Anti-spam technology

home Anti-spam technology

The gist of the S25R (Selective SMTP Rejection) system
Rejects receiving mail from a host supposed to be an end-user's compter based on its reverse name returning a retry request (response code "450").

Receives mail by whitelisting the host when a mail server is misidentified and retry accesses are found.
Effectiveness:

The block rate against spam and virus mail is 97--99%.
Caution:

The initial false positive rate is nearly 13%. White list maintenance is required (it can be automated).
Don't use this system unless you can watch the mail log.
Don't use this system if you dislike deferment of receiving mail.

When your e-mail is blocked by S25R...

Contents

Study Report of an Anti-spam System with a 99% Block Rate
-- The Selective SMTP Rejection (S25R) System -- You can freely copy, distribute or reprint this paper unless you modify it.
Please don't link the page shown left. When you want to introduce the paper, link this page, which has the same contents and alerts to the index page.

Introduction of the S25R anti-spam system (PDF) Here is the English translation of the slides for the lecture. (written in Aug. 2009)

Mail server operation technology for blocking 99% of spam and virus mail
(Japanese) A magazine report in The Business Communication (Sep. 2004), a Japanese information technology magazine.

White list information Here is information of legitimate mail servers which should be permitted with the white list so that they are not mistakenly rejected by the S25R anti-spam system.

Rejection log sorting script Here is a shell script useful for finding out mail servers which are mistakenly rejected. You can freely copy it.

Voices of the applyers Here are the voices of the mail system administrators who have applied the S25R anti-spam system.

Q&A Here are answers for questions about the S25R anti-spam system.

S25R miscellaneous information blog
(Japanese) I write miscellaneous information about the S25R anti-spam system on my blog.

Author's contact address

Links

12 XMailCFG (for Windows)
(Japanese) Software to configure and maintain XMail, a FINGER/SMTP/POP server which runs on UNIX and Windows. It can built in S25R to XMail.

11 s25rtarpitgreylist
(Japanese) Anti-spam software (written in Perl) applied for qmail, developed by the owner of Kimagure PC hiroba (Whimsy PC plaza). It applies the S25R system, tarpitting (response delay) and greylisting (retry request).

10 MailUtl3 A POP Proxy developed by Mr. KAWAMATA. It appends identification headers to a message which is judged probable spam based on the S25R system.

9 taRgrey - S25R + tarpitting + greylisting Mr. SATOH Kiyoshi has developed an anti-spam system which consists of the combination of S25R, tarpitting (response delay) and greylisting (retry request).

8 Starpit
(Japanese) Mr. SATOH Kiyoshi has reported his new tarpitting (response delay) system. It can automatically turn spam away and receive legitimate mail by tarpitting against clients which match the S25R conditions.

7 Mail Proof Keeper
(Japanese) A mail security solution product by Cyber System Research Institute. It introduces the S25R anti-spam system.

6 smtp_wrapper
(Japanese) Mr. ITO Masahiko has offfered a daemon program which processes SMTP accesses in front of sendmail. It can cooperate with a filter script implementing the S25R anti-spam system.

5 Qgrey - S25R + qgreylist patch
(Japanese) Mr. SATOH Kiyoshi has offered a patch that applies the S25R anti-spam system to qgreylist (greylisting for qmail). It is the "qmail version" of his Rgrey.

4 Becky! S25R spam filter
(Japanese) A spam filter plug-in for Becky! applying the S25R anti-spam system, developed by Mr. HONJO.

3 How to discard more than 90% of spam messages automatically using Becky!
(Japanese) My essay explaining how to apply the S25R anti-spam system to filtering using the mailer Becky!.

2 qmail Bad Remote Host patch Mr. HIROSHIMA Naoki has contributed a patch that enables qmail to activate the S25R anti-spam system.

1 Rgrey - S25R + greylisting
(Japanese) Mr. SATOH Kiyoshi has reported his system that combines the S25R anti-spam system's FQDN check rules with postgrey, which permits clients which retries against a response saying "try again later". His system can dissolve the side effects of both of the S25R anti-spam system and postgrey.

