Spam Filtering for Mail Exchangers

How to reject junk mail in incoming SMTP transactions.

Tor Slettnes

Edited by

Joost De Cock

Devdas Bhagat

Tom Wright

Table of Contents

Introduction

1. Purpose of this Document
2. Audience
3. New versions of this document
4. Revision History
5. Credits
6. Feedback
7. Translations
8. Copyright information
9. What do you need?
10. Conventions used in this document
11. Organization of this document

1. Background

1.1. Why Filter Mail During the SMTP Transaction?

1.1.1. Status Quo
1.1.2. The Cause
1.1.3. The Solution

1.2. The Good, The Bad, The Ugly

1.3. The SMTP Transaction

2. Techniques

2.1. SMTP Transaction Delays

2.2. DNS Checks

2.2.1. DNS Blacklists
2.2.2. DNS Integrity Check

2.3. SMTP checks

2.3.1. Hello (HELO/EHLO) checks
2.3.2. Sender Address Checks
2.3.3. Recipient Address Checks

2.4. Greylisting

2.4.1. How it works
2.4.2. Greylisting in Multiple Mail Exchangers
2.4.3. Results

2.5. Sender Authorization Schemes

2.5.1. Sender Policy Framework (SPF)
2.5.2. Microsoft Caller-ID for E-Mail
2.5.3. RMX++

2.6. Message data checks

2.6.1. Header checks
2.6.2. Junk Mail Signature Repositories
2.6.3. Binary garbage checks
2.6.4. MIME checks
2.6.5. File Attachment Check
2.6.6. Virus Scanners
2.6.7. Spam Scanners

2.7. Blocking Collateral Spam

2.7.1. Bogus Virus Warning Filter
2.7.2. Publish SPF info for your domain
2.7.3. Enveloper Sender Signature
2.7.4. Accept Bounces Only for Real Users

3. Considerations

3.1. Multiple Incoming Mail Exchangers
3.2. Blocking Access to Other SMTP Servers
3.3. Forwarded Mail
3.4. User Settings and Data

4. Questions & Answers

A. Exim Implementation

A.1. Prerequisites

A.2. The Exim Configuration File

A.2.1. Access Control Lists
A.2.2. Expansions

A.3. Options and Settings

A.4. Building the ACLs - First Pass

A.4.1. acl_connect
A.4.2. acl_helo
A.4.3. acl_mail_from
A.4.4. acl_rcpt_to
A.4.5. acl_data

A.5. Adding SMTP transaction delays

A.5.1. The simple way
A.5.2. Selective Delays

A.6. Adding Greylisting Support

A.6.1. greylistd
A.6.2. MySQL implementation

A.7. Adding SPF Checks

A.7.1. SPF checks via Exiscan-ACL
A.7.2. SPF checks via Mail::SPF::Query

A.8. Adding MIME and Filetype Checks

A.9. Adding Anti-Virus Software

A.10. Adding SpamAssassin

A.10.1. Invoke SpamAssassin via Exiscan
A.10.2. Configure SpamAssassin
A.10.3. User Settings and Data

A.11. Adding Envelope Sender Signatures

A.11.1. Create a Transport to Sign the Sender Address
A.11.2. Create a New Router for Remote Deliveries
A.11.3. Create New Redirect Router for Local Deliveries
A.11.4. ACL Signature Check

A.12. Accept Bounces Only for Real Users

A.12.1. Check for Recipient Mailbox
A.12.2. Check for Empty Sender in Aliases Router

A.13. Exempting Forwarded Mail

A.14. Final ACLs

A.14.1. acl_connect
A.14.2. acl_helo
A.14.3. acl_mail_from
A.14.4. acl_rcpt_to
A.14.5. acl_data

B. GNU General Public License

B.1. Preamble

B.2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

B.2.1. Section 0
B.2.2. Section 1
B.2.3. Section 2
B.2.4. Section 3
B.2.5. Section 4
B.2.6. Section 5
B.2.7. Section 6
B.2.8. Section 7
B.2.9. Section 8
B.2.10. Section 9
B.2.11. Section 10
B.2.12. NO WARRANTY Section 11
B.2.13. Section 12

B.3. How to Apply These Terms to Your New Programs

List of Tables
1. Typographic and usage conventions
1-1. Simple SMTP dialogue
A-1. Use of ACL connection/message variables

		Next
		Introduction