EIMS Filters

 

I recommend that when installing filters, you keep an eye on the error log to make sure they are not blocking legitimate mail. If you are using DNS blacklist type filters, it pays to monitor the web site for the list just in case they change domains, the list stops operating, or something else goes wrong. If a blacklist stops working, you may stop getting email.

If you need to edit a filter with ResEdit, you can download ResEdit from http://developer.apple.com/tools/legacy.html

Filters for EIMS 3.3 and later only

WARNING: Filters for EIMS 3.3 only are not compatible with earlier versions of EIMS. In particular, filters for OS 8/9 versions of EIMS 3.3 can cause older versions of EIMS to crash.

Email Archive filter

This filter forwards a copy of all messages received using SMTP (which includes outgoing messages from users) to an account named archive in the default domain. That account can then be accessed directly, forwarded to an alternative address, or the Inbox could be aliased to another IMAP account.

It is also possible to change the filter to send directly to a different address by editing the Info.plist file, but it is generally just simpler to create an account named archive in the default domain.

Click here to download EmailArchive Filter 1.2 for Mac OS X (Stuffit archive - 30K) New October 2007

Strict Sender Domain Filter

This filter does a comprehensive check of the domain of the sender (MAIL FROM). It checks the following things:

  • That the domain exists.
  • That there are MX or A records for the domain.
  • If there are MX records, at least one of those must resolve.
  • That the resulting IPs are not in the ranges 0.0.0.0/8, 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, and 224.0.0.0/4.
If a temporary error occurs looking up the domain of the sender a temporary (450) error is returned. This filter doesn't check mail from clients that use SMTP AUTH, or hosts Whitelisted in the SMTP Host List. If you were using a DNS Filter Exclusions file under EIMS 3.2, make sure you have imported it to the SMTP Host List. The checks this filter does can require a lot more DNS overhead than the Sender Domain Filter, which can cause extra load on name servers. The functionality in this filter is a superset of the Sender Domain Filter, so you should remove it if you are using this one, using them both will just cause unnecessary DNS overhead.
EIMS 3.2 users should use version 1.0 of the Strict Sender Domain Filter below.

Click here to download Strict Sender Domain Filter 1.1 for Mac OS 8/9 (Stuffit archive - 2K) New July 2007
Click here to download Strict Sender Domain Filter 1.1 for Mac OS X (Zip archive - 22K) New July 2007

Sender Domain Filter

This filter does a check to see if the domain of the sender (MAIL FROM) exists. If it doesn't exist, it is refused. If a temporary error occurs looking up the domain of the sender a temporary (450) error is returned. This filter doesn't check mail from clients that use SMTP AUTH, or hosts Whitelisted in the SMTP Host List. If you were using a DNS Filter Exclusions file under EIMS 3.2, make sure you have imported it to the SMTP Host List. As the Strict Sender Domain Filter is a superset of the functionality of this filter, you should not use them both, that will just cause unnecessary DNS overhead.
EIMS 3.2 users should use version 1.0.1 of the Sender Domain Filter below.

Click here to download Sender Domain Filter 1.1 for Mac OS 8/9 (Stuffit archive - 2K) New July 2007
Click here to download Sender Domain Filter 1.1 for Mac OS X (Stuffit archive - 22K) New July 2007

Attachment Filter

This filter blocks .BAT, .CMD, .COM, .CPL, .EXE, .LNK, .PIF, .SCR and .VBS files, as well as blocking base64 and uuencoded zip files that contain those types of files. This is a replacement for the older attachment filters. Other file types can be blocked by editing the STR# resource ID 129, it contains a list of file types to block.

Version 1.5.1 fixes a crashing bug in version 1.5.
Version 1.5 is a universal binary build for OS X, and logs to the Receive Error Log.
EIMS 3.2 users should use version 1.4.5 of the Attachment Filter below.

Click here to download Attachment Filter 1.5.1 for Mac OS 8/9 (Stuffit archive - 6K) New April 2007
Click here to download Attachment Filter 1.5.1 for Mac OS X (Stuffit archive - 29K) New April 2007

Archive filter

This filter stores a copy of all messages received using SMTP (which includes outgoing messages from users) and stores the copy in a folder called Archived Mail in the Mail Folder. The messages are stored in EIMS Save as Files format.

Click here to download Archive Filter 1.2 for Mac OS X (Stuffit archive - 30K) New March 2007

DNS blacklist filter

This is a generic DNS blacklist checking filter, you will need to use a resource editor to modify STR# resource ID 128 for your desired DNS blacklist. String 1 is the domain to check under, string 2 is what is logged in the error log, string 3 is the error returned to the sender, string 4 is a bitmask of returned IP values to block, and string 5 is logged in the error log when there is a lookup failure.

