14.2.2.1 User-level Filtering Example

This example assumes that Brightmail is used. It also assumes that LDAP_OPTIN1 was set to Brightmail in the option.dat file. The user, Otis Fanning, has the Brightmail attribute set to spam and virus in his user entry. His mail is filtered by Brightmail for spam and viruses. 14.2.2.1 User-level Filtering Example shows the Brightmail user entry for Otis Fanning.

Example 14–1 Example LDAP User Entry for Brightmail

dn: uid=fanning,ou=people,o=sesta.com,o=ISP
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: ipUser
objectClass: inetMailUser
objectClass: inetLocalMailRecipient
objectClass: nsManagedPerson
objectClass: userPresenceProfile
cn: Otis Fanning
sn: fanning
initials: OTF
givenName: Otis
pabURI: ldap://ldap.siroe.com:389/ou=fanning,ou=people,o=sesta.com,o=isp,o=pab
mail: Otis.Fanning@sesta.com
mailAlternateAddress: ofanning@sesta.com
mailDeliveryOption: mailbox
mailHost: manatee.siroe.com
uid: fanning
dataSource: iMS 5.0 @(#)ims50users.sh 1.5a 02/3/00
userPassword: password
inetUserStatus: active
mailUserStatus: active
mailQuota: -1
mailMsgQuota: 100
Brightmail: virus
Brightmail: spam

If Symantec AntiVirus Scan Engine and SpamAssassin were used, the entry would look like this:

SymantecAV: virus
SpamAssassin: spam

See 14.3 Using Symantec Brightmail Anti-Spam, 14.4 Using SpamAssassin or 14.5 Using Symantec Anti-Virus Scanning Engine (SAVSE)

To Specify Domain-level Filtering

You can specify which domains receive filtering. An example of this feature would be if anti-spam or anti-virus filtering were offered as a premium service to ISP domain customers. The general steps for specifying domain filtering is as follows:

1. Specify the domain LDAP attributes that activates the filtering software.

   Set the LDAP_DOMAIN_ATTR_OPTINX options in option.dat. Example:

   LDAP_DOMAIN_ATTR_OPTIN1=SymantecAV LDAP_DOMAIN_ATTR_OPTIN2=SpamAssassin

   ---

   Note –

   By default, the attributes like SymantecAV or SpamAssassin do not exist in the schema. Whatever new attributes you use, you will need to add them to your directory schema. See the appropriate Directory Server documentation for instructions.

   ---

2. Set filter attributes in the domain entries that receive spam filtering.

   The values for the filter attributes are multi-valued and depend on the server. Using the example shown in Step 1, the entries would be as follows:

   SymantecAV: virus SpamAssassin: spam

   For a program like Brightmail which can filter both viruses and spam, the valid values are spam and virus. When used as a multi-valued attribute, each value requires a separate attribute value entry. For example, if LDAP_DOMAIN_ATTR_OPTIN1 was set to Brightmail, the entries would be:

   Brightmail: spam Brightmail: virus

Domain-level Filtering Example

This example assumes that Brightmail is used. It also assumes that LDAP_DOMAIN_ATTR_OPTIN1 was set to Brightmail in the option.dat file. The Brightmail attribute is set to spam and virus in the sesta.com domain entry in the DC tree for Sun LDAP Schema 1. For Sun LDAP Schema 2 you also set Brightmail in the domain entries that receive spam filtering.

All mail sent to sesta.com is filtered for spam and viruses by Brightmail. A Domain-level Filtering Example is shown below.

Example 14–2 Example LDAP Domain Entry for Brightmail

dn: dc=sesta,dc=com,o=internet
objectClass: domain
objectClass: inetDomain
objectClass: mailDomain
objectClass: nsManagedDomain
objectClass: icsCalendarDomain
description: DC node for sesta.com hosted domain
dc: sesta
inetDomainBaseDN: o=sesta.com,o=isp
inetDomainStatus: active
mailDomainStatus: active
mailDomainAllowedServiceAccess: +imap, pop3, http:*
mailRoutingHosts: manatee.siroe.com
preferredMailHost: manatee.siroe.com
mailDomainDiskQuota: 100000000
mailDomainMsgQuota: -1
mailClientAttachmentQuota: 5
Brightmail: spam
Brightmail: virus
 

If Symantec AntiVirus Scan Engine and SpamAssassin were used, the entry would look similar to like this:

SymantecAV: virus
SpamAssassin: spam

See 14.3 Using Symantec Brightmail Anti-Spam, 14.4 Using SpamAssassin or 14.5 Using Symantec Anti-Virus Scanning Engine (SAVSE) for more examples and details.

