Next, Fluffy asks whether you want to preload a set of DNS blacklist servers into the application. DNS blacklists (aka Realtime Block Lists—RBLs) typically contain IP addresses of mail servers known to have recently sent spam. When a new inbound SMTP connection contacts your mail server, Fluffy can query these lists to determine whether your mail server should trust or discard the incoming connection. Answering Yes to accept the predefined list of DNS blacklist servers (which I recommend you do) only populates the DNS blacklist information into Fluffy; it doesn't automatically activate any of the blacklists. I cover DNS blacklist capabilities and blacklist providers in more detail later.
You can also blacklist certain incoming domains and IP address ranges for systems that you've determined shouldn't be trusted. Fluffy asks whether you want to accept a predefined list of blacklisted domains and IP addresses. Although Fluffy includes only a few entries in the predefined list, I recommend you choose No for this option to ensure that you don't mistakenly block important mail.
Fluffy also includes a "spam trap" capability—that is, the ability to specify which inbound email addresses (or parts of addresses) shouldn't receive any mail at all. When Fluffy sees a message sent to a trap address, it immediately records the IP information of the server that sent the message, thereby telling your mail server to discard any future deliveries from the sender. Fluffy's preloaded spam-trap list is rather extensive, and—in my opinion—way too aggressive. A quick look through the default list showed email addresses such as byron@ and geoff@—relatively common names. Therefore, I suggest you select No for this option. Although the idea of populating this list with "fake" names for users not in your organization is a good one, the default option here is far too broad.
The last question Fluffy asks is whether you want to enable its predefined attachment-blocking list. This option preloads all the common attachment types (e.g., .bat, .cmd, .com, .exe, .pif, .scr) that you don't want your email users to receive. I suggest you select Yes. Later, you can add or remove attachment-type entries as needed. After you've answered the last question, Fluffy will be up and running on your network. However, you're not done with your configuration just yet.
Getting Fluffy Ready for the Internet
You need to tell Fluffy where it should direct mail messages after it processes them. To do so, double-click the three-headed dog icon in the system tray to display Fluffy's monitoring console window. Click Configure, then select the SMTP Servers tab. At this tabbed page, which Figure 2 shows, you can access IP configuration details and enter Fluffy's TCP port and your mail server's IP address and TCP port.
As I mentioned earlier, for this article's purposes I run Fluffy and my mail server (Windows Server 2003 with POP and SMTP enabled) on the same system. Before I installed Fluffy, my Microsoft Internet Information Services (IIS) 6.0 SMTP server listened for incoming SMTP sessions on TCP port 25. However, I want Fluffy, not IIS, to be the first server to see new inbound SMTP connections. To accomplish this, I changed the listening port of my mail server (i.e., IIS's SMTP server) to port 26. To change IIS's listening port, you need to use the Microsoft Management Console (MMC) Internet Information Services snap-in to modify your SMTP server's properties. Launch the snap-in and double-click the server, then select the General tab. Click the Advanced button next to the IP address field to display the Identification dialog box, where you configure the TCP port for IIS. Make sure that the port you specify for your mail server in the Internet Information Services snap-in matches the SMTP Server Port that's defined on Fluffy's SMTP Servers tab.
After you tell Fluffy which IP address and TCP ports to use, Fluffy should face the Internet and be the first server to receive SMTP traffic. Because you've changed your mail infrastructure a bit, double-check your system to make sure that your new server isn't acting as an open relay (i.e., a mail server that sends email messages regardless of their origin or destination). If your mail server wasn't an open relay before you installed Fluffy, it shouldn't be one now, but it's always wise to double-check. To verify that your system can't be used as an open relay, you can use the free mail-relay testing service available from Network Abuse Clearinghouse. If your system allows open relay, you should restrict its mail-relaying capabilities as quickly as possible, or else it won't be long before spammers find your server and start using it to deliver their junk.
Now that Fluffy knows where to find your server and it's secured against open relaying, you should test whether you can deliver a regular email message to your network from the outside world. To do so, in Fluffy's configuration window, select the Update/Logs tab, set the Logging Detail level to 6 so that you can watch a detailed diagnostic for Fluffy, then send yourself a message from an outside email address. Don't panic if you don't see your message right away—the delay means that the message has just encountered one of the first antispam defenses that Fluffy provides for your network.
)
)
Register
a blocked attachment that it will bounce back a message to the sender. Is this an email message to the alleged sender's email address as
opposed to a 550 protocol error to the IP address of the MTA? I want
to avoid sending email messages to the spoofed/forged email addresses
of innocent people.
cfrankb September 08, 2004 (Article Rating: