General

Top  Previous  Next

AgGw000010

 

Deny Connections from Null and Invalid Hosts: This option specifies whether Alligate should terminate connections from remote server when the messages that they sending messages contain Null and Invalid Hosts. The host name is the host identifier transmitted with the HELO (or EHLO) command. Null hosts are defined as a missing host name. Invalid hosts are defined as a host identifier that is not a legal, fully qualified domain name.

 

Deny Connections for Null Senders: This option specifies whether Alligate should terminate connections from remote server when the messages that they sending messages contain null senders. A null sender is defined as a MAIL FROM command with no valid email address. This is not RFC compliant, and would cause most non-deliverable postmaster responses to be rejected.

 

Resolve Remote Hosts: This option specifies whether Alligate should resolve the host name of remote servers/clients. A DNS lookup is performed and the hostname is determined. This can cause a substantial performance penalty for installations  that average over 15,000 connections per day. This is because a large number of spams come from computers that have no reverse DNS (REVDNS) entries. These lookups will almost always take several seconds and this can substantially slow down the system. We will be releasing a sender verification plug-in that will address this issue by maintaining it's own local cache and doing REVDNS lookups outside of the SMTP receiving process. If you want to use a DNS server other than the system default DNS server, you may specify this.

 

Valid Mail From Address Chars: This specifies which characters are valid in the MAIL FROM: portion of an incoming message envelope. Alligate will reject the message if any character other than those allowed is used in forming the MAIL FROM address. According to RFCs virtually any character can be used with an ASCII value in the normal text range. However, in the real world, some characters are never or seldom used. The default characters are what are normally used by most Alligate users, and we have seen no problems with these. You can customize these for your own requirements.

 

Block if Recipient List Contains x or more invalid addresses: This option will cause Alligate to refuse a message if the sender attempts to RCPT TO to the specified number of invalid addresses.

 

Block if Recipient List Contains x or more valid recipients: This option will cause Alligate to block a message if the message contains "x" or more valid recipients.  This option can be useful if for example you have say 5 employees, but numerous accounts, and there are 20 recipients specified in the message which might indicate a dictionary attack was underway. This option also has a modifier where you can specify that the session must also contain "x" number of invalid recipients before refusing the message.

 

Block if Sender Has Sent x or more messages in the last x minutes: This option allows messages to be tarpitted/disconnected if the client attempts to send more than "x" email in the last "x" minutes.  A setting of "0" disables this option.  This option is extremely helpful in blocking mail bombers and DOS attacks.

 

Tarpit connections before disconnecting: This option will tarpit connections that have exceeded the rules above.  Tarpitting connections can slow down spammers to a crawl, which will prevent them from resending messages to your servers.  Tarpitting basically involves waiting a long time (60 seconds) before acknowledging the SMTP HELO or ESMTP EHLO commands. Recent tests show that approximately 60% of spammers will drop the connection somewhere between 20 and 40 seconds if a mail server does not respond.

 

Exclude Authenticated Users: This option will exclude authenticated users from being subject to the message rate restrictions listed in the two options above.

 

Block if message size is greater then xxxx bytes: This will cause the message to be refused if the message is larger than allowed.

 

Generate random bogus 550 error responses when blocking and refusing messages: Normally Alligate will return a 550 Refused error when a connection is terminated. Some users would prefer not to give spammers a clue what antispam software they're using and would rather return an error that the spammer could never figure out. If you select this option any one of several hundred bogus error responses will be sent back to the sender if they are rejected because they met the blocking criteria.

 

Return a custom 550 error description when blocking and refusing messages: You can have Alligate return a custom message if desired when a message is being refused. Unless you have selected the option to generate a "Bogus 550" response, the normal response will be "550 Refused" when refusing a message or connection. This may be useful if you want to provide senders with specific information, or provide information in a different language. The 550 portion will still be uses, however the "Refused" text will be replaced with the text of your choice. Note: If a message is refused because you have set MXRate to refuse messages over a specified score, you cannot return a custom message. Alligate generates a special response message in these cases with a link to the MXRate web site where the sender can report a false positive if necessary.

 

Sender disconnected x times in the past x minutes: Many spammers will disconnect if they are being tarpitted. Alligate keeps a record of each tarpit disconnect and allows you to immediately disconnect spammers if they disconnected on their own within the past few minutes. This cuts down on open connections and resources  wasted tarpitting spammers we know are going to be tarpitted and disconnect again.