Filtering email

From Syscore

OIT runs server-side mail filtering on it's incoming and outgoing email service. The filtering is performed utilizing the Sendmail milter interface on the mail transport machines.

Contents 1 Levels of Protection 1.1 1) Protocol Adherence and Rate Limiting 1.2 2) Greylisting 1.3 3) ClamAV 1.4 4) SpamAssassin 2 Software 2.1 Milter Interface 2.2 GreyList 2.2.1 /etc/mail/greylist-white 2.2.2 /etc/mail/greylist-dnswhite 2.2.3 /etc/mail/greylist-rcptexclude 2.3 ClamAV 2.4 Spam 2.5 ListprocMunge

Levels of Protection

UMBC has 4 levels of protection from Spam & Viruses.

1) Protocol Adherence and Rate Limiting

• Enforcement of SMTP greeting protocol rules, also known as the Greet Pause.
• Rate limits on off-campus IPs
• Connection count limits on off-campus IPs.

2) Greylisting

• See http://www.umbc.edu/oit/news/archives/2006/11/greylisting_faq.html and http://www.greylisting.org/

3) ClamAV

An advanced, open source Anti-Virus system; also contains signatures for popular phishing scams.

4) SpamAssassin

SpamAssassin - This software analyzes the content of messages and "scores" a message, negatively or positively, using various rules and patterns that may occur in SPAM or legitimate email. When you set your "spam threshold" in MyUMBC, your filtering is based on the score that SpamAssassin gives to a message. Lots of information on it at http://spamassassin.apache.org/.

Software

Milter Interface

UMBC runs a piece of software called MilterMonkey, which acts as framework for running multiple mail filters -- handling some of the upper level ooglyness of milters being multi-threaded so you don't have to. It currently runs four modules, in the following order.

GreyList

This is a simple perl-based implementation of the three-element greylisting described at [1]. Each 'mx' server writes to their own GDBM-based database of triples, states and timestamps, and they're distributed periodially (every 5 minutes) between the 5 mx servers. There are a couple configuration files it uses; changing all of these requires a restart of the milter software.

/etc/mail/greylist-white

These are IP prefixes that will be whitelisted from the greylisting process.

/etc/mail/greylist-dnswhite

These are DNS domains that are excluded from the greylisting process.

/etc/mail/greylist-rcptexclude

These are regular expressions that, if matched, exclude a recipient address from greylisting. They should be specified in the same format that would be passed on the SMTP RCPT command line.

ClamAV

We currently pass our mail through ClamAV, an open-source anti-virus solution.

Spam

Our mail is scanned through Spam Assassin.

ListprocMunge

This is a simple module that munges To: & Cc: addresses that contain listproc.umbc.edu to be lists.umbc.edu.