I neither use or endorse any DNS blacklists. If you choose to use any I strongly recommend you keep an eye on the EIMS error log for errors, and keep an eye on the web site for the blacklist to see what the status of it is. If a DNS blacklist closes down and you are still using it, that can result in all email to your server being refused.

I strongly recommend against using the NJABL dialup list and SORBS, as they use arbitrary non-standard criteria for determining dynamic IP addresses, often incorrectly list static IP addresses. I strongly recommend against using the Trend Micro MAPS DUL, their policy on listing IPs is vague, and they list static IP addresses.

In the past a copy of this filter pre-configured for ORDB has been available, ORDB has closed down so you should stop using it.

Version 1.5 is a universal binary build for OS X, and logs blocked hosts in the Receive Error Log. Version 1.5 no longer uses a DNS Filter Exclusions file, you should import your DNS Filter Exclusions list to the SMTP Host List as Whitelisted, and exclude any new hosts by Whitelisting them in the SMTP Host List.
EIMS 3.2 users should use version 1.4 of the DNS blacklist filter below.

Click here to download DNS Filter 1.5 for Mac OS 8/9 (Stuffit archive - 2K) New March 2007
Click here to download DNS Filter 1.5 for Mac OS X (Zip archive - 23K) New March 2007

Filters for EIMS 3.2 and later only

Strict Sender Domain Filter

This filter does a comprehensive check of the domain of the sender (MAIL FROM). It checks the following things:

  • That the domain exists.
  • That there are MX or A records for the domain.
  • If there are MX records, at least one of those must resolve.
  • That the resulting IPs are not in the ranges 0.0.0.0/8, 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, and 224.0.0.0/4.
If a temporary error occurs looking up the domain of the sender a temporary (450) error is returned. This filter doesn't check mail from IPs in the DNS Filter Exclusions file, or from clients that use SMTP AUTH. The checks this filter does can require a lot more DNS overhead than the Sender Domain Filter, which can cause extra load on name servers. The functionality in this filter is a superset of the Sender Domain Filter, so you should remove it if you are using this one, using them both will just cause unnecessary DNS overhead.

Click here to download Strict Sender Domain Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 5K) July 2006
Click here to download Strict Sender Domain Filter X 1.0 for Mac OS X (Stuffit archive - 3K) July 2006

Sender Domain Filter

This filter does a check to see if the domain of the sender (MAIL FROM) exists. If it doesn't exist, it is refused. If a temporary error occurs looking up the domain of the sender a temporary (450) error is returned. This filter doesn't check mail from IPs in the DNS Filter Exclusions file, or from clients that use SMTP AUTH. As the Strict Sender Domain Filter is a superset of the functionality of this filter, you should not use them both, that will just cause unnecessary DNS overhead.

Click here to download Sender Domain Filter 1.0.1 for Mac OS 7/8/9 (Stuffit archive - 5K) July 2005
Click here to download Sender Domain Filter X 1.0.1 for Mac OS X (Stuffit archive - 3K) July 2005

Short Host Filter 1.1

This blocks messages from anything that uses a SMTP HELO/EHLO name with no dot in it. This version does not check hosts that are allowed to relay in the Relay Security, or that use SMTP AUTH.

Click here to download Short Host Filter 1.1 for Mac OS 7/8/9 (Stuffit archive - 2K) July 2005
Click here to download Short Host Filter 1.1 for Mac OS X (Stuffit archive - 2K) July 2005

No Message-ID Filter

This filter will bounce any message that has no Message-ID and is not from a host that is allowed to relay or has used SMTP AUTH. This can be useful for blocking spam as often spammers leave out the Message-ID header to try and hide the origin of their messages. No legitimate sites should be sending messages without Message-ID headers as section 3.6.4 of RFC 2822 requires that messages SHOULD have a Message-ID header.

Click here to download No Message-ID Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 2K)
Click here to download No Message-ID Filter X 1.0 for Mac OS X (Stuffit archive - 1K)

Filters for EIMS 3.0 and later only

DNS blacklist filter

This is a generic DNS blacklist checking filter, you will need to use a resource editor to modify STR# resource ID 128 for your desired DNS blacklist. String 1 is the domain to check under, string 2 is what is logged in the error log, string 3 is the error returned to the sender, string 4 is a bitmask of returned IP values to block, and string 5 is logged in the error log when there is a lookup failure.

I neither use or endorse any DNS blacklists. If you choose to use any I strongly recommend you keep an eye on the EIMS error log for errors, and keep an eye on the web site for the blacklist to see what the status of it is. If a DNS blacklist closes down and you are still using it, that can result in all email to your server being bounced.

