SMTP Preprocessor

Version 1.11

Documentation

Table of contents

Introduction

Features

Versions history

Distributive package

How to put into operation

Command line syntax

How to start SMTP Preprocessor in background

Initialization file syntax

Initialization file sample and explanation

[Common] section

[GreyListing] section

[ResponseChanges] section

[XXXReplacements.XXX] sections

Notes

White, Allow and Black lists

SMTP extensions compatibility

Regular Expressions

IP Ranges

Recommended settings and examples

Greylisting Database Viewer

SMTP Preprocessor is a tool, which enhances functionality of corporate mail server. It receives SMTP messages before the server, changes or rejects them, and retransmits result to the corporate SMTP server. SMTP Preprocessor doesn't buffer messages, it works with messages on-the-fly.

Note SMTP Preprocessor is advanced tool for mail server administrators. Never use it without good knowledge of SMTP protocol defined in RFC 2821 (http://www.ietf.org/rfc/rfc2821.txt).

SMTP Preprocessor can:

- reject connection based on remote host IP address or DNS name (Black Lists), presence of reverse DNS PTR record, validity of HELO or EHLO command and connections limit;

- delay initial greeting and reject responses (so-called Tarpitting);

- reject MAIL command based on sender address (Black List), message size and transactions limit;

- reject RCPT command based on recipient address (Private Recipients List), recipient domain name (Anti-Relaying), sender address (Restricted Senders List) and recipients limit;

- reject RCPT or DATA command, or break connection based on Greylisting settings;

- reject out-of-order SMTP command;

- flexibly replace corporate SMTP server response or any SMTP Preprocessor generated response;

- replace sender in SMTP envelope (MAIL command);

- replace recipient in SMTP envelope (RCPT command).

The program keeps detailed and adjustable log of all SMTP events.

System requirements: Windows 95, 98, Me, NT 4.0, 2000, XP, 2003, Vista, 2008, 7, 2008R2, 8, 2012, 8.1, 2012R2.

For Windows NT 4.0 Service Pack 3 or later required.

For Windows 95 Windows Socket 2 update required.

For Windows 95, 98, Me, NT 4.0, 2000 updating of VB6 Runtime library (http://support.microsoft.com/kb/290887) required.

Greylisting Database Viewer (GLDBView.exe) additionally requires for Windows 95 and NT 4.0 installation of Internet Explorer 3.0 or later.

Versions history:

1.11 (10-November-13):

- fixed ability to use DNS name in ServerIP setting;

- fixed command line parsing: trailing space was interpreted as wrong parameter;

- fixed grid header display in Greylisting Database Viewer, Greylisting Database Viewer version changed to 1.01;

- improved syntax checking of IP addresses in initialization file and command line;

- added ability to start several instances of the program listening different IP addresses but the same port;

- added new command line switch /ADDRESS (/A);

- changed filename template for log files, now it includes listening IP address;

1.10 (24-August-09):

- fixed random crashes occurred on computers with some modern processors;

- fixed crashes when many connections were simultaneously rejected;

- fixed no response on first QUIT command after rejecting connection;

- improved syntax checking of MAIL, SEND, SOML, SAML and RCPT commands;

- added logging of domain name of connecting host and duration of the connection;

- added checking for commands received before initial greeting: now SMTP Preprocessor breaks connection after receiving such command;

- added configurable delay for appearance of initial greeting (new settings in [Common] section: GreetingDelay, DisableGreetingDelayForWhitelisted);

- added configurable delay for reject response (new settings in [Common] section: TarpittingDelay, DisableTarpittingForWhitelisted);

- added Recommended settings and examples section and Table of contents to documentation.

1.09 (26-August-07):

- added possibility to skip some checks for authorized sessions, added WhitelistAuthorized setting to [Common] and [Greylisting] sections of initialization file;

- minor changes in default responses;

- to improve compatibility with some SMTP servers, if MaxSize setting is set and corporate SMTP server doesn't declare SIZE SMTP extension, now SMTP Preprocessor removes SIZE parameter from MAIL command;

- fixed compatibility with Data Execution Prevention feature in Windows XP SP2, Windows 2003 Server SP1 and later supported operating systems;

- fixed processing of expired records in Greylisting database.

1.08 (29-July-07):

- added support for XEXCH50 SMTP extension

- added new settings: RemoveSMTPExtensionsLocal, RemoveSMTPExtensionsRemote, AddSMTPExtensionsLocal, AddSMTPExtensionsRemote;

- added ability to replace CRLF sequence in multiline response;

- added Greylisting feature, corresponding section in initialization file and corresponding keys in [ResponseChanges] section;

- added separate executable file - Greylisting Database Viewer 1.00 (GLDBView.exe).

1.07 (01-March-07):

- fixed bug in parsing of multiline response on EHLO command;

- fixed handling of errors in [ResponseChanges] section of initialization file;

- minor changes in formatting of log file.

1.06 (31-December-06):

- fixed repeated response on EHLO command, which appeared sometimes on slow channel between SMTP Preprocessor and corporate server;

- fixed updating of Server address and port on UI window after automatic settings reloading;

- fixed DNS resolution for ServerIP;

- added new setting: ProcessAddressesWithoutBrackets, added MAIL.AddressSyntax and RCPT.AddressSyntax response change keys;

- extended syntax of MaxSize setting: now it may be specified also in kilobytes, megabytes and gigabytes.

1.05 (26-November-06):

- added new settings: RecipientsWhiteListRemote, RecipientsAllowListRemote, RecipientsBlackListRemote, RecipientsWhiteListLocal, RecipientsAllowListLocal, RecipientsBlackListLocal; added RCPT.BlackList.Remote and RCPT.BlackList.Local response change keys;

- extended syntax of Regular Expressions: now it is possible to combine several regular expressions with logic "AND" operation;

- added syntax checking of Regular Expressions;

- extended syntax of [SenderReplacements.Remote], [SenderReplacements.Local], [RecipientReplacements.Remote] and [RecipientReplacements.Local] sections: now key name may be comma-delimited list; fixed bug which didn't allow to use [] at the beginning of Regular Expressions in these sections;

- fixed bug, which rarely resulted in disconnection with appearance of Error 9 in Log file;

- tweaks in program code;

- fixes and additions in documentation.

1.04 (02-July-06):

- added new settings: AutoReload, IgnoreIniErrors, Timeout, MaxBadSeq;

- added automatic reloading of configuration settings after changing of initialization file;

- added loop detection feature;

- rewritten initialization file support: eliminated size restrictions, added support for multiline settings;

- improved formatting of current configuration in log file based on changes of initialization file format;

- default location of log files moved to Log subdirectory;

- minor tweaks in program code;

- some fixes in documentation.

1.03 (16-June-06):

- fixed bug in message size obtaining (first digit was lost);

- fixed routing problem for computers with several IP interfaces;

- changed syntax for LocalIPs, IPBlackList and IPWhiteList settings: Regular Expressions replaced by IP Ranges, changed default value for LocalIPs;

- changed logic for IPWhiteList: now addresses from this list don't check by IPBlackList and IPAllowList;

- added new settings: IPAllowList, SendersWhiteList, HostsWhiteList, HostsAllowList, HostsBlackList, HELOBlackList;

- added HostsBlacklist, HELO.Blacklist, HELO.NoDomain and HELO.DNSError response change keys;

- improved enhanced status codes support, added EnhancedStatusCodes setting;

- changed logic for ValidateRDNS, ValidateHELO and MaxSize;

- added support for SMTP extensions CHUNKING and BINARYMIME, added BadSeq.BDAT response change key;

- changed default response code from 554 to 454 and text advice for connections from hosts without RDNS PTR record (if ValidateRDNS and HostsBlackList set) because of possibility of false positives due to DNS server failures;

- improved HELO/EHLO validation logic: now if DNS lookup for host specified in HELO or EHLO command fails, returned status code is 450 instead 550;

- added support for automatic disabling of incompatible SMTP extensions;

- added new feature to Regular Expressions which allows to match strings not matching specified Regular Expression;

- added possibility to log current settings (see Log setting).

