All incoming mail goes through these seven layers of protection:
Seven Layers of Protection
1. Reverse DNS SMTP Check
2. Remote Black Hole SMTP Check
3. Recipient Check
4. Suspect Windows Virus BotNet Connections
5. Customer Sent Mail
6. Spam Reject
7. Virus Detection
Layer 1 Reverse DNS SMTP Check
The first layer uses a reverse DNS check from the senders IP. It checks to make sure we have a valid reverse DNS. The IPs of a mail server should have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It has become an increasing common practice and standard operating procedure for all mail servers to not accept mail from mail servers without a reverse DNS entry.
Layer 2 Remote Black Hole SMTP Check
The IP address of the sender is checked against "remote black hole" lists. We recommend and use sbl-xbl.spamhaus.org. This real time list keeps track of IP addresses that have been reported and confirmed to be sending spam. The sbl part of the list keeps track of email servers sending spam. The xbl part of the list keeps track of machines that have been exploited and are sending spam. So, if the sender is on one of these lists we reject the email during the smtp conversation with a failure message. A failure message tells the sender to not attempt to send the email again.
Layer 3 Recipient Check
The third layer uses the chk-user patch to the qmail-smtpd daemon. It checks to make sure the recipient exists on the machine. It checks for email accounts, mailing lists and aliases. If none of these exist for the recipient then it rejects the email with a failure, telling the sender to not send the email again.
Without this layer, all incoming email is accepted. Any of the email which can't be delivered locally (no existing user accounts) is normally bounced back to the sender. The problem is, most spam sites do not accept the returned bounce message. This means the email will stay in the queue for days (default 7 days) and qmail will keep attempting delivery. The chk-user layer keeps all of this email off the machine.
Layer 4 Suspect Windows Virus BotNet Connections
The next layer takes a finger print of the packet to determine the source of the email. New sophisticated viruses, worms and bots (BotNet) turn PC's into rogue mailing machines on the Internet. Typical users aren't going to know about their presence. They operate quietly in the background, belonging to users who unknowingly downloaded nasty programs. The infected computer then begins to send out spam without the knowledge of the owner. This makes them hard to spot if you're using only a few filtering techniques. The sudden appearance of new sources of spam also makes it more difficult for companies to rely merely on RBL's of known junk e-mail distributors. Multiple source filtering is needed.
The explosion of image spam this year is largely due to an increase of BotNet Connections.
Layer 5 Customer Sent Mail
Next the email is examined for customer sent qualities. If valid, the customers are able to email with authority.
Layer 7 Virus Detection
The last step is when email is sent through the ClamAV anti virus scanning system. If the email contains a virus, an error message is passed up to the smtp daemon which returns a failure message to the sender. This keeps all viruses off the machine.