Spam Filtering for Mail Exchangers

How to reject junk mail in incoming SMTP transactions.

Tor Slettnes

Edited by

Joost De Cock

Technical Review 

Edited by

Devdas Bhagat

Technical Review 

Edited by

Tom Wright

Language Review 

Table of Contents

Introduction
1. Purpose of this Document
2. Audience
3. New versions of this document
4. Revision History
5. Credits
6. Feedback
7. Translations
8. Copyright information
9. What do you need?
10. Conventions used in this document
11. Organization of this document
1. Background
1. Why Filter Mail During the SMTP Transaction?
1.1. Status Quo
1.2. The Cause
1.3. The Solution
2. The Good, The Bad, The Ugly
3. The SMTP Transaction
2. Techniques
1. SMTP Transaction Delays
2. DNS Checks
2.1. DNS Blacklists
2.2. DNS Integrity Check
3. SMTP checks
3.1. Hello (HELO/EHLO) checks
3.2. Sender Address Checks
3.3. Recipient Address Checks
4. Greylisting
4.1. How it works
4.2. Greylisting in Multiple Mail Exchangers
4.3. Results
5. Sender Authorization Schemes
5.1. Sender Policy Framework (SPF)
5.2. Microsoft Caller-ID for E-Mail
5.3. RMX++
6. Message data checks
6.1. Header checks
6.2. Junk Mail Signature Repositories
6.3. Binary garbage checks
6.4. MIME checks
6.5. File Attachment Check
6.6. Virus Scanners
6.7. Spam Scanners
7. Blocking Collateral Spam
7.1. Bogus Virus Warning Filter
7.2. Publish SPF info for your domain
7.3. Enveloper Sender Signature
7.4. Accept Bounces Only for Real Users
3. Considerations
1. Multiple Incoming Mail Exchangers
2. Blocking Access to Other SMTP Servers
3. Forwarded Mail
4. User Settings and Data
4. Questions & Answers
A. Exim Implementation
1. Prerequisites
2. The Exim Configuration File
2.1. Access Control Lists
2.2. Expansions
3. Options and Settings
4. Building the ACLs - First Pass
4.1. acl_connect
4.2. acl_helo
4.3. acl_mail_from
4.4. acl_rcpt_to
4.5. acl_data
5. Adding SMTP transaction delays
5.1. The simple way
5.2. Selective Delays
6. Adding Greylisting Support
6.1. greylistd
6.2. MySQL implementation
7. Adding SPF Checks
7.1. SPF checks via Exiscan-ACL
7.2. SPF checks via Mail::SPF::Query
8. Adding MIME and Filetype Checks
9. Adding Anti-Virus Software
10. Adding SpamAssassin
10.1. Invoke SpamAssassin via Exiscan
10.2. Configure SpamAssassin
10.3. User Settings and Data
11. Adding Envelope Sender Signatures
11.1. Create a Transport to Sign the Sender Address
11.2. Create a New Router for Remote Deliveries
11.3. Create New Redirect Router for Local Deliveries
11.4. ACL Signature Check
12. Accept Bounces Only for Real Users
12.1. Check for Recipient Mailbox
12.2. Check for Empty Sender in Aliases Router
13. Exempting Forwarded Mail
14. Final ACLs
14.1. acl_connect
14.2. acl_helo
14.3. acl_mail_from
14.4. acl_rcpt_to
14.5. acl_data
Glossary
B. GNU General Public License
1. Preamble
2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
2.1. Section 0
2.2. Section 1
2.3. Section 2
2.4. Section 3
2.5. Section 4
2.6. Section 5
2.7. Section 6
2.8. Section 7
2.9. Section 8
2.10. Section 9
2.11. Section 10
2.12. NO WARRANTY Section 11
2.13. Section 12
3. How to Apply These Terms to Your New Programs

List of Tables

1. Typographic and usage conventions
1.1. Simple SMTP dialogue
A.1. Use of ACL connection/message variables