Why use the avenger SMTP server?
Mail avenger is a highly-configurable, MTA-independent SMTP (simple
mail transport protocol) server. It allows you to reject spam during
mail transactions, before spooling messages in your local mail queue.
You can specify site-wide default policies for filtering mail, but
individual users can also craft their own policies by creating avenger scripts in their home
directories.
Compared to traditional (.forward, .qmail, etc.) spam filtering, filtering during an
SMTP transaction gives you more options. For instance, you can reject
mail with an SMTP error code, causing a bounce only if the client is a
legitimate MTA, not if it is a spambot. You can temporarily defer
mail, accepting the message later if the sender tries again from the
same IP address--a technique known as greylisting. You can even embed
cryptographically secure
expiration times in temporary mail addresses to validate mail
before receiving the message body.
Compared to traditional spam filtering, filtering during the SMTP
transaction also gives you more information. Mail Avenger collects a
wide array of information about SMTP connections from clients,
including TCP SYN fingerprints (which often identify the client OS)
and network route information. Mail Avanger also flags properties of
client SMTP implementations, such as whether they use pipelining,
issue illegal SMTP commands, or deviate from the protocol in other
small ways. Scripts can easily track this information on a per-sender
basis using a simple database
utility (included in the distribution). Thus, anomalies can be
flagged when known senders exhibit radically different client
behavior. Much of the information collected is also recorded in a new
mail header, , which can be fed
to Bayesian content filters to improve accuracy.
A partial list of features:
- Mail-bomb protection - prevents any
single client from overloading your server. (See MaxConPerIP, MaxMsgsPerIP, MaxErrorsPerIP in the asmtpd.conf(5) man page.)
- TCP filtering - can modify kernel
firewall rules to block TCP SYN packets from overly aggressive
clients. (See SMTPFilter in asmtpd.conf(5).)
- Network-level traffic analysis -
including collection of TCP SYN fingerprints, heuristic inference of
client operating systems, and network route recording. (See CLIENT_SYNFP, CLIENT_SYNOS, CLIENT_NETHOPS, CLIENT_NETPATH, netpath
in the avenger(1) man page, the
synos(1) man page, and the pf.os(5) man page from OpenBSD.)
- SMTP-level traffic analysis. (See
CLIENT_COLONSPACE, CLIENT_HELO, CLIENT_PIPELINING, CLIENT_POST in avenger(1).)
- SMTP callbacks - checks that mail
senders can actually receive bounce messages. (See SENDER_BOUNCERES, MAIL_ERROR in avenger(1) man page, ClientTimeout, VrfyDelay, MaxRevClients in asmtpd.conf(5).)
- Per-user and per-user-extension mail
scripts - using Bourne shell syntax familiar to many Unix
users. (See avenger(1).)
- Per-user mail relay checks -
allows users to permit relaying of their own email address from
particular sources. (See avenger(1).)
- Virtual domain mapping - maps all
mail checks for a domain to a particular local user. (See DomainFile in asmtpd.conf(5).)
- Alias to user mapping - allows
filtering for mail aliases to be placed under the control of different
users. (See AliasFile in asmtpd.conf(5).)
- RBL support - query real-time
black hole lists. (See RBL in asmtpd.conf(5), and rbl in avenger(1).)
- SPF - sender policy framework
blocks mail forgeries from domains that publish DNS SPF records. (See
the "SPF CONFIGURATION PARAMETERS" section of the asmtpd.conf(5) man page.)
- SPF language queries - scripts can
dynamically formulate powerful queries using the SPF language. (See
the spf function in avenger(1).)
- Asynchronous DNS queries - for a, mx,
ptr, txt records. Scripts can easily issue muitiple concurrent DNS as
well as SPF, RBL, and traceroute queries. The setvars command then waits for them all to
complete and assigns results to the appropriate variables. (See dns and setvars in avenger(1).)
- "Bodytest" support - allows you to
run filters like spamassassin and clamscan on the
body of a mail message
before replying to the final "." of the SMTP DATA command.
(See the edinplace(1) man
page and the bodytest description in the avenger(1) man page.)
- avenger.local - a local delivery
agent supporting qmail-style control over extension addresses. Users
can create different extension addresses (e.g.,
user+list1@host.com, user+list2@host.com) and route
the mail differently. Also allows users to create and maintain their
own mailing lists. (See the avenger.local(8) man page, and this example sendmail
configuration.)
- SMTP STARTTLS support - if OpenSSL is
present when Mail Avenger is compiled. (See SSL and related directives in the asmtpd.conf(5) man page.)
- Optional SASL support - with the Cyrus SASL
package. (Use the --enable-sasl configure option, and see
SASL in the asmtpd.conf(5) man page.)
Mail avenger is MTA-independent. It simply passes messages to a
configurable sendmail program, and should therefore be compatible with
any MTA that has a sendmail-like mail injection program. It has been
tested with both sendmail and qmail, and others have reportedly used
it with postfix.
Mail avenger is free software. It runs on Linux, OpenBSD, FreeBSD,
and MacOS X, and will likely run with little or no modification on
other Unix-like operating systems. Please let us know if you experience any portability
problems.