XWall Exchange Spam
XWall uses a variety of filters
to keep spam out of your MS Exchange server and we "mean
out of exchange." While others may mark spam and
then dump it right into your mail system we keep your
system clean and use a unique system to prevent any
SLS (Spam Listing Service) RBL
XWall supports several Relay
Black Lists (RBL) services right out of the box ( Spamcop,
Spamhaus). To insure minimal false positives, you may
enable group testing. A group contains 2 or more spam
services. The e-mail is only considered spam if it fails
all members of the group. If a message is considered
spam, XWall lets you choose several different actions.
These actions are independent of other filters.
SURBL Hurts the Spammers Pocketbook
The SURBL has evolved from the SLS services.
Unlike testing the SMTP ports for open relays, the SURBL
service lists the spam supported web sites. XWall
searches the e-mail for links to web sites. When it
finds a link, it checks with SURBL if that site is listed.
This filter is very effective stopping pharmacy spam.
Greylisting Stops Millions...
The Greylisting Filter is simple and effective
by nature. The filter stops any message from an unknown
source and issues a "temporary mail handling problem".
The typical RFC compatible SMTP server will retry delivery
and XWall will let the message pass.
Most spammers, however, will or cannot re-send the message.
For more information check this link.
Xwall successfully blocks fake none delivery receipts
and system messages. The Xwall spam filter
analyses header information and other vital data to
determine if it's a true or fake system message.
Heuristic Filter: a.k.a. "Spamassassin
The Heuristic filter is calculating the possibility
of the message being spam by considering a number of
factors like words, subject, headers and more. Unlike
the Bayes filter, it does not need to learn and can
be implemented right out of the box. For best protection,
we recommend to use both the Heuristic and the Bayes
The Bayesian Filter (Bayes)
This filter is a major step forward. To fully
understand this filter, we recommend reading Paul Graham's
White Paper. In addition, XWall also
contains an exclude table. It allows you to let a user
or a domain send mail through the filter even if they
are on a black list or have criteria which filters would
catch. As with the other two filters, the Bayesian filter
offers an exclude table as well as an independent action
The XWall Central Checksum Service
Now there is a new way of handling unknown virus
treads and the pesky stock quote spam attacks. The new
CENTRAL CHECKSUM SERVICE filter in XWall
is just the tool you have been waiting for. We've seen
many viruses literally outrun the virus scanner. At
best, one of the Norton's & Co. would claim to be
the fastest to stop the virus, but that was after the
virus did billions in damage. The XWall
Central Checksum Service is very different and much
The Sender Permitted Filtering
Once Microsoft endorsed SPF (Sender Permitted
Filtering) it has rapidly gained acceptance. The filter
checks a text record in the DNS record. This text record
tells the filters which domains are permitted to send
email from that server. The more admins add the record
to their own domains the better the filter will work.
For more information check http://www.openspf.org
The Phishing Filter
Phishing is the new buzzword. You did hear about
it in the news. Basically, it's Spam with a criminal
element added. These email seem to come from your bank,
Ebay and so on. XWall examines each
email for signs of Phishing. lt detects false links
where the displayed link is different from the real
one. It also detects senders that do not send from the
The Virus Scanner in XWall
Virus scans for Exchange are expensive. A standard
scanner typically will not work to scan email at the
server. The problem is the mime encoded message hides
the virus from the scanner. XWall assembles
the message and an inexpensive on-access scanner like
F-prot, E-Trust, Norton, McAfee, Panda and many others
cannow find the virus. Not only do you save money, but
if you don't like one scanner simply use another one.
Or look at the scanner scripts you can use with
Xwall and take email virus scannng to the next
level. Read more...
The Tar Pitting Filter
Tar pitting is used to prevent address harvesting
attacks. It's done by adding delays in certain SMTP
functions making it too time consuming for the attacker
to find valid addresses.
The Blocking Filters
The Blocking filters are the manual filter components
in XWall. These filters include blocks
- Mail from specific e-mail addresses
- Domain blocks
- Host blocks
- IP blocks
- Text or subject strings and words
- Dangerous attachment blocks (your list)
- Exploits - double ext., CLSID ext., Password protected
- Character sets (Common Russia, China, Korea, etc.)
- IP addresses by Country
- Unknown user.
Each of the blocks has its own action
filter and exclude table. It allows you to customize
XWall to your needs.
What if XWall Finds Spam?
SPAM ROUTING: If XWall finds
spam or junk mail content XWall offers
a variety of options to handle the undesirable mail:
- Discard Message
- Stop message and keep a copy for xx days for retrieval
- Send a non-delivery report to the sender
- Mark subject
- Mark subject and move to junk mail folder
- Forward to the Postmaster
- Encapsulate and forward to the Postmaster
- Encapsulate and send the the recipient
- Encapsulate and send the the recipient without attachment
- Forward to recipient.
These options are individually selectable for each
Complete SMTP Relay Control
Worried about ending up on a open relay list
yourself? XWall does offer SMTP relay
to your in-house and external users. The SMTP relay
in XWall can be protected in many ways.
It will start by disabling the relay all together if
you don't need to relay, or you can authenticate all
users through NTML (NT/ Win2000 domain users). Also,
you may set a general user name and password, and you
can restrict access to certain IP address ranges.
Automatic Sender Permission
Automatic whitelisting is a great feature available
in XWall. It automatically adds the
e-mail address of every outgoing message to the exclude
list. The reasoning behind this idea is that if you
send e-mail to someone, it's likely that you want that
person to be able to reply. It's a very welcome feature
if you implement more aggressive RBLs. The Auto
white list can be kept company-wide or for individual
DNS Whitelist & Bonded Sender
Bonded Sender works like a SLS/RBL blacklist,
except in reverse. XWall supports Bonded
Sender and many other DNS and Domain-based whitelist
E-Mail Disclaimer Notice
Do you need to make sure all outgoing email
has your legal disclaimer? XWall will
attach such a disclaimer to all outbound mail. You can
have different email disclaimers for different users.
It can be plain text or HTML.
E-mail Encryption & Signing
Want to S/MIME sign outgoing mail? XWall
can do it for you. But instead of tracking down every
Outlook you only need to install the certificate in
XWall. How about encrypted email? Is
this true for encrypted email? Yes - XWall
is able to encrypt your email at the server level.
Daily Performace Reports
Using the ESATInformer optional add-on gives
you an inside look at your spam situation. You see where
spam comes from and where is goes. You see how effective
your filter settings are and you see what messages your
User Spam Reports
ESATInformer prevents false positives in a dramatic
way. All or selected users receive a spam report every
day. The report is clearly formatted and shows all the
message senders and subjects. The user then can retrieve
any message he needs.
Automatic Blocked Message Retrieval
ESATInformer allows the user to automatically
retrieve messages blocked by XWall
unless the message contained a virus or dangerous attachment.
The process utilizes ESAT's web interface or Pop3 mail
Increase Mail Server Efficiency
Spam free server is not a buzzword. Unlike many
other spam solutions the XWall / ESAT
combination keeps the detected spam out of your Exchange
or mail server and automatically deletes it after a
set number of days. Just imagine how your Exchange performs
with 80% less mail load. ... and how about the backup?
It will take a fraction of the current time and tape.
Contact us for