Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it (RBL check, regexp on the reverse name, etc.) before forwarding the connection to the MTA. In order to have as few false positives as possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
|Tags||antispam netfilter_queues Email Filter|
Hello subscribers ! I've created 2 mailing lists for the synspam project : users and dev ML. Feel free to subscribe : http://www.synspam.org/docs.html
Release Notes: A new configuration parser. A new format: you can use XML-like configuration and attribute negative scores when a DNSBL doesn't match a source IP address. The old configuration style is still supported.
Release Notes: Synspam now uses the Netfilter xt_osf module. If your kernel is Linux 2.6.31 or later, this module can probably be loaded and used. A score is attributed to Windows boxes, and it should not be changed, otherwise you might get false positives with some Exchange servers. The synspam_fw.sh script has been added, which is in charge of loading and unloading iptables rules. Arguments can be passed through the command line. A EUID check was added.
Release Notes: Synspam now checks both A and PTR records to be sure that the source IP address doesn't have a reverse which belongs to another network. This is a technique used by spammers to bypass some spam filters. The INSTALL file was updated with information about the kernel support needed for synspam.
Release Notes: The connections filtering code was refactored; further targets may be added in the future. New functions were added to the synspam-report script for average reject score and average accept score, and it no longer makes correlation between spamassassin and synspam. An extra check was added at startup to prevent success messages from being printed when synspam segfaults.
Release Notes: The user can choose between dropping packets or rejecting them. That means that instead of simply discarding packets, synspam can send a TCP RST to the source IP so that port 25 won't appear filtered, but closed. Be aware that iptables rules have changed. It's possible to start synspam in foreground or daemon mode. The default is daemon mode.