avenger: Main Page - doxygen documentation

Searching...

No Matches

Some Fossies usage hints in advance:

To see the Doxygen generated documentation please click on one of the items in the steelblue colored "quick index" bar above or use the side panel at the left which displays a hierarchical tree-like index structure and is adjustable in width.
If you want to search for something by keyword rather than browse for it you can use the client side search facility (using Javascript and DHTML) that provides live searching, i.e. the search results are presented and adapted as you type in the Search input field at the top right.
Doxygen doesn't incorporate all member files but just a definable subset (basically the main project source code files that are written in a supported language). So to search and browse all member files you may visit the Fossies avenger-0.8.5.tar.gz contents page and use the Fossies standard member browsing features (also with source code highlighting and additionally with optional code folding).

This is Mail Avenger, the spam extermination project. This file describes what Mail Avenger does. See the file INSTALL for installation instructions.

Mail avenger is a highly-configurable, MTA-independent SMTP (simple mail transport protocol) server. It allows you to reject spam during mail transactions, before spooling messages in your local mail queue. You can specify site-wide default policies for filtering mail, but individual users can also craft their own policies by creating avenger scripts in their home directories.

Compared to traditional (.forward, .qmail, etc.) spam filtering, filtering during an SMTP transaction gives you more options. For instance, you can reject mail with an SMTP error code, causing a bounce only if the client is a legitimate MTA, not if it is a spambot. You can temporarily defer mail, accepting the message later if the sender tries again from the same IP address--a technique known as greylisting. You can even embed cryptographically secure expiration times in temporary mail addresses to validate mail before receiving the message body.

Compared to traditional spam filtering, filtering during the SMTP transaction also gives you more information. Mail Avenger collects a wide array of information about SMTP connections from clients, including TCP SYN fingerprints (which often identify the client OS) and network route information. Mail Avanger also flags properties of client SMTP implementations, such as whether they use pipelining, issue illegal SMTP commands, or deviate from the protocol in other small ways. Scripts can easily track this information on a per-sender basis using a simple database utility (included in the distribution). Thus, anomalies can be flagged when known senders exhibit radically different client behavior. Much of the information collected is also recorded in a new mail header, X-Avenger, which can be fed to Bayesian content filters to improve accuracy.

A partial list of features:

Mail-bomb protection - prevents any single client from overloading your server. (See MaxConPerIP, MaxMsgsPerIP, MaxErrorsPerIP in the asmtpd.conf(5) man page.)
TCP filtering - can modify kernel firewall rules to block TCP SYN packets from overly aggressive clients. (See SMTPFilter in asmtpd.conf(5).)
Network-level traffic analysis - including collection of TCP SYN fingerprint and traceroute information. (See CLIENT_SYNFP, CLIENT_NETHOPS, CLIENT_NETPATH, netpath in avenger(1) man page.)
SMTP-level traffic analysis. (See CLIENT_COLONSPACE, CLIENT_HELO, CLIENT_PIPELINING, CLIENT_POST in avenger(1).)
SMTP callbacks - checks that mail senders can actually receive bounce messages. (See SENDER_BOUNCERES, MAIL_ERROR in avenger(1) man page, ClientTimeout, VrfyDelay, MaxRevClients in asmtpd.conf(5).)
Per-user and per-user-extension mail scripts, using Bourne shell syntax familiar to many Unix users. (See avenger(1).)
Per-user mail relay checks - allows users to permit relaying of their own email address from particular sources. (See avenger(1).)
Virtual domain mapping - Maps all mail checks for a domain to a particular local user. (See DomainFile in asmtpd.conf(5).)
Alias to user mapping, allows filtering for mail aliases to be placed under the control of different users. (See AliasFile in asmtpd.conf(5).)
RBL support - query real-time black hole lists. (See RBL in asmtpd.conf(5), and rbl in avenger(1).)
SPF - sender policy framework blocks mail forgeries from domains that publish DNS SPF records. (See SPF CONFIGURATION PARAMETERS section of asmtpd.conf(5) man page.)
SPF language queries - scripts can dynamically formulate powerful queries using the SPF language. (See spf in avenger(5).)
Asynchronous DNS queries for a, mx, ptr, txt records. Scripts can easily issue muitiple concurrent DNS as well as SPF, RBL, and traceroute queries. The "setvars" command then waits for them all to complete and assigns results to the appropriate variables. (See setvars in avenger(1).)
"Bodytest" support - allows you to run filters like spamassassin on the body of a mail message before replying to the final "." of the SMTP DATA command. (See edinplace(1) man page, bodytest description in avenger(1) man page.)
SMTP STARTTLS support if OpenSSL is present when Mail Avenger is compiled. (See SSL and related directives in the asmtpd.conf(5) man page.)
Optional SASL support with the Cyrus SASL package. (Use the --enable-sasl configure option, and see SASL in the asmtpd.conf(5) man page.)

Mail avenger is MTA-independent. It simply passes messages to a configurable sendmail program, and should therefore be compatible with any MTA that has a sendmail-like mail injection program. It has been tested with both sendmail and qmail.

More information is available at the Mail Avenger web site:

http://www.mailavenger.org/