I strongly recommend against using the NJABL dialup list and SORBS, as they use arbitrary non-standard criteria for determining dynamic IP addresses, often incorrectly list static IP addresses. I strongly recommend against using the Trend Micro MAPS DUL, their policy on listing IPs is vague, and they list static IP addresses.

In the past a copy of this filter pre-configured for ORDB has been available, ORDB has closed down so you should stop using it.

Version 1.4 of the filter adds support for both unix and Mac style line endings in the DNS Filter Exclusions file, comments on the end of a line using a semicolon, and no longer requires a line break on the end of the last line.
Version 1.3 of the filter added support for not checking clients that use SMTP Authentication, which only works with EIMS 3.0 and later.
EIMS 2.2 users should use version 1.1 of a DNS blacklist filter that was included with their version of EIMS.

Click here to download DNS Filter 1.4 for Mac OS 7/8/9 (Stuffit archive - 4K) March 2005
Click here to download DNS Filter 1.4 for Mac OS X (Zip archive - 4K) March 2005

Attachment Filter

This filter blocks .BAT, .CMD, .COM, .CPL, .EXE, .LNK, .PIF, .SCR and .VBS files, as well as blocking base64 and uuencoded zip files that contain those types of files. This is a replacement for the older attachment filters. Other file types can be blocked by editing the STR# resource ID 129, it contains a list of file types to block.

Version 1.4.5 fixes a bug in the base64 file name decoding, adds quoted-printable file name decoding, and decoding of uuencoded zip files.
Version 1.4.4 fixes a bug in versions 1.4 to 1.4.3 where they where not always checking "filename" parameters of Content-Disposition headers.
Version 1.4.3 adds support for checking base64 encoded file names, and handles 0 length MIME boundaries.
Version 1.4.2 fixes a further bug in 1.4/1.4.1 where it was still blocking some legitimate .zip files.
Version 1.4.1 fixes a bug in 1.4 where it was blocking some legitimate .zip files. It also fixes errors logged for .rar files, and now truncates long file names in the middle rather than at the end.
Version 1.4 now checks all files in a zip attachment (not just the first one), blocks zip files containing zip files containing blocked file types, blocks attachments with names ending in .zip that are not zip files, has improved base64 decoding, and checks the first file of a .rar archive.
Version 1.3.3 fixed a crashing bug. Version 1.3.2 fixed a bug in zip file checking on 68k machines and also blocks .HTA files. Version 1.3.1 was the same as version 1.3 but also blocks .CPL files.

Click here to download Attachment Filter 1.4.5 for Mac OS 7/8/9 (Stuffit archive - 10K) New March 2005
Click here to download Attachment Filter X 1.4.5 for Mac OS X (Stuffit archive - 6K) New March 2005

Space Patrol Filter

This filter will bounce any message that contains more than 8 consecutive spaces in the message subject. It does not check spaces used to wrap the Subject header across multiple lines. This filter can be modified with ResEdit to check for any header containing any string.

Click here to download Space Patrol Filter 1.0.1 for Mac OS 7/8/9 (Stuffit archive - 3K) New February 2005
Click here to download Space Patrol Filter 1.0.1 for Mac OS X (Stuffit archive - 2K) New February 2005

Host Name & IP Filter

This filter checks the SMTP HELO/EHLO name against the one in the STR# resource, but excludes an IP address in the STR# resource. To configure it use ResEdit to change the first string in the STR# to the name you want to block, and the second string to the IP address you want to exclude. This filter returns a fake "user not known" response. This can be useful for blocking dictionary attacks that always use the same HELO/EHLO host name, and for blocking spam and viruses that use your servers IP address or name as the HELO/EHLO host name.

Click here to download Host Name & IP Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 3K) New August 2004
Click here to download Host Name & IP Filter X 1.0 for Mac OS X (Stuffit archive - 2K) New August 2004

Subject Starts with Filter

This filter is a generic header starts with subject filter. By default it is configured to block messages with a "Subject:" header starting with "Make $", but you can use ResEdit to change it to match any header starting with any string. This is an updated version of the Melissa Virus Filter series of filters, it supports OS X and you no longer need to enter the strings in uppercase.

Click here to download Subject Starts with "Make $" Filter 1.2 for Mac OS 7/8/9 (Stuffit archive - 3K) New August 2004
Click here to download Subject Starts with "Make $" Filter X 1.2 for Mac OS X (Stuffit archive - 2K) New August 2004

Bulk Mailer3 Filter

This is another filter that checks the headers of messages for the signature of a common bulk mailer program. It can be used in conjunction with the original Bulk Mailer filter, and Bulk Mailer2, as they all match different signatures.

