Front Door Rejector
Often email servers come under attack generating from hundreds of IP addresses on the Internet. A high volume of emails in a short span can bring any email server to its knees. Front Door Rejector (FDR) is a mechanism to block emails coming before the message is sent for normal filtering.Warning
Use Front Door Rejector as a last resort and only when you are under an attack. We also recommend removing these filters as soon as possible once you think the attack is over.There are three types of filters:
- IP Based
- Sender/Recipient
- Content
Prerequisites
- You must use build 6000 or above.
- You must use the regular SMTP server. Front Door Rejector will NOT work with the proxy server. If you are using the proxy server, please see this page on how to switch from proxy to regular.
Done by adding
AttackerIP.txt in $INSTALL_DIR\config folder. It holds one IP per
line causing Xeams to reject emails from this IP address
Done by adding
CustomRejection.dat file in $INSTALL_DIR\config folder . This file
contains one rule per line. Each rule contains two tokens separated by three $ signs. The first token is for
sender's email and second is for recipient. The phrase ALL signifies every sender or recipient. Regular expressions are accepted. For example:
[\S]*\.top$$$ALLThe above example will reject senders containing *.top as their top-level-domain and the rule applies to EVERY recipient.
Sample File
# This file can be used to reject emails from certain senders or to certain recipients. # Email rejected due to this file will NOT appear in Xeam's Admin Console and you will never # if a legitimate sender gets blocked. # # It contains two tokens in each line separate by three $ signs. # The first token is for sender's email address and the second token is for recipient. # You can either specify a complete email address, a regular expression or the phrase ALL that signifies EVERY sender or recipients. # For example: # [\S]*\.top$$$ALL # # will reject senders containing *.top as their top-level-domain and the rule will apply to EVERY recipient. # # Similarly, # spammerTwo@nono.com$$$validuser@yourdomain.com # will reject emails from spammertwo@nono.com if the recipient is validuser@yourdomain.com # # [\S]*\.top$$$ALL spammer@nono.com$$$ALL spammerTwo@nono.com$$$validuser@yourdomain.com ALL$$$invaliduser@yourdomain.com [\S]*@spammerdomain\.com$$$ALL
- Locate the
configfolder, which is a sub-folder in the $INSTALL_DIR. A typical path on Windows isC:\Xeams\configand is/opt/Xeams/configon Linux. - Create a new text file called
FrontDoorRejector.txt - Each line in this file is used as a search phrase for incoming emails. For example, if you're getting
thousands of messages containing Russian Bride in the body, enter the following line:
russian bride
- Save the file. The system will read this file every 10 minutes and therefore, modifications to the file does not require a restart.
Logging
Although emails rejected using this mechanism will not be seen through the web interface, you can use the following method to create a log file.- Locate
$INSTALL_DIR\logconfig.xmland open it up in any editor, such as Notepad. - Add the following two sections in the file
<!-- Pasted this section where other appenders are located, usually towards the top --> <appender name="FRONTDOOR" class="org.apache.log4j.RollingFileAppender"> <param name="File" value="logs/FrontDoor.log" /> <param name="Append" value="true" /> <param name="MaxFileSize" value="5MB" /> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%d %-5p %c{2} - %m%n"/> </layout> </appender> <!-- The following section goes where you see category nodes, towards the end of the file --> <category name="FrontDoorRejector" additivity="false"> <priority value="DEBUG" /> <appender-ref ref="FRONTDOOR"/> </category>
- Save the file and restart Xeams.