Mail reception without a spam filter and without malware protection is no longer possible today. Normally 9 out of 10 mails are spam and malware. Therefore, we have developed a filter for our customers that has been continuously adapted to the current needs. Our filter does not quarantine the spam mails, it directly blocks them.
If you reject any spam mail, you will notice a decrease in spam over time at the gateway.
Another point is the legal side. In most European countries, any accepted mail must be forwarded to the recipient as it is. If the anti-spam gateway rejects the acceptance, you are legally on the safe side. In this way, the sending mail server sends the author of the mail a Non Deliviery Report. So, the sender immediately knows that his mail has been rejected, whether it’s spam, contains a virus, the recipient does not exist, or in the rare case of false positives.
Our bigger customers send and receive e-mails from central gateways worldwide. This means that local conditions must be taken into account. Chinese mail servers are without exception on several blacklists. It is therefore unacceptable to reject an email just because the server is listed on a blacklist.
For this reason, each mail undergoes various tests, which are becoming increasingly stringent depending on the result. If a sending mail server is listed on a blacklist, stricter tests are performed. Uncomplicated mails come through anyway. Once all spam checks have been completed, the mail is scanned for viruses.
This spam filter allows all kinds of whitelists and blacklists. It can be allowed or filtered based on sender and receiver. An automatic “sender based whitelist” can be switched on. If an internal user sends an e-mail to an external user, the relation “internal user – external user” is entered into a whitelist. If the external user sends an e-mail to the internal user, it will only be scanned for viruses.
The Mail Gateway supports Gateway to Gateway Encryption. If a connection is established to another gateway that also supports TLS (Transport Layer Security), this connection is automatically encrypted.
This spam filter can be used on Linux, AIX or Solaris. For small and medium-sized companies we offer remote filtering. Instead of receiving the mails directly, they are routed through our gateway. Only the filtered mails will then be forwarded to your mail server.
Packages used
This mail gateway is based on Ubuntu 18.04 or Debian 9.
Core is ⇒exim4. Exim4 allows extremely flexible filter configurations and simple integration of other products.
Spam Filtering is done by ⇒rspamd and ⇒spamassassin. Regular whitelists can be used, but it is possible to configure user-based auto whitelisting. If an internal users sends a mail to somebody, this mail relation is stored and the reply of that recipient is automatically whitelisted.
By default we integrate ⇒clamav as antivirus scanner. Other scanners can be integrated. User Whitelisting does not apply to security related checks.
Finally we use a content filter developed by us, which blocks all executables, even if they are found in an zip-like archive. In todays world it is too dangerous to accept any executable code in a mail.
Based on the auto user whitelist, it is possible to limit the reception of attachments for unknown senders and allow more attachment types for known senders.
This content filter can interact with the FortiSandbox. It is possible to send attachments to the Sandbox, wait for the verdict and either pass or block the mail.