Update history

Jan 13, 2010
In the paper, revised comment lines in the "rejections" file so that the vi editor doesn't warn.

Dec 26, 2009
Revised the code of the rejection log sorting script. (The name of the variable "prev_rec" has been changed into "prev_triplet". The action of the script is the same.)

Dec 19, 2009
In the page of the rejection log sorting script, added the explanation about access mode configuration of the mail log files.

Nov 23, 2009
Updated the explanation of the Rule 0 in section 3.1 in the paper.

Nov 22, 2009
Published the page of "When your mail is blocked by S25R...".

Nov 15, 2009
Updated Q/A2-4 in the Q&A page so that it explains how to permit clients authenticated by the SMTP authentication.

Sep 06, 2009
Published the English translation of the slides for the lecture.

May 18, 2009
Removed "/\.vh\.plala\.or\.jp$/" out of the white list sample in the paper because they have been found to be unrelated with other than the plala.or.jp users.

Mar 22, 2009
Linked XMailCFG (for Windows).

Mar 15, 2009
Linked s25rtarpitgreylist of Kimagure PC hiroba (Whimsy PC plaza).

Mar 11, 2009
Revised the practical white list examples in the paper.

Feb 01, 2009
In the paper, revised Rule 1 to avoid trapping IPv6 addresses.

Mar 29, 2008
Improved the code of the rejection log sorting script. (Made it have a switch to suppress single access records; made it use the -k option of the sort command.)

Dec 02, 2007
Revised the practical white list examples in the paper.

Nov 24, 2007
In the page of the rejection log sorting script, revised the explanation for finding mistaken rejection against a legitimate mail server.

Sep 17, 2007
In the paper, changed the regular expressions part "adsl" in Rule 6 into "[achrsvx]?dsl".
In the paper, deleted the black list item "/^xdsl.+\.dialog\.net\.pl$/" because Rule 6 has been changed.

Aug 10, 2007
In the paper, revised the black list specification of the virtua.com.br domain in the configuration.

Aug 05, 2007
Improved the code of the rejection log sorting script. (It displays the estimated number of messages.)

Jul 27, 2007
In the paper, changed the configuration so that the former client restriction condition file is divided into a white list file and a rejection condition file.

Jul 25, 2007
In the paper, changed the configuration in order to return a more considerate message to mail relay servers without a reverse name.

Jul 21, 2007
Corrected the explanation about the generic protection rule 3 in the subsection 3.1 in the paper.

Jul 11, 2007
Removed the practical black list entry example of "zaq.ne.jp" domain in the configuration file (Appendix A.) in the paper because abuse mail doesn't come from that domain nowadays.

Jul 09, 2007
Added practical black list entry examples into the configuration file (Appendix A.) in the paper.

Jul 08, 2007
Added practical white list entry examples and practical black list entry examples into the configuration file (Appendix A.) in the paper.

Jun 10, 2007
Published the Q&A.

Jun 02, 2007
In the paper, changed the rejection messages in the configuration (Appendix A.) to avoid worrying good senders.
In the paper, deleted the explanation of an idea which is similar to the domain authentication because I don't think it is useful information.

May 13, 2007
Corrected words in the paper.

May 12, 2007
Downloading of the white list file has been enabled in the white list information page.

May 08, 2007
Corrected the rejection log sorting script. ("\" in the regular expression "[^\]]" is unnecessary, although it causes no problems.)

May 03, 2007
Corrected the regular expressions in the paper. ("\" in "[^\.] is unnecessary, although it causes no problems.)
Made mention of bots in the paper.
Supplemented the false positive rate in the paper.
Supplemented automatic whitelisting technology in the paper.

May 02, 2007
Linked Mr. KAWAMATA's MailUtl3.

Dec 07, 2006
Linked Mr. SATOH Kiyosi's taRgrey.

