Speaking at the Digital Pest Symposium in Melbourne this week, Sing outlined the array of Open Source tools used by Ionix to clean incoming mail for itself and its clients.
No message should simply disappear, he said. It should be rejected at the SMTP level (eg because it does not appear to be coming from a bona fide mail server), bounced, quarantined, or delivered.
The first category is handled by rblsmtpd, which uses a realtime blackhole list (or RBL, hence the name) to ignore spammy mail servers. Several lists are available, but according to Sing the Spamhaus list seems fair, embodies lots of research, and automatically expires entries if no further complaints are received. Blacklists have a "huge potential to wreak havoc on e-mail delivery," he said, so it is important to choose carefully.
Accepted e-mails are handled by qmail and examined by qmail-scanner. In Ionix' installation, this performs virus and spam detection using ClamAV and SpamAssassin, and also blocks certain attachments according to their file extension or if the extension is not consistent with the MIME type. Viruses are automatically quarantined, and other messages are marked with appropriate headers to indicate spamminess and queued for delivery.
This layered approach is reinforced by a greylist: connection attempts from previously unknown mail servers are blocked with a soft error. If the server retries correctly, it will be added to a whitelist after 30 minutes. Sing explained that this approach checks that the server concerned is reasonably compliant with RFC2821, and recognises that spammers typically give up immediately or retry for a short period. The greylist also acts as a 'tarpit' -- connections are throttled to one byte per second, which won't bother a server that backs off correctly after a soft error, but does inconvenience spammers who retry repeatedly for a short period.
Anecdotal evidence from users suggests this approach has reduced spam by a factor of 100. -Net result: a lot of happy customers," said Sing.