Protecting Linux Systems

Threats faced by Mail Servers
Mail servers are the workhorses and deliver mails on a 24x7 basis, until virus and other threats cripple them. This section discusses threats they face.

Spam
Spam is unsolicited junk mail sent to you or your mail server. People who indulge in such activities are called Spammers. These are sent by commercial advertisers who may offer dubious products, get rich schemes, products that do not suit your life style, promote illegal activities, etc. The intent here is to make you spend money. Almost 60% - to 70% of Spam is related to Porn. It costs the Spammer almost nothing to send mails and invariably get an eyeball count.
There is another type of spammer who sends large number of e-mails that flood your mailbox or mail server. The intent here is to cripple your e-mail service to such an extent that you cannot receive genuine mails. This is termed as Denial-of-Service (DOS) attack.

LOSSES CAUSED BY SPAM
Some of the losses caused by Spam are listed below:

- Spam is received through e-mails and may have alluring subject line like: Free offer, Chance of a lifetime, etc. Invariably you try to open the mail and read it. That is what the Spammer wants you to do. Opening the mail, reading it and then deleting it, consumes your Internet access time and costs you money. The mail servers that have delivered the mail through a series of servers have spent money and used bandwidth to deliver junk you did not want. Probably the junk mail was ahead in the queue for mails to be delivered and was given precedence over an urgent mail.

- Some Spam mails have attachments and the mail asks you to open it. If you do so, you risk running a virus that may be hidden in the mail. The costs involved in removing a virus from your system are massive.

- Some Spam mails after enclosing an alluring description of products or services, ask you to click on a link for further information. These links may open porn or other sites that you had no business visiting. But details of the visit are recorded in your server and you may have a lot of explaining to do.

- Products advertised through Spam mails require that you provide your credit card number and other personal information. Besides getting your account billed for junk items, you also open yourself to more Spam.
HOW SPAMMING IS DONE
There are many ways in which Spamming is done. The commonly used ones are: Rogue ISPs, One-Shot Accounts and Blind Relayers.

- Rogue ISPs: Spammers who have enough cash to fund their illegal activities run these. Rogue ISPs obtain their own network numbering and multiple domain names from the InterNIC. Spammers use multiple domain names and manage to get across Spam blocks. While it is possible to block a domain, it is not possible to block an ISP provider.

- ‘On-the-fly’ Spammers: Such type of Spammers, register as multiple genuine users for trial accounts with ISPs. Forged identity or stolen credit cards are used to establish identities. They then use these accounts to start their Spam hits. By the time the ISP realizes that they are hosting a Spam run, the Spammer uses another account.

- Blind Relayers: Some innocent servers allow Blind Relaying – relaying messages without authentication. Spammers route their mails using these servers. The relay sends the mail and it appears as genuine.

Anti Virus
Mail servers run the double risk of getting infected by viruses and also transmitting them to other users. An infected mail server is very dangerous as it allows potential hackers a very easy means to attack other mail servers. They can be used to set up an infected P2P network. Viruses can spread at the rate of an epidemic. Infected mail servers need to be shut down and extensive clean up operations needed. Valuable mails could be lost resulting in huge potential losses.