Following is a guest post from a Robert Schmid, a Macminicolo customer. If you have a tip on running a Mac server and would like to share it, please let us know.

ImageI setup my first Unix server in 1997 on a Mac Quadra 840AV. It was great way to rehabilitate obsolete macs. My biggest problem then was spam. My war on spam continued for the next several years until I finally got it under control a few years ago. For me, mail filters are not a sufficient answer to spam. It needs to be stopped on request, not after your bandwidth has been wasted. I finally found two very important strategies for stopping spam – greylisting and wildcard addressing.

Greylisting works by passing the expense of communicating with you back to the spammer. It requires them to do something they aren’t willing to do – wait. They aren’t willing to wait because the shotgun approach of mailing they use would be slowed down considerably if they had to comply with the requirements of greylisting. It’s more valuable for them to pass you by and send their crap to someone else.

Under greylisting, when your server receives a mail request it checks the sender and recipient headers. If it does not recognize the pairing it sends back an error code 450 which tells the sending server to try and send again. Traditionally, mail servers are configured to resend email several times over a set period with increasing delays between sends. For example it will try to resend in 15 secs, 30 secs after that and then 1 min, 5 min and so on until either the recipients receives the mail or time runs out. Greylisting refuses to accept the email unless it receives a repeated try /after/ a set delay (like 5 minutes). Spammers can’t afford to resend to all the temporary errors they get.

Greylisting can be added to your mac mini by installing Postgrey. My spam has been cut by more than 90% solely by installing postgrey. Installation postgrey will require you to learn the Unix side of your mini but, believe me the effort is well worth it.

The second strategy uses a little-known feature of postfix but requires you to educate your users in its use. Postfix allows your users to create email addresses for themselves on-the-fly. For example, if I send email to macminicolo and I want to keep an eye on them, I might give them an email address like user+bigcorp@domain.dom. The plus sign here is the wildcard. Postfix allows you to define any wildcard you wish. So email sent back to user+bigcorp will be forwarded to user@domain.dom on your server. Your users can use this if they start getting email at such an address.
If I started getting viagra advertisements or phishing schemes at user+bigcorp I will know that either bigcorp has sold my address or their systems have been comprised to get my address. At that point, I have two actions I can take. I can communicate with the company that compromised my address and I can disable the wildcarded form of that address without disabling the root address.
You can disable the address by adding it to a file referenced by Postfix’s header_check function defined in main.cf. You would add addresses in lines like;

/user\+bigcorp@domain\.com/ REJECT User Unknown

This particular version of disabling does not scale well. My server is fairly small so the number of addresses I’ve had to disable is correspondingly small. Postfix provides better methods for doing the same thing using hash maps. There are many different ways to implement this feature of postfix, If you aren’t familiar with the inner workings of postfix, I highly recommend you check out the postfix website) and find out everything it can do for you.

Image