Sick of spam? Fear the virus?Order Contact
OpenEFilter is a complete email content filter, virus scanner, and spam blocker for qmail. Inter7 has gathered a group of open source email scanning products that have been thoroughly tested and optimized to work together as a world-class open source content scanner for your Qmail server.
Nine Layers of Protection
All incoming mail goes through these nine layers of protection:
Nine Layers of Protection
1. Reverse DNS SMTP Check
2. Remote Black Hole SMTP Check
3. Recipient Check
4. Suspect Windows Virus BotNet Connections
5. Customer Sent Mail
6. Spam Reject
7. Virus Detection
8. SPF Protection
“Once again Inter7 comes through. Great job.” —M.D.
Layer 1 Reverse DNS SMTP Check The first layer uses a reverse DNS check from the senders IP. It checks to make sure we have a valid reverse DNS. The IPs of a mail server should have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It has become an increasing common practice and standard operating procedure for all mail servers to not accept mail from mail servers without a reverse DNS entry.
Layer 2 Remote Black Hole SMTP Check
The IP address of the sender is checked against “remote black hole” lists. We recommend and use sbl-xbl.spamhaus.org. This real time list keeps track of IP addresses that have been reported and confirmed to be sending spam. The sbl part of the list keeps track of email servers sending spam. The xbl part of the list keeps track of machines that have been exploited and are sending spam. So, if the sender is on one of these lists we reject the email during the smtp conversation with a failure message. A failure message tells the sender to not attempt to send the email again.
Layer 3 Recipient Check
The third layer uses the chk-user patch to the qmail-smtpd daemon. It checks to make sure the recipient exists on the machine. It checks for email accounts, mailing lists and aliases. If none of these exist for the recipient then it rejects the email with a failure, telling the sender to not send the email again.
Without this layer, all incoming email is accepted. Any of the email which can’t be delivered locally (no existing user accounts) is normally bounced back to the sender. The problem is, most spam sites do not accept the returned bounce message. This means the email will stay in the queue for days (default 7 days) and qmail will keep attempting delivery. The chk-user layer keeps all of this email off the machine.
Layer 4 Suspect Windows Virus BotNet Connections
The next layer takes a finger print of the packet to determine the source of the email. New sophisticated viruses, worms and bots (BotNet) turn PC’s into rogue mailing machines on the Internet. Typical users aren’t going to know about their presence. They operate quietly in the background, belonging to users who unknowingly downloaded nasty programs. The infected computer then begins to send out spam without the knowledge of the owner. This makes them hard to spot if you’re using only a few filtering techniques. The sudden appearance of new sources of spam also makes it more difficult for companies to rely merely on RBL’s of known junk e-mail distributors. Multiple source filtering is needed.
The explosion of image spam this year is largely due to an increase of BotNet Connections.
Layer 5 Customer Sent Mail
Next the email is examined for customer sent qualities. If valid, the customers are able to email with authority.
- This stage happens when qmail delivers the email into a users account. It is passed through SpamAssassin which does content filtering. Spamassassin picks up the global spamassassin preferences and then the users individual preferences. If the email is identified as spam it modifies the subject line, placing [SPAM] at the beginning of the subject. Users can configure their email clients to filter [SPAM] messages into the trash.
- * Recommended, DSPAM is a server-side statistical anti-spam agent for Unix email servers. It masquerades as the email server’s local delivery agent and effectively filters spam using a combination of de-obfuscation techniques, specialized algorithms, and statistical analysis. The result is an administratively maintenance-free, self-learning anti-spam tool. DSPAM has yielded real-world success rates beyond 99.9% accuracy with less than a 0.01% chance of false positives.
Layer 7 Virus Detection
The seventh step is when email is sent through the ClamAV anti virus scanning system. If the email contains a virus, an error message is passed up to the smtp daemon which returns a failure message to the sender. This keeps all viruses off the machine.
Layer 8SPF Protection
SPF protection can optionally check if a sending domain has an SPF DNS record set up and reject the email if it is not coming from a valid IP.