Jul 23, 2006
Published the S25R miscellaneous information blog.

Jul 09, 2006
Linked Mail Proof Keeper by Cyber System Research Institute.
Linked Mr. SATOH Kiyosi's Starpit.

Feb 06, 2006
Linked Mr. ITO Masahiko's smtp_wrapper.
Added No. 11 to the voices of the applyers.

Nov 23, 2005
Added No. 10 to the voices of the applyers.

Oct 08, 2005
Added No. 9 to the voices of the applyers.

Sep 07, 2005
Added No. 8 to the voices of the applyers.

Sep 01, 2005
Linked Mr. SATOH Kiyoshi's Qgrey.

Aug 06, 2005
Linked Mr. HONJO's Becky! S25R spam filter.

Aug 05, 2005
Linked my essay "How to discard more than 90% of spam messages automatically using Becky!".

Aug 04, 2005
Added No. 7 to the voices of the applyers.

Jul 31, 2005
Published the voices of the applyers (No. 1 to 6).

Jul 27, 2005
In the subsection 3.3 in the paper, supplemented explanation about the search order of client address conditions.

Jul 03, 2005
In the subsection 3.2 in the paper, made mention of rounding up hostnames which include a hexadecimal number.

Jun 28, 2005
Described the system name in the paper.
Added match rates of the check conditions into the statistics description in the paper.
Described the HELO command check file sample in the paper.
Correcting some explanations and words in the paper.

May 26, 2005
Improved the code of the rejection log sorting script. (It displays the number of messages tried to transfer.)

Apr 18, 2005
I named this anti-spam system "Selective SMTP Rejection (S25R)". (Mr. SATOH Kiyoshi counseled me to name it.)

Dec. 20, 2004
Revised the code of the rejection log sorting script. (The name of the variable "latest_month" has been changed into "max_month_num", which describes the accurate meaning. The action of the script is the same.)

Nov 23, 2004
Linked Mr. HIROSHIMA Naoki's qmail patch.

Oct 06, 2004
Linked Mr. SATOH Kiyoshi's report (Japanese).

Oct 01, 2004
Revised the rejection log sorting script.

Sep 20, 2004
Published the white list information.

Sep 13, 2004
Published the rejection log sorting script.
Linked the Business Communication magazine report (Japanese).

Jun 26, 2004
Published the paper.

home

Study Report of an Anti-spam System with a 99% Block Rate -- The Selective SMTP Rejection (S25R) System --	You can freely copy, distribute or reprint this paper unless you modify it. Please don't link the page shown left. When you want to introduce the paper, link this page, which has the same contents and alerts to the index page.
Introduction of the S25R anti-spam system (PDF)	Here is the English translation of the slides for the lecture. (written in Aug. 2009)
Mail server operation technology for blocking 99% of spam and virus mail (Japanese)	A magazine report in The Business Communication (Sep. 2004), a Japanese information technology magazine.
White list information	Here is information of legitimate mail servers which should be permitted with the white list so that they are not mistakenly rejected by the S25R anti-spam system.
Rejection log sorting script	Here is a shell script useful for finding out mail servers which are mistakenly rejected. You can freely copy it.
Voices of the applyers	Here are the voices of the mail system administrators who have applied the S25R anti-spam system.
Q&A	Here are answers for questions about the S25R anti-spam system.
S25R miscellaneous information blog (Japanese)	I write miscellaneous information about the S25R anti-spam system on my blog.
Author's contact address

