Spam and virus filtering
Mailboxes are protected by spam and virus filtering.
All incoming and outgoing mail is scanned with ClamAV, and messages found to be
containing a virus are rejected. There are also multiple anti-spam measures
in place:
- Servers attempting to deliver mail to a mailbox hosted
here are first checked against the Spamhaus SBL+XBL list. This is one of
the most reliable, well-maintained, and cautious blacklists available -
unlike many other lists (such as SPEWS), if an IP address is on this list,
it's very likely that it belongs to a spammer.
- When a remote server that isn't already whitelisted as a
"known good" mail source tries to send mail, and that sender/server/recipient
triplet has not been seen before, a temporary error ("come back later") is
reported and the email is not accepted. When the remote server tries again,
typically in a few minutes, the mail is accepted. This process is known as
"greylisting", and works because
most spammers don't queue outgoing mail so they don't try to deliver twice.
Note that greylisting can be opted-out of on a per-recipient basis, so users
who need email to be delivered without delay can opt out.
- Per-remote-host and per-mailbox message count quotas are
in place to ensure that a sudden mail flood won't overwhelm a mailbox.
- Message senders are checked using SPF (sender policy
framework). This is an optional framework which allows owners of domains to
specify who is allowed to send mail from them.
(Also see https://www.getmailbird.com/what-spf-resources-are-available-now-that-openspf-org-is-gone/).
- Message contents are scanned for URLs pointing to web
sites operated by spammers. This often catches spam sent from servers that
haven't yet been blacklisted, because they've still got to put their web
sites somewhere.
- Various "spam-trap" addresses are maintained which cause
any server attempting to email them to be automatically blacklisted for
several days.
- Sending servers that violate the SMTP rules, which
identify themselves in obviously invalid ways, or which persistently try to
send spam, are automatically banned from connecting to this server.
When a message is rejected, the error message will explain to the sender
exactly why it happened, so that legitimate senders can attempt to fix the
problem.
Additional options are available if necessary, such as per-user Bayesian
filters like QSF.
Security
Incoming connections are only allowed to the standard services on their
standard ports. Other ports can be opened for listening but attempts to
connect to them from outside will fail. This reduces the spread of worms and
other malware.
Incoming connections are also rate limited, and in some cases, exceeding the
rate limit will result in a temporary blacklisting of the connecting IP
address. This reduces the risk from automated password guessing scripts.
Outgoing connections are also limited to specific ports, and rate limited.
These restrictions are in place to help ensure system security. If you have
a valid reason for any of them to be relaxed, please use the
Contact Form
to discuss it.