Spam Filtering for Mail Exchangers How to reject junk mail in in- coming SMTP transactions. Tor Slettnes <[email protected]> Edited by Joost De Cock, Devdas Bhagat, and Tom Wright Spam Filtering for Mail Exchangers: How to reject junk mail in incom- ing SMTP transactions. by Tor Slettnes, Joost De Cock, Devdas Bhagat, and Tom Wright Table of Contents Introduction ...................................................................................................................... vii Purpose of this Document ........................................................................................... vii Audience .................................................................................................................. vii New versions of this document .................................................................................... vii Revision History ....................................................................................................... vii Credits .................................................................................................................... viii Feedback .................................................................................................................. ix Translations ............................................................................................................... ix Copyright information ................................................................................................. ix What do you need? ..................................................................................................... x Conventions used in this document ................................................................................ x Organization of this document ...................................................................................... xi 1. Background .................................................................................................................... 1 Why Filter Mail During the SMTP Transaction? .............................................................. 1 Status Quo ......................................................................................................... 1 The Cause .......................................................................................................... 1 The Solution ...................................................................................................... 2 The Good, The Bad, The Ugly ...................................................................................... 2 The SMTP Transaction ................................................................................................ 3 2. Techniques ..................................................................................................................... 6 SMTP Transaction Delays ............................................................................................ 6 DNS Checks .............................................................................................................. 7 DNS Blacklists ................................................................................................... 7 DNS Integrity Check ........................................................................................... 8 SMTP checks ............................................................................................................. 8 Hello (HELO/EHLO) checks ................................................................................. 9 Sender Address Checks ...................................................................................... 10 Recipient Address Checks ................................................................................... 11 Greylisting ................................................................................................................ 13 How it works .................................................................................................... 13 Greylisting in Multiple Mail Exchangers ............................................................... 14 Results ............................................................................................................. 15 Sender Authorization Schemes ..................................................................................... 15 Sender Policy Framework (SPF) .......................................................................... 15 Microsoft Caller-ID for E-Mail ............................................................................ 16 RMX++ ........................................................................................................... 16 Message data checks .................................................................................................. 17 Header checks ................................................................................................... 17 Junk Mail Signature Repositories ......................................................................... 18 Binary garbage checks ........................................................................................ 18 MIME checks ................................................................................................... 19 File Attachment Check ....................................................................................... 19 Virus Scanners .................................................................................................. 19 Spam Scanners .................................................................................................. 19 Blocking Collateral Spam ........................................................................................... 20 Bogus Virus Warning Filter ................................................................................ 20 Publish SPF info for your domain ........................................................................ 20 Enveloper Sender Signature ................................................................................. 20 Accept Bounces Only for Real Users .................................................................... 22 3. Considerations ............................................................................................................... 23 Multiple Incoming Mail Exchangers ............................................................................. 23 iii Spam Filtering for Mail Exchangers Blocking Access to Other SMTP Servers ....................................................................... 23 Forwarded Mail ......................................................................................................... 23 User Settings and Data ............................................................................................... 24 4. Questions & Answers ..................................................................................................... 25 A. Exim Implementation ..................................................................................................... 27 Prerequisites ............................................................................................................. 27 The Exim Configuration File ....................................................................................... 27 Access Control Lists .......................................................................................... 27 Expansions ....................................................................................................... 28 Options and Settings .................................................................................................. 28 Building the ACLs - First Pass .................................................................................... 29 acl_connect ....................................................................................................... 29 acl_helo ........................................................................................................... 30 acl_mail_from ................................................................................................... 30 acl_rcpt_to ........................................................................................................ 30 acl_data ........................................................................................................... 33 Adding SMTP transaction delays ................................................................................. 35 The simple way ................................................................................................. 35 Selective Delays ................................................................................................ 35 Adding Greylisting Support ......................................................................................... 38 greylistd ........................................................................................................... 38 MySQL implementation ...................................................................................... 39 Adding SPF Checks ................................................................................................... 43 SPF checks via Exiscan-ACL .............................................................................. 44 SPF checks via Mail::SPF::Query ......................................................................... 45 Adding MIME and Filetype Checks .............................................................................. 45 Adding Anti-Virus Software .......................................................................................