Thanks and a few filtering suggestions

New ideas and constructive comments go here.

Moderator: Moderators

Post Reply
martynw
Posts: 1
Joined: Wed Jul 06, 2005 10:16 pm

Thanks and a few filtering suggestions

Post by martynw »

Thanks for this great service! It definitely helps to be able to use a secondary MX server that is able to filter out some of the spam attempts. Spammers specifically target the secondary MX and even with the filtering I sometimes have spam getting through (although certainly less than before!).

On my own mail server I noticed DNS blacklists and SPF are helping a lot, but a few simple tests are very effective and sometimes even seem to catch a few spammers that wouldn't be caught using other tests. I was wondering whether you're using these or would consider adding them. I'm talking about things like non-fqdn or invalid helo, helo pretending to be local (either rollernet or my domain, either ip or name), pipelining, etc.

Furthermore, it would be really helpful to indicate recipient restrictions. In general, things like non-fqdn or unknown domain recipient filters would probably help. But also helpful I think would be an option to blacklist certain known spam recipients (things like sales@mydomain.com or other addresses that you notice are being targeted specifically).

I noticed being able to filter unknown local recipients has been discussed before and I agree that this would be a great option, although you'd have to take care to keep the known recipient list synchronized with the primary server.

Again, thanks a lot and please keep up the great work!
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Thanks for your suggestions; these will all end up on the short list of enhancements because, as you said, they're simple checks. (At least, more simplistic than a full content filter or anti-virus scanner.) Some of them we already do at a global level:

* Improperly formatted HELO hostnames
* Unauthorized pipelining
* Unknown MAIL FROM domain names
* Unqualified MAIL FROM domains
* Unqualified RCPT TO domains (non-FQDN)
* Multi-recipient bounces
* Any HELO/EHLO claiming to be the mail server itself by name or IP

We also require RFC821 envelopes. I did notice the own IP address check in the HELO checks was overlooked when we moved the equipment; it has been corrected. Others your mentioned, like non-FQDN HELO/EHLO, happen from valid mail sources such as Microsoft Exchange, which is why we don't check those at a global level. Anything that falls into the same category will be left as an option to enable or disable through the account manager.

We're also going to be adding a filter option for checking if WHOIS records are present and if a PTR record is present for the connecting IP address.
Technical Support support@rollernet.us
Roller Network LLC
Post Reply