1.02 (06-June-06):

- fixed bug, which led to program crash (error 5) when SMTP client sent invalid HELO command (without domain name);

- improved syntax checking of contents of initialization file;

- added SendersAllowList setting;

- added MaxSize setting, {%size%} and {%maxsize%} substitution aliases, MAIL.Size response change key.

1.01 (16-May-05):

- fixed compatibility issues with Windows 2000 and earlier;

- minor tweaks.

1.00 (09-May-05):

- first public release.

The application consists of two executable files: PreSMTP.exe (SMTP Preprocessor itself) and GLDBView.exe (Greylisting Database Viewer).

SMTP Preprocessor distributes without installation program. Distributive package in form of self-extracting archive contains four files: PreSMTP.exe, GLDBView.exe, readme.htm (this file) and License.txt.

To put SMTP Preprocessor into operation:

- change listening port of corporate SMTP server or move it to another computer;

- be sure that current firewall settings don't allow direct external access to corporate mail server, but allow to access it from SMTP Preprocessor;

- extract PreSMTP.exe and GLDBView.exe into any directory;

- create SMTP Preprocessor initialization file (PreSMTP.ini by default), you need at least add new listening port of corporate SMTP server to it, format of this file see below;

- start PreSMTP.exe;

- be sure that firewall doesn't block PreSMTP.exe.

PreSMTP.exe command line switches:

/A IP address, /ADDRESS IP address - specify IP address to bind to, by default the program is bound to all local addresses;

/P portnumber, /PORT portnumber - specify port to listen, default port is 25;

/M, /MINIMIZE - run minimized

/HI, /HIDE - run hidden

/I ini file pathname, /INIFILE ini file pathname - specify initialization file;

/L log dir, /LOGPATH log dir - specify log directory;

/X, /EXIT - close another instance listening on the same port;

/H, /?, /HELP - show brief help message.

Switches may appear in any order, are not case sensitive, and all of them are optional. Settings from switches override the same settings from initialization file. If log directory specified on command line, logging can't be disabled from initialization file. Switches /X, /EXIT, /H, /?, /HELP are for special purpose; when one of these switches appears on the command line, SMTP Preprocessor doesn't start.

As far SMTP Preprocessor is server software, it is important to start it independently from any user sessions. I recommend to start the program using Task Scheduler. Start Scheduled Tasks Wizard, browse your computer file system to select PreSMTP.exe as executable file, on next screen select "When my computer starts", then type "System" as user name, and leave password fields blank, also check "Open advanced properties..." checkbox, and click Finish. Newly created task properties will pop up. You need to go to Settings tab and deselect all checkboxes on it, otherwise Task Scheduler will stop SMTP Preprocessor after 72 hours or when UPS will switch to battery. That's all, now SMTP Preprocessor will start at computer startup and work in background. This procedure is not applicable to Windows 9X/ME.

SMTP Preprocessor reads its settings from initialization file. By default the program uses file PreSMTP.ini from the same directory, where placed file PreSMTP.exe (renaming of executable file will lead to correspondent change of default initialization file name). Filename of initialization file with full path may be also specified by /I or /INIFILE switch. Use Notepad or another text editor to edit initialization file.

Maximum line width for initialization file is 32767 characters. If first non-space symbol on the line is semicolon (;), whole line considered as comment and ignored, blank lines also ignored.

Initialization file consists of several sections separated by section names. Section names must be located on separate lines and enclosed in brackets ([...]). Other lines of initialization file must be written in following format:

Key=Value

Spaces around equal sign (=) are ignored. Section and key names are not case sensitive.

Some key values are comma-delimited lists. To improve readability, such lists can occupy several lines in initialization file with same key name, so records

Key=Value1,Value2,Value3,Value4

and

Key=Value1,Value2
Key=Value3,Value4

are equivalent. It is not necessary to place continuation lines in succession, they may be alternated with another keys.

Hint: If you want to reformat comma-delimited lists of existing initialization file into multiline format, try setting Log=2.

Spaces around commas (,) in comma-delimited lists are ignored. To include into value comma or leading or trailing space, enclose such value into double-quote marks ("..."). Note that latest rule not applicable to keys from [ResponseChanges] section and to keys containing IP Ranges.

Note Initialization file has no size limit, but some settings in [Common] section, namely Log, LogPath, BindIP, BindPort and IgnoreIniErrors must be located in first 64 kilobytes of this file on Windows 9X platform, otherwise these settings will be ignored.

Note By default, SMTP Preprocessor automatically reloads new settings from initialization file after 30 seconds since last saving of it, but this feature can be turned off. In later case, it is necessary to restart SMTP Preprocessor to put into effect new settings after changing initialization file.

All sections and keys are optional. For settings not present in initialization file default values used. Below showed sample initialization file with all possible keys and sections. For clearness, all default values for all keys showed in commented lines. You need to include in initialization file (uncomment) only those settings, which differ from default, other keys you may safely delete.

Please also look at Recommended settings and examples section below.

