 |
|
Scenario One: Corporate LAN
In this scenario, all of the corporate users are on an internal (firewalled)
network, with IP addresses in the 10.x.x.x block reserved for use behind firewalls.
The domains that recieve mail are "example.com", "support.example.com",
and "engineering.example.com". Due to problems with abusive mail from
a competitor's mail server at 192.168.5.11, that server's IP address is explicitly
blocked. This company relies on e-mail to conduct business, and only wants to
Tag mail that is probably spam, so that there is no possiblity of mail getting
dropped. JSpamFilter is running on the same Windows 2000 machine as the mail
server, which has been reconfigured to listen on port 26.
logDir=c:\JSpamFilter
license=Example Corp:1234567890a
defaultAction=tag
ListenPort=25
ListenIP=all
TalkPort=26
TalkIP=all
dnsbl=relays.ordb.org bl.spamcop.net
servername=example.com
LocalDomainFile=/etc/named.boot
LocalDomainFileRefresh=60
allowrelay=10.x
blockrelay=192.168.5.11
|
|
|
|
|
Scenario Two: Separate JSpamFilter machine
In this scenario, JSpamFilter is loaded on a Linux-based machine that doubles
as the DNS server, and the Firewall blocks all inbound TCP connection attempts
to the Mail Server. The DNS name "mail.example.com" points to the JSpamFilter
machine's IP address, and the DNS name for the Mail Server is "relay.example.com".
This company wants to Block connections from servers listed in the Open Relay
database "relays.ordb.org", and wants to Tag mail from servers in SpamCop's
DNSBL. Since users are not connecting to the JSpamFilter machine to send mail,
no IP address whitelist is necessary. Since they host the DNS for all of the
domains that they handle mail for, they read the Local Domain list from /etc/named.boot,
and check for updates every minute.
Sample configuration file:
logDir=/var/adm/jspamfilter/
license=Example Corp:1234567890a
defaultAction=tag
ListenPort=25
ListenIP=all
TalkPort=25
TalkIP=relay.example.com
dnsbl=relays.ordb.org! bl.spamcop.net
servername=example.com
localdomainlist=example.com mail.example.com
|
|
|
|
|
Scenario Three: Aggressive Filtering
In this scenario, JSpamFilter is loaded on the same NT machine as the mail
server. The server's admin is fed up with SPAM and has configured her server
to block any mail from servers on any of three different DNSBLs. Additionally,
several blocks of IP addresses owned by ISPs she considers to be SPAM-friendly
are explicitly blocked.
license=Example Corp:1234567890a
defaultAction=block
logDir=/var/adm/jspamfilter/
ListenPort=25
ListenIP=all
TalkPort=26
TalkIP=all
dnsbl=relays.ordb.org bl.spamcop.net sbl.spamhaus.org
servername=example.com
localdomainlist=example.com mail.example.com
blockrelay=172.16.45.x 172.29.110.x 172.29.111.x 172.29.112.x 172.29.113.x
|
|
|
|
|
Scenario Four: Refuse Connections from DNSBL-Listed Servers and Send All Other Suspicious Mail to a Dead Letter Mailbox:
In this scenario, we use a standard netowrk configuration as in the above examples. Here we create a Dead Letter mail box used to collect all mail that is not blocked outright (i.e., the connection refused). We've left out all of the parameters except the ones important for this example.
defaultAction=block
dnsbl=relays.ordb.org* bl.spamcop.net* sbl.spamhaus.org*
FilterTagThreshold=100
FilterBlockThreshold=100
deadLetterBox=example@example.com
We use "100" and "example@example.com" as examples, you would use the threshold value that works for you and the full email address of your Dead Letter mail box.
In this situation, any attempted mail connection coming from the DNSBLs listed will be refused and all mail that scores a value of 100 or higher will be routed to the Dead Letter mail box.
|
|
|
