Mail avenger is a highly-configurable, MTA-independent SMTP (simple mail transport protocol) server. It allows you to reject spam during mail transactions, before spooling messages in your local mail queue. You can specify site-wide default policies for filtering mail, but individual users can also craft their own policies by creating avenger scripts in their home directories.

Compared to traditional (.forward, .qmail, etc.) spam filtering, filtering during an SMTP transaction gives you more options. For instance, you can reject mail with an SMTP error code, causing a bounce only if the client is a legitimate MTA, not if it is a spambot. You can temporarily defer mail, accepting the message later if the sender tries again from the same IP address--a technique known as greylisting. You can even embed cryptographically secure expiration times in temporary mail addresses to validate mail before receiving the message body.

Compared to traditional spam filtering, filtering during the SMTP transaction also gives you more information. Mail Avenger collects a wide array of information about SMTP connections from clients, including TCP SYN fingerprints (which often identify the client OS) and network route information. Mail Avanger also flags properties of client SMTP implementations, such as whether they use pipelining, issue illegal SMTP commands, or deviate from the protocol in other small ways. Scripts can easily track this information on a per-sender basis using a simple database utility (included in the distribution). Thus, anomalies can be flagged when known senders exhibit radically different client behavior. Much of the information collected is also recorded in a new mail header, X-Avenger:, which can be fed to Bayesian content filters to improve accuracy.

A partial list of features:

• Mail-bomb protection - prevents any single client from overloading your server. (See MaxConPerIP, MaxMsgsPerIP, MaxErrorsPerIP in the asmtpd.conf(5) man page.)
• TCP filtering - can modify kernel firewall rules to block TCP SYN packets from overly aggressive clients. (See SMTPFilter in asmtpd.conf(5).)
• Network-level traffic analysis - including collection of TCP SYN fingerprints, heuristic inference of client operating systems, and network route recording. (See CLIENT_SYNFP, CLIENT_SYNOS, CLIENT_NETHOPS, CLIENT_NETPATH, netpath in the avenger(1) man page, the synos(1) man page, and the pf.os(5) man page from OpenBSD.)
• SMTP-level traffic analysis. (See CLIENT_COLONSPACE, CLIENT_HELO, CLIENT_PIPELINING, CLIENT_POST in avenger(1).)
• SMTP callbacks - checks that mail senders can actually receive bounce messages. (See SENDER_BOUNCERES, MAIL_ERROR in avenger(1) man page, ClientTimeout, VrfyDelay, MaxRevClients in asmtpd.conf(5).)
• Per-user and per-user-extension mail scripts - using Bourne shell syntax familiar to many Unix users. (See avenger(1).)
• Per-user mail relay checks - allows users to permit relaying of their own email address from particular sources. (See avenger(1).)
• Virtual domain mapping - maps all mail checks for a domain to a particular local user. (See DomainFile in asmtpd.conf(5).)
• Alias to user mapping - allows filtering for mail aliases to be placed under the control of different users. (See AliasFile in asmtpd.conf(5).)
• RBL support - query real-time black hole lists. (See RBL in asmtpd.conf(5), and rbl in avenger(1).)
• SPF - sender policy framework blocks mail forgeries from domains that publish DNS SPF records. (See the "SPF CONFIGURATION PARAMETERS" section of the asmtpd.conf(5) man page.)
• SPF language queries - scripts can dynamically formulate powerful queries using the SPF language. (See the spf function in avenger(1).)
• Asynchronous DNS queries - for a, mx, ptr, txt records. Scripts can easily issue muitiple concurrent DNS as well as SPF, RBL, and traceroute queries. The setvars command then waits for them all to complete and assigns results to the appropriate variables. (See dns and setvars in avenger(1).)
• "Bodytest" support - allows you to run filters like spamassassin and clamscan on the body of a mail message before replying to the final "." of the SMTP DATA command. (See the edinplace(1) man page and the bodytest description in the avenger(1) man page.)
• avenger.local - a local delivery agent supporting qmail-style control over extension addresses. Users can create different extension addresses (e.g., user+list1@host.com, user+list2@host.com) and route the mail differently. Also allows users to create and maintain their own mailing lists. (See the avenger.local(8) man page, and this example sendmail configuration.)
• SMTP STARTTLS support - if OpenSSL is present when Mail Avenger is compiled. (See SSL and related directives in the asmtpd.conf(5) man page.)
• Optional SASL support - with the Cyrus SASL package. (Use the --enable-sasl configure option, and see SASL in the asmtpd.conf(5) man page.)

Mail avenger is MTA-independent. It simply passes messages to a configurable sendmail program, and should therefore be compatible with any MTA that has a sendmail-like mail injection program. It has been tested with both sendmail and qmail, and others have reportedly used it with postfix.

Mail avenger is free software. It runs on Linux, OpenBSD, FreeBSD, and MacOS X, and will likely run with little or no modification on other Unix-like operating systems. Please let us know if you experience any portability problems.