delphij's Chaos


05 May 2004 spam filtering policy

Currently the settings are:

Strict RFC821 Envelop.

Sender Restrictions:
When bounce message is sent to multiple recipients, reject it. (New)
Permit messages from trusted machines.
Reject SASL user mismatches.
Permit messages from SASL authenticated users.
Reject non FQDN senders.
Filter address blacklist.
Reject unknown domains.
When user is from frequently forged domains, check the existence of sender address. (New)
Check sender MX record are not in private network. (New)
Check for policy deligation, in other words, the pair (sender, IP, recipient) must exist before, or the mail will be deferred until it comes next time. (New)
Permit Otherwise.

Recipient Restrictions:
For non-fqdn recipient, reject
Permit mail to deliver to our server.
Permit trusted network to deliver mail.
For non-resolvable recipient, reject
Permit authenticcated users to deliver mail.
Reject otherwise.

EHLO/HELO limits:
Require client to send EHLO/HELO before any conversation.
If the hostname does not follow the syntax expected, reject.
Permit authenticcated users to use whatever hostname which follows the syntax.
EHLO hostname must be FQDN.
Check EHLO hostname against our table.
EHLO hostname must be resolvable.
Permit otherwise.

body/header checks
Deny all files containing extensions including: .*\.[zip|lnk|asd|hlp|ocx|reg|bat|chm|com|cmd|exe|dll|vxd|pif|scr|hta|jse|sh[mbs]|vb[esx]|ws[fh]|xl] (New)
Deny all mail which looks like virus bounce. (New)