Anti-Spam

Overview

ISMail blocks spam with up to 6 levels of defense:

Level 1: Network connections are refused from all 'Blocked IPs'. If an IP is blocked, the sender can not even establish a network link to ISMail.

Level 2: Blacklists are scanned to determine if the sender IP, domain name, or account name are banned. If so, ISMail returns an error to the sender before any mail is transferred. (Whitelists are also consulted to determine if the sender is known-good, in which case mail can immediately be transferred).

Level 3: Reverse DNS checking is performed to determine if the sender is trying to hide its identity. If so, ISMail returns an error to the sender before any mail is transferred.

Level 4: Real-time blackhole lists (RBLs) are consulted to determine if the sender IP is a known source of spam. If so, ISMail returns an error to the sender before any mail is transferred.

Level 5. Greylist processing is activated to determine if the sender is 'known' to ISMail. If not, ISMail returns an error to the sender, indicating that it must retry sending at a later time; this discourages 'hit-and-run' spam attacks.

Level 6: Message content filtering is performed to compare messages with known patterns of spam. If a match occurs, the message is deleted or flagged for further processing by an email client filter.

Anti-Spam Configuration

Global anti-spam configuration settings for: blocked IPs, (global) blacklists/whitelists, reverse DNS, RBLs, and greylisting are controlled by the 'Access' configuration tab and described under Access.

Note: RBL and greylist filters are recommended since they are automatic and effective.

Global, domain, and account-level anti-spam configuration settings for blacklists/whitelists and message filters are controlled on the 'Filters' pages as described below.

Message Filters

ISMail supports message filtering for removal (or marking) of undesired messages. Filtering is based on whitelists, blacklists, and an examination of message headers and/or message body content (including MIME) for specified information.

ISMail supports custom filters for configuration filtering control; it also includes a set of default message filters for removing many unsolicited messages.

Message filtering works as follows:

Message filters may be defined at the following levels:

  • Global (applied to all domains and all accounts)
  • Domain-specific
  • Account-specific

Each level has an (optional) associated whitelist and/or blacklist.

Message filters are defined as one of the following types:

  • None
  • Default
  • Custom
  • Default and Custom

Custom filter types contain filter rules which define these filters (see below).

Filter actions may be defined as one of the following:

  • Delete the message
  • Mark the message and deliver it to the recipient (optionally appending a subject line header indicating a filter match)
  • Mark the message and deliver it to another recipient

Note: The global filter must be enabled ('Message Filter Active' box checked) even if neither the global default nor global custom message filters are used in order to use any domain-specific or account-specific filters. This 'master switch' allows the server adminsitrator to specify if message filtering should be available to domains or to user accounts.

Only one level of filtering is applied to a message. Account-specific filters have the highest priority. If an account-specific filter is not present then a domain-specific filter is applied. If a domain-specific filter is not present, then a global filter is applied. If a global filter is not present, then no filter is applied.

Whitelists / Blacklists

Whitelists define IP addresses, domains, and/or accounts from which messages should always be accepted by a message filter.

Blacklists define IP addresses, domains, and/or accounts from which messages should never be accepted by a message filter.

Default Content Filter Types

The default content filters remove most ordinary unsolicited mail, but may not remove all undesired messages and/or may remove some messages that are bonafide. There are multiple default filters, corresponding to low, medium, or high filtering thresholds. The higher the threshold, the more messages the default filter will remove.

If default filters are used, it is best to start with the low threshold and then increase it if the filter is not removing enough unwanted mail, but is allowing all valid messages to be delivered. If the default filter on the low threshold removes valid mail, custom filters which do less filtering can be used instead. If the default filter on the high threshold does not remove enough unwanted mail (but still allows valid messages to pass), then custom filters can be added to increase filtering.

Custom Content Filter Types

Custom filters may be defined according to local preferences. A custom filter is created by defining 'matching rules' for one or more message header fields or message body content.

Rules can be specified for the following message header fields:

  • From (the message sender)
  • MsgId (the message identifier)
  • Subject
  • Recipients

Custom filter rules can also be specified for the message body (Body Text) and any URLs in the body of the message (Body Urls).

Multiple rules can be defined for any of these fields, but a field is not required to have any rules defined for it.

Custom Filter Rules:

A custom filter rule has a:

  • Message field: one of the message header or message body fields listed above,
  • Matching operation: one of: Contains, Is, Begins With, Ends With, Matches, and
  • String to match

The message field specifies the message header or message body component on which to apply the filter.

The matching operation specifies where in the message header or message body component to apply the filter.

The string to match specifies the text content which the filter should match. The exact content of the string to match is used for all matching operations except for 'Matches'. In these cases, the string to match can not contain any '?' or '*' characters. For 'Matches', the string to match is allowed to contain the '?' and '*' ; the 'wildcard' characters. A '?' will match any single character, and a '*' will match any sequence of characters (e.g. using 'Matches ?g?' will match 'egg' and 'age' but not 'rage'. Using 'Matches *ex*' will match 'Rexall' and 'Lexical' but not 'Sax'). The content filter also uses the '*' wildcard character internally for the other matching operations to specify the position(s) of the message field to match (e.g. a 'Begins With' uses the string to match followed by a '*' to match at the beginning of a message field).

