds one in a whitelist, the message is sent through unhindered. If it receives a message from an address that it knows nothing about, it sends a challenge e-mail requesting that the sender responds to that message and upon receiving the response, can add the sender to a whitelist and release the original message for delivery.
TMDA works with all of the popular Linux MTAs: Exim, qmail, sendmail, and postfix. Documentation on the TMDA Web site gives you all the information you need to set it up. It can be used to handle single addresses, multiple addresses over multiple domains, and even act as a front-end to mailing list packages such as mailman.
TMDA offers a number of other features, such as tagged addresses, which allow you to define specific keyword-based addresses or dated addresses that expire after a certain amount of time. These features require that TMDA be installed on both the server that receives your e-mail, and locally, to be used by your e-mail client.
However, for simple challenge/response, which is suitable for stopping significant amounts of spam, TMDA can be installed solely on the server. Because it can be used with a variety of virtual-hosting schemes, TMDA is quite flexible. While maintenance of TMDA is much easier with shell access to the server to edit certain configuration files, it can be completely managed via e-mail using the tmda-pending tool. For instance, TMDA can be told to hold all unauthorized messages for a certain period, such as 14 days, before deleting the messages; however, until you have built a good whitelist, keeping an eye on the pending queue is a good idea—just to make sure you're not missing mail from Web sites or other automated mailers that is actually legitimate. To make this available to users, you can have a daily e-mail sent out to the users that lists all the mails in the pending queue with a special address that the user can respond to in order to release the message, all from within the e-mail client.
The advantage here is that instead of receiving a dozen spam e-ails, the user receives one: a summary e-ail from TMDA that would contain all of the entries in the pending queue. The email contents would look something like:
1162695647.23895 (7 of 7 / 16333 bytes)
>> Date: Sun, 5 Nov 2006 04:00:31 +0100
>> From: "tagged" <bzqgpctdp@t-dialin.net>
>> To: support@host.com
>> Subj: traffic. Nathan Lippe
<mailto:support+confirm+1162695647.23895.59fb6f@host.com>
If this were legitimate mail, the user could either click on the mail or send an empty e-mail to the "confirm" address to release the message and have the sender automatically added to the whitelist (with the CONFIRM_APPEND keyword defined in the configuration file). This allows the end user not only to view what TMDA is stopping, but also to release those mails that he or she considers to be legitimate.
On the administrator end, the tmda-pending summaries can easily be sent out via a cronjob that executes:
#!/bin/sh
export HOME=/srv/mail/host.com/support
tmda-pending -c /srv/mail/host.com/support/.tmda/config -C -b -s
TMDA, used on its own or in cooperation with other spam-fighting tools such as SpamAssassin, can help to reduce the number of spam messages people receive. Being able to reject spam at the MTA level by using DNS-based blacklist services like SpamCop, rejecting mails based on SpamAssassin scans before the message is even delivered, and then letting TMDA handle what does get through will ensure that virtually no spam will be seen by yourself, or your users, and the overhead incurred by running TMDA should be minimal with adequate delivery-based spam protection.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Print/View all Posts Comments on this article
 Yes but this increases email trafficpuntim | 12/19/06 |
  blogosphere's opinion of challenge-responseundefined | 12/19/06 |
 don't do it with telephone?Jaqui | 12/19/06 |
| same ends != same meansundefined | 12/19/06 |
| It sounds pretty good to mestress junkie | 12/19/06 |
| seen it done..Jaqui | 12/19/06 |
| Reminds me of kittens...TDrpic | 12/19/06 |
| yupJaqui | 12/19/06 |
| Not goodgshollingsworth | 12/19/06 |
SponsoredWhite Papers, Webcasts, and Downloads
- Microsoft SQL Server and Dell EqualLogic PS Series Solution Brief Dell EqualLogic
- Leveraging Information for Innovation and Competitive Advantage IBM
- Sprint IPVoice Connect Fact Sheet Sprint
- Nextel Direct Connect Fact Sheet Sprint
- Case Study: GHS Data Management - Improving Data Protection and Storage Reliability for Critical Databases Dell EqualLogic
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
