EmailArchitect Email Server, Mail Server Documentation

Anti-Spam

How EmailArchitect Anti-Spam works

It is highly recommended to enable the anti-spam filter in your user account: Web Mail logon->Option->Anti-Spam, then Anti-Spam filter. All single message sent to this user account will be checked by the anti-spam filter strictly. If a message is marked as junk email, it will be delivered to Junk* folder, and an inquiring message will be sent to the sender. If the sender confirms the message was sent by him, the message will be moved back to Inbox. If no confirmation is received from the sender, the message will be deleted by system.

The following E-mail will never be marked as Junk

1. From the address which is in personal contacts or global contacts.
2. From the authenticated user.
3. From the trusted list.
4. From the auto-white list.

What is auto-white list?

EmailArchitect Anti-Spam module maintains a list of recent recipient address sent by authenticated user. All the addresses on the list are recognized as trusted address by Anti-Spam module, and email sent from the trusted address will never be marked as Junk email. Note that once you receive a spam, don't reply it, otherwise its sender address will be added to your auto-white list.

Using "Not Junk" action in User Customized Filter

If your company is selling a product named "XXX", and you receive emails querying about your product everyday, you may not want the Anti-Spam filter to scan/delete those emails. To bypass the scanning, you can add a rule in your customized filter like this:

If Body Text contains "XXX" Then Not Junk

Note: the following section is only for server administrator or domain administrator.

How does EmailArchitect detect an email as spam?

If user chooses low anti-spam level, then it depends on the rules in Web Access->Anti-Spam Service-> Low Level Setting; If user chooses high anti-spam level, then it depends on the rules in Web Access->Anti-Spam Service-> High Level Setting.

The rule expession

Rule = [built-in function]|[keyword]:[points]
If a message matches a specified rule, corresponding points will be added to this message. Once the total point is greater than the point set in Anti-Spam service, this message will be marked as spam.

Built-in Functions

Name Description Remarks

{$fn_httplink} Detects how many http links in body text. {$fn_httplink}:3 means each link will be counted to 3 points

{$fn_badcrlf} Detects if there is bad CRLF in the message. {$fn_badcrlf}:5 means if there is bad line-break will be counted to 5 points

{$fn_nomime} Detects if this is a non-mime message Most email clients use MIME format.

{$fn_bcc} The message To/Cc header doesn't contain recipient's email. Most newsletter won't contain the recipient in To/CC header.

{$fn_badheader} Message header doesn't contain From, To, Subject or Date.

{$fn_emaillink} Detects if body text contains the mailto:[email address]?subject=* Many spammer use this format instead of http link.

{$fn_body:[keyword]} Detects if body text contains the keyword. Wildcard(*,?) is supported. e.g. {$fn_body:adult}:2

{$fn_bodyw:[keyword]} Detects if body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_bodyw:adult}:2

{$fn_subject:[keyword]} Detects if subject contains the keyword. Wildcard(*,?) is supported. e.g. {$fn_subject:adult}:2

{$fn_subjectw:[keyword]} Detects if subject contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_subjectw:adul?}:2

{$fn_headers:[keyword]} Detects if headers contains the keyword. Wildcard(*,?) is supported. e.g. {$fn_headers:x-mailer: bulk tool}:2

{$fn_headersw:[keyword]} Detects if headers contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_headersw:x-mailer: bu?k}:2

{$fn_subjectbodyw:[keyword]} Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_subjectbodyw:gir?}:2

{$fn_regbody:[keyword]} Detects if body text contains the keyword by regular expression. e.g. {$fn_regbody:girl[s]?}:2

{$fn_regsubject:[keyword]} Detects if subject contains the keyword by regular expression. e.g. {$fn_regsubject:girl[s]?}:2

{$fn_regsubjectbody:[keyword]} Detects if subject or body text contains the keyword by regular expression. e.g. {$fn_regsubjectbody:girl[s]?}:2

{$fn_regheaders:[keyword]} Detects if headers contains the keyword by regular expression.

