Filtering Mail in eMail Server 3

Support knowledgebase (rsimai_imap_content_filter)
Applies to

eMail Server: Version 3

Aim

Filtering incoming mail in eMail Server 3 for protection agains SPAM

What is SPAM?

SPAM or UCE (Unsolicited Commercial E-mail) are unsolicited e-mail messages that are sent to recipients in great quantities (usually advertising). SPAM senders need a mail server (relay) by means of which the messages can be sent. For this purpose they look for servers that will forward mail to other domains without checking them (relaying).

What is relaying?

Relaying means that the eMail Server accepts mail that is addressed to domains that do not exist in the system and forwards it to its relay host or the respective mx host.
The receipt of mail addressed to the own domain does not constitute mail relaying and should always work.

What is open relay?

Open relay is a mail server that accepts mail via SMTP and forwards it to other domains, even if the sender is not authorized to do this.
By default, SuSE eMail Server is configured to block relaying. Relaying is only permitted in the following cases:
If you are not sure if you have generated an open relay and do not no how to check it, you can have your server checked by an anti-SPAM initiative that offers this kind of services, such as http://www.abuse.net/ (though we can not make any statement regarding the reliability of the service).

What to do if the SPAM goes on and on?

You could try to trace the sender of a SPAM message. The sender can usually be identified by means of the header. However, clever SPAM senders insert a number of fake header lines that makes it look as though the message comes from a different sender. In this case the sender does not appear in the first (lower) header lines but in the later ones (further up).
Once you have tracked down the correct sender (IP address/host name), send a polite message to abuse@domain.com (insert the header of the SPAM message), domain.com being the domain of the first (correct) mail server. The administrator of this domain should take care of the problem.
In order to avoid the dreary task of dealing with SPAM every other day, there is the possibility of taking well-aimed measures.

Implementing anti-SPAM measures

The following section draws attention to several filtering methods. Decide for yourself which filter or which combination of filters you want to employ in order to achieve a maximum level of protection. However, SuSE can not guarantee success or prevent problems that may occur due to an incorrect configuration. You should be aware that the measures could also cause approved messages to be rejected!
The following steps have been designed to our best knowledge. Nevertheless, we can not exclude the possibility that an error may have crept in. Of course we are grateful for any feedback and error reports!

Filtering the header

Filtering the mail body

Blocking hosts or domains

Realtime Blackhole Lists (RBL)

Additional measures

There are several other ways how you can make things difficult for SPAM senders. For example, you can use so-called 'teergrubing', which keeps connections from suspected SPAM senders open for a long period, thus making the dispatch ineffective. However, this method does not provide any advantages apart from annoying the SPAM sender.
If you use a productive system, do not embark on any experiments.
Make sure that your system is secure and can not be abused as a relay.
See also:
o Activating SMTP Authentication To Other Mail Servers (Postfix)

Keywords: IMAP3, MAIL, POSTFIX, FILTER, CONTENT, HEADER, BODY, CHECK, ACCESS, UCE, RBL, SPAM

Categories: SuSE Linux IMAP Server

Feedback welcome: Send Mail to srsimai@suse.de (Please give the following subject: SDB-rsimai_imap_content_filter)
SDB-rsimai_imap_content_filter, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 24. Apr 2002
SuSE Linux AG - Last generated: 14. Mai 2002 by ip (sdb_gen 1.40.0)