SPAM Filtering

This service allows you to enable various SMTP level filters which will help reduce or even prevent unwanted SPAM mails. Please note, these options are applied to mails originating from SMTP connections. Mails created by WebMail are not filtered and mails from POP3 retrievals are only affected by limited SPAM filters.

SPAM Filtering #

  • Bypass SPAM Filtering When Allowed Relaying Access - If an SMTP connection is allowed relaying access, the SPAM detection rules will be ignored. This allows trusted connections and clients to remain unaffected by SPAM Filtering.
  • Enable White List - If enabled, you will be able to manually white list IPs, domains and email addresses. When the white list is triggered, mails will be unaffected by any of the SPAM filters.
  • Add Custom Event - If this option is enabled and the white list is triggered, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.
  • Run Wizard - This tool enables you to quickly configure almost all SPAM filters. The bayesian filter is more complicated and must be manually configured separately.

Black List #

  • Enable Black List - If enabled, you will be able to manually black list IPs, domains and email addresses.
  • Refuse Mail With Message - If this option is enabled and the black list is triggered, the SMTP will refuse mails before they even enter the mail server. This is the strongest method of enforcing SPAM protection. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Set SPAM Flag - If this option is enabled and the black list is triggered, the mail's SPAM flag will be set. Content Filtering or any account filtering rules can then process the mail accordingly.
  • Add Custom Event - If this option is enabled and the black list is triggered, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.

Miscellaneous #

  • Use Tarpitting - If enabled, the mail server will enforce a limit on the number of failed recipient requests within a set period of time. Once triggered, that IP will be blocked for a set period of time. This is useful protection against SPAM systems.
  • Trigger Count - If using Tarpitting, this option sets the trigger limit of recipient failures.
  • Block Time - If using Tarpitting, this option sets the length of time that the IP will be blocked. This also controls the length of time that recipient failures will be recorded for.
  • Use Sender Domain Check - If enabled, the mail server will verify the SMTP sender address of incoming mail. Although SPF can achieve a similar task, this forcefully ensures that any mail that attempts to fake a sender address of a local domain is refused.
  • Client Must Have Relaying Access - If enabled, any SMTP connection that has a sender address for a locally stored domain must have been granted relaying access. Normally only authenticated clients have this privilege (via SMTP Authentication).
  • Refuse Mail With Message - If this option is enabled and the sender domain check fails, the SMTP will refuse mails before they even enter the mail server. This is the strongest method of enforcing SPAM protection. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Set SPAM Flag - If this option is enabled and the sender domain check fails, the mail's SPAM flag will be set. Content Filtering or any account filtering rules can then process the mail accordingly.
  • Add Custom Event - If this option is enabled and the sender domain check fails, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.
  • Use Transaction Delays - If enabled, the SMTP server responses will be delayed. This method is designed to combat SPAM delivery bots which do not correctly follow the SMTP standard. Normal mail systems should be patient and designed to handle slow transactions.
  • On Connect (secs) - The number of seconds before the welcome message is sent to the client.
  • HELO / EHLO Command (secs) - The number of seconds before the HELO/EHLO response is sent to the client.
  • MAIL FROM Command (secs) - The number of seconds before the MAIL FROM response is sent to the client.
  • RCPT TO Command (secs) - The number of seconds before the RCPT TO response is sent to the client.

Hosts #

  • Enable Host List - If enabled, the mail server will block any IPs that use any of the host names in the list during the HELO or EHLO SMTP commands. This is useful against Denial of Service (DOS) based attacks that use the same host name but different IP addresses.
  • Host Names - This is a list of host names that will trigger the IP to be blocked if used during the HELO or EHLO SMTP commands.
  • Block Time - When an IP uses one of the listed host names, it will be blocked for this amount of time. Any current connections or new connections will be disconnected and blocked during this period.

Grey List #

  • Enable Grey List - If enabled, the mail server will temporarily refuse incoming mail. This method is designed to combat SPAM delivery bots which do not correctly follow the SMTP standard. Normal mail systems should re-attempt delivery in a timely manner.
  • Temporary Fail Time (mins) - When a new IP and address pair (the clients IP, SMTP sender and SMTP recipient are treated as an identifier) are first encountered, this is the initial period of when the SMTP will temporarily refuse the mail.
  • Temporary Allow Time (mins) - After the temporary fail time as passed, the sending system must attempt a redelivery in this period. If they do not, then the IP and address pair will be forgotten and the process must start again.
  • Life Time (days) - If the sending system successfully retries during the allow time, then the IP and address pair will be allowed through without delay in future for this time period. If the next delivery is beyond this time, then the process must start again. This option ensures that regular incoming mail only experiences a delivery delay on the very first mail.
  • Enable Grey List Safe List - If enabled, the IPs, domains and email addresses in the list box will be excluded from grey listing. This ensures any backup mail servers or trusted sources will not be delayed.

