Novell Home

BorderManager 3.8 Mail Proxy Anti-spam Feature

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 24 Aug 2004
 

Novell BorderManager 3.8 Mail Proxy Anti-spam Feature

Anjana Navnith
Senior Software Engineer
nanjana@novell.com

Aruna Kumari
Senior Software Engineer
akumari@novell.com

This article explains the usage of the Novell BorderManager 3.8 anti-spam feature to detect spam and handle valid mails among them.

Problem Description

The BorderManager Mail proxy provides a feature for detecting and dropping spam mails. The problem is that the proxy also drops valid messages that are sent from its primary domain name. This is how it works:

  1. The mail proxy checks all incoming mail on its public IP address.
  2. If the 'From address domain name' is the same as the mail proxy's 'Primary domain name', the mail is detected as spam and dropped.

There are some sites that ask for the user's e-mail address when the user needs to mail any article or information to recipients. These sites use the user's e-mail address as the 'from address' to mail the article. The mail proxy finding the 'from' and 'to' addresses having same domain, wrongly interprets these mails as spam and discards them even though they are valid mails coming from the public network to the internal mail server.

For example, try this link:

http://247malls.com/tellafriend.php3?ID=12336&callkat=&callcat=&callukat=&callmerchant=BabyAge&dest=coupons

It will send a mail to the recipient with the 'from' address as 'Mail-id specified by user'.

Solution

BorderManager now provides a feature to overcome this issue of valid mails being treated as spam. You can download the required proxy.nlm for the anti-spam feature from this link:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2969504.htm

With the anti-spam feature the user can:

  • Detect spam mails.
  • Specify a list of trusted domains from where mails are always treated as valid.

Following is the setup diagram that will be used to illustrate how this feature needs to be configured:




Figure 1: Simulated Mail Proxy Setup Diagram

Assumptions

  • The BorderManager server is configured as the Mail Proxy server with Mail server Information.
  • The Internal Mail Server has been configured in the private network.
  • C1 is the public mail server/source machine from where the email is generated to the BorderManager server.
  • C2 is the private mail client machine configured to receive mails from Mail server
  • E-mails sent from C1 source machine are received on C2 client.

Configuring the Anti-spam Feature

Detecting Spam Mails

First, you need to enable the anti-spam feature in proxy.cfg file. The anti-spam feature can be enabled/disabled by including the following line in the proxy.cfg file found in sys:\etc\proxy\


EnableAntispamFeature=1



Figure 2: Anti-spam feature configuration in sys:/etc/proxy/proxy.cfg file

On detecting spam mail, the proxy server will drop the mail and display "554 Transaction failed" error message on the source machine.


Figure 3: Error message displayed on public source machine when spam mail is detected

Note: If the anti-spam feature is not enabled in proxy.cfg file, spam mails will not be detected. All mails will be forwarded to the destination client.

Handling Trusted Domains

Specify a list of trusted domains in proxy.cfg file. When the mail proxy receives mails, it checks whether the "from address" domain name is listed as a trusted domain. If it is, then these mails are allowed by default. An administrator can configure the list of trusted mail domains in sys:\etc\proxy\proxy.cfg file by adding the following entry:

[Antispam Domain List]
AntispamDomain1=<enter domain name here>

For example, if mails from cnn.com and blr.novell.com are to be trusted, the following entry needs to be made in proxy.cfg:

[Antispam Domain List]
AntispamDomain1=cnn.com
AntispamDomain2=blr.novell.com


Figure 4: Trusted domain configuration in sys:/etc/proxy/proxy.cfg file

The mail proxy does a dns-lookup of the source IP address of the received mail. If the source IP address resolves to any of the domain names configured in proxy.cfg, the mail proxy will process the message.

Conclusion

The anti-spam feature primarily detects spam mails and allows users to configure protected domains from where mails are always allowed. The anti-spam feature has been tested in the above setup; however, you should also test it in a limited environment before moving it to your production environment.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell