SPAMCONTROL

SPAMCONTROL is a qmail extension. Though mainly used to filter and control unsolicited commercial E-Mails (UCE/SPAM), since release 2 it includes substantial ESMTP protocol enhancements for qmail.

Features of SPAMCONTROL 2.7:

Enhancements for qmail-smtpd

• ESMTP enhancements
  • Strict RFC 2821 conformance.
  • Reference 'Mail From:' parameter parser, supporting SIZE (RFC 1870) and AUTH options.
  • Customizable SMTP Authentication (RFC 2554) support for LOGIN, PLAIN, and CRAM-MD5 including SUBMISSION feature.
  • Optional STARTTLS (RFC 2487) support in conjunction with sslserver.
• SMTP envelope Anti-Spam-Tools
  • Wildmat Filters for the HELO/EHLO greeting and the 'Mail From: ' in Split-Horizon fashion.
  • DNS Lookup for the HELO/EHLO greeting (A/MX) and the domain part of the 'Mail From:' (MX).
  • Customizable HELO/EHLO greeting checks supporting smart exceptions.
  • Tarpitting and Smart Rejection in case of too many invalid Recipients.
  • SPF and RBLSMTPD hook to display information in the email header.
• Mail From: Address Verification (MAV)
  • Check, whether for Relayclients the domain part of corresponds to a local address (Reverse Split-Horizon).
  • Full control of outgoing Mail From: SMTP envelope addresses in case of a SMTP authenticated user.
• Enhanced control/badmailfrom support
  • Wildmat filter.
  • 'badmailfromunknown' capabilities.
  • Additional 'badmailfromwellknown' filter (ie. 'hotmail.com', 'yahoo.com'), thus the domain part of the address has to match the sending host's domain.
  • Anti-spoofing of own addresses.
• Recipients extensions
  • control/badrcptto wildmat filter.
  • Restricting the number of allowed 'Rcpt To:' per SMTP session.
  • Whitelisting: Controlling the reception of mails not only on a control/rcpthosts base but rather on the complete with domain-based, fast, and extensible cdb and /or PAM lookup. including wilddomains and VERP support, as well as fail-open and fail-close behavior.
  • Customizable 550 or 450 return messages.
  • qmail-smtpam in addition to the ldapam.pl.
• Virus prevention
  • Reference badmimetypes implementation.
  • Additional badloadertypes filter.
  • Qmail High Performance Scanner Interface (QHPSI).
  • Customizable SMTP 554 Reply Message.
• qmail-smtpd logging
  • Extensible logging format.
  • Logging for failed and accepted SMTP sessions.
• qmail-smtpd gadgets
  • Customizable qmail-smtpd 5xy failure return messages.
  • Interrogatable SMTP envelope and protocol information.
  • Deliverto capability: Mail can be forwarded to any recipient.
  • X-RBL-Info: header.

Enhancements for qmail-remote

• Flexible SMTPS and STARTTLS implementation based on UCSPI-SSL libraries.
  • Extensible control of SMTP server validation/verification via tlsdestinations.
  • Sending Domain based presentation of client X.509 certificate by means of domaincerts.
• QMTP support.
  • Additional qmtproutes control files (with delivery precedence of authsenders and smtproutes).
• SMTP Authentication
  • Supported are Auth types LOGIN, PLAIN, and CRAM-MD5.
  • Additional authsenders control file.
  • Authenticated relaying by means of control/smtproutes .
• Fast delivery
  • Delivery to any DNS listed MX for that domain instead just the primary.
  • Increased read buffer for delivery.
• Bounce Host support:
  • Forward qmail-send bounces to dedicated QMTP hosts.
  • Forward qmail-send bounces to dedicated SMTP hosts.

Enhancements for qmail-pop3d

• STLS support.
• CAPA announcement.
• Logging of accepted and rejected session.

Enhancements for qmail-queue

• High speed virus scanner by means of QHPSI.
• Additional QMAILQUEUE (Extra) usage.
• Additional qmail-queue.scan script for virus and spam scanning on a RAM disk.
• BIGTODO support.

Enhancements for qmail-send:

• Restricting the size of bounces.
• Doublebouncetrim.

