openefilter-bigslider

Sick of spam? Fear the virus?

Order Contact

 

OpenEFilter is a complete email content filter, virus scanner, and spam blocker for qmail. Inter7 has gathered a group of open source email scanning products that have been thoroughly tested and optimized to work together as a world-class open source content scanner for your Qmail server.

Twelve Layers of Protection

All incoming mail goes through these twelve layers of protection:7 Layers

Twelve Layers of Protection

1. Reverse DNS SMTP Check
2. Remote Black Hole SMTP Check
3. Recipient Check
4. Suspect Windows Virus BotNet Connections
5. Customer Sent Mail Policy
6. Spam Reject
7. Virus Detection
8. SPF Protection
9. Throttling
10. Fail2Ban
11. DKIM Signing of OutGoing email
12. Certificate Authority SSL Certificate

“Once again Inter7 comes through. Great job.” —M.D.

Layer 1 Reverse DNS SMTP Check The first layer uses a reverse DNS check from the senders IP. It checks to make sure we have a valid reverse DNS. The IPs of a mail server should have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It has become an increasing common practice and standard operating procedure for all mail servers to not accept mail from mail servers without a reverse DNS entry.

Layer 2 Remote Black Hole SMTP Check
The IP address of the sender is checked against “remote black hole” lists. We recommend and use sbl-xbl.spamhaus.org. This real time list keeps track of IP addresses that have been reported and confirmed to be sending spam. The sbl part of the list keeps track of email servers sending spam. The xbl part of the list keeps track of machines that have been exploited and are sending spam. So, if the sender is on one of these lists we reject the email during the smtp conversation with a failure message. A failure message tells the sender to not attempt to send the email again.

Layer 3 Recipient Check
The third layer uses the chk-user patch to the qmail-smtpd daemon. It checks to make sure the recipient exists on the machine. It checks for email accounts, mailing lists and aliases. If none of these exist for the recipient then it rejects the email with a failure, telling the sender to not send the email again.

Without this layer, all incoming email is accepted. Any of the email which can’t be delivered locally (no existing user accounts) is normally bounced back to the sender. The problem is, most spam sites do not accept the returned bounce message. This means the email will stay in the queue for days (default 7 days) and qmail will keep attempting delivery. The chk-user layer keeps all of this email off the machine.

Layer 4 Suspect Windows Virus BotNet Connections
The next layer takes a finger print of the packet to determine the source of the email. New sophisticated viruses, worms and bots (BotNet) turn PC’s into rogue mailing machines on the Internet. Typical users aren’t going to know about their presence. They operate quietly in the background, belonging to users who unknowingly downloaded nasty programs. The infected computer then begins to send out spam without the knowledge of the owner. This makes them hard to spot if you’re using only a few filtering techniques. The sudden appearance of new sources of spam also makes it more difficult for companies to rely merely on RBL’s of known junk e-mail distributors. Multiple source filtering is needed.

The explosion of image spam this year is largely due to an increase of BotNet Connections.

Layer 5 Customer Sent Mail
Next the email is examined for customer sent qualities. If valid, the customers are able to email with authority.

Layer 6 Spam Reject (Two Options DSPAM* and SpamAssassin)

  1. This stage happens when qmail delivers the email into a users account. It is passed through SpamAssassin which does content filtering. Spamassassin picks up the global spamassassin preferences and then the users individual preferences. If the email is identified as spam it modifies the subject line, placing [SPAM] at the beginning of the subject. Users can configure their email clients to filter [SPAM] messages into the trash.
  2. * Recommended, DSPAM is a server-side statistical anti-spam agent for Unix email servers. It masquerades as the email server’s local delivery agent and effectively filters spam using a combination of de-obfuscation techniques, specialized algorithms, and statistical analysis. The result is an administratively maintenance-free, self-learning anti-spam tool. DSPAM has yielded real-world success rates beyond 99.9% accuracy with less than a 0.01% chance of false positives.

Layer 7  Virus Detection
The seventh step is when email is sent through the ClamAV anti virus scanning system. If the email contains a virus, an error message is passed up to the smtp daemon which returns a failure message to the sender. This keeps all viruses off the machine.

Layer 8 SPF Protection
SPF protection can optionally check if a sending domain has an SPF DNS record set up and reject the email if it is not coming from a valid IP.

Layer 9 Throttling
Limits can be set per user or per domain to stop accounts from sending out too much email per day. This is useful for blocking computers that are infected with viruses that send out Spam.

