FAQ - Anti-Spam

Also see the manual section on Spam.

  1. What Anti-Spam measures does DMail have?
  2. How do I stop people sending mail to non-local users?
  3. How do I allow the trusted client/domain with the non-static IP address to send out mail?

Other FAQs that might relate:

  1. Can I delete queue (spam) files from the queue?

  1. What Anti-Spam measures does DMail have?

    For general information on Anti-Spam features in DMail see, Spam Rules

    The following settings all relate to Anti-Spam features:
    Note: this is a non-exhaustive list - we are coming up with new anti-spam features all the time. Our support staff can help you choose the best settings for your server.

  2. How do I stop people sending mail to non-local users?

    Sending mail to non-local users - relaying - is allowed by defaut by DSMTP. To restrict such relaying, you should add various Relaying Restrictions in dmail.conf. See the Relaying Restrictions

    section of the main manual.

    Note: In 2.8 versions and above, the DMSetup utility will add,
    where x.x.x is the first 3 parts of your machine's IP address. This limits relaying to users sending from IP addresses or that start with x.x.x .

  3. How do I allow the trusted client/domain with the non-static IP address to send out mail?

    In order to allow this customer to relay out to the world there are these options... (often you will run a mixture of them)

    1. Add,
      forward_from_ip 1.2.3.*
      where 1.2. is the first part of the ip addresses which that customer connects from.

      Side-effect: This creates a relaying hole for any spammer who is also connecting from that range of ip addresses - probably not very likely.

    2. Add
      forward_from their.domain.com

      Side-effect: creates a relaying hole for spammers who are pretending to be from their.domain.com, which is easy to do.

      NB: if you have this setting for your main domain then Open Relay Databases like ORBS will almost certainly add you to their 'bad servers' list!

    3. Add
      forward_user true
      which turns on the 'recentpop' or 'POP before SMTP' system. This allows users to relay mail for the default period of 2 minutes after checking for mail. You can increase this period with the setting, forward_window.

      NB: this handling of this system was improved greatly in version 2.8m. It worked fine for medium sized servers but became inefficient on large servers where the window was set large, e.g. 1-2 days.

    4. Add,
      auth_allow relay

      (version 2.8n and above)
      DSMTP supports the SMTP AUTH command when this setting is added. This allows the user to turn SMTP AUTH on in their email client. SMTP AUTH means that the email client will provide the username and password (same as on a POP server) to authenticate on your SMTP server when connecting to send out mail. Once authenticated, the 'trusted' user is then allowed to relay.

      NB: adding this setting will mean that some email clients, like Netscape Mail, force the users to turn on SMTP AUTH. Generally this is not a problem, as Netscape Mail instructs them on how to do it, but it may be confusing to some users.

      If you are using the forward_user system as well, you should probably set the setting
      hide_auth recentpop

      We also have a new proxy widget called SmtpAuth (currently only in windows beta form) which takes a username and password to authenticate to an SMTP server with.

      So users with an email client that does not support the SMTP AUTH command can run this on their machine and point their client at it instead of directly at your smtp server. It then authetnicates to your server before sending on any mail feed to it.

      If it is a whole domain coming through another trusted server then they could use the SmtpAuth proxy and feed all their outgoing mail through it. As we only have SmtpAuth on NT, their server would have to be running on NT. If their server is DSMTP, we are adding a setting so that DSMTP auths all connections to a given ip address. Therefore, they could run with that setting.

    Also see the Relaying Restrictions section of the main manual.

DMail also allows restrictions to be placed on the volume of messages coming from a particular IP number going through DSMTP per hour.
fromip_max: Restricts the number of messages per hour that DSMTP will accept from an IP number.
fromip_nolimit: Permits exceptions to from_ip_max for certain IP numbers. This applies to the IP number of the sender.

Message filtering is also available, though it should be used with care. DMail doesn't do logic checks of them so it may be possible to accidently reject everything (!).
msg_filter: Gives a filename containing message filtering rules. An explantion of those rules is at the other end of the link

You can also straight out ban anyone from a particular IP address from connecting.
ban_ip: Specifies an IP address that DSMTP may not talk to.