Trap #

  • Enable SPAM Trap - If enabled, you will be able to setup SPAM trap email addresses. Any incoming SMTP connection which attempts to deliver mail to any of those addresses will have its IP listed in the TXT file. From then on, all mail from that IP will be classed as SPAM. To fully utilize this feature, we recommend you embed all of the SPAM trap addresses in your web pages on your public website for SPAM bots to pickup.
  • Trigger Email Addresses (*s Allowed) - This is a list of SPAM trap email addresses. Because you may want to have a generic address for all domains, you can use *s (eg. 'spamtrap@*').
  • Store IPs in File Path - This is the storage file for all detected IPs. This file can be externally modified if required.
  • Refuse Mail With Message - If this option is enabled and the IP is listed, the SMTP will refuse mails before they even enter the mail server. This is the strongest method of enforcing SPAM protection. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Set SPAM Flag - If this option is enabled and the IP is listed, the mail's SPAM flag will be set. Content Filtering or any account filtering rules can then process the mail accordingly.
  • Add Custom Event - If this option is enabled and the IP is listed, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.

RBLs #

  • Enable Real-time Black Lists - If enabled, you will be able to set up RBL detection rules to help detect potential SPAM.
  • Add Preset - This allows you to add preset RBLs.
  • Trigger Count - This allows you to specify how many RBLs in the list need to evaluate true before the mail is classed as SPAM. The higher this value, the less likely a mail will be falsely identified but the less effective the filter will be.

Add / Edit Real-time Black List #

  • Enable Real-time Black List - If enabled and Real-time Black Lists are enabled, this RBL will be evaluated.
  • Name - This should be unique and descriptive of the RBL rule. This is used only as a display name and also within the logs.
  • Use IPv4 - This option will enable IP version 4 RBL lookups, this is also the string which is formatted into a DNS lookup request. Each RBL server will have a particular method in which their DNS lookup string should be formatted. This information is usually provided by the organization that operates the RBL.
  • Use IPv6 - This option will enable IP version 6 RBL lookups, this is also the string which is formatted into a DNS lookup request. As IP version 6 differs from version 4, it is possible some RBL systems may require different formatting methods for IPv6 addresses.
  • Refuse Mail With Message - If this option is enabled and the RBL is triggered, the SMTP will refuse mails before they even enter the mail server. This is strongest method of enforcing SPAM protection. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Set SPAM Flag - If this option is enabled and the RBL is triggered, the mail's SPAM flag will be set. Content Filtering or any account filtering rules can then process the mail accordingly.
  • Add Custom Event - If this option is enabled and the RBL is triggered, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.

Bayesian Filter #

  • Enable Bayesian Filtering - If enabled, the mail server will calculate a bayesian probability score for each mail passing through the SMTP. This form of SPAM protection can offer up to a 99% reduction in SPAM with a very low false positive rate (usually less than 0.1%). Please note, before the bayesian filter can be used, you need to teach it how to recognize SPAM from non-SPAM, for more information please view the Preventing SPAM page.
  • Reset - This allows you to reset and delete all tokens stored in the database. Before resetting, you will also be asked if you want to reset the mail states. Each mail stored within Ability Mail Server contains status information on whether the mail has been previously used for learning. This prevents the same mail from accidentally being used multiple times.
  • Remove Expired - This will trigger the removal of expired tokens. Expired tokens are tokens which have not been used for a period of time greater than the 'Expire Unused Tokens After (days)' option. Normally the mail server will automatically perform this periodically through the day.
  • Start Auto-Learn - This will trigger an 'Auto-Learn From Users'. For more information on automatic learning, please view the next section below.
  • Add SPAM - This allows you to manually add some SPAM by either selecting a user and account directory, or by providing a physical directory which contains some raw mail files.
  • Add Non-SPAM - This allows you to manually add some non-SPAM by either selecting a user and account directory, or by providing a physical directory which contains some raw mail files.
  • Cancel - This cancels any current ongoing action.
  • Score Required - This is the SPAM detection threshold. Any mail which scores a probability of this value or higher will be classed as SPAM and the options below will be applied. It is recommend that this option be initially set high (perhaps 80%) and then lowered until optimum SPAM filtering is achieved.
  • Refuse Mail With Message - If this option is enabled and the detection threshold is met, the SMTP will refuse mails before they even enter the mail server. This is the strongest method of enforcing SPAM protection. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Set SPAM Flag - If this option is enabled and the detection threshold is met, the mail's SPAM flag will be set. Content Filtering or any account filtering rules can then process the mail accordingly.
  • Add Custom Event - If this option is enabled and the detection threshold is met, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.
  • Max Tokens - This sets the maximum number of tokens allowed in the database. It is recommended that you use a value between 250,000 and 500,000 to ensure optimum performance. Please note that for every 100,000 tokens, 10MB of system memory will be required.
  • Expire Unused Tokens After - To prevent the database from reaching its maximum limit, old and unused tokens will automatically be removed. This helps to keep the database in a healthy state and prevents SPAM mails from diluting the filters capability.