To Specify Channel-level Filtering

Filtering by source or destination channel provides greater flexibility and granularity for spam filtering. For example, you may wish to filter in these ways:

• Only messages from a specific MTA relay to a backend message store

• All incoming mail from a specific MTA.

• All outgoing mail from a specific MTA.

• Incoming and outgoing mail from a specific MTA.

Messaging Server allows you to specify filtering by source or destination channel. The mechanism for doing this are the channel keywords described in 12.12.5 Spam Filter Keywords. The following example demonstrates how to set up channel-level filtering.

1. Add a rewrite rule in the imta.cnf file for all inbound SMTP servers that send messages to a backend message store host. Example:

   msg_store1.siroe.com $U@msg_store1.siroe.com

2. Add a channel corresponding to the rewrite rule with the destinationspamfilterXoptin keyword. Example:

   tcp_msg_store1 smtp subdirs 20 backoff "pt5m" "pt10" "pt30" \ "pt1h" "pt2h" "pt4h" maxjobs 1 pool IMS_POOL \ fileinto $U+$S@$D destinationspamfilter1optin spam msg_store1.siroe.com

Channel-level Filtering Examples

These examples assume a filtering program specified by the number 1. See 12.12.5 Spam Filter Keywords for the keywords available for spam filtering.

To Filter from an MTA Relay to a Backend Message Store

This example filters all mail for spam and viruses from an MTA relay to a backend message store called msg_store1.siroe.com

1. Add a rewrite rule in the imta.cnf file that sends messages to a backend message store host. Example:

   msg_store1.siroe.com   $U@msg_store1.siroe.com

2. Add a channel corresponding to that rewrite rule with the destinationspamfilterXoptin keyword. Example:

   tcp_msg_store1 smtp subdirs 20 backoff "pt5m" "pt10" "pt30" "pt1h" \
   "pt2h" "pt4h" maxjobs 1 pool IMS_POOL fileinto $U+$S@$D \
   destinationspamfilter 1optin spam,virus
   msg_store1.siroe.com

   Example 2. Filter for spam all incoming mail passing through your MTA (Typically, all incoming messages pass through the tcp_local channel):

   tcp_local smtp mx single_sys remotehost inner switchchannel \
   identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \
   maytlsserver maysaslserver saslswitchchannel tcp_auth \
   sourcespamfilter1optin spam
   tcp-daemon

   Example 3. Filter all outgoing mail to the Internet passing through your MTA. (Typically, all messages going out to the Internet pass through the tcp_local channel.)

   tcp_local smtp mx single_sys remotehost inner switchchannel \
   identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \
   maytlsserver maysaslserver saslswitchchannel tcp_auth \
   destinationspamfilter1optin spam tcp-daemon

   Example 4. Filter all incoming and outgoing mail passing through your MTA:

   tcp_local smtp mx single_sys remotehost inner switchchannel \
   identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \
   maytlsserver maysaslserver saslswitchchannel tcp_auth \
   sourcespamfilter1optin spam destinationspamfilter1optin spam
   tcp-daemon

   Example 5. Filter all mail destined to the local message store in a two-tiered system without using user optin:

   ims-ms smtp mx single_sys remotehost inner switchchannel \
   identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \
   maytlsserver maysaslserver saslswitchchannel tcp_auth \
   destinationspamfilter1optin spam
   tcp-daemon

   Example 6. Filter all incoming and outgoing mail for spam and viruses (this presumes that your software filters both spam and viruses):

   tcp_local smtp mx single_sys remotehost inner switchchannel \
   identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \
   maytlsserver maysaslserver saslswitchchannel tcp_auth \
   destinationspamfilter1optin spam,virus sourcespamfilter1optin \spam,virus 
   tcp-daemon