
This is Mail Avenger, the spam extermination project.  This file
describes what Mail Avenger does.  See the file INSTALL for
installation instructions.

Mail avenger is a highly-configurable, MTA-independent SMTP (simple
mail transport protocol) server.  It allows you to reject spam during
mail transactions, before spooling messages in your local mail queue.
You can specify site-wide default policies for filtering mail, but
individual users can also craft their own policies by creating avenger
scripts in their home directories.

Compared to traditional (.forward, .qmail, etc.) spam filtering,
filtering during an SMTP transaction gives you more options.  For
instance, you can reject mail with an SMTP error code, causing a
bounce only if the client is a legitimate MTA, not if it is a spambot.
You can temporarily defer mail, accepting the message later if the
sender tries again from the same IP address--a technique known as
greylisting.  You can even embed cryptographically secure expiration
times in temporary mail addresses to validate mail before receiving
the message body.

Compared to traditional spam filtering, filtering during the SMTP
transaction also gives you more information.  Mail Avenger collects a
wide array of information about SMTP connections from clients,
including TCP SYN fingerprints (which often identify the client OS)
and network route information.  Mail Avanger also flags properties of
client SMTP implementations, such as whether they use pipelining,
issue illegal SMTP commands, or deviate from the protocol in other
small ways.  Scripts can easily track this information on a per-sender
basis using a simple database utility (included in the distribution).
Thus, anomalies can be flagged when known senders exhibit radically
different client behavior.  Much of the information collected is also
recorded in a new mail header, X-Avenger, which can be fed to Bayesian
content filters to improve accuracy.

A partial list of features:

  * Mail-bomb protection - prevents any single client from overloading
    your server.  (See MaxConPerIP, MaxMsgsPerIP, MaxErrorsPerIP in
    the asmtpd.conf(5) man page.)

  * TCP filtering - can modify kernel firewall rules to block TCP SYN
    packets from overly aggressive clients.  (See SMTPFilter in
    asmtpd.conf(5).)

  * Network-level traffic analysis - including collection of TCP SYN
    fingerprint and traceroute information.  (See CLIENT_SYNFP,
    CLIENT_NETHOPS, CLIENT_NETPATH, netpath in avenger(1) man page.)

  * SMTP-level traffic analysis.  (See CLIENT_COLONSPACE, CLIENT_HELO,
    CLIENT_PIPELINING, CLIENT_POST in avenger(1).)

  * SMTP callbacks - checks that mail senders can actually receive
    bounce messages.  (See SENDER_BOUNCERES, MAIL_ERROR in avenger(1)
    man page, ClientTimeout, VrfyDelay, MaxRevClients in
    asmtpd.conf(5).)

  * Per-user and per-user-extension mail scripts, using Bourne shell
    syntax familiar to many Unix users.  (See avenger(1).)

  * Per-user mail relay checks - allows users to permit relaying of
    their own email address from particular sources.  (See
    avenger(1).)

  * Virtual domain mapping - Maps all mail checks for a domain to a
    particular local user.  (See DomainFile in asmtpd.conf(5).)

  * Alias to user mapping, allows filtering for mail aliases to be
    placed under the control of different users.  (See AliasFile in
    asmtpd.conf(5).)

  * RBL support - query real-time black hole lists.  (See RBL in
    asmtpd.conf(5), and rbl in avenger(1).)

  * SPF - sender policy framework blocks mail forgeries from domains
    that publish DNS SPF records.  (See SPF CONFIGURATION PARAMETERS
    section of asmtpd.conf(5) man page.)

  * SPF language queries - scripts can dynamically formulate powerful
    queries using the SPF language.  (See spf in avenger(5).)

  * Asynchronous DNS queries for a, mx, ptr, txt records.  Scripts can
    easily issue muitiple concurrent DNS as well as SPF, RBL, and
    traceroute queries.  The "setvars" command then waits for them all
    to complete and assigns results to the appropriate variables.
    (See setvars in avenger(1).)

  * "Bodytest" support - allows you to run filters like spamassassin
    on the body of a mail message *before* replying to the final "."
    of the SMTP DATA command.  (See edinplace(1) man page, bodytest
    description in avenger(1) man page.)

  * SMTP STARTTLS support if OpenSSL is present when Mail Avenger is
    compiled.  (See SSL and related directives in the asmtpd.conf(5)
    man page.)

  * Optional SASL support with the Cyrus SASL package.  (Use the
    --enable-sasl configure option, and see SASL in the asmtpd.conf(5)
    man page.)

Mail avenger is MTA-independent.  It simply passes messages to a
configurable sendmail program, and should therefore be compatible with
any MTA that has a sendmail-like mail injection program.  It has been
tested with both sendmail and qmail.

More information is available at the Mail Avenger web site:

	http://www.mailavenger.org/

Mail Avenger is Copyright 2004-2005 David Mazieres.  You may not copy
the software except as permitted by the file COPYING that accompanies
the distribution.
