Once the spam filtering software is installed and ready to run with Messaging Server, you need to specify what messages to filter. Messaging Server can be configured to filter messages by user, domain, or channel. Each of these scenarios is described in the following sections:
The expression optin means that a user, domain or channel is selected to receive mail filtering.
It may be desirable to specify filtering on a per-user basis. For example, if spam or virus filtering is offered as a premium service to ISP customers, you can specify which users receive this and which don’t. The general steps for user filtering are as follows:
Specify the user LDAP attributes that activate the spam filtering software.
Set the LDAP_OPTINX options in option.dat. Example:
LDAP_OPTIN1=SymantecAV LDAP_OPTIN2=SpamAssassin |
Set filter attributes in the user entries that receive spam filtering.
The values for the filter attributes are multi-valued and depend on the server. Using the example shown in Step 1, the entries are:
SymantecAV: virus SpamAssassin: spam |
For a program like Brightmail, which can filter both viruses and spam, the valid values are spam and virus. When used as a multi-valued attribute, each value requires a separate attribute entry. For example, if the filter attribute for Brightmail was set to Brightmail, the entries are:
Brightmail: spam Brightmail: virus |
This example assumes that Brightmail is used. It also assumes that LDAP_OPTIN1 was set to Brightmail in the option.dat file. The user, Otis Fanning, has the Brightmail attribute set to spam and virus in his user entry. His mail is filtered by Brightmail for spam and viruses. User-level Filtering Example shows the Brightmail user entry for Otis Fanning.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: inetUser objectClass: ipUser objectClass: inetMailUser objectClass: inetLocalMailRecipient objectClass: nsManagedPerson objectClass: userPresenceProfile cn: Otis Fanning sn: fanning initials: OTF givenName: Otis pabURI: ldap://ldap.siroe.com:389/ou=fanning,ou=people,o=sesta.com,o=isp,o=pab mail: Otis.Fanning@sesta.com mailAlternateAddress: ofanning@sesta.com mailDeliveryOption: mailbox mailHost: manatee.siroe.com uid: fanning dataSource: iMS 5.0 @(#)ims50users.sh 1.5a 02/3/00 userPassword: password inetUserStatus: active mailUserStatus: active mailQuota: -1 mailMsgQuota: 100 Brightmail: virus Brightmail: spam |
If Symantec AntiVirus Scan Engine and SpamAssassin were used, the entry would look like this:
SymantecAV: virus SpamAssassin: spam |
See Using Symantec Brightmail Anti-Spam, Using SpamAssassin or Using Symantec Anti-Virus Scanning Engine (SAVSE)
You can specify which domains receive filtering. An example of this feature would be if anti-spam or anti-virus filtering were offered as a premium service to ISP domain customers. The general steps for specifying domain filtering is as follows:
Specify the domain LDAP attributes that activates the filtering software.
Set the LDAP_DOMAIN_ATTR_OPTINX options in option.dat. Example:
LDAP_DOMAIN_ATTR_OPTIN1=SymantecAV LDAP_DOMAIN_ATTR_OPTIN2=SpamAssassin |
Set filter attributes in the domain entries that receive spam filtering.
The values for the filter attributes are multi-valued and depend on the server. Using the example shown in Step 1, the entries would be as follows:
SymantecAV: virus SpamAssassin: spam |
For a program like Brightmail which can filter both viruses and spam, the valid values are spam and virus. When used as a multi-valued attribute, each value requires a separate attribute value entry. For example, if LDAP_DOMAIN_ATTR_OPTIN1 was set to Brightmail, the entries would be:
Brightmail: spam Brightmail: virus |
This example assumes that Brightmail is used. It also assumes that LDAP_DOMAIN_ATTR_OPTIN1 was set to Brightmail in the option.dat file. The Brightmail attribute is set to spam and virus in the sesta.com domain entry in the DC tree for Sun LDAP Schema 1. For Sun LDAP Schema 2 you also set Brightmail in the domain entries that receive spam filtering.
All mail sent to sesta.com is filtered for spam and viruses by Brightmail. A Domain-level Filtering Example is shown below.
dn: dc=sesta,dc=com,o=internet objectClass: domain objectClass: inetDomain objectClass: mailDomain objectClass: nsManagedDomain objectClass: icsCalendarDomain description: DC node for sesta.com hosted domain dc: sesta inetDomainBaseDN: o=sesta.com,o=isp inetDomainStatus: active mailDomainStatus: active mailDomainAllowedServiceAccess: +imap, pop3, http:* mailRoutingHosts: manatee.siroe.com preferredMailHost: manatee.siroe.com mailDomainDiskQuota: 100000000 mailDomainMsgQuota: -1 mailClientAttachmentQuota: 5 Brightmail: spam Brightmail: virus |
If Symantec AntiVirus Scan Engine and SpamAssassin were used, the entry would look similar to like this:
SymantecAV: virus SpamAssassin: spam |
See Using Symantec Brightmail Anti-Spam, Using SpamAssassin or Using Symantec Anti-Virus Scanning Engine (SAVSE) for more examples and details.
