SPAMCONTROL
SPAMCONTROL is an extension qmail. Though mainly used
to filter and control unsolicited commercial E-Mails (UCE/SPAM),
since release 2 it includes substantial ESMTP protocol enhancements
for qmail.
Features of SPAMCONTROL 2.6:
Enhancements for qmail-smtpd
- ESMTP enhancements
- Strict RFC 2821 conformance.
- Reference 'Mail From:' parameter parser, supporting SIZE
(RFC 1870) and AUTH options.
- Customizable SMTP Authentication (RFC
2554) support for LOGIN, PLAIN, and CRAM-MD5.
- Optional STARTTLS (RFC 2487) support in conjunction with
sslserver.
- SMTP envelope Anti-Spam-Tools
- Wildmat Filters for the HELO/EHLO greeting and the 'Mail From: ' in Split-Horizon fashion.
- DNS Lookup for the HELO/EHLO greeting (A/MX) and the domain part of the 'Mail From:' (MX).
- Customizable HELO/EHLO greeting checks supporting smart exceptions.
- Tarpitting and Smart Rejection in case of too many invalid Recipients.
- Mail From: Address Verification (MAV)
- Check, whether for Relayclients the domain part of
corresponds to a local address (Reverse Split-Horizon).
- Full control of outgoing Mail From: SMTP envelope addresses
in case of a SMTP authenticated user.
- Enhanced control/badmailfrom support
- Wildmat filter.
- 'badmailfromunknown' capabilities.
- Additional 'badmailfromwellknown' filter (ie. 'hotmail.com', 'yahoo.com'),
thus the domain part of the address has to match the sending host's domain.
- Anti-spoofing of own addresses.
- Recipients extensions
- control/badrcptto wildmat filter.
- Restricting the number of allowed 'Rcpt To:' per SMTP session.
- Whitelisting: Controlling the reception of mails not only
on a control/rcpthosts base but rather on the complete
with domain-based, fast, and extensible cdb and /or PAM lookup.
including wilddomains and VERP support, as well as fail-open and fail-close behavior.
- Customizable 550 or 450 return messages.
- Virus prevention
- Reference badmimetypes implementation.
- Additional badloadertypes filter.
- Qmail High Performance Scanner Interface (QHPSI).
- Customizable SMTP 554 Reply Message.
- qmail-smtpd logging
- Extensible logging format.
- Logging for failed and accepted SMTP sessions.
- qmail-smtpd gadgets
- Customizable qmail-smtpd 5xy failure return messages.
- Interrogatable SMTP envelope and protocol information.
Enhancements for qmail-remote
- Flexible SMTPS and STARTTLS implementation based on sslserver.
- Extensible control of SMTP server validation/verification
via tlspeerhosts.
- Sending Domain based presentation of client X.509 certificate by
means of domaincerts.
- QMTP support.
- Additional qmtproutes control files (with delivery
precedence of authsenders and smtproutes).
- SMTP Authentication
- Supported are Auth types LOGIN and PLAIN.
- Additional authsenders control file.
- Fast delivery
- Delivery to any DNS listed MX for that domain instead just the primary.
- Increased read buffer for delivery.
- Bounce Host support:
- Forward qmail-send bounces to dedicated QMTP hosts.
- Forward qmail-send bounces to dedicated SMTP hosts.
Enhancements for qmail-pop3d
Enhancements for qmail-queue
- High speed virus scanner by means of QHPSI.
- Additional QMAILQUEUE (Extra) usage.
- Additional qmail-queue.scan script for virus and spam scanning on a RAM disk.
- Optional BIGTODO support.
Enhancements for qmail-send:
- Bounce control
- Restricting the size of bounces.
- Doublebouncetrim.
- Additional recognition of local IP addresses
- control/moreipme
- control/notipme
External enhancements:
- Seamless support for djbdns lib instead libresolv.
- qmail-mrtg interface.
- Newanalyse for log-file processing.
Download:
Add-Ons:
Available are the following add-ons:
- cmd5checkpw Version
0.30 (MD5: 73dee86cde7759a2a670cf14c34015d1)
checkpassword compliant PAM to allow CRAM-MD5 authentication
for qmail-smtpd.
- newanalyse
A must to maintain and analyze the qmail logs; in particular SPAMCONTROL's output.
- Qmail MRTG Version 2.11
(MD5: 3f0948d21a74922d658e1f355a349f58)
Enhanced version of the Qmail MRTG to read qmail-smtpd's
logs provided by SPAMCONTROL.
For a working sample please check FEHCom.net.
- A LDAP-Pam (Version 0.9.2)
to query the Mail-Attribute for existing Users in the LDAP directory.
UCSPI-SSL Dependencies:
qmail-smtpd as well as now qmail-remote will use
Superscripts' UCSPI-SSL
libraries. Thus, UCSPI-SSL has to be installed before.
However, sslserver and sslclient are general-purpose programs, which
lack some aspects of certificate validation.
I actively support William Erik Baxter's UCSPI-SSL, thus it will meet the
current needs of the OpenSSL 1.0.0 implementation.
Usage:
SPAMCONTROL is suited for Internet Mail Gateway using Qmail,
not for an end-user trying to get rid of Spam E-Mails.
- SPAMCONTROL should be applied against qmail-1.03 and
not netqmail-1.0x because it incorporates most of it's fixes.
- SPAMCONTROL modifies the behavior of qmail-smtpd heavily
(far above what was intentionally designed by Dan Bernstein).
- SPAMCONTROL can be customized prior of compilation (conf-XXX).
Documentation:
It is important to have a good understanding of the pros'n'cons
using SPAMCONTROL. Please consult the
- detailed README
and the
- INSTALL instructions
- in addition, upgraders from SPAMCONTROL 2.5 to 2.6 need to
read the Release notes.
Note: The badmailfrom settings have been slightly enhanced!
- GREETDELAY is explained here.
- Here's my documentation about SMTP Authentication.
- A reasonable explanation about Transport Layer Security TLS will come soon.
- This site from Willem Froehling
is a good start about TLS (in German language!).
- If you like to know how to secure your TLS connections with qualified Cipher-Suites,
Ralf Ertzinger provides the required information.
Errata:
|