; Beginning of default PreSMTP.ini
[Common]
; Log=1
; Accepted values: 0, 1 or 2.
; 0 - log disabled;
; 1 - log enabled;
; 2 - log enabled and, in addition, when SMTP Preprocessor starts, current configuration
; settings including default ones are written to the log file.
; LogPath=Application directory\Log
; Directory for log files. By default used subdirectory \Log of directory, where executable
; file stored. This subdirectory is created if necessary.
; LogLevelServer=15
; Log level for connections to corporate SMTP server. Log level is bit mask. Sum values below
; to calculate log level:
; 1 - log errors;
; 2 - log read operations;
; 4 - log write operations;
; 8 - log other (connect/disconnect etc.).
; LogLevelRemote=15
; Log level for connections from remote hosts. Log level is bit mask. See LogLevelServer for
; mask values.
; AutoReload=1
; 0/1 to disable/enable automatic reloading of settings from initialization file after
; changing it.
; IgnoreIniErrors=1
; If this setting is 0, SMTP Preprocessor will not start (or will stop on reloading settings)
; if initialization file contains at least one error. If this setting is 1, SMTP Preprocessor
; will ignore errors (writing corresponding records to the log file) by replacing wrong
; values by default ones.
; Note: SMTP Preprocessor tries to find errors in Regular Expressions in initialization file,
; but the check is not complete, and some errors may remain in it.
; Note: SMTP Preprocessor will not start (or stop on reloading) in any case if it is not
; possible to bind to listen address/port or loop detected.
; BindIP=0.0.0.0
; IP address to bind to. This must be IP address of one of computer network interfaces or
; 0.0.0.0 to bind to all network interfaces.
; BindPort=25
; Port to listen for inbound connections.
; ServerIP=127.0.0.1
; IP address of corporate SMTP server to work with. Change it to actual server IP address.
; If the server is on the same computer, in most cases this key may be omitted. DNS name
; instead of IP address also acceptable, even if DNS name resolves to more than one IP address.
; ServerPort=25
; Port of corporate SMTP server to work with. Change it to actual server port number.
; LocalIPs=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16
; Comma-delimited list of IP addresses considered to belong internal corporate network.
; IP Ranges allowed (see below). By default all possible private IP Ranges defined in
; RFC 3330 (http://www.ietf.org/rfc/rfc3330.txt) included.
; LocalDomains=
; Comma-delimited list of SMTP domains, for which corporate SMTP server is final delivery
; point (i.e. it maintains mailboxes for these domains). Regular Expressions allowed (see
; below). Default is empty list.
; LocalHostName=Computer host name
; Full-qualified domain name of SMTP server. It must be registered Internet domain name,
; which corresponds to IP address of Internet network interface. Default is computer host
; name in internal network.
; EnhancedStatusCodes=1
; 0/1 to disable/enable enhanced status codes for SMTP Preprocessor responses according to
; RFC 2034 (http://www.ietf.org/rfc/rfc2034.txt). Set it in accordance with capabilities
; of your corporate SMTP server.
; MaxConnections=0
; Limit for simultaneous connections from remote hosts. 0 means no limit.
; Timeout=300
; Timeout in seconds for rejected connections from remote hosts. 0 means no timeout.
; Note: This setting is only for rejected connections, corporate SMTP server is responsible
; for timeout for accepted connections.
; GreetingDelay=0
; Specifies delay in seconds for appearing of initial greeting after successful connection
; from remote host. Used to filter out connections from spammer hosts which usually
; disconnect after short timeout.
; Note: This setting doesn't affect connections from hosts from internal corporate network.
; Note: This setting doesn't affect rejected connections, see TarpittingDelay setting below.
; Note: Don't specify GreetingDelay bigger then Timeout.
; DisableGreetingDelayForWhitelisted=1
; 0/1 to enable/disable Greeting delay for connections from hosts specified in IPWhiteList or
; HostsWhiteList settings.
; TarpittingDelay=0
; Specifies delay in seconds for any response with 5XX code. Used to prevent Directory
; Harvesting attacks.
; Note: This setting doesn't affect connections from hosts from internal corporate network.
; Note: Don't specify TarpittingDelay bigger then Timeout and connection timeout of your
; corporate SMTP server.
; DisableTarpittingForWhitelisted=1
; 0/1 to enable/disable Tarpitting delay for connections from hosts specified in IPWhiteList
; or HostsWhiteList settings. If WhitelistAuthorized=1, Tarpitting will be disabled for
; authorized sessions also.
; ProcessAddressesWithoutBrackets=0
; This setting controls behaviour of SMTP Preprocessor when it receives MAIL or RCPT
; command with e-mail address not enclosed in angle brackets (some SMTP clients break
; these rules).
; Accepted values: 0, 1 or 2.
; 0 - accept address and process it as usual;
; 1 - reject command as syntactically incorrect;
; 2 - treat as unknown SMTP extension: pass whole command to corporate SMTP server
;     without processing (this behaviour was typical for versions of SMTP Preprocessor
;     prior to 1.06).
; WhitelistAuthorized=1
; Allows to skip some checks if connecting host authorized SMTP session using AUTH
; SMTP command.
; Accepted values: 0, 1 or 2.
; 0 - the program will not skip checks for authorized sessions;
; 1 - for authorized sessions the program will skip relaying check and checks
;     controlled by following settings: SendersWhiteList, SendersAllowList,
;     SendersBlackList, RestrictedSenders, RecipientsWhiteListRemote,
;     RecipientsAllowListRemote, RecipientsBlackListRemote, RecipientsWhiteListLocal,
;     RecipientsAllowListLocal, RecipientsBlackListLocal, PrivateRecipients;
; 2 - for authorized sessions the program will skip the same checks as with value 1,
;     and additionally it will skip checks controlled by following settings:
;     IPWhiteList, IPAllowList, IPBlackList, ValidateRDNS, HostsWhiteList,
;     HostsAllowList, HostsBlackList, ValidateHELO, HELOBlackList.
; Note: Value 2 of this setting has side effect: all rejections controlled by above
; settings for non-authorized sessions will be delayed until connecting host will
; issue MAIL command (if EHLO command was issued before), or issue HELO command.
; IPWhiteList=
; Comma-delimited list of IP addresses of hosts, for which checking by IPAllowList,
; IPBlackList, HostsAllowList, HostsBlackList, HELOBlackList and validity of HELO/EHLO
; commands will be skipped. IP Ranges allowed (see below). Default is empty list.
; IPAllowList=0.0.0.0/0
; Comma-delimited list of IP addresses of hosts, from which connections will be allowed.
; IP Ranges allowed (see below). Default is range of all possible IP addresses.
; IPBlackList=
; Comma-delimited list of IP addresses of hosts, from which connections will be rejected.
; IP Ranges allowed (see below). Default is empty list.
; ValidateRDNS=0
; 0/1/2/3 to disable/enable checking of Reverse DNS PTR record for connecting host by
; HostsWhiteList, HostsAllowList and HostsBlackList. ValidateRDNS is bit mask.
; Values mean:
; 0 - checking disabled;
; 1 - checking enabled for hosts from internal corporate network;
; 2 - checking enabled for hosts outside internal corporate network;
; 3 - checking enabled for all hosts.
; HostsWhiteList=
; Comma-delimited list of DNS names (obtained from RDNS PTR record) of hosts, for which
; checking by HostsAllowList and HostsBlackList will be skipped. Regular Expressions allowed
; (see below). Default is empty list.
; HostsAllowList=*
; Comma-delimited list of DNS names of hosts, from which connections will be allowed.
; Regular Expressions allowed (see below). By default any host allowed.
; HostsBlackList=
; Comma-delimited list of DNS names of hosts, from which connections will be rejected.
; Regular Expressions allowed (see below). Default is empty list.
; Example: use Regular Expression [] to filter out hosts which don't have RDNS PTR record.
; Example: use Regular Expression []*.* to filter out host names without any dot.
; MaxBadSeq=10
; Limit for out-of-order commands. SMTP Preprocessor will disconnect remote host when number
; of out-of-order commands will exceed this limit.
; ValidateHELO=0
; 0-15 to disable/enable checking of validity and checking by HELOBlackList of HELO or EHLO
