SAS – Secure Antispam Solution
SPAM – a worldwide problem for Internet users 
At the present time, SPAM, or unsolicited mail, is a worldwide problem with a big impact not only on Internet service providers (ISPs) but also end-users. Sending and receiving unsolicited mail overloads email servers and cuts a big portion of the Internet line capacity. At the end of the day, all of this costs money which is paid for by the end-user. Our experts have analysed and tested a number of freeware antispam tools. The result of the long-term analysis is SAS, Secure Antispam Solution, which takes into account requirements of system administrators on a flexible, highly efficient, easily scalable and manageable product that is aimed at the complex protection against unsolicited mail. The efficiency and effectiveness of SAS is also confirmed by the biggest Slovak ISP that has been using SAS since 2005.
Secure Antispam Solution – a solution for a secure communication
What is SAS?
SAS is a combination of several freely distributed open-source programs (like j-chkmail and others) that perform specific tasks such as sending and receiving email via ESMTP protocol, analysis of the header and the body of the message, as well as checking of the sender and recipient. Based on this information, SAS decides whether the message will get delivered or rejected. To achieve a high performance, SAS is installed on a separate server that manages filtering of the SMTP data.
Features and Specification
Integrity Analysis
SAS not only checks the integrity of the message, but also monitors the way the message is delivered. Apart from that it checks whether the header, body and all attachments contain everything that is required by (specific) RFC standards. At the same time it checks whether the message does not bear typical signs of unsolicited mail, whether the sender’s MX record is correctly set, whether HELO command values are properly filled and therefore, whether it is possible, if necessary, to deliver an appropriate response.
Content Filtering and Evaluation
All messages are checked using a regex filter, whose rules could be combined and applied to the header and/or the body of the message. The result of this check is logged into a file so that it is possible to find out the reason behind the message rejection.
X-files Blocking
SAS supports X-files detection. X-files are such files that could be executed in the OS Windows. Blocking them is the first level of an antivirus check. SAS administrators can define their own X-files extensions. If the message contains an attachment having an extension set in X-files, SAS can choose to either ignore, reject, or delete this message without warning or subsequent to sending a warning notification.
Blacklist and Whitelist Support
SAS supports four groups of network classes: LOCAL, DOMAIN, FRIENDS and UNKNOWN with defined functionality and privileges. These groups are used to define rules for content checks and access management. All the rules are mutually exclusive and can be used in any combination. Using this technique it is possible to create vast but clearly readible Access Lists.
Antivirus Integration
SAS uses a libmilter library that provides an option for an integration with internal as well as external antivirus scanners. If the message gets successfully through the antispam check, it could be sent into the internal scan module CLAM or SOPHOS or to an external antivirus server via TCP/IP protocol.
DNS Blacklist Support
SAS supports all commercial and freely accessible online databases of spammers such us rbl, dul, rss, ops, mail-abuse.com, relays.ordb.org, bl.spamcop.net, xbl.spamhaus.org, cbl.abuseat.org. Some of them provide access to information free of charge, others require a fee to be paid.
URL Blacklist Support
URLBL is an effective spam detection method. Current spam technologies can fake contents of email headers so powerfully that the traditional filtering methods based on information about the sender are not effective. Most unsolicited messages contain a URL link that the recipient is asked to click on.
Connection Speed Management
Spammers need to send as many messages as possible in the shortest possible time. They try to use the maximum capacity of the Internet line as well as the processor power of the recipient server. SAS gives an option to define limits for the number of open connections and the number of requests for new connections during a 10 min interval. This limit can be defined separately for individual groups of networks.
Dictionary Attack Prevention and Detection
This feature enables detection and subsequently blocking of a Dictionary attack that uses an error message USER UNKNOWN. The aim of this attack is to discover email addresses of recipients and subsequently use them to send unsolicited mail. If SAS detects this type of attack, it automatically interrupts the connection and blocks the IP address of the sender for 4 hours.
Domain Keys, Sender ID and SPF Support
SAS supports a new method of sender authentication defined in an IETF draft that is proposed by Microsoft, Sendmail and Yahoo.
Heuristic Method Filter
SAS supports contents filtering using heuristic and bayesian filters using limbilter plugins. It is a standard that these filters are activated if SAS is used by clients with a small number of users.
Open for future filters
SAS uses a libmilter library integrated with the SMTP server Sendmail. It enables to use filters from other authors. This feature provides an option to use future filters with no need to reinstall the software.
Internal Mail Storage Server Protection
SAS is capable of reducing the number of open connections, number of attempts to open a connection and also the overall volume of transferred messages. SAS solution used by the server POBOX.SK has reduced the overall SMTP traffic by almost 50%.