Filter Match Actions:

The action to take when a filter discovers a match is one of:

  1. Delete (message): message is automatically and silently deleted from the system,
  2. Mark message and deliver to recipient: an 'X-Spam-Detected' message header is added to the message which is then delivered normally to the recipient. The 'Append [SPAM] to subject line' checkbox will append '[SPAM]' to the message subject line.
  3. Mark message and deliver to another recipient: an 'X-Spam-Detected' message header is added to the message, and the message is then forwarded to the specified recipient. This is typically a mail system administrator or a UCE account.

Adding a Global Message Filter:

The Multiple Domains menu tab in the ISMail Configuration sheets is used to specify the global message filter(s) to run on each message.

To add a global message filter:

  1. Right-click the program icon located in the lower-right portion of the screen (notification area of system tray), and select 'Open'.
  2. Select the 'Multiple Domains' tab.
  3. Next to 'Content Filter', click 'All Domains'.
  4. Select the 'Message Filter Active' checkbox.
  5. To add or edit a whitelist or blacklist, click the 'Whitelist/Blacklist' button. Use the 'Add' buttons to add an IP address, domain, or account to a whitelist or blacklist. Select an IP address, domain, or account and use the 'Remove' buttons to remove an entry from the whitelist or blacklist. Then, click 'OK'.
  6. To use the default message filter, select the 'Default Anti-Spam Filter' checkbox and select either 'Low', 'Medium', or 'High' threshold. The default filter can be used by itself, or it can be used in together with any custom filters defined for additional filtering.
  7. If you wish to define a custom filter, select the 'Custom Filters' checkbox. Click the 'Options' button to define the rules for the custom filter.
  8. Select the Filter Match Action.
  9. Click 'Apply'.
  10. Exit and restart ISMail.

Adding a Domain-specific Message Filter:

The Multiple Domains menu tab in the ISMail Configuration sheets is used to specify the domain-specific content filter(s) to run on each message delivered to a particular domain.

To add a domain-specific message filter:

  1. Right-click the program icon located in the lower-right portion of the screen (notification area of system tray), and select 'Open'.
  2. Select the 'Multiple Domains' tab.
  3. On the right of 'Content Filter', click 'All Domains'.
  4. Make sure the the 'Message Filter Active' checkbox is selected. No other options are required on this page unless a global message filter is used (but the checkbox must be selected). Click 'Apply' and 'OK'.
  5. In the 'Domains' box, click the desired Domain Name. The selected domain value should then appear on a button to the right of 'Content Filter'. Click this button.
  6. Select the 'Message Filter Active' checkbox.
  7. To add or edit a whitelist or blacklist, click the 'Whitelist/Blacklist' button. Use the 'Add' buttons to add an IP address, domain, or account to a whitelist or blacklist. Select an IP address, domain, or account and use the 'Remove' buttons to remove an entry from the whitelist or blacklist. Then, click 'OK'.
  8. If you wish to use the default content filter, select the 'Default Anti-Spam Filter' checkbox and select either 'Low', 'Medium', or 'High' threshold. The default filter can be used by itself, or it can be used in together with any custom filters defined for additional filtering.
  9. If you wish to define a custom filter, select the 'Custom Filters' checkbox. Click the 'Options' button to define the rules for the custom filter.
  10. Select the Filter Match Action.
  11. Click 'Apply'.
  12. Exit and restart ISMail.

Adding an Account-specific content Filter:

The Accounts menu tab in the ISMail Configuration sheets is used to specify an account-specific content filter(s) to run on each message delivered to a given account on a particular domain.

To add an account-specific content filter:

  1. Right-click the program icon located in the lower-right portion of the screen (notification area of system tray), and select 'Open'.
  2. Select the 'Multiple Domains' tab.
  3. On the right of 'Content Filter', click 'All Domains'.
  4. Make sure the the 'Message Filter Active' checkbox is selected. No other options are required on this page unless a global message filter is used (but the checkbox must be selected). Click 'Apply' and 'OK'.
  5. Select the 'Accounts' tab.
  6. Choose the desired Domain.
  7. In the 'Accounts' box, select the account for the message filter.
  8. Click the 'Set Content Filter' button.
  9. Select the 'Content Filter Active' checkbox.
  10. To add or edit a whitelist or blacklist, click the 'Whitelist/Blacklist' button. Use the 'Add' buttons to add an IP address, domain, or account to a whitelist or blacklist. Select an IP address, domain, or account and use the 'Remove' buttons to remove an entry from the whitelist or blacklist. Then, click 'OK'.
  11. If you wish to use the default content filter, select the 'Default Anti-Spam Filter' checkbox and select either 'Low', 'Medium', or 'High' threshold. The default filter can be used by itself, or it can be used in together with any custom filters defined for additional filtering.
  12. If you wish to define a custom filter, select the 'Custom Filters' checkbox. Click the 'Options' button to define the rules for the custom filter.
  13. Select the Filter Match Action.
  14. Click 'Apply'.
  15. Exit and restart ISMail.