How it works

Once installed, the mail server will pass each message to mxGuard and it will scan the message to see if it contains a virus, worm or other exploit (configurable by mail server administrator).

If the message does contain a virus, worm or exploit, mxGuard will safely quarantine or delete the message (configurable by the mail server administrator).

All other messages are then passed to the native spam filter and optional 3rd party filters where a series of tests are performed to determine if the message is likely to be junk mail.  These tests are configurable by the mail server administrator.

If the message is determined to be junk mail, mxGuard can quarantine, delete or inject the message back into the mail server message queue for final delivery to the user.  As you would expect, this is configurable by the mail server administrator.

By default, mxGuard will simply mark the messages as spam and return them to the mail server message queue for delivery to the user.  This allows the user to respond accordingly using delivery rules provided by the mail server itself or with client side rules such as those found in MS-Outlook, Thunderbird, etc…

NOTE:  mxGuard gives you the ability to indicate how many relays (hops) back in the delivery chain to check. You may also exclude your own MX servers as well as trusted clients if you wish.

mxGuard includes the following “native” anti-spam tests:

AUTHENTICATED SENDER : Not really a test, this is more of a value added feature mainly for service providers and corporate mail servers. When a user sends mail through the server using SMTP AUTH, an X header will be added identifying the authenticated user. This information is useful to quickly identify and stop subscribers and/or internal users that are sending out spam.

DNSBL: The IP address of the delivering mail server(s) is checked against up to twenty (20) public spam blacklists of your choice. Finding the address on one or more of these lists will cause the test to fail.

HELO: The host identification provided by the delivering mail server is checked to make sure it is a legitimate host/domain. If not, the test will fail.

NULL SENDER: Using the envelope sender (Mail From) information, the sender address is checked to see if an empty or null address was provided. If so, this test will fail. Please note however, that legitimate e-mail from postmasters can contain a null sender field.

PTR: The IP address of the delivering mail server(s) is checked to see if a corresponding PTR record (aka reverse DNS lookup) is found. If not, the test will fail.

SENDER: Using the envelope sender (Mail From) information, the domain name of the sender is checked for the existence of an ‘MX’ or an ‘A’ record. If neither exist, or if the domain name is not valid, this test will fail.

CUSTOM IP BLACKLISTS: The IP address of the delivering mail server(s) is checked against your own configurable black lists. Finding the address on one or more of these lists will cause the test to fail.

CUSTOM HELO BLACKLISTS: The host identification provided by the delivering mail server(s) is checked against your own configurable black list. Finding the hostname in this list will cause the test to fail.

And more…

Built-in hooks to these third party anti-spam tools:

The advanced pattern matching and artificial intelligence technologies from ARM Research Labs. Truly a leader in the anti-spam fight, their program, Message Sniffer, applies thousands of heuristic tests to each incoming message in just a fraction of a second.

 

Invariant Systems URI Lookup Tool – This tool is used to identify junk mail by extracting URI’s (domain names in links) from emails and checking them against URI based blacklists. invURIBL extends basic URI checking functionality by incorporating features that will allow you to check the URI’s IP address and name servers against DNS based blacklists.

 

Built-in hooks to these third party anti-virus tools:

A GPL virus scanner capable of detecting more than 20,000 viruses, worms, and trojans. ClamAV is open source software (i.e. no charge). Most importantly, the virus definitions are kept up to date.

 

A low cost, high quality virus scanner capable of detecting more than 113,805 viruses, worms, and trojans. F-Prot for Windows is an excellent choice due to it’s low cost, ease of installation and up to date virus definitions.

 

A moderately priced, high quality virus scanner capable of detecting more than 89,119 viruses, worms, and trojans. McAfee products are proven leaders in the commercial market. Virus definitions are kept up to date.

 

And just about any other command line Anti-virus scanner by using our free ‘user defined AV’ options!