Mail server destination filtering

Recipient filtering is a technique whereby a mail server announces whether or not it manages an e-mail address. It is particularly useful in the fight against spam. Since spammers don’t necessarily have a precise address list, they target a domain and send messages to a large number of mailboxes at random. Particularly relevant is the fact that the server does not have to process these messages, which are not intended for any known user.

With Altospam, the benefits of the technique are multiplied. When one of our customers’ servers is correctly configured and takes into account recipient filtering, we store in cache files the information that an address exists and is valid, or vice versa. To create and maintain this cache, we use SMTP Callout. This very fast communication allows two mail servers to exchange only the headers of the message envelope, before actually sending the message (data transfer). In particular, the recipient address is identified. Cache management means that we don’t have to renew this callout systematically, and thus gain in responsiveness. However, the principle is regularly restarted to keep the cache up to date in the event of address creation or deletion.

So, when a message arrives, our systems consult the cache to determine whether the address actually exists. If the address doesn’t exist, we don’t go any further in checking the message: it is directly deleted and an error message is sent to the sender. No communication is sent to the customer’s server. This saves an enormous amount of bandwidth and processing time, on the Altospam side of course, but especially on the client server side, which is then totally spared these unwanted messages. What’s more, this technology enables us to qualify spam servers and addresses more quickly and efficiently, as non-delivery information is stored and integrated into our filters, and will be taken into account when evaluating future messages.

How do you set it up?

Destination filtering is set up on the client server side. For some mail servers, such as Postfix or Exim, recipient filtering is the default setting. Others, such as Lotus or Exchange, require manual configuration.

For Microsoft Exchange, the settings to be made depend on the version and the presence or absence of an Edge server. Our team has created guides to help you set up recipient filtering for the following versions :

– Exchange 2003
– Exchange 2007 and 2010
– Exchange 2013 and 2016 without Edge server
– Exchange 2013 and 2016 with Edge server
– Office 365 Exchange Online

For Lotus Domino 6 and above, this option exists but is disabled by default. It can be found in the Router/SMTP / Restrictions and controls / SMTP Inbound Controls tabs. You then need to enable the “Verify that local domain recipients exist in the Domino Directory” parameter. The detailed procedure is available below:

– IBM Lotus Domino 6 to 8 and IBM Domino 9

The case of Qmail is the most complex. A patch is required to modify the server itself. Several solutions exist, including RCPTCHECK. If you’re using a server not listed here, don’t hesitate to write to us – we’re sure to have specific documentation, or at least advice, relating to it.

Once this configuration is complete, you can confirm that Altospam has taken it into account. In the administration interface, select “Technical information” (key icon). In the “Mail server(s)” section of the domain list, you’ll see the dedicated button (funnel-shaped icon). The color of the button indicates its status:

– If it’s red, destination filtering is not enabled on the client server.

– If it’s green, filtering is activated and taken into account.

– If it’s orange, the status is unknown.

In the latter case, simply click on the adjacent button (double-arrow icon): “Test mail server”. By launching the check, the presence of filtering will be validated or invalidated and its status updated in the interface.

We can confirm that recipient filtering is a crucial parameter, as it restricts the attack surface of spammers. As the system is automated, it does not generate any additional work or configuration after installation, thus ensuring a general improvement in the filtering and security of protected domains.