Anyone with an email address has had to deal with spam. Insidious, potentially offensive, sometimes incomprehensible but definitely time wasting spam. It is such a problem that there is a whole industry of software products out there to deal with the spam. Some of these tools can delete the spam straight away, others just tag it and allow you to redirect it to a Spam folder or something similar. But what none of them can tell you is who gave away your email address? Was it that online store you purchased a gift from last month? Did they then sell your email address to a list broker? Maybe it was a co-worker playing a joke that gave your personal address to that porn site?
Wouldn’t it be nice to know who gave away your email address? I certainly want to know.
In addition, unfortunately as good as some of the tools out there are, some spam inevitably gets through. I have given up on email addresses because they had become so riddled with spam that the signal to noise ratio was not worth the effort anymore. My original Yahoo! mail account comes to mind. I want to be able to block as much spam as possible – not tag it or redirect it, I simply want to know nothing about its existence in the first place.
So this is how I manage my email and deal with spam.
Firstly I purchased my own domain name and I set up an email server to host the email for that domain. Even the most basic Linux hosting plans will be more than enough for this purpose.
Next I set up just one real account on the email server. I then configured the server to redirect all of the email sent to that domain to that one real account. This is often called a catch-all account.
Now whenever I need to provide an email address for something, I use a unique one-off address. For example, when I signed up for Netflix, I used netflix@mydomain.com as the email address for my account. Whenever Netflix sends me an email at that address, it still ends up in my Inbox because of the catch-all account. l also know that if I start getting spam email being sent to netflix@mydomain.com then I need to have some harsh words with Netflix (thankfully this has not happened with Netflix).
If you implement this strategy, you’ll be surprised how many of these one-off addresses you end up creating. So to keep things organized (and so I do not forget who I gave the address too) I try to map these addresses to the domain names of the website or the company I am giving them too. This however, will raise some eyebrows from time to time. When the car salesman at the BMW dealership asks for your email address and you tell him it is bmw@mydomain.com you will almost certainly get a strange look.
OK, so now I can give out unique (traceable) email addresses to companies and websites when they ask for them. If I start getting spam being sent to a specific address, I know who sold me out. It also means that the email address that my personal friends and family use is kept reasonably secluded and not plastered all over websites and in databases all over the planet.
Now what do I do if the spam being sent to one of these unique email address gets out of hand? Easy, I just block receiving email for that address on the server. Any email sent to that address will bounce back to the sender with a message telling them that the account is no longer valid. I never see the email, I am never even aware of its existence, I never waste time downloading it to my phone or laptop. Perfect. In addition, the rest of my email is not affected, it still all gets through.
In my environment I run Sendmail as my mail server. Configuring Sendmail to completely block certain recipient addresses is very simple. You will need to edit the file /etc/mail/access which is a simple text file – if it does not exist, you can create it. In this file, you will need to add a line for each address you want to block. Here is an example
Sendmail will reject/bounce any inbound message sent to either of these 2 addresses. In my actual file I have about 15 addresses total being bounced currently.
Once you have edited the access file, you have to turn it into the database format that Sendmail expects. This is also easy to do.
That’s it. You don’t even need to restart Sendmail, the settings take effect straight away. Anytime you need to start rejecting another email you just add another line to the access file and regenerate the database.
Now, in the spirit of full disclosure, I admit that I do still get some spam. This is spam that is being sent to addresses that are legitimate and which I do not want to block. But I do know that the number of spam messages I do see versus the number that are getting bounced is slanted heavily in my favor – something like 1 or 2 per day get through versus 1 or 2 hundred that are getting bounced.
Let me know if you have any other ideas for taking better control of your email.
Today I finished a successful fresh install of JBoss Portal. Below is the process I followed.
Versions
Step 1 – Downloads
jdk-1_5_0_19-linux-amd64-rpm.binjboss-portal-2.7.2-bundled.zipMySQL-server-community-5.1.34-0.rhel5.x86_64.rpm) and the client (MySQL-client-community-5.1.34-0.rhel5.x86_64.rpm) RPMsmysql-connector-java-5.1.7.tar.gzStep 2 – Install JavaSE
This RPM installed all of the files into /usr/java/jdk1.5.0_19
/etc/profile file to make the JAVA_HOME environment variable and Java binaries available to everyone on the box. I added the following lines to achieve this
Step 3 – Deploy Portal Binaries
This created the directory /usr/local/jboss-portal-2.7.2
/etc/profile file to add the JBoss environment to it by adding the following line
Then I tested it
Step 4 – Change Default Port (Optional)
For my install I have no need to run Apache in front of JBoss, so I want JBoss to listen (or more correctly, have Tomcat listen) directly on port 80 – by default it listens on 8080.
$JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml file, (which is a standard Tomcat configuration file) in an editor.
redirectPort attribute of the HTTP connector to match.
Step 5 – Change Portal to be the root web app. (Optional)
For my install, the Portal will be the main application on the server, so I want it to be accessible from the root of the server, and not have to enter the portal context path all of the time.
$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/jboss-web.xml file, in an editor.
<context -root> tag and changed the vallue to be just a single forward slash character.
Step 6 – Install MySQL
By default, JBoss Portal will use a Hypersonic database for all of its internal data. My environment will be a production environment, so I want to use something more robust.
The installation process started the mysqld service automatically. It also installed MySQL as a service automatically.
Server version 5.1.34-community
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/lib/mysql/mysql.sock
Uptime: 5 hours 29 min 16 sec
Threads: 1 Questions: 5 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables: 8 Queries per second avg: 0.0
$
There are a lot of things you might want to do to a base MySQL install before putting it into production, but that is beyond the scope of this document. I would start with this link for some of the things you need to consider: http://dev.mysql.com/doc/refman/5.1/en/unix-post-installation.html
Step 7 – Point the Portal at MySQL
Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.
mysql>
jbossportal Database to the user I just created
At this point I quit the MySQL interpreter.
$JBOSS_HOME/server/default/lib/ directory
I double checked the username, password and database name settings in the file were correct
Step 9 – Check Your Work
Now I checked my handy work before moving on to the next step.
It will take a while but, eventually the server will finish booting.
If you have trouble accessing your URL, there could be an issue with the address that JBoss is listening on. This can be caused by various issues with your server setup (hostname, hosts file etc.). One quick thing to try is to pass -b 0.0.0.0 as an argument to the run.sh script – this tells JBoss to listen on all addresses, which might help you figure out where the issue is.
Step 10 – Setup JBoss Portal as a Service
$JBOSS_HOME/bin/jboss_init_redhat.sh in an editor.
JBOSS_HOME and JBOSS_USER) were correct.
chkconfig system
I saved the file and exited the editor.
init.d directory
chkconfig to register the script for the correct run levels
Step 11 – Have A Beer
It is always appropriate to reward yourself with a craft, micro-brewed or home-brewed beer!
As I was trying to learn more about hardening a CentOS box I am now the sole admin for I stumbled upon this little gem of a website. The Central Security Service, which is part of the National Security Agency (which sounds much more intimidating if just say the NSA) has published a whole bunch or recommendations for specific Operating Systems and how to secure them. In addition there are guides for databases and routers among other things. Who knew the Federal Government could be so useful.
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
 |
|
This work is licensed under a