David, Not 100% sure about that. I'm pretty sure step 10 (alias checking) is the first part of our default delivery process, so somewhere after step 6 and before step 10, would be my best 'guess'. That these are 'optional' steps and dependant on system settings and what is actually installed, may determine the exact point in the process. Steps 6-9 are what are consider part of the "content checking", after the DATA has been sent, and AFAIK, all take place before delivery (if installed/enabled).
>From one view, you can say "after step 6" and from another one might say "before step 10" (my preference). Dan Donnelly -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Gregg Sent: Monday, September 25, 2006 5:14 PM To: [email protected] Subject: Re: [IMail Forum] Order of AV and Spam tests Thanks Daniel... One question: At what step does Imail call the 'delivery application' (i.e. smtp32.exe, mxguard.exe, declude.exe, etc...)? I believe it would be after step 6. Please advise. David Gregg -- mxGuard for IMail The no-nonsense antispam and antivirus solution. Download a free 30-day trial at http://www.mxguard.com/postmaster/freetrial.asp -- ----- Original Message ----- From: "Daniel Donnelly" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, September 25, 2006 12:51 PM Subject: RE: [IMail Forum] Order of AV and Spam tests > >From the IMail 8.2x Getting Started Guide (I don't think there are any > >major > changes for 2006): > > Processing Order > Incoming mail addressed to a valid local address is processed in > the following order. > 1 SMTP Access Control. The SMTPD service checks if the > connecting IP is listed in the Access Control dialog box. If it is > listed in deny access list, the connection is denied. If it is > listed in the grant access list, the connection is allowed and > processing continues. > 2 SMTP Kill File. The SMTP service checks if the email > address listed in the "Mail FROM" address command to see if > it is listed in the Kill List. If the address or domain is present, > the SMTP service returns an error to the connecting client and > does not accept the message. If no match is found, the SMTP > service accepts the message. > 3 Connection Filtering (DNS Black Lists). If you have DNS Black Lists > enabled, IMail > compares the connecting IP address to the black lists to determine if a > match occurs. If a > match occurs, the email may be deleted (depending on the DNS Black Lists > configuration) > or an X-Header may be added and processing continues. > 4 Verification Tests. If you have the verification tests enabled, they > verify the "Mail > FROM" address, the HELO/EHLO domain, and perform a reverse DNS lookup. If > any > of these checks fail, the email may be deleted (depending on the > configuration) or an XHeader > may be added and processing continues. > 5 Sender Policy Framework (SPF). If you have the SPF feature enabled, it > provides > increased capability to stop incoming email from forged email addresses. > Using a > sender authentication scheme, a domain owner requires that legitimate > messages from a > domain must meet certain SPF criteria. Messages that do not meet the > criteria are not > accepted as a legitimate email message and are processed according to the > SPF options > selected on the SPF tab. > 6 IMail Anti Virus. If you have IMail AntiVirus installed, it checks the > message for > infected files or code. If infected, the mail is repaired, bounced, > redirected, or deleted, > according to the settings on the Anti Virus tab. If the file is not > infected, content filtering > attempts to identify whether the message is spam. > 7 Premium AntiSpam. If you have the optional Premium Antispam filter > installed, it > provides automated spam protection in addition to the Standard Antispam > filter > included in IMail. Premium Antispam filter settings are applied before > Standard Antispam > filter settings. > 8 Content Filtering. If you have content filtering enabled, it determines > if > the message is > likely to be spam. If the message is determined to be spam, it is either > deleted, sent to > the specified address, or an X-Header is inserted. If the message is not > spam, aliases are > checked. > 9 Attachment Blocking. An attachment blocking folder exists for each IP > host > and the > attachment blocking options can be based on the current host or the > primary > host settings. > If you have created and enabled attachment blocking rules, messages that > include > attachment file types that you have identified as file types to block are > blocked from the > message. Attachments are blocked based on message MIME types and filename > types. > You can also define actions to take on blocked messages and a notification > message to > send the message recipient in place of the original file attachment. > 10 Alias. IMail Server checks to see if the addressee matches an alias in > the destination > domain. An alias is considered to be one of the following: standard alias, > group alias, > program alias, pager alias, beeper alias, fax alias, or a list-server > mailing list name. > . If there is a match to a program, beeper, pager, or fax alias, IMail > Server executes > the program or activates the beeper, pager, or fax. > . If there is a match to a standard or group alias, IMail Server resolves > the alias to the > appropriate user ID(s), and checks the user ID. > . If there is a match to a list-server mailing list, IMail Server > processes > the mail > according to the settings for that list. > . If there is no match to any alias, IMail Server checks the user ID. > 11 User ID. IMail Server determines if the user ID is valid for the > destination domain. If > invalid, the mail is returned to the sender. If valid, delivery rules are > checked. > 12 Delivery rules for a list-server mailing list. If the message matches > the > rule criteria for > the list, delivery follows according to that rule. If not, then the > message > is sent to the list > server. If the message is not addressed to a list, Forwarding is checked. > 13 Forwarding. IMail Server determines whether an address is present in > the > Forward > box on the General tab for the account. If so, IMail Server forwards the > mail. If not, the > mail is delivered to the user ID according to the established delivery > rules. > 14 Delivery rules for the mail host. IMail Server determines if the > message > matches a > rule for the mail host. If so, delivery follows according to that rule. If > not, then rules for > the user ID are checked. > 15 Delivery rules for the user ID. IMail Server determines if the message > matches rule > criteria for the user ID. If the message matches rule criteria for a user > ID, then delivery > follows according to that rule. If not, then the Info Manager is checked. > 16 Info Manager. IMail Server determines whether the user ID has the Info > Manager > enabled. If so, the automatic response is sent and the message is > delivered > to either the > forwarding address or (if no forwarding address) to the sub-area or > mailbox > specified. If > the Info Manager is not enabled for this user ID, the vacation setting is > checked as > described in the next step. > 17 Vacation. IMail Server determines whether the user ID has a vacation > message enabled. > If so, the vacation message is sent. If not, the message is delivered to > the > User ID. > > Daniel Donnelly > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Matrosity Hosting > Sent: Monday, September 25, 2006 2:26 PM > To: [email protected] > Subject: Re: [IMail Forum] Order of AV and Spam tests > > > my understanding from suggesting a different order to ipswitch ts was it > would be a major overhaul to change the order. I wouldn't wait on them > doing > this. > > Rod Dorman wrote: > On Monday, September 25, 2006, 12:14:43, David Gregg wrote: > 1) IMail anti-virus scanning > 2) IMail connection/DNS based anti-spam tests. > Is this really the order it does it in? > > What's the point of accepting the entire message if you're gonna reject > based on IP address? > Good point... That's my understanding of the order. Though it would > make > more sense to do the following: > 1) IMail connection based anti-spam tests. > 2) IMail anti-virus scanning > 3) IMail DNS based anti-spam tests. > Then the rest as detailed before. > > IMHO getting to the DATA phase and doing CPU intensive tests (like > anti-spam scanning) should be after any DNS tests. > > Perhaps the Ipswitch guys can chime in on this one > > Indeed, an authoritative answer would be nice. > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
