Spam and virus filtering
Mailboxes are protected by spam and virus filtering. All incoming and outgoing mail is scanned with ClamAV, and messages found to be containing a virus are rejected. There are also multiple anti-spam measures in place:
- Servers attempting to deliver mail to a mailbox hosted here are first checked against the Spamhaus SBL+XBL list. This is one of the most reliable, well-maintained, and cautious blacklists available - unlike many other lists (such as SPEWS), if an IP address is on this list, it's very likely that it belongs to a spammer.
- When a remote server that isn't already whitelisted as a "known good" mail source tries to send mail, and that sender/server/recipient triplet has not been seen before, a temporary error ("come back later") is reported and the email is not accepted. When the remote server tries again, typically in a few minutes, the mail is accepted. This process is known as "greylisting", and works because most spammers don't queue outgoing mail so they don't try to deliver twice. Note that greylisting can be opted-out of on a per-recipient basis, so users who need email to be delivered without delay can opt out.
- Per-remote-host and per-mailbox message count quotas are in place to ensure that a sudden mail flood won't overwhelm a mailbox.
- Message senders are checked using SPF (sender policy framework). This is an optional framework which allows owners of domains to specify who is allowed to send mail from them. (Also see https://www.getmailbird.com/what-spf-resources-are-available-now-that-openspf-org-is-gone/).
- Message contents are scanned for URLs pointing to web sites operated by spammers. This often catches spam sent from servers that haven't yet been blacklisted, because they've still got to put their web sites somewhere.
- Various "spam-trap" addresses are maintained which cause any server attempting to email them to be automatically blacklisted for several days.
- Sending servers that violate the SMTP rules, which identify themselves in obviously invalid ways, or which persistently try to send spam, are automatically banned from connecting to this server.
When a message is rejected, the error message will explain to the sender exactly why it happened, so that legitimate senders can attempt to fix the problem.
Additional options are available if necessary, such as per-user Bayesian filters like QSF.
Security
Incoming connections are only allowed to the standard services on their standard ports. Other ports can be opened for listening but attempts to connect to them from outside will fail. This reduces the spread of worms and other malware.
Incoming connections are also rate limited, and in some cases, exceeding the rate limit will result in a temporary blacklisting of the connecting IP address. This reduces the risk from automated password guessing scripts.
Outgoing connections are also limited to specific ports, and rate limited.
These restrictions are in place to help ensure system security. If you have a valid reason for any of them to be relaxed, please use the Contact Form to discuss it.