The Three Simplest and Most Effective Anti-Spam Hacks I Have Ever Seen

Hack zero: Switch to Gmail This is not a joke: Gmail is a fantastic and nearly spam-free platform. Notably, you can hook it up with a custom domain name so no one knows you are part of the Goog machine like everyone else.

Hack one: Greylisting with Postfix on Ubuntu

A mail transfer agent using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will most likely try again to send it later, at which time the destination will accept it. Wikipedia: Greylisting

Assuming that you have your own email server, greylisting is genius. Diabolically elegant, really. If you run an email server (or any server that can receive email) you are probably running the Postfix MTA, in which case their is a main configuration file appropriately named main.cf. A couple of edits to this file and you are on your way.

Here's how this setup looks (not my graph but I have definitely seen this happen on production mailservers):

The really brilliant thing about greylisting is that it it deals with spam way before it ever reaches your inbox, which is the only way to go (I don't use any spam filtering on my mailbox. That's too late, especially from a sysadmin perspective (think of the children cycles!).

Step one: install postgrey.

apt-get install postgrey

Two: edit your main.cf file.

sudo vi /etc/postfix/main.cf

Three: Then open it up and look for your smtpd_restrictions; add the following line:

checkpolicyservice inet:127.0.0.1:60000

Four: Reload Postfix

/etc/init.d/postfix reload

Hack 2: DNS Blocklists

This one is even easier, requiring only an extra line (for each blocklist). The blocklists are Just put it right there in that same block in main.cf. I typically use four of them. (Each has a slightly different purpose and tolerance. Check out the sites to get a flavor for why they exist.) This one is actually my favorite — it was created by the geek premier Paul Vixie and uses a DNS lookup for an extraordinarily light overhead.

Step One:

Open your main.cf file again and add these lines:

  
  reject_rbl_client list.dsbl.org,
  reject_rbl_client sbl.spamhaus.org,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client dul.dnsbl.sorbs.net
  

Then reboot Postfix:

/etc/init.d/postfix reload

As with the example above you will also want to watch your mail log to make sure nothings gone wrong.

sudo tail -f /var/log/maillog

Hack 3: Keep Spammers out of Your Forms

This is really the ideal place to stop spam: before it happens. There are a bazillion ways to prove that someone is a human (CAPTCHAs ... sigh), but I think it is instead better to put the burden on the bots.

Step one: Add a hidden field to your form.

< textarea name="comment" class="hidden" >

Step two:

In your handler, ignore anybody that filled out that form (as robots will do). Here's a fragment in php (assumes that the presence of a errors array will prevent submissions):

if (!empty($_REQUEST['comment'])) { $errors[] = "No Spam please."; }

Those are my favorites, let me know if you have any others!