MailStripper - Features
- Administrator configurable keywords list
MailStripper's main search core uses an enhanced keyword scan, entirely
configurable by the site administrator. Negative biases can be used to
denote non-spam keywords. Keywords may be included as a plain string or
as regular expressions.
- Maintained keywords list
As an alternative to maintaining your own keyword list, the config tools
can download a remotely maintained keyword list (by default, the one we
use at Eridani) from the website at the push of a button. You may even
download a keyword list then tailor it to your own needs. This is a
subscription service, with a non-subscription version that is updated
- Automated updates
Synchronise your server with a central point of control. MailStripper
uses cron to manage the scheduling.
- Spam Bin as SMTP mailbox
The spam bin can be a local mbox-format mail file. Alternatively, a
local email address permits the spam bin to be held on a different
The Virus bin can also be an email address if you need it.
- Per-user and/or per-domain spam bins
Individual spam bins per user, or per hosted domain. For example
This facility can also work in conjunction with the Spam Bin as SMTP
- Subject line tagging of spam
Instead of using a spam bin, all (non-blacklisted) emails are sent on
to the intended recipient, but those which would have been quarantined
get a subject line tag instead. Some email clients can use this to
operate a user's own local spam bin.
As of MailStripper 1.3.0 this may
be configured on a per-recipient basis.
- No bounces generated by MailStripper
Most spam and virus mail headers are forged. The apparent sender address
is most likely not the offender. Therefore, spam and viruses are
quarantined and not bounced, effectively being blackholed. (Blacklisted
sites get a User Unknown error at the SMTP layer.)
- Sender whitelist
The sender's email message is checked for viruses (if configured) but
not scanned as potential spam. Unless found to contain a virus, the
message is delivered unfiltered.
- Sender blacklist
An SMTP User Unknown error code is sent to the blacklisted sender on
identification of the recipient.
- Source IP blacklist
An SMTP User Unknown error code is sent to the sender at the blacklisted
IP/netblock, on identification of the recipient.
- DNS blacklist (DNSBL) support
In addition to building up your own IP blacklist, this enables use of
third party blacklists elsewhere on the Internet.
- Spammer IP Honeypot
If given a list of "honeypot" email addresses (those which have no
right to be receiving email, maybe inherited from a previous owner of
your domain) any IP address seen to be emailing them will be
automatically added to the IP blacklist. It is also possible to mark
certain IP addresses as authorised relays so they won't be blacklisted
even if spam comes through them - but they will be subject to the other
- Recipient Whitelist
Overrides any blacklists, and disables spam scanning for the named
recipient. Ideal for role accounts such as abuse and postmaster.
- Mail server daemon independence
MailStripper works at the SMTP level, and can be on a different machine
to your MTA. It connects to your mail server over another SMTP
- Switchable ESMTP support
Some mail servers have issues with proprietary ESMTP extensions. ESMTP
support may be disabled entirely if running ESMTP causes problems.
- Intelligent anti-spam evasion countermeasures
MailStripper recognises and counteracts attempts at evading detection
- Rate limiter
This will prevent your mail server from being overloaded by spam. This
is a configurable option - faster servers can allow more concurrent scan
This has been significantly improved in version 1.4.1.
- Anti-virus capability (optional)
Scans all mail for virus infection, and quarantines all infected email.
ClamAV, Frisk Software's F-Prot and NAI's McAfee uvscan are directly
supported, and a new AVWRAP interface allows the use of
antivirus scanners that are not directly supported by MailStripper.
Our example AVWRAP script blocks Win32 executables and is supplied
- Does not require cutting-edge versions of libraries or MTA
MailStripper is supplied as statically linked binaries (apart from glibc
on Linux), so they contain all the extra library routines they require.
By working on the SMTP layer, MailStripper is totally independent of
your MTA platform, let alone MTA version.
- Multi-process architecture
This ensures that should a hitherto unknown malformed email message
crash MailStripper, only that scanning process dies - it does not
remove your system's ability to receive email.
- No usage expiry (except evaluation licences)
Paid licences do not expire - there is no need to re-register every year
(as is becoming common with many software packages). This does not
apply to the blocklist subscription service but is not required to run
- No mailbox limit
MailStripper will protect as many mailboxes as your mailserver can hold.
- No additional licence charges for multi-processor machines.
Commercial Licences are per machine, not per CPU. Personal licences are
- Features an easy-to-use configuration GUI, xmstripconf
As with other X apps it can use a remote display, so you don't need to
run an X desktop on your mail server.
- Text-mode menu-driven config tool, mstripconf
If you're on an X-less machine or a remote session, use this to
configure MailStripper instead.
- Handle ESMTP "SIZE" whether or not the mail server supports it
Enforce a message size limit with this feature, rejecting anything that is
- Plug-in support
A very exciting new addition to the MailStripper feature set, this
facility allows MailStripper to be expanded almost without limit.
This also allows for third parties to offer bolt-on services to enhance
MailStripper with their own technologies. System administrators can also
create their own filters based on local policies.
MailStripper supplies two plug-ins as standard - Local Blocklist and
SURBL (see below).
- Local Blocklist support
An often-requested feature, this has previously been a very risky
change to the software core due to the changes that would be
required (which is why it hasn't appeared yet).
With the plug-in facility, this can now be implemented reliably
and entirely without risking the rest of the system.
The local blocklist will remain untouched when the main blocklist is
updated using the automatic update facility.
- Spam URL Blacklist support
This is implemented as a plug-in that implements the interface
described at http://www.surbl.org/.
Unlike standard DNS blacklists, this reports on the URLs
contained within the body of the message.
MailStripper supports ClamAV, Frisk Software's F-Prot and NAI's McAfee
uvscan products for virus-scanning mail.
If you do not have either ClamAV, F-Prot or uvscan installed ensure the
"Use Anti-Virus package" option is set to None or use AVWRAP to
use an unsupported antivirus package. Our example script uses this interface
to block all Win32 executables.
ClamAV is a free, open-source
virus scanner, and is free to use for any commercial or non-commercial
F-Prot is available
free of charge for personal use only for
and Solaris (x86).
Commercial use requires licensing, more information can be found
In all cases the edition to use with MailStripper is the Workstation version.
It cannot work with the Windows version of F-Prot.
Network Associate's McAfee uvscan (command line scanner) product may be
downloaded from here for
Linux, FreeBSD and Solaris on a trial basis - look for the Command Line Scanner.