12	XMailCFG (for Windows) (Japanese)	Software to configure and maintain XMail, a FINGER/SMTP/POP server which runs on UNIX and Windows. It can built in S25R to XMail.
11	s25rtarpitgreylist (Japanese)	Anti-spam software (written in Perl) applied for qmail, developed by the owner of Kimagure PC hiroba (Whimsy PC plaza). It applies the S25R system, tarpitting (response delay) and greylisting (retry request).
10	MailUtl3	A POP Proxy developed by Mr. KAWAMATA. It appends identification headers to a message which is judged probable spam based on the S25R system.
9	taRgrey - S25R + tarpitting + greylisting	Mr. SATOH Kiyoshi has developed an anti-spam system which consists of the combination of S25R, tarpitting (response delay) and greylisting (retry request).
8	Starpit (Japanese)	Mr. SATOH Kiyoshi has reported his new tarpitting (response delay) system. It can automatically turn spam away and receive legitimate mail by tarpitting against clients which match the S25R conditions.
7	Mail Proof Keeper (Japanese)	A mail security solution product by Cyber System Research Institute. It introduces the S25R anti-spam system.
6	smtp_wrapper (Japanese)	Mr. ITO Masahiko has offfered a daemon program which processes SMTP accesses in front of sendmail. It can cooperate with a filter script implementing the S25R anti-spam system.
5	Qgrey - S25R + qgreylist patch (Japanese)	Mr. SATOH Kiyoshi has offered a patch that applies the S25R anti-spam system to qgreylist (greylisting for qmail). It is the "qmail version" of his Rgrey.
4	Becky! S25R spam filter (Japanese)	A spam filter plug-in for Becky! applying the S25R anti-spam system, developed by Mr. HONJO.
3	How to discard more than 90% of spam messages automatically using Becky! (Japanese)	My essay explaining how to apply the S25R anti-spam system to filtering using the mailer Becky!.
2	qmail Bad Remote Host patch	Mr. HIROSHIMA Naoki has contributed a patch that enables qmail to activate the S25R anti-spam system.
1	Rgrey - S25R + greylisting (Japanese)	Mr. SATOH Kiyoshi has reported his system that combines the S25R anti-spam system's FQDN check rules with postgrey, which permits clients which retries against a response saying "try again later". His system can dissolve the side effects of both of the S25R anti-spam system and postgrey.