; commands sent by remote host. When the program checks validity of HELO/EHLO, it checks
; whether host name in first parameter of HELO or EHLO command corresponds to host IP
; address. If this checking is enabled and failed, corresponding command will be rejected.
; See below for checking details. ValidateHELO is bit mask. Sum values below to calculate
; required value. Values mean:
; 0 - checking disabled;
; 1 - checking of HELO/EHLO validity enabled for hosts from internal corporate network;
; 2 - checking of HELO/EHLO validity enabled for hosts outside internal corporate network;
; 4 - checking by HELOBlacklist enabled for hosts from internal corporate network;
; 8 - checking by HELOBlacklist enabled for hosts outside internal corporate network.
; HELOBlackList=
; Comma-delimited list of strings which, being sent by remote host as first parameter of
; HELO or EHLO command, will lead to rejection of the command. Regular Expressions allowed
; (see below).
; MaxTransactionsLocal=0
; Limit for transactions (message transmissions) in one connection for connections from
; hosts inside internal corporate network. 0 means no limit.
; MaxTransactionsRemote=0
; Limit for transactions (message transmissions) in one connection for connections from
; hosts outside internal corporate network. 0 means no limit.
; MaxSize=0
; Limit for message size in bytes, kilobytes, megabytes or gigabytes. Special values
; 0, -1 and -2 also allowed. To specify message size in kilobytes, megabytes or gigabytes,
; append to numeric value letter "K", "M" or "G" respectively, without space. You can use
; decimal fraction values in this case. Use your regional fractional part delimiter.
; Note: SMTP Preprocessor doesn't check actual message size, it checks only declared
; message size specified by SMTP client in MAIL command. To use this opportunity SMTP
; Preprocessor automatically adds SIZE extension declaration to the response on EHLO
; command. Of course, SMTP client also must be compatible with SIZE SMTP extension defined
; in RFC 1870 (http://www.ietf.org/rfc/rfc1870.txt). If corporate SMTP server already
; declared SIZE extension in the response on EHLO command, SMTP Preprocessor will use
; either size value from EHLO response or MaxSize setting, whichever is smaller; EHLO
; command response in this case will be rewritten with used size value.
; Special size values mean:
; 0 - SMTP Preprocessor will take size value from the response of corporate SMTP server on
; EHLO command, if exists, otherwise size check will be skipped; EHLO command response will
; not be rewritten;
; -1 - SMTP Preprocessor will skip size check; EHLO command response will not be rewritten;
; -2 - SMTP Preprocessor will skip size check and remove SIZE extension declaration from
; EHLO command response, if exists.
; Note: If MaxSize > 0, and corporate SMTP server didn't declare SIZE SMTP extension, SMTP
; Preprocessor will remove SIZE parameter from MAIL command before passing it to corporate
; SMTP server.
; RemoveSMTPExtensionsLocal=
; Comma-delimited list of keywords representing SMTP extensions in the response on EHLO
; command. These keywords (if exist) and their parameters will be removed from the response
; when connected host belongs to the corporate network. Default is empty list.
; RemoveSMTPExtensionsRemote=
; Comma-delimited list of keywords representing SMTP extensions in the response on EHLO
; command. These keywords (if exist) and their parameters will be removed from the response
; when connected host doesn't belong to the corporate network. Default is empty list.
; AddSMTPExtensionsLocal=
; Comma-delimited list of keywords with corresponding parameters representing SMTP
; extensions in the response on EHLO command. These strings will be added (or replaced
; if exist) to the response when connected host belongs to the corporate network.
; Default is empty list.
; AddSMTPExtensionsRemote=
; Comma-delimited list of keywords with corresponding parameters representing SMTP
; extensions in the response on EHLO command. These strings will be added (or replaced
; if exist) to the response when connected host doesn't belong to the corporate network.
; Default is empty list.
; SendersWhiteList=
; Comma-delimited list of e-mail addresses of senders, from which checking of e-mail
; addresses by SendersAllowList and SendersBlackList will be skipped. Regular Expressions
; allowed (see below). Default is empty list.
; SendersAllowList=*
; Comma-delimited list of e-mail addresses of senders, from which messages will be allowed.
; Regular Expressions allowed (see below). Default is *, i.e. any sender address allowed.
; Example: to filter spam messages with invalid sender address use this Regular Expression:
; *?@?*.??*. If your server also must accept domain literals in e-mail addresses (obsolete
; feature), try this: *?@?*.??*,*?@[[]#*.#*.#*.#*].
; Note: Empty address of sender always allowed (due to standard, non-delivery reports
; have empty sender address).
; SendersBlackList=
; Comma-delimited list of e-mail addresses of senders, from which messages will be rejected.
; Regular Expressions allowed (see below). Default is empty list.
; MaxRecipientsLocal=0
; Limit for recipients in one message for connections from hosts inside internal corporate
; network. 0 means no limit.
; MaxRecipientsRemote=0
; Limit for recipients in one message for connections from hosts outside internal corporate
; network. 0 means no limit.
; RestrictedSenders=
; Comma-delimited list of e-mail addresses of senders, from which messages to external SMTP
; domains will be rejected. Regular Expressions allowed (see below). Default is empty list.
; This list is applicable only for connections from hosts belonging corporate network.
; Note: SMTP Preprocessor always rejects ralaying from hosts outside corporate network to
; external SMTP domains.
; RecipientsWhiteListRemote=
; Comma-delimited list of e-mail addresses of recipients, for which checking of e-mail
; addresses by RecipientsAllowListRemote and RecipientsBlackListRemote will be skipped.
; Regular Expressions allowed (see below). Default is empty list. This list is applicable
; only for connections outside corporate network.
; RecipientsAllowListRemote=*
; Comma-delimited list of e-mail addresses of recipients, for which messages will be allowed.
; Regular Expressions allowed (see below). Default is *, i.e. any recipient address allowed.
; This list is applicable only for connections outside corporate network.
; Note: Using this setting you may make SMTP Preprocessor responsible for rejecting messages
; for non-existing addresses in your domain(s) instead of corporate SMTP server. It is
; convenient if your configuration includes intermediate SMTP server (for example, spam or
; anti-virus filter) between SMTP Preprocessor and SMTP server, which hosts mailboxes.
; To use this opportunity, simple list here all e-mail addresses in your domain(s).
; RecipientsBlackListRemote=
; Comma-delimited list of e-mail addresses of recipients, for which messages will be rejected.
; Regular Expressions allowed (see below). Default is empty list. This list is applicable only
; for connections outside corporate network.
; RecipientsWhiteListLocal=
; Comma-delimited list of e-mail addresses of recipients, for which checking of e-mail
; addresses by RecipientsAllowListLocal and RecipientsBlackListLocal will be skipped. Regular
; Expressions allowed (see below). Default is empty list. This list is applicable only for
; connections from hosts belonging corporate network.
; RecipientsAllowListLocal=*
; Comma-delimited list of e-mail addresses of recipients, for which messages will be allowed.
; Regular Expressions allowed (see below). Default is *, i.e. any recipient address allowed.
; This list is applicable only for connections from hosts belonging corporate network.
; RecipientsBlackListLocal=
; Comma-delimited list of e-mail addresses of recipients, for which messages will be rejected.
; Regular Expressions allowed (see below). Default is empty list. This list is applicable only
; for connections from hosts belonging corporate network.
; PrivateRecipients=
; Comma-delimited list of e-mail addresses of recipients, which accept messages only from
; hosts belonging internal corporate network. Regular Expressions allowed (see below).
; Default is empty list.
; AddReceived=1