{$fn_fbody:[keyword file]} Detects if body text contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. e.g. {$fn_fbody:c:\badwords.txt}:5

{$fn_fbodyw:[keyword file]} Detects if body text contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_fbodyw:c:\badwords.txt}:5

{$fn_fsubject:[keyword file]} Detects if subject contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. e.g. {$fn_fsubject:c:\badwords.txt}:5

{$fn_fsubjectw:[keyword file]} Detects if subject contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_fsubjectw:c:\badwords.txt}:5

{$fn_fheaders:[keyword file]} Detects if headers contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. e.g. {$fn_fheaders:c:\badheaders.txt}:5

{$fn_fheadersw:[keyword file]} Detects if headers contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_fheadersw:c:\badheaders.txt}:5

{$fn_fsubjectbody:[keyword file]} Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. e.g. {$fn_fsubjectbody:c:\badwords.txt}:5

{$fn_fsubjectbodyw:[keyword file]} Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. e.g. {$fn_fsubjectbodyw:c:\badwords.txt}:5

{$fn_fregbody:[keyword file]} Detects if body text contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. e.g. {$fn_fregbody:c:\badwords.txt}:5

{$fn_fregsubject:[keyword file]} Detects if subject contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. e.g. {$fn_fregsubject:c:\badwords.txt}:5

{$fn_fregsubjectbody:[keyword file]} Detects if subject or body text contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. e.g. {$fn_fregsubjectbody:c:\badwords.txt}:5

{$fn_fregheaders:[keyword file]} Detects if headers contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword.

{$fn_charset:[keyword]} If message charset matches the keyword, then this rule is true.

{$fn_rcharset:[keyword]} If message charset doesn't match the keyword, then this rule is true.

{$fn_attnullbody:[keyword]} Detect if message contains one specified attachment and body text is null. e.g. {$fn_att:*.pdf}

{$fn_hasatt:[keyword]} Detect if message contains the specified attachment.

If you enter a word in the rule, it equals to {$fn_subjectbody:[keyword]}. e.g. advertisement:5.

Usage Example

1. If the low level points is 5, and you want to mark the message which has more than 2 http links as spam, then you can input: {$fn_httplink}:3 in the rules. The two link will be counted to 2*3=6.

Negative Rule

Negative rule can be used to split other rules.
Syntax: [built-in function]|[keyword]:-200

e.g.
There are two rules in Anti-Spam rules:
{fn_subject:no junk}-200
{fn_body: bad}5
Then every email whose subject contains "no junk" will not be detected as spam even the email body contains "bad".

Trust the email from IP address which complies the Sender Policy Framework(SPF)

First of all, please learn more detail about Sender Policy Framework(SPF) by the following url:
http://spf.pobox.com/
http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx

Since the SPF prevents the faked email, so if this option is enabled, every email from the IP address which complies the SPF will not be detected as spam.

Trust the email from IP address which complies the MX or A record of its domain.

Although SPF is very good solution to prevent faked email sender, but many domains haven't set the SPF record yet. So "Trust the email from IP address which complies the MX or A record of its domain" option is very useful to those domains.

e.g.
The email sender is: xxx@adminsystem.com and this email is from IP address: 210.17.235.64. By querying the dns server of adminsystem.com, mail.adminsystem.com is the MX record of adminsystem.com and the IP address of "mail.adminsystem.com" is "210.17.235.64", so there is enough reason to believe this email is not faked.

Manually Approve

By default, EmailArchitect Email Server will send a confirmation request to the sender if the message is marked as spam. However, you can choose "manually approve" instead of confirmation request. Once "Manually Approve" is chosen in the Anti-Spam Service, all the messages marked as spam will be forwarded to approver e-mail address. Note: approver MUST be a local user in current EmailArchitect Email Server, he/she must logon the Web Mail to "Approve" or delete this message. Once the message is approved, it will be delivered to the original recipient.

Advanced Junk E-mail Process

By default, Junk E-mail Process in Anti-Spam Service is for every domains. However, if some domains requires the different Junk E-mail Process, the administrator should use the following expression in Advanced Junk E-mail Process to change it.

[domain]/[action]/[approver]
action: 0/1/2. 0. send confirmation request; 1. mauanlly approval; 2. just move to junk folder.

e.g.
emailarchitect.com/0
emailarchitect.net/1/approver@emailarchitect.net
adminsystem.com/2

Delete Obvious Junk-Email in GFilters

To prevent obvious spam, using Block Sender may not be a good idea, as most spammer use faked and ever-changing email address as sender address.

The best way to stop obvious spam is to add filter in GFilters or Domain Incoming filters. Note: junk e-mail always contains contact information in email body text, such as their url, real e-mail address or telephone number, those keywords are what you need to filter.