Layer 10 Fail2Ban
Fail2Ban can monitor mail logs to stop brute force account and password guessing. IPs that attempt to guess accounts or passwords get automatically blocked and can not get access to the server.

Layer 11 DKIM Signing of OutGoing email
All outgoing emails get signed with a DKIM signature that can verify the email came from the mail server and were not forged.

Layer 12 Certificate Authority SSL Certificate
All email services like smtp, imap and pop as well as web server can be encrypted and verified by a Certificate Authority. So users know sensitive information is encrypted. It protects against cyber criminals, builds brand trust and brand power.

Open eFilter Guide

Open eFilter will keep your inbox clean, your computer safe, and spam at a minimum — all with open source software

Helpful tips and hints using Open eFilter

Do you want to stop seeing spam coming into your inbox? It’s simple and easy to do. Open efilter by default will rewrite your emails with a new prefix to your subjects. Some of them will now start to begin with: [SPAM] See the section below for a detail list on “How To” or if you are comfortable with using your mail client software, simply set up a new rule to look for a specific word, or phrase and move those messages to another folder.

Open eFilter is going to rewrite certain headers and more noticeably the “SUBJECT” line with your providers notice, in this example below it’s rewritten with the default beginning with the word [SPAM]

You will start seeing new messages enter your inbox with messages looking like this above, this is an example screen shot from Microsoft Outlook 2003 with Open eFilter running. We recommend to folks who don’t want to see spam in their inbox to create a rule or filter in the email client to move mail with [SPAM] in the subject into a different folder. If you set up your message filters like this, then it kind of works like a personal quarantine folder.

1. What to do about a legit email that is tagged [SPAM]?

False positives are rare but they can happen. If they do, it is usually at the beginning stages (first month or two) after an Open Efilter installation. If you find any good emails that happen to arrive in a folder and or messages tagged [SPAM] that are not spam, then move the email into your NoSpam folder. The system will automatically learn that the email is not spam and delete it it from your NoSpam folder.

2. What to do about a spam email that is not tagged [SPAM]?

False negatives may occur when new spam messages are flooding your system. If you find any messages which were not tagged with the subject [SPAM] that really are spam, then move the message into your Junk Folder to get these messages blocked in the future. The system will automatically learn the email is spam and delete it from your Junk folder.


“How To” for Setting Up New Rules in MS Outlook 2003

Start by opening up MS Outlook

Now pressing the Tools (A) button, then open the frame and click on Rules and Alerts… (B).

You may get a Rules and Alerts warning if you’ve upgraded. Simply press No (C) or Yes.

Now press on New Rule… (D)

Now click on Move messages with specific words in the subject to a folder (E), then click on specific words (F)

Now type in the field: [SPAM] (G) and press Add (H)

Now press in Step 2: move it to the specific folder (I)

Now assign the folder you want to guaranteed your mail, we suggest the Junk E-mail folder (J) then press OK (K)

Now click on Finish (L)

Now you are almost there, let’s click on Run Rules Now… (M) and then click on Apply (N)

Now your done.

NOTE: When Open eFilter is initially installed, there may be a couple of false positives, make sure you check your quarantine (Junk E-Mail) folder to double check that you are not moving legitimate email you want to see/read. If you find any good emails that happen to arrive in the new folder and or messages tagged [SPAM] that are not spam, then forward those messages to

To: nospam@yourdomain

If you find any messages which were NOT tagged with the subject [SPAM] that are really spam, then forward those messages to

To: spam@yourdomain

to get these messages blocked in the future.


About Inter7 Internet Technology, Inc.

Inter7 is a software development company known in the open source community for creating world class, products that offer real solutions for today’s confusing IT choices. Based in the Chicagoland area, Inter7 provides remote and on site networking solutions around the world. From extensive, international support contracts servicing clients 24 hours a day to the individual installations of communication servers, you can be assured of cost effective solutions and peace of mind.

Inter7 boasts a customer base in excess of 2,000 companies worldwide. 700,000+ email accounts managed.  Installation of ISP and commercial grade email systems over 2,000 times. We actively manage 20 large cluster ISP email installations, we have been in business over ten years, since 1997. We are primary developers of major parts of second largest MTA in the world (qmail) related software. Finally, we offer 24×7 global support.

Inter7 success is based on utilizing the service model of business for open source/free software, they have enabled companies, contractors, and developers to maintain their own servers, contribute source code, and became a tier one commercial communication and email (qmail) support provider as well.

 

Thank you for your interest and support of free and open source software.

For more information or support, please contact us online or call our offices at (815) 776-9465.

Copyright © 2012