There are some very useful features in Mercury/32 v4.01a, which makes it worthwhile to take the trouble to upgrade from its previous version.
If you are upgrading from a live server, it is recommended to stop all of Mercury\'s services before you proceed with the upgrading. It is also recommended to restart the server once the upgrading is done. We encountered POP3 server time out on clients when we did not restart the first time round.
Improvement to Mercury\'s SMTP Server module
SMTP Server of Mercury32\'s version4 introduces transactional level filtering. Does Exchange have this feature? Probably not but then again I haven\'t played around it enough to find out.
This filtering is done primarily on the connecting client\'s HELO or EHLO greetings, Subject and RCPT command. (H, S, R)
Filtering on the HELO command is essential with the increase in the number of SPAM that are sent using dialup and broadband link that connects directly to mail servers to dump their junks.
Sifting out all dialup and broadband IP addresses worldwide with a DNS blacklist may be a better solution but there are just too many corporate mail servers at this moment that are using DSL links to host their mail servers thus causing a large amount of false positives.
Our filtering on HELO is done mainly on connecting client that issues our IP addresses as part of the HELO command. This is a sure giveaway that message is SPAM since only the spammer\'s software is configured that way.
The other filtering that we do is on connecting client that has our domain name as part of the HELO command. These are normally virus-infected machines that are attempting to propagate the viruses without the user knowing.
We also do filtering on any connecting client that has "dsl", "dial", "client" since it is mostly spammers that connects and uses their dialup or DSL reverse-DNS name in the HELO command.
To set the filters, select Configuration, Mercury SMTP Server and click on the Compliance tab. Click Edit beside the Filter file option and make the necessary changes.
Some examples as follows: (Note the * on the beginning and the end of expression to filter, it won\'t work with just one *)
H, "*220.255.*", BS, "554 rejected" As example above, if you run from a dynamic IP address, it would be more effective to select the whole block of addresses. As this filter is set for the HELO portion of the mail delivery transmission, it should only affect those mail servers in your IP range that uses IP address in the HELO respond. (Who would ? Other than the spammers\' software)
H, "*netdummy.net*", BS, "554 resend" H, "*plpa.com.sg*", BS, "554 resend" Putting domain name in the filter prevents some of the more recent viruses.
We have no luck getting the filter to work if there are any space within the two asterisks, so it is best not to leave space although it is not documented. There seems to be also a length limitation, any expression longer than 30 characters seems to cause false positives.
The subject filter (S) although not obvious, is a very powerful feature that will drop spammers cold if any text that you are filtering is found within it. (eg. "*nis*enlar*", "*v*agr*", etc' since even mispelling may not get pass it.
Similiar method can be applied for the recipient filter. I particular like filtering spammers that try to act smart and put the RCPT TO: as "RCPT TO: ilim " which actually may mean Ian Lim, Ivan Lim or something else. Friends wouldn\'t be addressing him as ILIM. Thus the filter "*ilim*ilim*" works like a charm on R filter.
In case you want to filter out whatever text not found instead for the HELO, RCPT To SUBJECT filtering process, just add an addition N as the third alphabet. For example, I like to reject HELO command that is not FQDN, ie without a dot at all, I would add H, "*.*", DSN, "".
There many other creative ways to make use of these filters and this is one of the most useful improvement in Mercury 4. You may come up with many innovative method for cleaning out spam for your users. If you do, please do let us know, so that we can put it here so that all future Mercury mail admins will have an easier time dealing with viruses, spams and other issues.
As for the rejection message, spammers are criminals proven to be involved in ebay phishing, spreading of viruses and stealing of your credit card or bank information, so there is no need to be kind to them. I put the reject message such as "No space on server for SPAM" and also "No ebay tricksters pls.".
To stop ebay phishing, you can set a sender kill file in Mercury SMTP Server, General option with a file like "c:mercuryan.txt" (remember to include the full path) with the following;