; 0/1 to disable/enable adding Received header to all incoming messages. This header
; provides information about remote host name and IP address, which required for most
; anti-spam software.
; ----------------
[GreyListing]
; Greylisting is well-known anti-spam filter technology implemented in some free and
; commercial software products. You may learn more about this technology from this link.
; This section contains keys which control Greylisting feature implemented in SMTP
; Preprocessor.
; Enabled=0
; 0/1 to disable/enable Greylisting feature. By default Greylisting is disabled.
; Log=0
; 0/1 to disable/enable adding to log file auxiliary information about Greylisting
; processing.
; Database=Application directory\GreyListing\GreyListing.gldb
; File for Greylisting database. By default used file GreyListing.gldb in subdirectory
; \GreyListing of directory, where executable file stored. This subdirectory is created
; if necessary. This setting may contain full pathname or just filename.
; WhitelistAuthorized=1
; 0/1 to disable/enable skipping of Greylisting filtering if connecting host authorized
; SMTP session using AUTH SMTP command.
; IPWhiteList=
; Comma-delimited list of IP addresses of hosts, for which Greylisting filtering will be
; skipped. IP Ranges allowed (see below). Default is empty list.
; Add to this list known hosts which retry sending of temporarily rejected messages, firstly
; outgoing SMTP clients of big ISPs. You may discover these hosts by examining Log file and
; Greylisting database.
; Note: SMTP Preprocessor always skips Greylisting filtering for local hosts defined
; in LocalIPs setting of [Common] section, so it is not necessary to add these hosts to
; IPWhiteList.
; HostsWhiteList=
; Comma-delimited list of DNS names (obtained from RDNS PTR record) of hosts, for which
; Greylisting filtering will be skipped. Regular Expressions allowed (see below). Default is
; empty list.
; IPBlackList=
; Comma-delimited list of IP addresses of hosts, for which Greylisting will be applied
; with special, more strong settings. IP Ranges allowed (see below). Default is empty list.
; Add here IP ranges of known spam sources (by country, by ISP etc.).
; HostsBlackList=[]
; Comma-delimited list of DNS names of hosts, for which Greylisting will be applied with
; special, more strong settings. Regular Expressions allowed (see below). By default this
; list contains hosts which don't have RDNS PTR record.
; CallbackSendersList=[], postmaster@*
; Comma-delimited list of e-mail addresses of senders, for which Greylisting rejecting will
; be performed in special way defined in CallbackSenderAction setting. Regular Expressions
; allowed (see below). By default this list contains empty sender and postmaster.
; Some hosts use callbacks to validate sender e-mail address. If callback is greylisted,
; your outgoing messages may be delayed or even rejected. To avoid it, known e-mail addresses
; used for callbacks may be added to this setting. Fortunately, most implementations of
; callback feature use empty sender or postmaster@, which are default, but there are
; exclusions from this rule.
; CallbackSenderAction=1
; 0/1/2/3 to define special processing of Greylisting rejecting for senders included
; in CallbackSendersList. Values mean:
; 0 - Greylisting disabled for these addresses;
; 1 - SMTP Preprocessor will reject DATA command instead RCPT command if at least one
;     recipient must be greylisted; if data transmission accomplishes with BDAT command, the
;     connection will be broken after it;
; 2 - Greylisting will be performed for these addresses in the same way as for other
;     addresses;
; 3 - SMTP Preprocessor will break connection after DATA or BDAT command if at least one
;     recipient must be greylisted.
; Most Greylisting implementations in this case reject DATA or BDAT command after
; downloading of whole message, but it is impossible to implement in SMTP Preprocessor
; without special support from corporate SMTP server.
; Delay=16
; Minimal delay in minutes for greylisted message. All retries to deliver the message
; during this interval will be rejected;
; BlackListDelay=64
; Minimal delay in minutes for greylisted message if sending host is blacklisted.
; MinCount=1
; Minimal count of retries for greylisted message. All attempts to deliver the message
; before reaching this number will be rejected;
; BlackListMinCount=2
; Minimal count of retries for greylisted message if sending host is blacklisted.
; TTL=51840
; Time-to-live in minutes for the record in Greylisting database if at least one message
; corresponding with this record was delivered. SMTP Preprocessor periodically deletes
; records from database, which are older than TTL since last successful delivery. Default
; TTL is 51840 minutes (36 days). TTL must be greater than Delay.
; ShortTTL=240
; Time-to-live in minutes for the record in Greylisting database if the message
; corresponding with this record was never delivered (i.e. it was at least once rejected by
; Greylisting feature, all retries were within Delay or number of retries not exceeded
; MinCount). SMTP Preprocessor periodically deletes records from database, which are older
; than ShortTTL since first rejection. Default ShortTTL is 240 minutes (4 hours). ShortTTL
; must be greater than Delay.
; SaveInterval=120
; SMTP Preprocessor periodically performs Greylisting database maintenance, which includes
; removing of expired records and saving database to the disk. This setting defines
; maintenance interval in minutes. Minimal interval is 10 minutes. When SMTP Preprocessor
; closes, it also performs Greylisting database maintenance.
; ----------------
[ResponseChanges]
; This section contains lines of keys and instructions to change responses of corporate SMTP
; server and SMTP Preprocessor. These lines look like this:
; Key=Instruction1,Instruction2,...,InstructionN,
; where Key may be:
; Response Code - will replace all responses of corporate SMTP server beginning with
; three-digit Response Code,
; or
; SMTP Command.Response Code - will replace all responses of corporate SMTP server on
; SMTP Command beginning with three-digit Response Code,
; or these keys, which will replace only SMTP Preprocessor internal responses:
; BadSeq - will replace response on any out-of-order command;
; Default response: 503 5.5.1 Bad sequence of commands.
; BadSeq.BadIP - will replace response on any command besides QUIT if sender IP address was
; rejected;
; Default response: 503 Bad sequence of commands.
; SMTP Command.BadSeq.BadIP - the same, but for particular SMTP command;
; BadSeq.NoHelo - will replace response on any out-of-order command, which is not allowed
; before HELO or EHLO command;
; Default response: 503 Bad sequence of commands.
; SMTP Command.BadSeq.NoHelo - the same, but for particular SMTP command;
; BadSeq.Transaction - will replace response on any out-of-order command, which is not
; allowed before closing of the transaction;
; Default response: 503 5.5.1 Bad sequence of commands.
; SMTP Command.BadSeq.Transaction - the same, but for particular SMTP command;
; BadSeq.NoTransaction - will replace response on any out-of-order command, which allowed
; only when transaction is opened;
; Default response: 503 5.5.1 Bad sequence of commands.
; SMTP Command.BadSeq.NoTransaction - the same, but for particular SMTP command;
; BadSeq.BDAT - will replace response on any out-of-order command, when binary data transfer
; was in progress;
; Default response: 503 5.5.1 Bad sequence of commands.
; SMTP Command.BadSeq.BDAT - the same, but for particular SMTP command;
; TooManyConnections - will replace greeting response, when connections limit exceeded;
; Default response: 421 {%localhostname%} is too busy. Try later.
; IPBlackList - will replace greeting response, when sender IP address included in IPBlackList
; or not included in IPAllowList;
; Default response: 554 5.7.1 Connection from {%remotehostip%} not allowed.
; HostsBlackList - will replace greeting response, when sender host DNS name included in
; HostsBlackList or not included in HostsAllowList;
; Default response: 554 5.7.1 Connection from {%remotehostname%} [{%remotehostip%}] not allowed.
; NoPtr - will replace greeting response, when sender IP address doesn't have RDNS PTR record
; or RDNS lookup failed;
; Default response: 454 4.7.0 Unable to verify DNS PTR record for {%remotehostip%}.
