hMailServer has a number of built-in spam protection methods. Theese work by checking the sender of email messages, the content of the message and the way the message is delivered to hMailServer. For example, if the email message contains links to spammer web pages, or is sent from an address which is known to send spam, the message may be classified as spam. A complete list of built-in spam protection methods can be found here.
Each of the tests performed by hMailServer generates a Spam score. If a specific spam test then tells hMailServer that the message is spam, a configured - or calculated - spam score is added to the message. When all the spam tests are run, hMailServer compares the total spam score of the message to two different thresholds set up in hMailServer.
The first threshold is the Mark threshold. If the total spam score for the message reaches the Mark spam threshold, the subject of the email message is modified to indicate that the message contains spam. Using marking of messages, users can easier find and delete the spam message, or you as a server administrator can set up Rules to move the spam messages to a specific IMAP folder, or forward them to a specific folder.
The second spam threshold is the Delete threshold. If the message reaches this threshold, the message is deleted.
When is spam protection run?
hMailServer tries to determine whether the message is spam as early as possible in the communication with the email sender. The earlier the detection is made, the less resources from your server will be required to handle the email message. Another benefit with early detection is that hMailServer can more easily tell the sender that the message is rejected due to spam protection and the sender can be notified.
If an email message is delivered to hMailServer using SMTP, hMailServer does spam protection in the following stages:
- After the RCPT TO command. When the recipient of the message has been specified, hMailServer runs spam protection.
- After the DATA command. When the entire message has been transmitted to hMailServer, hMailServer runs spam protection on the message content.
If hMailServer downloads messages from an external account, spam protection is run before the message is saved in the account folder.
Which messages are scanned?
hMailServer scans all messages which are delivered to use accounts, assuming the following is met:
- The message is delivered to hMailServer by SMTP, or downloaded from an external account using POP3.
- At least one spam protection method is enabled in the Anti-spam setting.
- The sender IP address or domain is not white listed using a white listing record.
- The senders IP address matches an IP range where Anti-spam is enabled.
Spam mark threshold
When hMailServer runs spam protection, each spam protection mechanism gives a score. If the total score of the message exceeds this value - but stays below Spam delete threshold, the message will be marked as spam.
- Add X-hMailServer-Spam - Adds a X-hMailServer-Spam MIME header to the email message.
- Add X-hMailServer-Reason - When enabled, hMailServer will add a message header which contains information on why hMailServer considered the email to be spam.
- Add to message subject - Using this setting, you can specify a text that hMailServer should prepend to the message subject. In combination with rules, spam messages can be moved to specific IMAP folders.
Spam delete threshold
When hMailServer runs spam protection, each spam protection mechanism gives a score. If the total score of the message exceeds this value the message will be deleted and not delivered to its recipients.
Maximum message size to scan (KB)
If the size of an email message exceeds this size, hMailServer will not scan it for spam. In most cases, spammers sends small messages to save bandwidth so scanning large messages serves no purpose in most cases. Scanning large messages for spam may require a lot of CPU processing.
Select to enable spam protection using SPF.
Check host in the HELO command
Turn on this option if you want hMailServer to check the host name that clients has specified in the HELO command. According to the SMTP specification, the host given in the HELO command should match the IP of the client. Enabling this may stop spam, but is also a violation of the SMTP RFC - if you have configured your server to delete spam messages. If you have configured your server to deliver spam messages but modifying the Subject header, it is not a violation of the SMTP RFC. Technically, hMailServer checks the A record for the given host to see if it matches the IP address of the connecting client.
Check that sender has DNS-MX records
If you enable this option, hMailServer will check that the senders domain has valid MX records in the DNS. If not, hMailServer will treat the message as spam.
Verify DKIM-Signature header
If you enable this option, hMailServer will look for a DKIM-Signature header in every incoming message. If a header is found, hMailServer will verify that the message content matches the signature. If it does not, the message is classified as spam.
Use these options if you want hMailServer to integrate with an existing SpamAssassin installation.
This is the host name of the SpamAssassin server hMailServer should connect to. If SpamAssasin is running on the same computer as hMailServer, the value should be "localhost" (without quotes).
Specify the TCP/IP port the SpamAssassin server is listening to. By default, SpamAssassin listens on port 783.
Use score from SpamAssassin
If this option is selected, hMailServer will use the spam score given by SpamAssassin and add it to the hMailServer spam score. If the option is de-selected, hMailServer will use the score specified in the Score text box.
It is possible to turn off hMailServer's spam protection functionality per IP range. For example, one normally does not have to check for spam on one's local network. Consult the IP range documentation for more information on this.
It's possible to use white listing records to disable spam protection for email messages sent from specific email or IP addresses. This is a more flexible solution than to use IP ranges.
Tarpitting is an antispam technique that works by slowing down the communication with spammers.