With no previous experience with a mail filtering system, I dug in and started my research. After reviewing open source solutions such as AmaViS and MailScanner and commercial solutions such as Postini and Mail Warden, I settled on Exim with the Exiscan-ACL plugin.
We already had Exim in place on our FreeBSD servers, so the ability to stay with the same system rather than test something new had a lot of appeal. It had been installed a while back for performance and ease-of-use reasons, but had not been upgraded since version 3.36, now long obsolete. I also wanted an open source program if possible, as the fees for a commercial solution would have forced us to increase our service fees, which in turn may have cost us customers.
Exiscan is actually a patch for the Exim MTA (version 4), with installation on most systems requiring use of the patch command, though it is available as an RPM. FreeBSD users will find the Exiscan-ACL patch is already included in the Exim port. While a number of the other open-source filtering solutions are also included in the FreeBSD ports tree, the ability to maintain mail and scanning configuration in one configure file appealed to me.
Exim uses a series of Access Control Lists in the configure file (in FreeBSD, this file is found at
/usr/local/etc/exim/configure), a well-commented text file containing all the server settings to be set by the server administrator (see the Exim manual for more information). One such ACL is the
acl_smtp_rcptoption, which examines the sending and receiving information of the email message. It is here that messages are rejected if they are included in administrator-defined blacklists, are not permitted relay hosts, and other rules. For example, the following rule rejects mail if the local part of the recipient's address contains @ or % or / or | or ! (note the use of regular expressions - the colon is a delimiter):
deny local_parts = ^.*[@%!/|] : ^\\.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.