; QUIT.BadIP - will replace response on QUIT command if sender IP address was rejected;
; Default response: 221 2.0.0 {%localhostname%} closing connection.
; ServerError - will replace response, which SMTP Preprocessor sends to remote host when an
; error occurs on connection to corporate SMTP server.
; Default response: 421 {%localhostname%} is temporarily unavailable.
; HELO.Invalid - will replace response on rejected HELO or EHLO command parameter, if
; specified domain name doesn't correspond to connecting host IP address;
; Default response: 550 5.7.1 The name {%helodomain%} in HELO/EHLO command doesn't correspond
; to IP address {%remotehostip%}.
; HELO.NoDomain - will replace response on rejected HELO or EHLO command, if it was sent by
; remote host without parameter;
; Default response: 501 5.5.2 Domain name not specified in HELO/EHLO command.
; HELO.DNSError - will replace response on rejected HELO or EHLO command, if SMTP
; Preprocessor was unable to obtain IP address for host name, which was specified by remote
; host in HELO or EHLO command;
; Default response: 450 4.7.0 Unable to verify the name {%helodomain%} from HELO/EHLO command
; in DNS.
; HELO.Blacklist - will replace response on rejected HELO or EHLO command, if HELO/EHLO command
; parameter listed in HeloBlackList;
; Default response: 550 5.7.1 Disallowed name in HELO/EHLO command: {%helodomain%}.
; MAIL.AddressSyntax - will replace response on rejected MAIL command, when e-mail address has
; invalid syntax, typically it is not enclosed in angle brackets (see
; ProcessAddressesWithoutBrackets setting);
; Default response: 501 5.5.4 Invalid syntax of address in MAIL command.
; MAIL.TooManyTransactions - will replace response on rejected MAIL command, when
; transactions limit exceeded;
; Default response: 452 4.5.0 Too many transactions during one session.
; MAIL.BlackList - will replace response on rejected MAIL command, when sender included
; in SendersBlackList or not included in SendersAllowList;
; Default response: 550 5.7.1 Mail from {%from%} not allowed.
; MAIL.Size - will replace response on rejected MAIL command when message size is too big;
; Default response: 552 5.3.4 Message size ({%size%} bytes) exceeds fixed maximium message
; size ({%maxsize%} bytes).
; RCPT.AddressSyntax - will replace response on rejected RCPT command, when e-mail address has
; invalid syntax, typically it is not enclosed in angle brackets (see
; ProcessAddressesWithoutBrackets setting);
; Default response: 501 5.5.4 Invalid syntax of address in RCPT command.
; RCPT.TooManyRecipients - will replace response on rejected RCPT command, when recipients
; limit exceeded;
; Default response: 452 4.5.3 Too many recipients.
; RCPT.Restricted - will replace response on rejected RCPT command, when sender is in
; RestrictedSenders List;
; Default response: 550 5.7.1 Sending mail to external recipients not allowed for {%from%}.
; RCPT.Restricted.Sender e-mail address - the same, but for particular Sender address;
; RCPT.Relaying - will replace response on rejected RCPT command, when both sender IP address
; and Recipient SMTP domain are not local;
; Default response: 550 5.7.1 Relaying to {%rcptdomain%} not allowed.
; RCPT.BlackList.Remote - will replace response on rejected RCPT command, when recipient
; included in RecipientsBlackListRemote or not included in RecipientsAllowListRemote;
; Default response: 550 5.1.1 Unknown or invalid recipient: {%rcpt%}.
; RCPT.BlackList.Remote.Recipient e-mail address - the same, but for particular Recipient
; address;
; RCPT.BlackList.Local - will replace response on rejected RCPT command, when recipient
; included in RecipientsBlackListLocal or not included in RecipientsAllowListLocal;
; Default response: 550 5.7.1 Sending mail to {%rcpt%} not allowed.
; RCPT.BlackList.Local.Recipient e-mail address - the same, but for particular Recipient
; address;
; RCPT.Private - will replace response on rejected RCPT command, when Recipient included in
; PrivateRecipients List;
; Default response: 550 5.2.1 {%rcpt%} doesn't accept external mail.
; RCPT.Private.Recipient e-mail address - the same, but for particular Recipient address;
; RCPT.Greylisted - will replace response on rejected RCPT command, when the message was
; greylisted;
; Default response: 451 4.7.0 Greylisted. Delivery delayed.
; RCPT.Greylisted.Recipient e-mail address - the same, but for particular Recipient address;
; DATA.Greylisted - will replace response on rejected DATA command, when the message was
; greylisted;
; Default response: 451 4.7.0 Greylisted. Delivery delayed.
; Shutdown - will replace response, which SMTP Preprocessor sends to all opened connections to
; remote hosts when it shuts down;
; Default response: 421 4.3.2 {%localhostname%} is shutting down.
; If several keys change particular response, all of them will be applied, with wider scope
; first.
; Instruction1...InstructionN may be in one of following forms:
; <Replacement text> - completely replaces response text;
; <Original substring>=<Replacement substring> - replaces Original substring in response text
; with Replacement substring, case-insensitive string comparison used;
; <Original substring>==<Replacement substring> - replaces Original substring in response text
; with Replacement substring, case-sensitive string comparison used;
; Angle brackets are part of syntax. Comma-delimited Instructions are evaluating from left
; to right.
; Original text may contain symbol "", which corresponds to Carriage-return/Linefeed
; sequence in the original text of the response.
; Replacement text and Replacement substring may contain following substitution aliases:
; {%original%} - evaluates to original response text before any replacements;
; {%localhostname%} - evaluates to LocalHostName setting value;
; {%remotehostname%} - evaluates to remote host DNS name or "Unknown" if DNS name
; doesn't exist;
; {%remotehostip%} - evaluates to remote host IP address;
; {%helodomain%} - evaluates to first parameter of HELO or EHLO command;
; {%from%} - evaluates to sender e-mail address;
; {%rcpt%} - evaluates to recipient e-mail address;
; {%fromdomain%} - evaluates to sender SMTP domain;
; {%rcptdomain%} - evaluates to recipient SMTP domain;
; {%bytesreceived%} - evaluates to number of bytes received from remote host;
; {%bytessent%} - evaluates to number of bytes sent to remote host;
; {%rfctime%} - evaluates to current Date and Time value in RFC 2822
; (http://www.ietf.org/rfc/rfc2822.txt) format;
; {%crlf%} - evaluates to Carriage-return/Linefeed combination for multiline responses;
; {%size%} - evaluates to size of current message, if declared in MAIL command, otherwise 0;
; {%maxsize%} - evaluates to MaxSize setting value;
; Note: According with EnhancedStatusCodes setting from [Common] section default responses
; appear with or without enhanced status codes.
; Note: According with RFC 2034 (http://www.ietf.org/rfc/rfc2034.txt) all default responses
; on HELO and EHLO commands and before them appear without enhanced status codes.
; Note: According with WhitelistAuthorized setting from [Common] section some rejecting
; responses may appear after HELO or MAIL command instead initial greeting or response on
; EHLO command. By default presence of enhanced status codes in such responses depends on
; above rule from RFC 2034.
; ----------------
[SenderReplacements.Remote]
; This section contains sender address replacements for connections from hosts outside
; corporate network.
; Syntax:
; Original e-mail address1,address2,address3...=Replacement e-mail address
; One or more comma-delimited Regular Expressions representing Original e-mail address(es)
; may be specified on the line.
; ----------------
[SenderReplacements.Local]
; This section contains sender address replacements for connections from hosts inside
; corporate network.
; Syntax is the same as in [SenderReplacements.Remote]section.
; ----------------
[RecipientReplacements.Remote]
; This section contains recipient address replacements for connections from hosts outside
; corporate network.
; Syntax is the same as in [SenderReplacements.Remote]section.
; ----------------
[RecipientReplacements.Local]
; This section contains recipient address replacements for connections from hosts inside
; corporate network.
; Syntax is the same as in [SenderReplacements.Remote]section.
; ----------------
; End of default PreSMTP.ini

