Challenge-Response — to fight email SPAM

You’ve probably already tried spamassassin and a host of other tools, which are good mind you, and still there’s spam bothering you! So whats next? How do you manage the spam situation?

Well how about a challenge-response mechanism. How about asking the sender to ensure that they sent you the message before letting the message reach your mailbox.

This is implemented beautifully by TMDA (short for Tagged Message Delivery Agent)! TMDA combines whitelists, blacklists, a challenge/response system, and special-purpose e-mail addresses called “tagged addresses” to thwart spam.

This howto is for setting up TMDA on a per user basis (not everyone would probably appreciate the interception and so better to give it only to those on your server who ask for it)! It assumes Postfix is the MTA.

  • cd /usr/src
  • wget http://tmda.sourceforge.net/ftp/releases/tmda-1.1.1.tgz
  • tar -zxf tmda-1.1.1.tgz
  • cd tmda-1.1.1
  • ./compileall
  • su – imtiaz
  • mkdir .tmda
  • cd .tmda/
  • /usr/src/tmda-1.1.1/bin/tmda-keygen —> dont forget to chmod 600 your crypt_key after pasting output of this command into ~/.tmda/crypt_key)
  • mkdir logs
  • touch logs/debug
  • touch logs/
  • touch lists/confirmed
  • mkdir filters
  • cat > .forward

|/usr/src/tmda-1.1.1/bin/tmda-filter

  • echo “from-file ~/.tmda/lists/confirmed accept” > filters/incoming
  • cat > config

MAIL_TRANSFER_AGENT = "postfix"
RECIPIENT_DELIMITER = "+"
DELIVERY = "/var/spool/mail/imtiaz"
CONFIRM_APPEND = os.path.expanduser("~/.tmda/lists/confirmed")
LOGFILE_DEBUG = "~/.tmda/logs/debug"
LOGFILE_INCOMING = "~/.tmda/logs/incoming"
LOGFILE_OUTGOING = "~/.tmda/logs/outgoing"
FILTER_INCOMING = os.path.expanduser("~/.tmda/filters/incoming")
FILTER_OUTGOING = os.path.expanduser("~/.tmda/filters/outgoing")
ACTIONOUTGOING = "bare=append"
BARE_APPEND = os.path.expanduser("~/.tmda/lists/confirmed")

Once this is done send a test mail to imtiaz@domain. It should result in a automatic reply being generated asking for a confirmation from our end. Once you confirm the address becomes whitelisted and you can send without a confirmation until the user, Imtiaz, removes your id from the confirmed list.

Send a mail to imtiaz@branches.ca to see how this works

Please use this form to contact us to request a qoute for this implementation on your server. We can also do this server wide if required.

Leave a Reply

Your email address will not be published. Required fields are marked *