Name	Description	Remarks
{$fn_httplink}	Detects how many http links in body text.	{$fn_httplink}:3 means each link will be counted to 3 points
{$fn_badcrlf}	Detects if there is bad CRLF in the message.	{$fn_badcrlf}:5 means if there is bad line-break will be counted to 5 points
{$fn_nomime}	Detects if this is a non-mime message	Most email clients use MIME format.
{$fn_bcc}	The message To/Cc header doesn't contain recipient's email.	Most newsletter won't contain the recipient in To/CC header.
{$fn_badheader}	Message header doesn't contain From, To, Subject or Date.
{$fn_emaillink}	Detects if body text contains the mailto:[email address]?subject=*	Many spammer use this format instead of http link.
{$fn_body:[keyword]}	Detects if body text contains the keyword. Wildcard(*,?) is supported.	e.g. {$fn_body:adult}:2
{$fn_bodyw:[keyword]}	Detects if body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_bodyw:adult}:2
{$fn_subject:[keyword]}	Detects if subject contains the keyword. Wildcard(*,?) is supported.	e.g. {$fn_subject:adult}:2
{$fn_subjectw:[keyword]}	Detects if subject contains the keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_subjectw:adul?}:2
{$fn_headers:[keyword]}	Detects if headers contains the keyword. Wildcard(*,?) is supported.	e.g. {$fn_headers:x-mailer: bulk tool}:2
{$fn_headersw:[keyword]}	Detects if headers contains the keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_headersw:x-mailer: bu?k}:2
{$fn_subjectbodyw:[keyword]}	Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_subjectbodyw:gir?}:2
{$fn_regbody:[keyword]}	Detects if body text contains the keyword by regular expression.	e.g. {$fn_regbody:girl[s]?}:2
{$fn_regsubject:[keyword]}	Detects if subject contains the keyword by regular expression.	e.g. {$fn_regsubject:girl[s]?}:2
{$fn_regsubjectbody:[keyword]}	Detects if subject or body text contains the keyword by regular expression.	e.g. {$fn_regsubjectbody:girl[s]?}:2
{$fn_regheaders:[keyword]}	Detects if headers contains the keyword by regular expression.
{$fn_fbody:[keyword file]}	Detects if body text contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported.	e.g. {$fn_fbody:c:\badwords.txt}:5
{$fn_fbodyw:[keyword file]}	Detects if body text contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_fbodyw:c:\badwords.txt}:5
{$fn_fsubject:[keyword file]}	Detects if subject contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported.	e.g. {$fn_fsubject:c:\badwords.txt}:5
{$fn_fsubjectw:[keyword file]}	Detects if subject contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_fsubjectw:c:\badwords.txt}:5
{$fn_fheaders:[keyword file]}	Detects if headers contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported.	e.g. {$fn_fheaders:c:\badheaders.txt}:5
{$fn_fheadersw:[keyword file]}	Detects if headers contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_fheadersw:c:\badheaders.txt}:5
{$fn_fsubjectbody:[keyword file]}	Detects if subject or body text contains the keyword. Wildcard(*,?) is supported.	e.g. {$fn_fsubjectbody:c:\badwords.txt}:5
{$fn_fsubjectbodyw:[keyword file]}	Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word.	e.g. {$fn_fsubjectbodyw:c:\badwords.txt}:5
{$fn_fregbody:[keyword file]}	Detects if body text contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword.	e.g. {$fn_fregbody:c:\badwords.txt}:5
{$fn_fregsubject:[keyword file]}	Detects if subject contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword.	e.g. {$fn_fregsubject:c:\badwords.txt}:5
{$fn_fregsubjectbody:[keyword file]}	Detects if subject or body text contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword.	e.g. {$fn_fregsubjectbody:c:\badwords.txt}:5
{$fn_fregheaders:[keyword file]}	Detects if headers contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword.
{$fn_charset:[keyword]}	If message charset matches the keyword, then this rule is true.
{$fn_rcharset:[keyword]}	If message charset doesn't match the keyword, then this rule is true.
{$fn_attnullbody:[keyword]}	Detect if message contains one specified attachment and body text is null.	e.g. {$fn_att:*.pdf}
{$fn_hasatt:[keyword]}	Detect if message contains the specified attachment.