Jan 13, 2010	In the paper, revised comment lines in the "rejections" file so that the vi editor doesn't warn.
Dec 26, 2009	Revised the code of the rejection log sorting script. (The name of the variable "prev_rec" has been changed into "prev_triplet". The action of the script is the same.)
Dec 19, 2009	In the page of the rejection log sorting script, added the explanation about access mode configuration of the mail log files.
Nov 23, 2009	Updated the explanation of the Rule 0 in section 3.1 in the paper.
Nov 22, 2009	Published the page of "When your mail is blocked by S25R...".
Nov 15, 2009	Updated Q/A2-4 in the Q&A page so that it explains how to permit clients authenticated by the SMTP authentication.
Sep 06, 2009	Published the English translation of the slides for the lecture.
May 18, 2009	Removed "/\.vh\.plala\.or\.jp$/" out of the white list sample in the paper because they have been found to be unrelated with other than the plala.or.jp users.
Mar 22, 2009	Linked XMailCFG (for Windows).
Mar 15, 2009	Linked s25rtarpitgreylist of Kimagure PC hiroba (Whimsy PC plaza).
Mar 11, 2009	Revised the practical white list examples in the paper.
Feb 01, 2009	In the paper, revised Rule 1 to avoid trapping IPv6 addresses.
Mar 29, 2008	Improved the code of the rejection log sorting script. (Made it have a switch to suppress single access records; made it use the -k option of the sort command.)
Dec 02, 2007	Revised the practical white list examples in the paper.
Nov 24, 2007	In the page of the rejection log sorting script, revised the explanation for finding mistaken rejection against a legitimate mail server.
Sep 17, 2007	In the paper, changed the regular expressions part "adsl" in Rule 6 into "[achrsvx]?dsl". In the paper, deleted the black list item "/^xdsl.+\.dialog\.net\.pl$/" because Rule 6 has been changed.
Aug 10, 2007	In the paper, revised the black list specification of the virtua.com.br domain in the configuration.
Aug 05, 2007	Improved the code of the rejection log sorting script. (It displays the estimated number of messages.)
Jul 27, 2007	In the paper, changed the configuration so that the former client restriction condition file is divided into a white list file and a rejection condition file.
Jul 25, 2007	In the paper, changed the configuration in order to return a more considerate message to mail relay servers without a reverse name.
Jul 21, 2007	Corrected the explanation about the generic protection rule 3 in the subsection 3.1 in the paper.
Jul 11, 2007	Removed the practical black list entry example of "zaq.ne.jp" domain in the configuration file (Appendix A.) in the paper because abuse mail doesn't come from that domain nowadays.
Jul 09, 2007	Added practical black list entry examples into the configuration file (Appendix A.) in the paper.
Jul 08, 2007	Added practical white list entry examples and practical black list entry examples into the configuration file (Appendix A.) in the paper.
Jun 10, 2007	Published the Q&A.
Jun 02, 2007	In the paper, changed the rejection messages in the configuration (Appendix A.) to avoid worrying good senders. In the paper, deleted the explanation of an idea which is similar to the domain authentication because I don't think it is useful information.
May 13, 2007	Corrected words in the paper.
May 12, 2007	Downloading of the white list file has been enabled in the white list information page.
May 08, 2007	Corrected the rejection log sorting script. ("\" in the regular expression "[^\]]" is unnecessary, although it causes no problems.)
May 03, 2007	Corrected the regular expressions in the paper. ("\" in "[^\.] is unnecessary, although it causes no problems.) Made mention of bots in the paper. Supplemented the false positive rate in the paper. Supplemented automatic whitelisting technology in the paper.
May 02, 2007	Linked Mr. KAWAMATA's MailUtl3.
Dec 07, 2006	Linked Mr. SATOH Kiyosi's taRgrey.
Jul 23, 2006	Published the S25R miscellaneous information blog.
Jul 09, 2006	Linked Mail Proof Keeper by Cyber System Research Institute. Linked Mr. SATOH Kiyosi's Starpit.
Feb 06, 2006	Linked Mr. ITO Masahiko's smtp_wrapper. Added No. 11 to the voices of the applyers.
Nov 23, 2005	Added No. 10 to the voices of the applyers.
Oct 08, 2005	Added No. 9 to the voices of the applyers.
Sep 07, 2005	Added No. 8 to the voices of the applyers.
Sep 01, 2005	Linked Mr. SATOH Kiyoshi's Qgrey.
Aug 06, 2005	Linked Mr. HONJO's Becky! S25R spam filter.
Aug 05, 2005	Linked my essay "How to discard more than 90% of spam messages automatically using Becky!".
Aug 04, 2005	Added No. 7 to the voices of the applyers.
Jul 31, 2005	Published the voices of the applyers (No. 1 to 6).
Jul 27, 2005	In the subsection 3.3 in the paper, supplemented explanation about the search order of client address conditions.
Jul 03, 2005	In the subsection 3.2 in the paper, made mention of rounding up hostnames which include a hexadecimal number.
Jun 28, 2005	Described the system name in the paper. Added match rates of the check conditions into the statistics description in the paper. Described the HELO command check file sample in the paper. Correcting some explanations and words in the paper.
May 26, 2005	Improved the code of the rejection log sorting script. (It displays the number of messages tried to transfer.)
Apr 18, 2005	I named this anti-spam system "Selective SMTP Rejection (S25R)". (Mr. SATOH Kiyoshi counseled me to name it.)
Dec. 20, 2004	Revised the code of the rejection log sorting script. (The name of the variable "latest_month" has been changed into "max_month_num", which describes the accurate meaning. The action of the script is the same.)
Nov 23, 2004	Linked Mr. HIROSHIMA Naoki's qmail patch.
Oct 06, 2004	Linked Mr. SATOH Kiyoshi's report (Japanese).
Oct 01, 2004	Revised the rejection log sorting script.
Sep 20, 2004	Published the white list information.
Sep 13, 2004	Published the rejection log sorting script. Linked the Business Communication magazine report (Japanese).
Jun 26, 2004	Published the paper.