MailStripper - spam filter for Linux, FreeBSD and Solaris filter spam

MailStripper - Features

  • Administrator configurable keywords list
    MailStripper's main search core uses an enhanced keyword scan, entirely configurable by the site administrator. Negative biases can be used to denote non-spam keywords. Keywords may be included as a plain string or as regular expressions.

  • Maintained keywords list
    As an alternative to maintaining your own keyword list, the config tools can download a remotely maintained keyword list (by default, the one we use at Eridani) from the website at the push of a button. You may even download a keyword list then tailor it to your own needs. This is a subscription service, with a non-subscription version that is updated periodically.

  • Automated updates
    Synchronise your server with a central point of control. MailStripper uses cron to manage the scheduling.

  • Spam Bin as SMTP mailbox
    The spam bin can be a local mbox-format mail file. Alternatively, a local email address permits the spam bin to be held on a different machine.
    The Virus bin can also be an email address if you need it.

  • Per-user and/or per-domain spam bins
    Individual spam bins per user, or per hosted domain. For example /var/spool/spam/<domain>/<username>. This facility can also work in conjunction with the Spam Bin as SMTP mailbox feature.

  • Subject line tagging of spam
    Instead of using a spam bin, all (non-blacklisted) emails are sent on to the intended recipient, but those which would have been quarantined get a subject line tag instead. Some email clients can use this to operate a user's own local spam bin.
    As of MailStripper 1.3.0 this may be configured on a per-recipient basis.

  • No bounces generated by MailStripper
    Most spam and virus mail headers are forged. The apparent sender address is most likely not the offender. Therefore, spam and viruses are quarantined and not bounced, effectively being blackholed. (Blacklisted sites get a User Unknown error at the SMTP layer.)

  • Sender whitelist
    The sender's email message is checked for viruses (if configured) but not scanned as potential spam. Unless found to contain a virus, the message is delivered unfiltered.

  • Sender blacklist
    An SMTP User Unknown error code is sent to the blacklisted sender on identification of the recipient.

  • Source IP blacklist
    An SMTP User Unknown error code is sent to the sender at the blacklisted IP/netblock, on identification of the recipient.

  • DNS blacklist (DNSBL) support
    In addition to building up your own IP blacklist, this enables use of third party blacklists elsewhere on the Internet.

  • Spammer IP Honeypot
    If given a list of "honeypot" email addresses (those which have no right to be receiving email, maybe inherited from a previous owner of your domain) any IP address seen to be emailing them will be automatically added to the IP blacklist. It is also possible to mark certain IP addresses as authorised relays so they won't be blacklisted even if spam comes through them - but they will be subject to the other checks.

  • Recipient Whitelist
    Overrides any blacklists, and disables spam scanning for the named recipient. Ideal for role accounts such as abuse and postmaster.

  • Mail server daemon independence
    MailStripper works at the SMTP level, and can be on a different machine to your MTA. It connects to your mail server over another SMTP connection.

  • Switchable ESMTP support
    Some mail servers have issues with proprietary ESMTP extensions. ESMTP support may be disabled entirely if running ESMTP causes problems.

  • Intelligent anti-spam evasion countermeasures
    MailStripper recognises and counteracts attempts at evading detection as spam.

  • Rate limiter
    This will prevent your mail server from being overloaded by spam. This is a configurable option - faster servers can allow more concurrent scan processes.
    This has been significantly improved in version 1.4.1.

  • Anti-virus capability (optional)
    Scans all mail for virus infection, and quarantines all infected email. ClamAV, Frisk Software's F-Prot and NAI's McAfee uvscan are directly supported, and a new AVWRAP interface allows the use of antivirus scanners that are not directly supported by MailStripper. Our example AVWRAP script blocks Win32 executables and is supplied with MailStripper.

  • Does not require cutting-edge versions of libraries or MTA
    MailStripper is supplied as statically linked binaries (apart from glibc on Linux), so they contain all the extra library routines they require. By working on the SMTP layer, MailStripper is totally independent of your MTA platform, let alone MTA version.

  • Multi-process architecture
    This ensures that should a hitherto unknown malformed email message crash MailStripper, only that scanning process dies - it does not remove your system's ability to receive email.

  • No usage expiry (except evaluation licences)
    Paid licences do not expire - there is no need to re-register every year (as is becoming common with many software packages). This does not apply to the blocklist subscription service but is not required to run MailStripper.

  • No mailbox limit
    MailStripper will protect as many mailboxes as your mailserver can hold.

  • No additional licence charges for multi-processor machines.
    Commercial Licences are per machine, not per CPU. Personal licences are per household.

  • Features an easy-to-use configuration GUI, xmstripconf
    As with other X apps it can use a remote display, so you don't need to run an X desktop on your mail server.

  • Text-mode menu-driven config tool, mstripconf
    If you're on an X-less machine or a remote session, use this to configure MailStripper instead.

  • Handle ESMTP "SIZE" whether or not the mail server supports it
    Enforce a message size limit with this feature, rejecting anything that is too big.

  • Plug-in support
    A very exciting new addition to the MailStripper feature set, this facility allows MailStripper to be expanded almost without limit.
    This also allows for third parties to offer bolt-on services to enhance MailStripper with their own technologies. System administrators can also create their own filters based on local policies.

    MailStripper supplies two plug-ins as standard - Local Blocklist and SURBL (see below).

  • Local Blocklist support
    An often-requested feature, this has previously been a very risky change to the software core due to the changes that would be required (which is why it hasn't appeared yet).
    With the plug-in facility, this can now be implemented reliably and entirely without risking the rest of the system. The local blocklist will remain untouched when the main blocklist is updated using the automatic update facility.

  • Spam URL Blacklist support
    This is implemented as a plug-in that implements the interface described at http://www.surbl.org/. Unlike standard DNS blacklists, this reports on the URLs contained within the body of the message.

MailStripper supports ClamAV, Frisk Software's F-Prot and NAI's McAfee uvscan products for virus-scanning mail.

If you do not have either ClamAV, F-Prot or uvscan installed ensure the "Use Anti-Virus package" option is set to None or use AVWRAP to use an unsupported antivirus package. Our example script uses this interface to block all Win32 executables.

ClamAV is a free, open-source virus scanner, and is free to use for any commercial or non-commercial installation.

F-Prot is available free of charge for personal use only for Linux, FreeBSD, Solaris (SPARC) and Solaris (x86). Commercial use requires licensing, more information can be found here. In all cases the edition to use with MailStripper is the Workstation version. It cannot work with the Windows version of F-Prot.

Network Associate's McAfee uvscan (command line scanner) product may be downloaded from here for Linux, FreeBSD and Solaris on a trial basis - look for the Command Line Scanner.