Spam Filtering for Mail Exchangers How to reject junk mail in incoming SMTP transactions. Tor Slettnes <[email protected]> Edited by Joost De Cock Devdas Bhagat Tom Wright Version 1.0 −− Release Edition Spam Filtering for Mail Exchangers Table of Contents Introduction.........................................................................................................................................................1 1. Purpose of this Document....................................................................................................................1 2. Audience..............................................................................................................................................1 3. New versions of this document............................................................................................................1 4. Revision History..................................................................................................................................1 5. Credits..................................................................................................................................................2 6. Feedback..............................................................................................................................................3 7. Translations..........................................................................................................................................3 8. Copyright information.........................................................................................................................3 9. What do you need?...............................................................................................................................4 10. Conventions used in this document...................................................................................................4 11. Organization of this document...........................................................................................................4 Chapter 1. Background......................................................................................................................................6 1.1. Why Filter Mail During the SMTP Transaction?.............................................................................6 1.1.1. Status Quo...............................................................................................................................6 1.1.2. The Cause................................................................................................................................6 1.1.3. The Solution............................................................................................................................7 1.2. The Good, The Bad, The Ugly..........................................................................................................8 1.3. The SMTP Transaction.....................................................................................................................8 Chapter 2. Techniques......................................................................................................................................11 2.1. SMTP Transaction Delays..............................................................................................................11 2.2. DNS Checks....................................................................................................................................12 2.2.1. DNS Blacklists......................................................................................................................12 2.2.2. DNS Integrity Check.............................................................................................................13 2.3. SMTP checks..................................................................................................................................13 2.3.1. Hello (HELO/EHLO) checks................................................................................................14 2.3.2. Sender Address Checks.........................................................................................................15 2.3.3. Recipient Address Checks.....................................................................................................17 2.4. Greylisting......................................................................................................................................19 2.4.1. How it works.........................................................................................................................19 2.4.2. Greylisting in Multiple Mail Exchangers..............................................................................19 2.4.3. Results...................................................................................................................................20 2.5. Sender Authorization Schemes.......................................................................................................20 2.5.1. Sender Policy Framework (SPF)...........................................................................................21 2.5.2. Microsoft Caller−ID for E−Mail...........................................................................................21 2.5.3. RMX++.................................................................................................................................22 2.6. Message data checks.......................................................................................................................22 2.6.1. Header checks........................................................................................................................23 2.6.2. Junk Mail Signature Repositories..........................................................................................23 2.6.3. Binary garbage checks...........................................................................................................24 2.6.4. MIME checks........................................................................................................................24 2.6.5. File Attachment Check..........................................................................................................24 2.6.6. Virus Scanners.......................................................................................................................24 2.6.7. Spam Scanners......................................................................................................................25 2.7. Blocking Collateral Spam...............................................................................................................25 2.7.1. Bogus Virus Warning Filter..................................................................................................25 i Spam Filtering for Mail Exchangers Table of Contents Chapter 2. Techniques 2.7.2. Publish SPF info for your domain.........................................................................................26 2.7.3. Enveloper Sender Signature..................................................................................................26 2.7.4. Accept Bounces Only for Real Users....................................................................................27 Chapter 3. Considerations................................................................................................................................28 3.1. Multiple Incoming Mail Exchangers..............................................................................................28 3.2. Blocking Access to Other SMTP Servers.......................................................................................28 3.3. Forwarded Mail...............................................................................................................................28 3.4. User Settings and Data....................................................................................................................29 When Spammers Adapt...................................................................................................................31 Chapter 4. Questions & Answers....................................................................................................................31 Appendix A. Exim Implementation.................................................................................................................33 A.1. Prerequisites...................................................................................................................................33 A.2. The Exim Configuration File.........................................................................................................33 A.2.1. Access Control Lists.............................................................................................................33 A.2.2. Expansions............................................................................................................................34 A.3. Options and Settings......................................................................................................................34 A.4. Building the ACLs − First Pass.....................................................................................................35 A.4.1. acl_connect...........................................................................................................................35 A.4.2. acl_helo.................................................................................................................................36