External enhancements:

• Seamless support for djbdns lib instead libresolv.
• qmail-mrtg interface.
• Newanalyse for log-file processing.

Download:

• SPAMCONTROL Version 2.7.25 (MD5: 33f3ef3e8923bba46a54f58d3dd7189e).
• Previous: SPAMCONTROL Version 2.6.24 (MD5: f1b3a118aa80bfc0352c2b5a1bb467f5).
• Previous: SPAMCONTROL Version 2.5.27 (MD5: 94e9948c3d7dfa25f4e85c90502188c2).
• Patch for clamav 0.9x.y to enable logging to STDERR; this patch might need to be modified for forthcoming ClamAV versions.
• ucspi-ssl providing 'delayed' (i.e. STARTTLS/STLS) TLS support.
• ucspi-tcp6 with IPv6 capabilities, CIDR support and RBLSMTPD promotion to qmail-smtpd.
• badmimetypes (date: 20.8.2010 - including double and triple Base64 encoded Windows executables and some patterns for current trojans).
• badloadertypes (including recognition of KERNEL32.DLL).

Add-Ons:

Available are the following add-ons:

• cmd5checkpw Version 0.30 (MD5: 73dee86cde7759a2a670cf14c34015d1)
  checkpassword compliant PAM to allow CRAM-MD5 authentication for qmail-smtpd.
• newanalyse A must to maintain and analyze the qmail logs; in particular SPAMCONTROL's output.
  newanalyse version 1.80 supports SPAMCONTROL 2.7 !
• qmail-mrtg version 3.01 (MD5: f029e813b8af29b41109c2f134580678)
  Enhanced version of the Qmail MRTG to read qmail-smtpd's logs provided by SPAMCONTROL.
  For a working sample please check FEHCom.net.
  
• A LDAP-Pam (Version 0.9.2) to query the Mail-Attribute for existing Users in the LDAP directory.

UCSPI-SSL Dependencies:

qmail-smtpd as well as now qmail-remote will use my version of Superscripts' UCSPI-SSL libraries. Thus, UCSPI-SSL has to be installed before.

Usage:

SPAMCONTROL is suited for Internet Mail Gateway using Qmail, not for an end-user trying to get rid of Spam E-Mails.

• SPAMCONTROL should be applied against qmail-1.03 and not netqmail-1.0x because it incorporates most of it's fixes.
• SPAMCONTROL modifies the behavior of qmail-smtpd heavily (far above what was intentionally designed by Dan Bernstein).
• SPAMCONTROL can be customized prior of compilation (conf-XXX).
• SPAMCONTROL supports the AMD64 environment and can be compiled with clang.

Documentation:

It is important to have a good understanding of the pros'n'cons using SPAMCONTROL. Please consult the

• detailed README and the
• INSTALL instructions
• in addition, upgraders from SPAMCONTROL 2.6 to 2.7 need to read the Release notes.
  Note: The badmailfrom settings have been slightly enhanced!
• GREETDELAY is explained here.
• Here's my documentation about SMTP Authentication.
• A reasonable explanation about Transport Layer Security TLS will come soon.
• This site from Willem Froehling is a good start about TLS (in German language!).
• If you like to know how to secure your TLS connections with qualified Cipher-Suites, Ralf Ertzinger provides the required information.
• Renato Botelho and my contribution explaining the qmail+spamcontrol port for FreeBSD on the EuroBSDCon 2010 in Karlsruhe.

Errata:

• [2.7.25] Fixed (C/)R conversion bug for qmail-smtpd;
      added provisional Greylisting recognition for qmail-remote.
• [2.7.24] Streamlined with qmail-authentication 0.8.1.
• [2.7.23] Fixed some residual integration bugs and streamlined/updated docs;
      added badmail from mismatched domains; SPF hook working now,
      aligned with SMTP Authentication 0.8 to provided authenticated smarthost relaying.
• [2.7.20] Integration bug: installation stops with missing man/man3 and man/cat3 directory.
      Workaround: Simply create those and continue installation.
• [2.7.20] TLS vulnerability VU#555316 is fixed.
• [2.6.24] Includes the RECIPIENTS bug fix for wilddomains. Last public version of the 2.6 development cycle.
• [2.5.27] Last public version of release 2.5.

[Impressum]

[FEHCom]

[top]