Mailing scanner (Mail IN)

E-Mail handling at the central incoming mail servers of HTW Dresden

The incoming mail servers of the HTW accept e-mails for the domain htw-dresden.de including all subdomains listed in the DNS and forward them to the recipient, as far as the e-mails are not treated differently by subsequent additions.

1.) Rejection of e-mails from incorrectly configured mail servers
The HTW incoming mail servers no longer accept emails from clients that do not send an RFC 5321 compliant HELO / EHLO request. Mails from clients whose name sent in "HELO" can not be resolved to an IP address in an RFC-compliant manner will be rejected with a corresponding error message. The same applies to mail servers where the resolution from IP address to host name and the "backward resolution" from host name to IP address do not match. This may cause in certain circumstance that also "correct" e-mails of incorrectly configured sending mail servers are rejected by our mail servers.

The above limitations only affect clients outside the HTW. Mails from computers within the address range of the HTW will continue to be accepted as before.

2.) Greylisting
Since July 2007, the greylisting is used on the incoming mail servers of the HTW. The term Greylisting (brit.) / Graylisting (USA) refers to a form of spam control for e-mails, in which the first e-mail from unknown senders is temporarily rejected and only accepted after a second delivery attempt.

Functionality:

The SMTP-Server has to know the following three data before it can receive an e-mail:

  1. IP address of the sending mail server
  2. e-mail address of the e-mail sender
  3. e-mail address of the e-mail recipient

If an e-mail with this combination of addresses has never been received within a 30-day period, then the delivery attempt is blocked by the SMTP server with a message that a temporary error has occurred, and the SMTP client should try the delivery later. The next attempt to deliver an e-mail with the same combination of data (which a regular and RFC-compliant configured SMTP server should definitely do after a configurable time interval), that e-mail will be accepted. Whether and when a new delivery attempt will be made depends solely on the sender. The sending mail server (not the sender of the email itself !!!) will be informed in each case by a corresponding message about the delayed acceptance.

3.) Virus, worms and trojans
In principle, on the incoming mail servers of the HTW all incoming e-mails are automatically checked for any existing malware. E-mails in which the used antivirus software detects viruses, etc. will not be sent to the recipient and will automatically be deleted. The recipients won't get a notification about this. Due to the usually fake sender address, the sender won't be informed as well.

4.) E-mails with "suspicious" attachments
Emails with attachments containing executable files (including * .exe, * .vbs, * .pif, * .scr, * .bat, * .cmd, * .com, * .cpl, * .dll), or others have suspicious characteristics (double indexing, such as xyz.doc.pdf, very long filenames with sometimes many spaces or special characters) are retained and cached in quarantine folders. Archive files (* zip, * .rar, etc.) containing executable files (see above) are also cached in quarantine folders. Since the verification of emails is contextual, attempts to circumvent the function of the mail scanner by renaming the files, do not lead to success.

The recipient and the sender of the e-mail will be informed accordingly. Upon request, the e-mail including attachments will be made available to the recipient. After four weeks from the arrival of the e-mail, it will be deleted on the following month end without any further information.

5.) Spam treatment and labeling
On the incoming mail servers of the HTW, in addition to virus detection, all incoming e-mails are also checked for spam criteria and, if present, marked accordingly. Depending on the level of the so-called spam score (amount of spam probability), these emails are treated differently:

  • a) Spam-Score = / > 1: The e-mail is marked in a header line with a number of "s" corresponding to the height of the spam score.
  • b) Spam-Score > 5: The subject of the e-mail is rewritten, the original text is preceded by a {spam?}.

Insofar as spam classified e-mails do not meet any of the criteria listed under 3.) and/or 4.), they will be sent to the recipient. Any filtering and deletion of spam emails which may be required must be carried out by the user himself. E-mails which meet the criteria of points 3.) and/or 4.) in addition to the spam criteria are treated in accordance with the procedures specified therein and will not be delivered.