SurgeMail Spam and Virus protection

SurgeMail offers advanced features to identify undesirable spam email, block virus infected mail and prevent abuse of your mail server by spammers. Incoming mail is scrutinised as shown in the diagram.

Open Relay database check

SurgeMail's integrated check (g_orbs_service) will connect to an external ORBS service to ensure the sender is not blacklisted for sending spam email.

Sender behaviour limitation

SurgeMail has many configuration options to directly block or tarpit users or servers identified as abusing the your mailserver. The main settings are:

• g_deny - Deny users from some IP ranges
• g_ban_rcpt - Ban any matching RCPT TO: envelope
• g_ban_from - Ban any matching MAIL FROM: envelope
• g_ban_helo - Ban any machine that gives a matching 'helo' string
• g_tarpit_max - Max recipients per hour from one IP
• g_bomb_max - Max messages to a single address per hour
• g_max_bad_to - Max bad recipients in a row
  
• g_con_perip - Max simultaneous connections per IP

Virus scanner integration

SurgeMail will integrate with any external command line virus scanner that has the option to delete mail if it contains a virus.

The following commands are available:

• g_virus_filter - Virus checker or filter that takes commands on stdin and response on stdout using simple command line syntax: "n scan <filename>".

  eg. Windows DMail RAV 8 syntax:
  g_virus_filter cmd="d:\dmail\rav8\bin\ravdmail.exe"
  

• g_virus_cmd - Command line virus checker to run on mime encoded parts of the message email message
  

  eg to integrate a unix command line virus scanner that will delete a file if it contains a virus the following syntax can be used:
  g_virus_cmd cmd="/usr/bin/my_virus_scanner $FILE$"
  

This allows you to use RAV, Sophos, Norton virus scanners or equivalent virus scanner.

SmiteSpam anti spam system

SurgeMail has has support built-in for the NetWin SmiteSpam anti-spam system. SmiteSpam combines spam filtering rules, and a fuzzy CRC database (maintained by NetWin) to correctly identify other 90% of spam.

Spam messages are marked with headers so individual users then choose their own 'level' of spam tolerance. Typically the system admin bounces 'definite' spam (g_smite_level) and allows users to sort through 'dubious' spam after their mail client has put it into a 'suspect' folder.

SmiteSpam consists of the SmiteCRC executable which processes the individual messages and marks these with headers indicating that a message is likely spam. SmiteCRC is not yet distributed with SurgeMail, but can be downloaded.

SmiteCRC adds two headers for user content filtering and one CRC header describing the contents of the message (more information).

In order to make SmiteCRC more accurate, mail identified as spam can be reported to the smitespam.com. This is the NetWin maintained database of reported spam. SpamBOT is an automated response robot that reports spam to smitespam.com. SpamBOT can be setup on your mailserver, either as an address to forward to or as a catch addresss for spam. Again SpamBOT must be downloaded

To use SmiteSpam with SurgeMail follow these instructions.

External message filtering

SurgeMail has the ability to have an external process filter messages using the g_filter_pipe command. This is particularly useful as a mechanism to integrate additional external spam detection and prevention tools.

These external tools will typically do the same as SmiteSpam - mark suspect messages and allow the user (or sysadmin) to select what to do with the messages identified as spam.

Example: Integration with Spam Assassin (on unix) could be achieved as follows:
g_filter_pipe "/usr/local/bin/spamassasin -P"

Advanced mail rules

Using elaborate rules customised policies can be setup for mail forwarding, archiving and filtering. Filtering will typically be used to limit mail based on content or subject matter. An alternative use for filtering is to take some form of action on messages identified as spam by SmiteSpam or external spam identification filters.

SurgeMail supports mfilter based mail filtering, and for backward compatibility DMail filters.

Basic mfilter rules can be configured from the Spam Filter Rules link on the global settings page of the Web Admin interface. Mfilter rules can be very elaborate and in this case it is neccessary to edit the mfilter.rul file directly. See the mfilter manual page for more information on mfilter syntax.

eg this could allow you to setup policies that

• Bounce all mail with undesirable subject matter in subject line or body
• Drop or bounce mail that has been identified as almost certainly spam by a spam detection system

Friends only system

The friends only system allows users to opt to receive messages only from friends. Non friends are automatically questioned to determine if they are human. All mail from non friends is held pending on the server until the user decided what to do with it. Status reports are sent to the user on a regular basis to provide information on the Friends system and any mail pending delivery.

Further information on configuring the friends system.