hMail: Anti-Spam/Anti-Virus Techniques

Switching to hMail
When I switched to hMail I had to make some changes to the way I check for bad mail on the server (right now sender sender address validity and viruses). One of the biggest problems with the built-in functionality of hMail, I find, is that the only option it uses when a positive result it returned (e.g. bad e-mail address or virus found) is that the message is dropped. There is no option using the built-in functionality to add a header or redirect to a new mailbox. This is not acceptable to me as I like to be able to confirm how well my bad-mail filteres are working.

The other problem is that hMail doesn't have built-in support for running external programs (beyond an external virus scanner; see above for why I don't use this). It does, however, include an event script that uses Microsoft scripting (VBScript, JScript, and maybe other WSH processors though I haven't confirmed that) to allow for flexibility in mail handling. The script can be used to run external programs (via the WScript object) and perform general message-handling (using the built-in hMail object model). With this interface I can use custom scripts to run additional processing tasks on any message that arrives at my server.

Modifications to my scripts
Using the event script I am able to call external scripts by creating an instance of the WScript object and using the Run() method to execute a command. I only had to make minimal changes to my scripts to enable them to be run in this way.

CheckAddr.pl was modified to add a new argument option of "hMail" which is pretty much the same as the Mercury argument except that instead of two additional arguments (the mail file and the result file) only one additional argument is needed (the mail file). Once the script is done running I use the return code to determine the value of a the X-Eclectic-AddrCheck header. This header is added to the message using the HeaderValue() method of the hMail message object.

Virus checking by F-Prot is still accomplished in the same way as before, calling a batch file that executes F-Prot. Once the batch file has exited the program then checks for a log file based on the name of the message file. The presence or absence of this log file indicates whether or not a virus was found and determines the value of the X-Eclectic-VirScan message header. If the log file does exist it indicates a virus was found and the file is parsed for the line indicating what virus was detected, which is then prepended to the subject of the message. The log file is then deleted.

I use the server rules to redirect any message marked as bad to the spam dump account.

Problem with the event model
I have one issue with the event model used in the event script ... the only viable event on which to process messages is OnAcceptMessage, which is run after the message is delivered but before the SMTP server disconnects. Any significant delay in processing the message (especially with my custom scripts called from the event script) could cause the SMTP session to time out.

I have to use this particular event handler because the server rules are run after a message is accepted (OnAcceptMessage) but before message delivery (OnDeliverMessage). Since I'm adding a header to the message based on the results of my custom scripts and then using server rules to determine whether or not to redirect those message to my spam dump I don't have any other choice at the moment. I'd much rather be able to run my custom scripts after the SMTP session has completely ended.

I'd like to see a new event added to future version of the server that occurs after the SMTP session but before any further processing by the server.

Mail Server Setup

For a while I was using Mercury/32 as my mail server. It's a great little program and very robust. But (based on what I've read on the support list) depending on the specific setup it seems it can be a little flaky with regard to stability. I've started to run into problems my self. But beyond that fact there are a few things about the program that I'm not too happy with. The biggest of those is the fact that M32 doesn't have an option to run as a service. Sure it can be addressed via various run-as-a-service programs ... but it's not quite the same and generally makes management a little more difficult.

So I recently switched to a new mail server, hMail Server. What brought it to my attention was it's database capabilities. I was actually looking for a program that stored the actual messages in a database. Sure it would be a lot of overhead, but there would be so much more flexibility for access and archiving ... depending on how the database was set up. hMail isn't quite what I was looking for, but it's integration with Windows made it pretty good. No need to get into the details, you can get that from the site. So I'll just leave it at the fact that I've been very happy so far. Plus, I've been able to implement just about all the functionality I was using in M32 ... making it a good drop-in replacement (well ... almost since I'm using IMAP).

M32 is supposed to be undergoing an overhaul right now. It'll be interesting to see how it progresses. I'll have to give it another look once the next major revision is released. If nothing else the native support for running as a service will be a most welcome change.

Argh! MTU strikes again!

Every time I set up a PC I run into networking problems. Invariably they're related to default MTU in Windows. Usually I never notice, until I need to access Microsoft.com whose site uses a lower packet size than the Windows default (thanks MS!) .

The whole thing is just very annoying and should'nt be such a pain. For some reason my laptop has no problems, but every desktop I've set up at home does.

My setup is a Windows 2000/XP multi-pc network on a linksys DSL/switch. I've gone with an MTU of 1454 to maximize compatibility. But it sure does suck that I'm not getting the most efficient throughput. Does anyone know how to deal with this without having to modify the registry of each PC set up?

What's it about?

I've been doing a lot of nothing in this blog. Partly because I haven't really spent much time thinking about what I want to do with it. Partly because I've significantly pared down the work I do at home.

I've been trying to ramp up my productivity at home, though, and I think this blog can help. I've been using my other blog to document what I've been doing at work. Specifically any problems I've encountered and solutions I've found. I think doing the same for this blog will be a good start.

So starting today I hope to start spending more time filling out the content here. Wish me luck.