This page describes the content checking and processing capabilities of M-Switch servers and describes capabilities unique to M-Switch SMTP variants as well as capabilities common to both SMTP and X.400 variants:

Header and Message Content Processing (SMTP only)

Internet messages are structured according to the MIME (Multipurpose Internet Message Extensions) Standard defined in RFC 2045. M-Switch has a mimeshaper channel that understands MIME format and can perform conversion on messages and components within messages.

Individual body parts can be converted from one to another using conversion filters. Typically this is used for converting a text body part from one character set to another. The necessary conversions are calculated when a message is first submitted and they may be re-evaluated when a message is 'exploded'.

It is often desirable to rewrite header information - in particular, to 'normalize' addresses by rewriting the address in some canonical form, rather than one of the multiple addresses that can be used to reach a specific recipient. Mimeshaper provides options for the normalization of Internet message headers. This capability can be used to provide a coherent view of addresses for local users, or to manage addresses to give an external view in a boundary messaging configuration.

Reputation Services (SMTP only)

Reputation services provide a mechanism for organizations originating messages to provide information that enables message recipients to verify that the message comes from its claimed source. Ideally, all email should make use of reputation services. In practice, reputation services can help differentiate in anti-spam checks, by making reputation information available as input to the anti-spam checks. M-Switch supports two reputation services.

DKIM

M-Switch provides DKIM (DomainKeys Identified Mail) signing of messages, to verify the originating domain and message integrity. This provides a digital signature across message content and selected message headers to provide secure reputation support, which can be used to help protect against phishing attacks and spam.

SPF

SPF (Sender Policy Framework) makes use of DNS (Domain Name Service) configured information. Setting up SPF is part of DNS configuration, independent of M-Switch. M-Switch can perform SPF checks on inbound messages. There are two approaches to handling:

  1. Reject messages at the SMTP server when SPF checks fail.
  2. Mark the message with a special header, which can be used in subsequent anti-spam checks.

Operationally, the second approach is usually more useful.

Anti-Virus (SMTP & X.400)

M-Switch provides anti-virus checks on some or all messages being handled, using third party anti-virus packages. The following anti-virus packages are supported:

  • Sophos, a commercial product that is optimized for this type of checking. This can be purchased directly from Sophos.
  • ClamAV is an open source anti-virus checker, that is specifically designed to target email-borne viruses and malware.

Setup of M-Switch to use the anti-virus package of your choice is straightforward.

What does M-Switch do to support Anti-Virus checking?

The basic function of M-Switch to handle viruses is very simple. It takes an inbound stream of SMTP messages, separates out the message content to hand to a virus checker, and then sends the messages onward by SMTP (once they have passed the virus check). M-Switch can be easily inserted into an SMTP message stream, to add anti-virus capability. The more detailed process is:

  • M-Switch has the concept of "channels" which perform specific functions on messages in the internal queue. A content checking channel drives the anti-virus capabilities which M-Switch uses. This is programmable, so different content checking channels may be invoked (by the same instance of M-Switch) with different parameters in different situation, or even with different virus checkers.
  • M-Switch can be configured to invoke the anti-virus checking on all messages, or on selected messages (e.g., "all inbound", "all outbound", "all messages from organization X", "all messages to user X").
  • M-Switch can control virus checking by size. In particular, virus checking can be skipped for very small messages (which are common and will be too small to carry a virus).
  • The virus checking can do various things on detecting a virus, including one or more of:
    • Sending a customizable message back to the sender
    • Sending a customizable message on to the intended recipient (example below)
    • Removing the infected body part, and then replacing it with another body part (typically one that says "there was a virus infected thing here")
    • If the virus checker can clean up the virus, the channel can replace the infected body part with a clean one
    • Generate a non-delivery report to the originator of the message
  • The virus checking audit logs all activity, which can be processed into management reports as needed.
  • Anti-virus statistics can be displayed in MConsole, when the audit database is used.
  • The virus channel has a framework which can be used with any virus checker that provides an API or command line interface. Integration is straightforward. While the virus checker is usually run on the same machine as M-Switch, it can also be set up to run remotely.