Antispam System

© 1998 Digital Integration (NZ) Ltd

 

 

Requirements

i-MailDS antispam is comprised of several components. These range from basic IP address blocking and e-mail address blocking, through to an advanced heuristics engine coupled with realtime blackhole list support.

Basic IP and e-mail address are provided as part of the base i-MailDS package. The heuristic scanner and RBL system are an add-in component that must be purchased separately from http://www.imailds.com. You can, however, try out these services for 14 days to see how they will save you time and money by drastically reducing spam from your mailbox.

 

Resources

    NoSpam setup guide
    NoSpam rule writing guide

 

Antispam Heuristics

To enable antispam heuristics, access the antispam screen from the Services/Security tab in admin. This will bring you to this page:

The heuristics scanner is an advanced mail analyzer that, using antispam rules, recognizes the difference between a normal message and unsolicited mail (spam).

Different mail sources can be analyzed for spam by setting the service scope. Normally it is not necessary to scan local mail, and outbound mail typically doesn't need scanning, unless anti-relay has not been configured.

A maximum scan size can be set for scanning spam, and since spam is usually just advertising with a few small images, a figure between 50 and 100 kb normally suffices.

The score threshold system in i-MailDS is rather complicated and should be left at its default value. Once you have worked with the system for a while you may like to change the thresholds to better suit your environment.

For each score threshold you can set a corresponding action which will determine whether the message is allowed to continue to its intended recipient, and whether to tag its subject and/or redirect to a safe hold for resending pending viewing by a user or administrator.

Detailed information on the rule system can be found in this document: RuleMan.pdf.  (requires Adobe Acrobat reader)

Periodic updates to rules can be downloaded from our web site at http://www.imailds.com/download/nospam/rules

 

Realtime Blackhole Lists (RBL)

RBL servers are services provided by various organizations, both public and private, to assist in preventing the spread of unsolicited mail. The means of doing this is providing databases of potential spam sources, which most commonly occur on legitimate mail systems that are known as open-relays. These servers are normal mail servers on company networks that spammers can use as the launching point for their spam attacks. By using these mail servers, the spammers don't pay to send the e-mail, but put the burden on the unsuspecting company.

From time to time spam will come to you from an e-mail server of a company you do business with, in which case you may not want to fully block mail from them, but deal with their mail more carefully than from an unlisted source.

With RBL in i-MailDS, there are two ways of using the databases. The first method is to act upon mail that comes from an RBL listed mail system by blocking, modifying or redirecting messages that are from these sources. This way you decide directly what to do with mail from a server that is open to spam attacks.

Alternatively you can integrate RBL with the antispam heuristic engine, in which case mail from open relay sources is prejudiced against by giving it an initial score because of its potential to be sending you spam. In this case, a spam message that might have 'got under the radar' of the heuristics engine will likely be trapped because it was from a potential spam relay.

You can specify as many RBL sources as you like in the lookup list, however the more you add, the longer it takes for mail clients to connect, and the most popular RBL lists often contain most of the same information.

For information on which RBL lists to use, ask on the i-MailDS forums as these sites do change and the example given may not be available at the time of implementing your RBL system - but do try it first. You can also do an internet search for 'RBL servers' and will most likely find several lists which have been put together.

 

Exceptions

Exceptions are used to 'whitelist' e-mail addresses from the antispam heuristic system, and IP addresses from the RBL system.

It is a good idea to add frequent senders to your system to the whitelist to prevent the chance of false positive spam detection (non-spam that is detected as being spam). Also, news lists subscriptions often require whitelisting as they usually contain features common with spam, such as nice formatting, and frequently sales pitches.

IP address exceptions for RBL should be added for all of your internal network IP address ranges, as RBL lookups can add significant time to the connection process of e-mail clients. Also, known good sources of mail can be added here to ease mail delivery for those people. It can also be used when a known sender has been 'blacklisted' by the RBL lists. This will allow their mail to get through until they resolve their open-relay or spam problem.

 

Address blocking

Address blocking works with the base version of i-MailDS. You may specify full addresses, or use the '*' wildcard to block partial addresses as shown in the example below.