Note SMTP Preprocessor will not start or will stop after reloading its settings if it will detect TCP/IP loop, that is, when configured Server IP address and port coincides with one of configured listening addresses and port.

Note As any TCP/IP proxy software, SMTP Preprocessor hides IP address of client host from corporate SMTP server. If your corporate SMTP server uses client IP address in its internal checks (RBL, SPF and so on), it is necessary to reconfigure the server to take client IP address from a Received header, which SMTP Preprocessor adds to a message. In some servers and anti-spam products (Microsoft Exchange, SpamAssassin and others) this effect may be achieved by inclusion of IP address of LAN interface of the host, which runs SMTP Preprocessor, to the list of trusted internal hosts.

Note Some settings consist of three lists: White, Allow and Black. The logic diagram of checking by these lists shown below:

                    /-<- Yes <- Included in White List
                   /                      ↓
                  /                       No
                 /            Pass <-                Included in Allow List ->  No ->-\
                 \             \
                  \                      Yes                       -> Reject
                   \                 /
                    \-<-  No <- Included in Black List -> Yes ->-/

Note Anti-Relaying feature always enabled and cannot be turned off. For connections from hosts outside corporate network SMTP Preprocessor rejects recipients, if their domain part of e-mail address doesn't coincide with any of local domains.

Note Never change first digit of response codes. It will lead to malfunction of SMTP server. Recommended never change response codes at all.

Note Sender and Recipient replacements applied at a final stage of processing. Original Sender and Recipient addresses used in restrictions logic, responses and substitution aliases.

Note SMTP Preprocessor changes only SMTP envelope senders and recipients. Senders and Recipients in mail headers (To:, From: etc.) remain unchanged.

Note SMTP Preprocessor is incompatible with some SMTP extensions. It modifies response on EHLO command to disable incompatible extensions. The modification of the response on the EHLO command goes in the following sequence:

- removing incompatible extensions;

- processing MaxSize setting;

- processing RemoveSMTPExtensionsLocal or RemoveSMTPExtensionsRemote setting;

- processing AddSMTPExtensionsLocal or AddSMTPExtensionsRemote setting;

- processing ResponseChanges section;

Be careful using AddSMTPExtensionsLocal and AddSMTPExtensionsRemote settings, and ResponseChanges section because it is possible to enable incompatible extensions using them. Lists of known compatible and incompatible extensions shown below:

Compatible extensions Reference
8BITMIME RFC 1652 (http://www.ietf.org/rfc/rfc1652.txt)
AUTH RFC 2554 (http://www.ietf.org/rfc/rfc2554.txt)
BINARYMIME RFC 3030 (http://www.ietf.org/rfc/rfc3030.txt)
CHECKPOINT RFC 1845 (http://www.ietf.org/rfc/rfc1845.txt)
CHUNKING RFC 3030 (http://www.ietf.org/rfc/rfc3030.txt)
DSN RFC 1891 (http://www.ietf.org/rfc/rfc1891.txt)
ENHANCEDSTATUSCODES RFC 2034 (http://www.ietf.org/rfc/rfc2034.txt)
ETRN RFC 1985 (http://www.ietf.org/rfc/rfc1985.txt)
EXPN RFC 821 (http://www.ietf.org/rfc/rfc821.txt)
HELP RFC 821 (http://www.ietf.org/rfc/rfc821.txt)
MTRK RFC 3885 (http://www.ietf.org/rfc/rfc3885.txt)
NO-SOLICITING RFC 3865 (http://www.ietf.org/rfc/rfc3865.txt)
SAML RFC 821 (http://www.ietf.org/rfc/rfc821.txt)
SEND RFC 821 (http://www.ietf.org/rfc/rfc821.txt)
SIZE RFC 1870 (http://www.ietf.org/rfc/rfc1870.txt)
SOML RFC 821 (http://www.ietf.org/rfc/rfc821.txt)
VRFY RFC 821 (http://www.ietf.org/rfc/rfc821.txt)
XEXCH50 KB812455 (http://support.microsoft.com/kb/812455)
X-LINK2STATE KB812455 (http://support.microsoft.com/kb/812455)
X-EXPS KB812455 (http://support.microsoft.com/kb/812455)

Incompatible extensions Reference
ATRN RFC 2645 (http://www.ietf.org/rfc/rfc2645.txt)
PIPELINING RFC 2920 (http://www.ietf.org/rfc/rfc2920.txt)
STARTTLS RFC 3207 (http://www.ietf.org/rfc/rfc3207.txt)
TURN RFC 821 (http://www.ietf.org/rfc/rfc821.txt)

Many settings of initialization file may contain Regular Expressions. SMTP Preprocessor uses VB-like syntax of Regular Expressions. The following table shows the characters allowed in Regular Expression and what they match:

Characters Matches
? Any single character.
* Zero or more characters.
# Any single digit (0-9).
[charlist] Any single character in charlist.
[!charlist] Any single character not in charlist.

A group of one or more characters (charlist) enclosed in brackets ([ ]) can be used to match any single character and can include almost any character code, including digits.

Note To match the special characters left bracket ([), question mark (?), number sign (#), and asterisk (*), enclose them in brackets. The right bracket (]) can't be used within a group to match itself, but it can be used outside a group as an individual character.

By using a hyphen (-) to separate the upper and lower bounds of the range, charlist can specify a range of characters. For example, [A-Z] results in a match if the corresponding character position in string contains any letters in the range A-Z. Multiple ranges are included within the brackets without delimiters.

Regular Expressions are case-insensitive.

Other important rules for pattern matching include the following:

- An exclamation point (!) at the beginning of charlist means that a match is made if any character except the characters in charlist is found in string. When used outside brackets, the exclamation point matches itself.

- A hyphen (-) can appear either at the beginning (after an exclamation point if one is used) or at the end of charlist to match itself. In any other location, the hyphen is used to identify a range of characters.

- When a range of characters is specified, they must appear in ascending sort order (from lowest to highest). [A-Z] is a valid pattern, but [Z-A] is not.

- The character sequence [] alone is considered a zero-length string.

Note It is possible to reverse logic of Regular Expression by adding character sequence [] to the beginning of it. In this way, if the string matches Regular Expression without prefix, it will not match Regular Expression with prefix and vice versa.

Note It is possible to combine several Regular Expression with logical "AND" operation. To do it, simply write these Regular Expressions separated by a space. For example, to match IP address string, try this: *?.*?.*?.*? []*[!0-9.]*

Some settings of SMTP Preprocessor may include IP Ranges. IP Ranges may represent any range of IPv4 addresses. Notation of IP Ranges may be following:

- X.X.X.X - single IP address;

- X.X.X.X-X.X.X.X - start and end of the range, inclusively;

- X.X.X.X/X.X.X.X - address/netmask;

- X.X.X.X/Y - address/bits count (CIDR notation),

where X - any number from 0 to 255, and Y - any number from 0 to 32. These forms of notation are well-known.

For example, range of IP addresses from 192.168.1.0 to 192.168.1.255 may be written as 192.168.1.0-192.168.1.255 or 192.168.1.0/255.255.255.0 or 192.168.1.0/24.

When SMTP Preprocessor checks validity of HELO or EHLO command, it does following:

- Obtains domain name of remote host.

- If domain name exists, compares it with first parameter of HELO or EHLO command (HELO Domain later). The comparison is not strong: host domain name may be subdomain of HELO Domain and vice versa. If comparison returns positive result, entire check considered passed.

- If domain name doesn't exist, or HELO Domain is presented in form of IP address, or previous comparison returned negative result, the program obtains IP address of HELO Domain. If this IP address exists and coincides with IP address of remote host, entire check considered passed.

- If both previous comparisons returned negative result, entire check considered failed. In case SMTP Preprocessor was not able to obtain IP address of HELO Domain, it returns temporary failure status code (450) because it may be result of DNS lookup failure, otherwise it returns permanent failure status code (550).

Note Using RDNS PTR records and HELO Domain checking to reject incoming mail messages violates RFC 2821 (http://www.ietf.org/rfc/rfc2821.txt) specification, but widely used as one of anti-spam filters.

Recommended settings and examples

Most default settings are optimal, but some powerful settings are disabled by default, and the user need to set them up based on the task entrusted to SMTP Preprocessor. The sample settings below based on long-term experience of implementation of SMTP Preprocessor in corporate environment, and in most cases these settings may be used by others.

Recommended settings in [Common] section:

  SendersAllowList = *?@?*.??*

This will reject sender addresses, which doesn't look like valid e-mail address.