Bayesian Auto-Learn #

  • SPAM Score Threshold - If enabled, any mail which scores a probability of this value or higher, will be automatically fed back into the filter and used for learning. This is easiest method for automatic learning.
  • Non-SPAM Score Threshold - If enabled, any mail which scores a probability of this value or lower, will be automatically fed back into the filter and used for learning. This is easiest method for automatic learning.
  • Enable Auto-Learn From Users - If enabled, you can allow your users or certain selected users to help teach the bayesian filter. This method of teaching can dramatically reduce the time it takes to teach an untrained filter and also allows better quality learning to be achieved. It is recommended that only trusted users are used as abusive users could use this facility to poison the database and reduce its effectiveness.
  • Poll Users Interval - If selected, this will control how often users are polled for new mails.
  • Poll Users Every Day At Time - If selected, users will be polled for new mails at a specific time in the day. This method ensures that the learning process, which can be CPU and hard drive intensive, is only performed during off peak working hours.
  • Only Learn From Mails Older Than - This option controls how old a mail has to be before it will be considered for automatic learning. This ensures your users are given plenty of time to organize new mails or even correct incorrectly identified mails.
  • Learn From Group(s) - This is the list of groups which will be used for automatic learning. To provide multiple groups, simply separate each with a semi-colon (';').
  • Learn From User(s) - This is the list of users which will be used for automatic learning. To provide multiple users, simply separate each with a semi-colon (';').
  • Account Directories - If enabled, these account directories will be used for automatic SPAM learning. To provide multiple account directories, simply separate each with a semi-colon (';').
  • Delete Mails After Learning - If enabled, any SPAM mails which are used for learning in the above account directories will be deleted. This is useful if you want automatically 'empty' your users SPAM directories.
  • Any Appropriate Account Directory (Recommended) - If selected, the mail server will use any appropriate account directory for automatic non-SPAM learning. This mode ensures that SPAM account directories and certain non-useable user account directories are ignored.
  • Also Ignore Account Directories - If enabled, these account directories will also not be used for automatic non-SPAM learning. To provide multiple, simply separate each with a semi-colon (';').
  • Account Directories - If enabled, only these account directories will be used for automatic non-SPAM learning. To provide multiple account directories, simply separate each with a semi-colon (';').

SPF #

  • Enable Sender Policy Framework Checking - If enabled, the mail server will perform an SPF lookup for every incoming SMTP connection. This will help reduce return-path / sender address forgery.
  • Auto-Detect DNS Hosts - To perform SPF and MX lookups, the mail server requires access to at least one valid DNS host. If this option is set, Ability Mail Server will attempt to automatically detect a list of DNS's from the computer running the mail server.
  • Use DNS Host(s) - This allows you to specify the DNS hosts which should be used for SPF and MX lookups. This is usually only required when Ability Mail Server cannot automatically detect the DNS hosts. To set multiple DNS's, simply separate each with a semi-colon (';').
  • Enable SPF Safe IPs - If enabled, the IPs and IP ranges in the list box will be excluded from SPF checking. This ensures any backup mail servers or trusted relays will not fail the SPF check.

SPF Results #

  • If SPF Result Is: FAIL - This result means that the sending IP is not permitted to send mails from that particular senders domain. The incoming mail is very likely to be forged and so should be refused. To insert the actual reason for the FAIL result into the refusal message, use the field tag ####SPFREASON####.
  • If SPF Result Is: PERMERROR - This result means that the senders domain is either malformed, does not exist or the SPF records are corrupt. The incoming mail is very likely to be forged or SPAM and so should be refused.
  • If SPF Result Is: SOFTFAIL - This result means that the sending IP may or may not be permitted to send mails from that particular senders domain. Mails which generate this result are usually forged, but the owners of the domain are not entirely certain.
  • If SPF Result Is: NEUTRAL or NONE - This result means that the senders domain did not contain any SPF records or the SPF records were inconclusive.
  • If SPF Result Is: PASS - This result means that the sending IP is permitted to send mails from that particular senders domain.
  • Refuse Mail With Message - If this option is enabled and the relevant SPF result is returned, the SMTP will refuse mails before they even enter the mail server. This is the strongest method of enforcing SPF. This option allows the use of field tags, for more information please view the Using Field Tags page.
  • Set SPAM Flag - If this option is enabled and the relevant SPF result is returned, the mail's SPAM flag will be set. Content Filtering or any account filtering rules can then process the mail accordingly.
  • Add Custom Event - If this option is enabled and the relevant SPF result is returned, the string will be appended to the mail's custom event list. These custom events can then be read using Content Filtering, which allows more complex actions to be performed on the mail.