Wednesday, February 7, 2007

Review on How Lotus Domino 7 blocking SPAM

Lotus Domino 7 is already release almost a year ago, but I still using
Lotus Domino 6.54FP1 as my Domino server, and client mostly Notes client
6.53. I don't see any thing necessary for me to upgrade it immediately.
Maybe for me is better to wait until version 7 get older enough and stable
enough. But that my personal opinion.

But still, I'm very interested with version 7, because soon or later I WILL
upgraded my current servers and clients to version 7. Before I do, I need
to start to do some reading about version 7.

I download IBM Red Book called Security Consideration in Lotus Notes and
Domino 7: Making Great Security to Implement, very interesting guide. For
me, security and stability is number one.

Because mostly I interested with SPAM, I quickly jumped to Chapter 8, where
it discuss about Spam control using Domino 7 and go directly to section 8.5
Blocking Spam. Skip the others.

New Features:


DNS Whitelist (DNSWL)
It works similar with DNS Black List, but instead of rejecting the email,
DNSWL make sure that the emails will be accepted. I believe DNSWL take
precedence again DNSBL. So if emails it listed in DNSWL, Domino should not
make any necessary query on DNSBL server.
I'm not sure if this feature is already becoming the standard in MTA. I
think there are not so many MTA that already have this feature installed.
I know that there is hack for sendmail to enable this feature, but not
built in.

Private Whitelist Filters
With Private Whitelist Filters you can specify witch host (or IP address)
that should listed as friendly. So emails from these hosts should be
accepted. You can also use an asterisk in this filters, so *.yahoo.com
should works. Private Whitelist filter take precedence over Private
Blacklist Filters

Private Blacklist Filters
This the opposite of Private Whitelist Filters. Emails from these hosts
should be rejected or at least tagged for further processing.

For supporting these new features, Domino also have new conditions and
action in Server Rules and Mail Rules. But this conditions and actions
should be available as soon as domino start using DNSBL.

New conditions:
Blacklist tag
Whitelist tag

New Action:
Stop Processing further rules.

This new conditions and action make us easy to handle spam, before this we
have to create agents to check is the message is tagged or not.

Simple new mail rules should be:
When Blacklist tag contains sbl.spamhaus.org then move to folder
($JunkMail)

Summary:
With these new features in Domino 7, and promises that IBM will start using
the bayesian spam filter (where many other MTA already using this long long
time ago) I think Domino going to go to the right direction for war against
spam.
But this current features still not enough, at least for me.
Big problem is there is no scoring method the way that spamassassin use.
Where the higher the score, the higher the possibilities for the email for
being spam. With scoring method we can define spam as low spam emails and
high spam emails. Where for low spam emails I usually still relay the
emails but to the junk folder so later the user still able to review the
email in case of false positive, and for high spam emails will be deleted
in the server.

I think I still keep my third party anti spam (MailScanner).

0 comments:

Template Designed by Douglas Bowman - Updated to Beta by: Blogger Team
Modified for 3-Column Layout by Hoctro