GreyListing can optionally be enabled to defer the first attempt of delivery from an unknown IP. If the email server attempts delivery again after a few minutes the email is accepted. This helps block spam and allows good email from normal mail servers that attempt delivery if first attempt is deferred.
Open eFilter Guide
Open eFilter will keep your inbox clean, your computer safe, and spam at a minimum — all with open source software
Helpful tips and hints using Open eFilter
Do you want to stop seeing spam coming into your inbox? It’s simple and easy to do. Open efilter by default will rewrite your emails with a new prefix to your subjects. Some of them will now start to begin with: [SPAM] See the section below for a detail list on “How To” or if you are comfortable with using your mail client software, simply set up a new rule to look for a specific word, or phrase and move those messages to another folder.
Open eFilter is going to rewrite certain headers and more noticeably the “SUBJECT” line with your providers notice, in this example below it’s rewritten with the default beginning with the word [SPAM]
You will start seeing new messages enter your inbox with messages looking like this above, this is an example screen shot from Microsoft Outlook 2003 with Open eFilter running. We recommend to folks who don’t want to see spam in their inbox to create a rule or filter in the email client to move mail with [SPAM] in the subject into a different folder. If you set up your message filters like this, then it kind of works like a personal quarantine folder.
1. What to do about a legit email that is tagged [SPAM]?False positives are rare but they can happen. If they do, it is usually at the beginning stages (first month or two) after an Open Efilter installation. If you find any good emails that happen to arrive in the new folder and or messages tagged [SPAM] that are not spam, then forward those messages to firstname.lastname@example.org
Send your legit emails to: nospam@yourdomain
2. What to do about a spam email that is not tagged [SPAM]?False negatives may occur when new spam messages are flooding your system. If you find any messages which were not tagged with the subject [SPAM] that really are spam, then forward those messages to spam@yourdomain to get these messages blocked in the future.
Send your spam emails to: spam@yourdomain
“How To” for Setting Up New Rules in MS Outlook 2003
Start by opening up MS Outlook
Now pressing the Tools (A) button, then open the frame and click on Rules and Alerts… (B).
You may get a Rules and Alerts warning if you’ve upgraded. Simply press No (C) or Yes.
Now press on New Rule… (D)
Now click on Move messages with specific words in the subject to a folder (E), then click on specific words (F)
Now type in the field: [SPAM] (G) and press Add (H)
Now press in Step 2: move it to the specific folder (I)
Now assign the folder you want to guaranteed your mail, we suggest the Junk E-mail folder (J) then press OK (K)
Now click on Finish (L)
Now you are almost there, let’s click on Run Rules Now… (M) and then click on Apply (N)
Now your done.
NOTE: When Open eFilter is initially installed, there may be a couple of false positives, make sure you check your quarantine (Junk E-Mail) folder to double check that you are not moving legitimate email you want to see/read. If you find any good emails that happen to arrive in the new folder and or messages tagged [SPAM] that are not spam, then forward those messages to
If you find any messages which were NOT tagged with the subject [SPAM] that are really spam, then forward those messages to
to get these messages blocked in the future.
About Inter7 Internet Technology, Inc.
Inter7 is a software development company known in the open source community for creating world class, products that offer real solutions for today’s confusing IT choices. Based in the Chicagoland area, Inter7 provides remote and on site networking solutions around the world. From extensive, international support contracts servicing clients 24 hours a day to the individual installations of communication servers, you can be assured of cost effective solutions and peace of mind.
Inter7 boasts a customer base in excess of 2,000 companies worldwide. 700,000+ email accounts managed. Installation of ISP and commercial grade email systems over 2,000 times. We actively manage 20 large cluster ISP email installations, we have been in business over ten years, since 1997. We are primary developers of major parts of second largest MTA in the world (qmail) related software. Finally, we offer 24×7 global support.
Inter7 success is based on utilizing the service model of business for open source/free software, they have enabled companies, contractors, and developers to maintain their own servers, contribute source code, and became a tier one commercial communication and email (qmail) support provider as well.
Thank you for your interest and support of free and open source software.
For more information or support, please contact us online or call our offices at (815) 776-9465.