Our server scans all incoming email for viruses, and blocks any that it finds (SMTP reject, error code 554)
We also use the sanesecurity rules, along with 200+ of our own custom definitions to block spam using the antivirus engine.
The spam messages are treated as a virus because the source almost certainly has a virus infection of some form.
| 539x | Sanesecurity.Spam.10991.UNOFFICIAL |
| 537x | Sanesecurity.Junk.31613.UNOFFICIAL |
| 349x | Sanesecurity.Spam.10989.UNOFFICIAL |
| 211x | Sanesecurity.Junk.31599.UNOFFICIAL |
| 196x | Sanesecurity.Spam.ldb.49.UNOFFICIAL |
| 183x | Sanesecurity.Spam.10990.UNOFFICIAL |
| 170x | Sanesecurity.Malware.13511.UNOFFICIAL |
| 150x | Sanesecurity.Spam.ldb.1.UNOFFICIAL |
| 75x | Sanesecurity.Spam.10730.UNOFFICIAL |
| 71x | INetMsg.SpamDomain-2w.closebreak_com.UNOFFICIAL |
Our server also checks incoming messages against various "DNS block lists", which help to identify spam sources. Any incoming message found to be from a known spam source will be rejected (SMTP reject, error code 553) with a note recommending a visit our DNSBL page for more information
If you find that a message you are trying to send is blocked by our DNSBL checks, please contact us to discuss possibilities; we do have local whitelisting capabilities.
Where a site repeatedly fails this test, they will be temporarily blocked at our firewall in order to save system resources
| 24 | from | 41.240.135.25 |
| 24 | from | 210.122.154.155 |
| 20 | from | 61.247.46.215 |
| 18 | from | 204.188.168.11 |
| 18 | from | 202.128.57.181 |
| 17 | from | 86.106.81.102 |
| 17 | from | 200.42.204.155 |
| 16 | from | 86.182.5.171 |
| 16 | from | 77.76.40.225 |
| 16 | from | 60.196.45.8 |
For clients who collect email directly from our server (ie POP3, not forwarding), we check all messages using spamassassin.
We have developed several custom rules which we prefix with 'Y_' for identification
We also regularly update our test scoring to tag as much spam as possible without tagging non-spam messages.
We generally do not delete messages which spamassassin decides are spam, for the simple reason that it sometimes gets things wrong (false positives)
Some customers have found that our spam rules are accurate and the shear volume of spam they receive is too unwieldy to even attempt to check for false positives manually;
for this reason, we have an email admin facility where customers can opt to file suspected spam into a seperate mailbox and/or directly delete messages.
To cut down on the most spam possible, we use several techniques and programs:
When a particular remote computer/server has sent a vast number of spam messages, or has tried to compromise our server some other way, we will block connections within our firewall. This is reserved for the most drastic cases and is not a measure we take lightly.
Our first main line of defense is to check incoming connections against DNS black lists (see above)
We then check messages using clamav for viruses and known significant spam signatures
For customers who have their email forwarded to another address, this is all we do (with a few exceptions).
For customers who collect directly from our server (POP3) however, we also check messages with spamassassin, including:
several custom rules and custom scoring,
checking the message with Vipul's razor (i.e. cloudmark),
the PDFInfo module to detect spam sent as a pdf attachment,
running OCR software to extract text from images, which is then checked against a black list.The OCR process was using a disproportionate amount of CPU, so it has now been disabled
Each test is assigned a score; if the total score is high enough then the message is tagged to make it easily identifiable and easily filtered.
A large proportion of our customers simply have a filter rule set up to delete all tagged messages, although we do recommend checking the deleted items for incorrectly tagged messages.
If any of our customers' legitimate email is tagged, we will look at ways of rectifying this, including whitelisting specific senders and recipients.
All tagged messages: 835
All razor2 tagged spam: 658