Introduction To Innovative Mail Filtering With Axigen

By Author: Axigen Team
Total Articles: 18
Comment this article

1. The problem with electronic mail today
Email is not what it was supposed to be. Its inventors have not foreseen the dan¬gers associated with this new form of communication. Means of protection were added later on, but do little to protect people's mailboxes. As a result, most of the mail traffic these days is unwanted: spam, malware, phishing. How can we use the AXIGEN Mail Server and existing free anti-spam, antivirus and anti-phishing software and technologies so that the result is more than the sum of the parts?

2. Traditional filtering in AXIGEN
From its very beginnings, AXIGEN has integrated open-source filters such as SpamAssassin and ClamAV and has used the fastest way to process mails through them by interfacing with their daemons directly. But this usage scenario had a major downside: mail messa¬ges were scanned in the queue, after having been accepted by the mail server. As a result, Spam folders had the tendency to grow indefinitely and waste space in the server storage and backup mediums.

3. A new approach to email filtering
Starting with version 6.2.2, AXIGEN can integrate ...
... with a Milter filter at the SMTP level, enabling scanning of the incoming SMTP connections. The possibility to scan a message before receiving it opens up new perspectives, as it enables us to refuse a message if the content filters strongly indicate that the scanned message is unwanted.

Let's take a simple example, in which the decision to reject a mail was taken by the Milter filter by evaluating the results of the antivirus scanner. Why would this be a better choice than quarantining, for example, or tagging?

For one thing, we do not accept the message and no further resources are allocated to this mail: processing, storage, backup, double-checks etc. For unwanted traffic, this is a very good thing as it minimizes your problems. However, what happens if, unfortunately, the refused message is a legitimate mail? Let's compare the three valid choices: quarantining, tagging or refusing the message.

- Quarantining means that the unwanted mail would end up in a rather large quaran¬tined space. Suppose we only do this for malware as detected by an antivirus con¬tent filter: viruses, worms, phishing. Can we alert the receiver for every quar¬an¬tined mail that was heading to their inbox? Realistically, no, because the mal¬ware traffic can reach really high levels. Add to this that almost all of it is spoofed and you risk to get into situations in which innocent people are blamed for spreading malware, when their only fault would be the fact that their address is known by spammers. So, when a mail is quarantined, neither the sen¬der, nor the recipients are usually aware of it. If through some other means one or both of them find out about the missing mail, typically the receiver will have to alert his/her administrator of the mishap in order to gain access to the quarantined mail.
- Tagging, often applied to spam messages, means the message will usually end up in a sub-folder of the recipient's mailbox, typically named Spam. He/she may or may not check that folder for false positives, but as no filter is perfect, sooner or later some legitimate mail will end up in Spam. When that happens, neither the sender, nor the recipient will be aware of it. If through some other means, one or both of them find out about the missing mail, the receiver will usually have to dig through its spam folder to find the legitimate mail. This may be quick if he/she knows the exact coordinates of that mail (sender, date, subject), or may be a daunting task if the Spam folder is rather large and the data is very vague (eg. "Should have received a mail from a South American company with some financial info").

4. To learn more about our innovative, Milter-based filtering, please visit: http://www.axigen.com/articles/innovative-mail-filtering_51.html, or contact us at sales@axigen.com. We also invite you to sign up to our free, live webinar organized in partnership with the The Radicati Group: http://www.axigen.com/webinars/linux-messaging/