User guide
Table Of Contents
5
is the Greylisting technique (disabled by default). The
technique relies on the RFC 821 specification, which states
that since SMTP is considered an unreliable transport,
every message transfer agent (MTA) should repeatedly
attempt to deliver an email after encountering a
temporary delivery failure. A substantial part of spam
consists of one-time deliveries (using specialized tools) to
a bulk list of email addresses generated automatically. A
server employing Greylisting calculates a control value
(hash) for the envelope sender address, the envelope
recipient address and the IP address of the sending MTA.
If the server cannot find the control value for the triplet
within its own database, it refuses to accept the message,
returning a temporary failure code (temporary failure, for
example, 451). A legitimate server will attempt a
redelivery of the message after a variable time period. The
triplet’s control value will be stored in the database of
verified connections on the second attempt, allowing any
email with relevant characteristics to be delivered from
then on.
1.3.3 Application of user-defined rules
Protection based on user-defined rules is available for
scanning with both the VSAPI and the transport agent.
You can use the ESET Mail Security user interface to
create individual rules that may also be combined. If one
rule uses multiple conditions, the conditions will be linked
using the logical operator AND. Consequently, the rule
will be executed only if all its conditions are fullfilled. If
multiple rules are created, the logical operator OR will be
applied, meaning the program will run the first rule for
which the conditions are met.
In the scanning sequence, the first technique used is
greylisting - if it is enabled. Consequent procedures will
always execute the following techniques: protection
based on user-defined rules, followed by an antivirus
scan and, lastly, an antispam scan.