MailStripper - spam filter for Linux, FreeBSD and Solaris filter spam

MailStripper - FAQ

  • My spam bin and/or virus bin paths do not exist. Do I need to create them?
    No, MailStripper will handle this for you.

  • Does MailStripper run on Windows?
    No. Only on Linux, FreeBSD or Solaris (natively). The Linux binaries will work with NetBSD using its Linux compatibility layer.

  • Then, how can it protect a Windows mail server?
    MailStripper can run on a different machine to the mail server, as it acts as an SMTP stream filter.

  • Will MailStripper scan for spam on outbound email?
    No. Well, actually it can, but then you would have an open relay, due to the way it communicates to the real MTA. The real MTA would have no way to distinguish a real local user from a forged local user identity from the outside because all traffic is coming in over the one link from MailStripper.

  • Is MailStripper available as a boxed software product?
    No. The software is available for download from our web server. This is why it requires a licence code to enable its functionality. It is also how we can do a fully-featured evaluation without resorting to a crippled demo version. This also helps keep our costs (and our charges) down.

  • I have enabled the F-Prot virus scanner option. Does the software find the location of the F-Prot binary?
    No, it needs to be configured to look in /usr/local/f-prot/ where F-Prot installs itself.

  • I have F-Prot for Windows installed in a Windows partition. Can MailStripper use this?
    No. The Windows version will not run under Linux. You need to install the Linux version of F-Prot for Small Businesses.

  • I emailed the Eicar test virus to myself through MailStripper, and it did not see the virus. And yes, I have F-Prot installed and enabled.
    Some mail clients (e.g. Outlook) recognise the eicar.com file as entirely valid 7-bit data so do not bother to encode it in any form. The eicar test virus is only "effective" at the beginning of the data block, and not in the middle of it, so it is not seen by F-Prot. The solution is to append some binary data (e.g. command.com, /bin/ls) to the file, then send that out, alternatively place it in a Zip file. F-Prot will recognise the encoded attachment and handle it as a separate entity, causing eicar to be seen.

  • I use a different anti-virus product on my server. Can MailStripper use it?
    With our avwrap interface, most likely yes you can.

  • Can I block Win32 binaries without an AV scanner?
    Our avwrap demo script does precisely this. Set your AV settings to use AVWRAP as your scanner package, it is installed by default in /usr/local/bin.

  • Is it possible to run multiple copies of MailStripper on the same machine?
    No. However, if you're thinking of virtual servers e.g. Xen, KVM, VMWare, VirtualBox or QEMU, then yes you can, as each virtual machine is effectively a separate computer. Please note, however, if this path is taken a licence is required for each virtual machine that is running MailStripper.

  • I've added an email address to the sender whitelist file, but mails from that sender are still sometimes caught in the spam bin.
    MailStripper uses the 'MAIL FROM' SMTP command for checking the whitelist. If this is different to the email address in the From: header, then the email address in 'Received: by MailStripper-deliver' header needs to be added to the whitelist file instead of the displayed address.

  • Why are the config files stored in a crypted form?
    This is an artefact of MailStripper's history. As of 1.2.2 only the central config file itself is crypted.

  • So, how can I read the config file?
    Use: mstripconf -cat <filename>
    Note that this only uses the leafname part of the stated file and always looks in /etc/mailstripper - so 'mstripconf -cat config' will work irrespective of your current directory.
    As of 1.2.2, the data files (other than the config file) are no longer stored in a garbled form, and may be read normally.

  • The package doesn't contain any documentation.
    The documentation is available as a separate download from the Downloads page as a PDF file.

  • Is there a way to either use a RBL or automatically update the IP Blacklist from an RBL?
    Yes there is. Add an entry in the IP Blacklist of the form DNS:rbl.server.domain.com. - for example we use DNS:zen.spamhaus.org. (The trailing . is required.) Note that the IP blacklist file is not updated from this, but check the documentation for the Honeypot feature as that does update this file.

  • Is it possible to have MailStripper store mails that were recognised as spam for a specific length of time?
    Certainly. Depending on your requirement, you can use a home-grown script run via cron, or use something like logrotate.

  • Can MailStripper handle mail for domain A differently to mail for domain B?
    Depends on what you're really asking it to do.
    Different rules, no. Different spam bins, yes (use the %d substitution in the spam bin specification).

  • I want my spam quarantine bin sent to a role account, rather than be held in a file local to the mail server. Can I do this?
    Definitely. In the spam bin field, just specify the (local) email address of the role account. This email address must be one for which your machine would be allowed to send emails to if the email came in from outside.

  • Can I have a separate spam bin for each user?
    Certainly, use the %u substitution in the spam bin specification.

  • I'd like spam to be tagged as spam, but sent on to the intended recipient. Can I do this?
    Yes - Specify your spam bin as #TAG, or add the recipient who wishes his mail to be tagged to the Tagged Recipients list (this can be entire domains).

  • Can MailStripper work with a TCP proxy?
    Yes, though if the TCP proxy is running in userspace you will almost certainly lose the IP Blacklisting facility.
    If you intend to run the TCP proxy to forward SMTP traffic, to your mail server with MailStripper on it, we would recommend putting MailStripper on the proxy machine instead of using the TCP proxy.

  • I'm using MailStripper with Fetchmail. Why is the IP blacklist not working?
    MailStripper sees the connection as coming from Fetchmail, not where your ISP's mail server received the connection. As a result, no IP blacklisting can work with Fetchmail.

  • Can MailStripper use a challenge/response mechanism to populate a sender whitelist?
    No, but this is something we are looking at for a future release.

  • Can MailStripper work with a local SMTP server configured for SMTP Authentication
    Yes, though this hasn't been stress-tested against multiple AUTH implementations. You're better off enabling port 587 as a mail submission port for your remote users.

  • MailStripper doesn't seem as effective for detecting spam as when it was several months ago when we first got it.
    Any reason why?
    When you first bought your MailStripper licence you also received six months' access to the Premium Blocklist. When this expired subsequent blocklist update requests retrieved the more basic free blocklist. Subscriptions are available for just £25 per year.

  • I try to run install.sh, but I get an error message.
    Try: ./install.sh
    Failing that, do: sh install.sh

  • I think I've found a bug!
    Please let us know. It would be a help if you can also include the output from running mstripconf -cat config and give a brief summary of your setup.