After a mail delivery connection is made and the message is accepted for local delivery (relayed mail isn’t screened), the Mail server can screen it before delivery. OS X Server can analyze the text of a message, and give it a probability rating for being junk mail. The Mail server can reject mail from other mail servers that are considered blacklisted. You can have Mail service scan incoming messages for junk mail and viruses.
Virus filtering
The Mail server uses ClamAV (www.clamav.net) to scan mail messages for viruses. Messages suspected of containing viruses aren’t delivered but are stored on the server in the /var/virusmails/ folder, and a notice is sent to the email address designated for alert messages in the Information pane of the Server app. The server periodically deletes the mail in the /var/virusmails/ folder.
Blacklist filtering
Your server’s Mail service can reject mail from other mail servers that are blacklisted as open relays by a blacklist server. Your Mail service uses the blacklist server operated by The Spamhaus Project (www.spamhaus.org). You can specify a different blacklist server. Blacklist servers are also known as Real-time Blacklist (RBL) servers or black-hole servers.
Blocking unsolicited mail from blacklisted senders might not be completely accurate. Sometimes it prevents receiving valid mail from mail servers that are configured incorrectly.
Greylist filtering
Greylist filtering is enabled by default when Mail service is turned on. With greylist filtering, Mail service records the IP address of the server sending the message, the email address of the sender, and the recipient’s email address into a local database. The first time a particular combination of these three attributes is recorded, Mail service then rejects the message with a temporary error and logs this into mail.log. For the next 60 seconds, any other messages sent with the same attributes are also rejected. If the same message is sent again after 60 seconds, it’s accepted for delivery.
This works because legitimate SMTP servers, upon receipt of the temporary error, will requeue the message and try to deliver the message at a later time. Junk mail servers rarely follow this requirement. This means that the first time a particular set of those three attributes is used the message will be delayed until the sending server resends the message, but the message will go through eventually. Subsequent messages are delivered immediately.
The virus definitions are kept up to date using a process called freshclam, which gets updated definitions from the Internet.
Junk mail filtering
The Mail server uses SpamAssassin (spamassassin.apache.org) to analyze the text of a message and score the probability of it being junk mail. Each message is analyzed and word frequency statistics are saved. Mail messages that contain a higher number of words found in junk mail receive a higher score for probably being junk mail. Messages suspected of being junk mail are marked ***JUNK MAIL*** and delivered. The recipient can decide if a message is really junk mail and deal with it accordingly.
OS X Server lets you set the tolerance of the filtering, as follows:
Aggressive | The junk mail filter tolerates few signs of being junk mail. |
Moderate | The junk mail filter tolerates some signs of being junk mail. |
Cautious | The junk mail filter marks an incoming message as junk mail only if it contains many signs of being junk mail. |