SPAMCONTROL is a qmail extension. Though mainly used
to filter and control unsolicited commercial E-Mails (UCE/SPAM),
since release 2 it includes substantial ESMTP protocol enhancements
Features of SPAMCONTROL 2.7:
Enhancements for qmail-smtpd
- ESMTP enhancements
- Strict RFC 2821 conformance.
- Reference 'Mail From:' parameter parser, supporting SIZE
(RFC 1870) and AUTH options.
- Customizable SMTP Authentication (RFC
2554) support for LOGIN, PLAIN, and CRAM-MD5 including SUBMISSION feature.
- Optional STARTTLS (RFC 2487) support in conjunction with sslserver.
- SMTP envelope Anti-Spam-Tools
- Wildmat Filters for the HELO/EHLO greeting and the 'Mail From: ' in Split-Horizon fashion.
- DNS Lookup for the HELO/EHLO greeting (A/MX) and the domain part of the 'Mail From:' (MX).
- Customizable HELO/EHLO greeting checks supporting smart exceptions.
- Tarpitting and Smart Rejection in case of too many invalid Recipients.
- SPF and RBLSMTPD hook to display information in the email header.
- Mail From: Address Verification (MAV)
- Check, whether for Relayclients the domain part of
corresponds to a local address (Reverse Split-Horizon).
- Full control of outgoing Mail From: SMTP envelope addresses
in case of a SMTP authenticated user.
- Enhanced control/badmailfrom support
- Wildmat filter.
- 'badmailfromunknown' capabilities.
- Additional 'badmailfromwellknown' filter (ie. 'hotmail.com', 'yahoo.com'),
thus the domain part of the address has to match the sending host's domain.
- Anti-spoofing of own addresses.
- Recipients extensions
- control/badrcptto wildmat filter.
- Restricting the number of allowed 'Rcpt To:' per SMTP session.
- Whitelisting: Controlling the reception of mails not only
on a control/rcpthosts base but rather on the complete
with domain-based, fast, and extensible cdb and /or PAM lookup.
including wilddomains and VERP support, as well as fail-open and fail-close behavior.
- Customizable 550 or 450 return messages.
- qmail-smtpam in addition to the ldapam.pl.
- Virus prevention
- Reference badmimetypes implementation.
- Additional badloadertypes filter.
- Qmail High Performance Scanner Interface (QHPSI).
- Customizable SMTP 554 Reply Message.
- qmail-smtpd logging
- Extensible logging format.
- Logging for failed and accepted SMTP sessions.
- qmail-smtpd gadgets
- Customizable qmail-smtpd 5xy failure return messages.
- Interrogatable SMTP envelope and protocol information.
- Deliverto capability: Mail can be forwarded to any recipient.
- X-RBL-Info: header.
Enhancements for qmail-remote
- Flexible SMTPS and STARTTLS implementation based on UCSPI-SSL libraries.
- Extensible control of SMTP server validation/verification
- Sending Domain based presentation of client X.509 certificate by
means of domaincerts.
- QMTP support.
- Additional qmtproutes control files (with delivery
precedence of authsenders and smtproutes).
- SMTP Authentication
- Supported are Auth types LOGIN, PLAIN, and CRAM-MD5.
- Additional authsenders control file.
- Authenticated relaying by means of control/smtproutes
- Fast delivery
- Delivery to any DNS listed MX for that domain instead just the primary.
- Increased read buffer for delivery.
- Bounce Host support:
- Forward qmail-send bounces to dedicated QMTP hosts.
- Forward qmail-send bounces to dedicated SMTP hosts.
Enhancements for qmail-pop3d
- STLS support.
- CAPA announcement.
- Logging of accepted and rejected session.
Enhancements for qmail-queue
- High speed virus scanner by means of QHPSI.
- Additional QMAILQUEUE (Extra) usage.
- Additional qmail-queue.scan script for virus and spam scanning on a RAM disk.
- BIGTODO support.
Enhancements for qmail-send:
- Restricting the size of bounces.
- Seamless support for djbdns lib instead libresolv.
- qmail-mrtg interface.
- Newanalyse for log-file processing.
- SPAMCONTROL Version 2.7.25
- Previous: SPAMCONTROL Version 2.6.24
- Previous: SPAMCONTROL Version 2.5.27
for clamav 0.9x.y to enable logging to STDERR; this patch might
need to be modified for forthcoming ClamAV versions.
providing 'delayed' (i.e. STARTTLS/STLS) TLS support.
- ucspi-tcp6 with
IPv6 capabilities, CIDR support and RBLSMTPD promotion to qmail-smtpd.
- badmimetypes (date: 20.8.2010 - including
double and triple Base64 encoded Windows executables and some patterns for current trojans).
- badloadertypes (including
recognition of KERNEL32.DLL).
Available are the following add-ons:
- cmd5checkpw Version
0.30 (MD5: 73dee86cde7759a2a670cf14c34015d1)
checkpassword compliant PAM to allow CRAM-MD5 authentication
A must to maintain and analyze the qmail logs; in particular SPAMCONTROL's output.
newanalyse version 1.80 supports SPAMCONTROL 2.7 !
- qmail-mrtg version 3.01
Enhanced version of the Qmail MRTG to read qmail-smtpd's
logs provided by SPAMCONTROL.
For a working sample please check FEHCom.net.
- A LDAP-Pam (Version 0.9.2)
to query the Mail-Attribute for existing Users in the LDAP directory.
qmail-smtpd as well as now qmail-remote will use my version of
libraries. Thus, UCSPI-SSL has to be installed before.
SPAMCONTROL is suited for Internet Mail Gateway using Qmail,
not for an end-user trying to get rid of Spam E-Mails.
- SPAMCONTROL should be applied against qmail-1.03 and
not netqmail-1.0x because it incorporates most of it's fixes.
- SPAMCONTROL modifies the behavior of qmail-smtpd heavily
(far above what was intentionally designed by Dan Bernstein).
- SPAMCONTROL can be customized prior of compilation (conf-XXX).
- SPAMCONTROL supports the AMD64 environment and can be compiled with clang.
It is important to have a good understanding of the pros'n'cons
using SPAMCONTROL. Please consult the
- [2.7.25] Fixed (C/)R conversion bug for qmail-smtpd;
added provisional Greylisting recognition for qmail-remote.
- [2.7.24] Streamlined with qmail-authentication 0.8.1.
- [2.7.23] Fixed some residual integration bugs and streamlined/updated docs;
added badmail from mismatched domains; SPF hook working now,
aligned with SMTP Authentication 0.8 to provided authenticated smarthost relaying.
- [2.7.20] Integration bug: installation stops with missing man/man3 and man/cat3 directory.
Workaround: Simply create those and continue installation.
- [2.7.20] TLS vulnerability VU#555316 is fixed.
- [2.6.24] Includes the RECIPIENTS bug fix for wilddomains. Last public version of the 2.6 development cycle.
- [2.5.27] Last public version of release 2.5.