  ValidateRDNS = 2

This will validate RDNS for external hosts. It will enable HostsWhiteList, HostsAllowList and HostsBlackList for inbound connections outside corporate network. In most cases there is no reason to validate RDNS for corporate LAN hosts.

  HostsWhiteList = mail*,smtp*,mx*

This setting will whitelist most valid external mail hosts.

  HostsBlackList = *#[-.]*#[-.]*[-.]*.*, *dial*[-.]*#.*.*, *#.dial.*.*
  HostsBlackList = *#*.dialup.*.*, *[-.]dial*#.*.*
  HostsBlackList = cable*##.*.*, user-#*.cable.*.*, user-#*.biz.*.*
  HostsBlackList = *dsl[-.]*#.*.*.*, *#[-.]*dsl*.*.*
  HostsBlackList = host*[-.]pool*.*.*, ras*[-.]pp*.*.*, dhcp*#.*.*
  HostsBlackList = *#ppp*#.*.*.*, ppp*#.*.*, host*#[-.]ppp*.*.*
  HostsBlackList = #*[a-z][a-z][a-z]#*.*.*.*, *ip*#-*#.*.*
  HostsBlackList = *p-*#[-.]*#.*.*, *#[-.]*#[-.]*dial*.*.*
  HostsBlackList = *[-.]*#####*.*.*, *##########.*.*, *#####*.*.*.*, *##-*##.*.*
  HostsBlackList = p####-ip*.jp, pc*#.broad.dynamic.*.cndata.com
  HostsBlackList = *#.upc-[a-z].chello.nl, dpc#########.direcpc.com, c#*.virtua.com.br
  HostsBlackList = ?????.?.pppool.de, bc*#.bendcable.com, hst-*#-*#.telelanas.lt
  HostsBlackList = *#*#*#*.*.*.ne.jp
  HostsBlackList = #???????.cable.casema.nl, ip*.adsl-surfen.hetnet.nl
  HostsBlackList = unknown.*, hn.kd.*.adsl, hn.kd.dhcp

These settings will cut most connections from invalid hosts (dynamic-IP users, corporate routers etc.). Some settings are specific and may be outdated. At least it is hint how to construct this list yourself by analyzing Log file and using Regular Expressions.

I don't recommend to use HostsBlackList = [], i.e. to filter out connections from hosts without PTR record. Unfortunately a lot of small business companies don't have experienced IT administrators, but have their own misconfigured mail servers, and one of these companies may be your important business partner. Temporary DNS server problem also can lead to false mail rejection when using this setting.

  ValidateHelo = 8

This will enable HELOBlacklist for hosts outside internal corporate network.

I don't recommend to check HELO validity (i.e. HELOBlacklist = 2 or HELOBlacklist = 10) because in real world even big ISPs have servers with misconfigured HELO string.

  HeloBlackList = []*[!0-9.]*,[]*.*,[[]#*.#*.*#.*#]
  HeloBlackList = *.lan, localhost.localdomain

The settings in first line will reject HELO strings which: consist only with digits and dots; doesn't have any dot; are domain literal (IP address in square brackets). The settings in second line will reject some other invalid HELO strings.

  GreetingDelay = 35

Most spammer software will not wait more than 30 seconds, but RFC-compliant hosts will wait at least 300 seconds, so this setting can significantly reduce spam, and will not affect valid mail.

  TarpittingDelay = 150

This delay will significantly complicate possibility of Directory Harvest attacks, even if attacking host is RFC-compliant, and can overcome this delay.

  DisableTarpittingForWhitelisted = 0

Sometimes Directory Harvest attacks come from mailing list providers or other hosts which are whitelisted for some reason. This setting enables Tarpitting for any external host. As far Tarpitting will delay only 5XX (reject) responses, it will not affect valid mail.

Recommended settings in [GreyListing] section:

  Enabled = 1

This enables Greylisting.

How to adjust IPWhiteList for Greylisting

To minimize delays of valid messages you need to whitelist IP addresses of sending mail hosts of most world-wide and region-wide ISPs, and your permanent business partners. Analyzing of log files and Greylisting database will not allow to discover all such IP addresses because big companies have large pools of SMTP connectors, they alternate them etc.

Fortunately most companies sending SMTP messages publish IP addresses of all hosts which can send mail in DNS SPF records, so to collect this information you need to issue DNS query for TXT records for particular domain name. Here is an example:

  d:\>nslookup
  > set type=txt
  > gmail.com
  Non-authoritative answer:
  gmail.com       text =
          "v=spf1 redirect=_spf.google.com"
  > _spf.google.com
  Non-authoritative answer:
  _spf.google.com text =
          "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:7
  2.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.
  0.0/20 ip4:207.126.144.0/20 ?all"

Using above information you can construct this setting:

  IPWhiteList = 216.239.32.0/19, 64.233.160.0/19, 66.249.80.0/20
  IPWhiteList = 72.14.192.0/18, 209.85.128.0/17, 66.102.0.0/20
  IPWhiteList = 74.125.0.0/16, 64.18.0.0/20, 207.126.144.0/20

Using this method you can compile IPWhiteList which will include most valid hosts which can send mail for you.

Small companies which have their own mail servers usually send mail from addresses listed in DNS MX records, so you can examine such records for domains of your business partners and add them to IPWhiteList too.

It is very important to regularly refresh IPWhiteList.

Some sample strings for [ResponseChanges] section of initialization file:

1. Suppose, greeting string of corporate SMTP server is:

220 localhost Best SMTP v1.0

Let's apply response change string to it:

220=<{%Original%} Service ready at {%RFCTime%}>,<localhost>=<{%LocalHostName%}>

Result:

220 mysmtpserver.example.com Best SMTP v1.0 Service ready at Fri, 06 May 2005 12:05:25 +0400

2. Suppose, response on EHLO command of corporate SMTP server is:

250-localhost Hello
250-TURN
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 VRFY

Note that SMTP Preprocessor automatically rewrites this response to disable incompatible SMTP extensions and enable or adjust SIZE extension, so we must not worry about it. But for this example we will try to completely replace this response:

EHLO.250=<250-{%LocalHostName%} greets {%RemoteHostName%} [{%RemoteHostIP%}]{%CRLF%}250-SIZE {MaxSize}{%CRLF%}250-ETRN{%CRLF%}250-DSN{%CRLF%}250-ENHANCEDSTATUSCODES{%CRLF%}250-8BITMIME{%CRLF%}250-BINARYMIME{%CRLF%}250-CHUNKING{%CRLF%}250 VRFY>

Result:

250-mysmtpserver.example.com greets test.example.com [10.1.2.3]
250-SIZE 20971520
250-ETRN
250-DSN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 VRFY

Greylisting Database Viewer

GLDBView.exe (Greylisting Database Viewer) intended to view and analyze Greylisting database maintained by SMTP Preprocessor. The viewer shows all records in the database in table view, and allows to sort the table by each column.

GLDBView.exe command line syntax:

GLDBView [Switches] [Database pathname]

Switches:

/I ini file pathname, /INIFILE ini file pathname - specify initialization file. If omitted, the file PreSMTP.ini from the directory where GLDBView.exe is placed, will be used. SMTP Preprocessor and Greylisting Database Viewer share the same initialization file.

/H, /?, /HELP - show brief help message.

Database pathname - specify Greylisting database file. If omitted, database specified in initialization file or default will be used.

Switches may appear in any order, are not case sensitive, and all of them are optional. Settings from switches override the same settings from initialization file.


2005-2013 Sergey Merzlikin
http://www.smsoft.ru