64 Configuring and Maintaining Your Server
Setting Up Spam Protection
To protect your users from spam, you can use the following tools with your control
panel:
SpamAssassin spam filter. It is a powerful spam filter that uses a wide variety of local
and network tests to identify spam signatures.
You can configure the spam filter so as to either delete suspicious messages when
they come to your mail server, or change the subject line and add "X-Spam-Flag:
YES" and "X-Spam-Status: Yes" headers to the messages. The latter can be useful
for users who prefer to filter mail with mail filtering programs installed on their own
computers.
To learn more about SpamAssassin, visit http://spamassassin.apache.org.
To configure and switch on the SpamAssassin filter, proceed to the Setting Up
SpamAssassin Spam Filter (on page 66) section.
DomainKeys. DomainKeys is a spam protection system based on sender
authentication. When an e-mail claims to originate from a certain domain,
DomainKeys provides a mechanism by which the recipient system can credibly
determine that the e-mail did in fact originate from a person or system authorized to
send e-mail for that domain. If the sender verification fails, the recipient system
discards such e-mail messages. To configure the DomainKeys system on your
server, refer to the section Switching on Spam Protection Based on DomainKeys
(on page 67).
DNS blackhole lists. This spam prevention system is based on DNS queries made by
your mail server to a database, which contains known and documented sources of
spam, as well as an extensive listing of dynamic IP addresses. Any positive
response from this database should result in your mail server returning a '550' error,
or rejection of the requested connection.
To configure your mail server for working with DNSBL databases, proceed to the
Switching On Spam Protection Based on DNS Blackhole Lists (on page 69) section.
Sender Policy Framework (SPF). This spam prevention system is also DNS query-
based. It is designed to reduce the amount of spam sent from forged e-mail
addresses. With SPF, an Internet domain owner can specify the addresses of
machines that are authorized to send e-mail for users of his or her domain.
Receivers that implement SPF then treat as suspect any e-mail that claims to come
from that domain but fails to come from locations that domain authorizes.
To learn more about SPF, visit http://www.openspf.org/howworks.html.
To enable filtering based on SPF, proceed to the Setting Up Support for Sender
Policy Framework System (on page 69) section.
Server-wide black and white lists. Black and white lists are standard mail server
facilities. You can use the black list to specify the domains from which mail must not
be accepted, and white list to specify the IP addresses of machines or networks
from which mail must always be accepted.
To set up server-wide black and white lists, proceed to the Setting Up Server-wide
Black and White Lists (on page 70) section.
