Page 73 - Mercury Manual.book
P. 73
The MercuryS SMTP Server Module 68
Compliance options
note that the address appears to be good, and add it to a spam list. To help minimize the im-
pact of this kind of attack, Mercury allows you to limit the number of failed RCPT TO: com-
mands it will accept in a single session. This is almost always safe, since in the vast majority
of legitimate mail scenarios, there should be no failed RCPT TO: commands anyway. We rec-
ommend setting this to a value no lower than 2.
Limit maximum number of relay attempts to... Relaying occurs when someone asks your copy
of Mercury to accept a message addressed to a non-local user and forward it on to that person.
Originally, relaying was benign and useful, a good example of the co-operative spirit of the
Internet. Unfortunately, just as they have polluted everything else they have touched, spam-
mers have abused relaying to the point where it now has to be massively controlled. Mercury
incorporates a wide range of relaying controls that allow you to manage people with legiti-
mate reasons for relaying on your system, and if you use those controls, then this setting al-
lows you to cut off people who attempt unauthorized relaying before they waste too much of
your bandwidth or processing power. Because a legitimate message may appear to be a relay
attempt (the address may have been mis-typed, for instance) we recommend that you set this
value at a level that allows honest mistakes but still penalizes attempts at cynical abuse - 3 is
usually a good number, and we counsel caution if you plan on setting a lower value.
Enable short-term blacklisting for compliance failures If you check this control, MercuryS
will note the IP addresses of systems that exceed the limits you set for relaying and RCPT
command failures (see above) and will prevent them from connecting for a period of 30 min-
utes. This is intended to make life difficult for spammers and other undesirable elements who
may attempt to "harvest" addresses from your system by dictionary attacks. The short-term
blacklist is automatically cleared if you restart Mercury. Transaction-level filtering expres-
sions (see below) can also result in a system being blacklisted on a short-term basis, but only
if this control is checked.
Transaction-level filtering
Enable transaction-level expression filtering When this control is checked, MercuryS will
apply a set of regular expression-based rules you provide to each message as it processes it.
These expressions can be used to test the HELO/EHLO, MAIL FROM: and RCPT TO: phases
of the SMTP transaction, and can also test the subject line of messages as they are received.
They differ from other types of filtering in Mercury in that they can prevent a message you
know you don't want from being received at all - Mercury can either drop the connection, or
can simply discard the data without even placing it in the queue, thus reducing bandwidth
Transaction filters are es- waste and processing overhead on your system. Transaction filters are especially useful for
pecially effective when
combined with the use of detecting and suppressing specific types of messages that have readily identifiable features,
“honeypot” addresses on such as connections from address harvesters, or attempted deliveries from systems infected
a publicly-accessible web
page. by Outlook viruses or trojans.
Format of a transaction-level filtering rule file
Each line in a transaction-level expression filtering file defines a test that MercuryS should
apply at various stages of the SMTP transaction processing phase of mail delivery. A line de-
scribing an expression has the following general format:
<Operation>, <"Expression">, <Action>[Action]> ["Response"]
Operation can be one of the following characters:
The ‘M’ operation is only
available in Mercury/32
v4.01b and later. • ‘H’ for an expression applied to the client's SMTP HELO or EHLO greeting
• ‘D’ for an expression applied to the HELO greeting, but with a deferred action
• ‘S’ for an expression applied to the subject line of the message
• ‘M’ for an expression applied to the SMTP MAIL FROM command