Filtering by source or destination channel provides greater flexibility and granularity for spam filtering. For example, you may wish to filter in these ways:
Only messages from a specific MTA relay to a backend message store
All incoming mail from a specific MTA.
All outgoing mail from a specific MTA.
Incoming and outgoing mail from a specific MTA.
Messaging Server allows you to specify filtering by source or destination channel. The mechanism for doing this are the channel keywords described in Table 14–1. The following example demonstrates how to set up channel-level filtering.
Add a rewrite rule in the imta.cnf file for all inbound SMTP servers that send messages to a backend message store host. Example:
msg_store1.siroe.com $U@msg_store1.siroe.com
Add a channel corresponding to the rewrite rule with the destinationspamfilterXoptin keyword. Example:
tcp_msg_store1 smtp subdirs 20 backoff "pt5m" "pt10" "pt30" \ "pt1h" “pt2h” “pt4h” maxjobs 1 pool IMS_POOL \ fileinto $U+$S@$D destinationspamfilter1optin spam msg_store1.siroe.com |
These examples assume a filtering program specified by the number 1. They use the keywords in the table below.
Table 14–1 MTA Channel Keywords for Spam Filters
Channel Keyword |
Description |
---|---|
Specifies that all messages destined to this channel are filtered by anti-spam software X even if those services are not specified by user or domain with the LDAP_OPTIN LDAP attribute. (Filtering software X is defined by spamfilterX_library in option.dat.) The filter parameters depend on the filtering program and follow the keyword. For example, Brightmail parameters are normally spam or virus or spam,virus. The SpamAssassin parameter is spam. In this example, all mail destined for the message store is scanned for spam: ims-ms destinationspamfilter1optin spam,virus. . . |
|
Specifies that all messages originating from this channel are filtered by anti-spam software X even if those services are not specified by user or domain with the LDAP_OPTIN LDAP attribute. The system-wide default parameters follow the keyword, and the available parameters depend on the filtering program. For example, for Brightmail parameters are spam or virus or spam,virus. For SpamAssassin, the parameter is spam. If switchchannel is in effect, this keyword is placed on the switched-to channel. |
Example 1. Filter all mail for spam and viruses from an MTA relay to a backend message store called msg_store1.siroe.com
Add a rewrite rule in the imta.cnf file that sends messages to a backend message store host. Example:
msg_store1.siroe.com $U@msg_store1.siroe.com
Add a channel corresponding to that rewrite rule with the destinationspamfilterXoptin keyword. Example:
tcp_msg_store1 smtp subdirs 20 backoff “pt5m” “pt10” “pt30” “pt1h” \ “pt2h” “pt4h” maxjobs 1 pool IMS_POOL fileinto $U+$S@$D \ destinationspamfilter 1optin spam,virus msg_store1.siroe.com
Example 2. Filter for spam all incoming mail passing through your MTA (Typically, all incoming messages pass through the tcp_local channel):
tcp_local smtp mx single_sys remotehost inner switchchannel \ identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \ maytlsserver maysaslserver saslswitchchannel tcp_auth \ sourcespamfilter1optin spam tcp-daemon
Example 3. Filter all outgoing mail to the Internet passing through your MTA. (Typically, all messages going out to the Internet pass through the tcp_local channel.)
tcp_local smtp mx single_sys remotehost inner switchchannel \ identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \ maytlsserver maysaslserver saslswitchchannel tcp_auth \ destinationspamfilter1optin spam tcp-daemon
Example 4. Filter all incoming and outgoing mail passing through your MTA:
tcp_local smtp mx single_sys remotehost inner switchchannel \ identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \ maytlsserver maysaslserver saslswitchchannel tcp_auth \ sourcespamfilter1optin spam destinationspamfilter1optin spam tcp-daemon
Example 5. Filter all mail destined to the local message store in a two-tiered system without using user optin:
ims-ms smtp mx single_sys remotehost inner switchchannel \ identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \ maytlsserver maysaslserver saslswitchchannel tcp_auth \ destinationspamfilter1optin spam tcp-daemon
Example 6. Filter all incoming and outgoing mail for spam and viruses (this presumes that your software filters both spam and viruses):
tcp_local smtp mx single_sys remotehost inner switchchannel \ identnonelimited subdirs 20 maxjobs 7 pool SMTP_POOL \ maytlsserver maysaslserver saslswitchchannel tcp_auth \ destinationspamfilter1optin spam,virus sourcespamfilter1optin \ spam,virus tcp-daemon