Click here to download Bulk Mailer3 Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 3K) New January 2004
Click here to download Bulk Mailer3 Filter X 1.0 for Mac OS X (Stuffit archive - 2K) New January 2004

Bulk Mailer2 Filter

This is another filter that checks the headers of messages for the signature of a common bulk mailer program. It can be used in conjunction with the original Bulk Mailer filter, as they match different signatures. Version 1.0.1 fixes a bug that was causing some false positives.

Click here to download Bulk Mailer2 Filter 1.0.1 for Mac OS 7/8/9 (Stuffit archive - 3K) New November 2003
Click here to download Bulk Mailer2 Filter X 1.0.1 for Mac OS X (Stuffit archive - 2K) New November 2003

Route Address filter 1.0.1

This filter will bounce any recipient that has a % or ! in it, or starts with an @. This is useful if you are using EIMS as a firewall for a system that will relay route addresses. 1.0.1 includes the sender address in the error log, which only works with EIMS 3.0 and later, EIMS 2.2 users should use version 1.0b2.

Click here to download Route Address Filter 1.0.1 (Stuffit archive - 2K)

Filters for EIMS 2.2 and later

8bit Headers Filter

This filter blocks messages with unencoded 8bit characters in the headers. This filter is useful for blocking some Russian and Chinese spam.

Version 1.0.1 reports the header it encountered the first 8bit character in.

Click here to download 8bit Headers Filter 1.0.1 for Mac OS 7/8/9 (Stuffit archive - 2K) New December 2005
Click here to download 8bit Headers Filter 1.0.1 for Mac OS X (Stuffit archive - 2K) New December 2005

Recipient filter

This filter refuses any recipients specified with a "user not known" error. It is intended to be used on backup MXs to prevent the backup MX from receiving mail to bad addresses.

For this filter to work, you will need to open the Recipient Filter with ResEdit, and edit STR# resource ID 129 to contain the addresses you wish to block.

Click here to download Recipient Filter 1.0 for OS 7/8/9 (StuffIt archive - 2K) New May 2005
Click here to download Recipient Filter 1.0 for OS X (StuffIt archive - 2K) New May 2005

Spam trap filter

This filter bounces any messages that are being delivered to one or more spam trap addresses that you configure. No other recipients that the message is being delivered to will receive it either.

For this filter to work, you need to have one or more accounts in EIMS Admin that are to be the spam trap addresses. The account must be enabled, and I recommend not setting an size limit (once the spam trap filter is set up the account will never receive any mail anyway). You must then open the Spam Trap Filter and edit the STR# resource ID 129 to have the full addresses of the accounts. Typical use of a spam trap is to add the spam trap addresses as invisible links on your web pages. Spammers that harvest email addresses from your web page will also get the spam trap address, and if they send to legitimate addresses at the same time as the spam trap addresses neither will get the spam. You could also post the address to other places where addresses are harvested, such as usenet news.

Click here to download Spam Trap Filter 1.1 for OS 7/8/9 (StuffIt archive - 2K) New May 2005
Click here to download Spam Trap Filter 1.1 for OS X (StuffIt archive - 2K) New May 2005

Message-ID Filter

This filter blocks messages with Message-ID headers that do not have an @ in them and something after the @. These messages are not compliant with RFC 822/RFC 2822. Version 1.2 fixes a bug where messages that where truncated in the middle of the Message-ID header were not being blocked.

Click here to download Message-ID Filter 1.2 for Mac OS 7/8/9 and X (Stuffit archive - 2K) posted May 2004

Short Host Filter

This blocks messages from anything that uses a SMTP HELO/EHLO name with no dot in it. This works quite well against some viruses, but may block badly configured clients or servers.

Click here to download Short Host Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 2K) posted August 2003
Click here to download Short Host Filter 1.0 for Mac OS X (Stuffit archive - 2K) posted August 2003

HTML Comment Filter

This filter blocks messages that have more than a configurable number of HTML comments in them. By default this filter is configured to block messages with 30 or more HTML comments. It also has a second threshold for just logging messages, by default it logs any message with 2 or more HTML comments. The thresholds can be changed in the STR# resource.

Click here to download HTML Comment Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 5K) posted August 2003
Click here to download HTML Comment Filter X 1.0 for Mac OS X (Stuffit archive - 3K) posted August 2003

Host Syntax Filter

This filter checks the SMTP HELO/EHLO name to make sure it is compliant with relevant standards, and refuses mail from any host that isn't compliant. The relevant standards are section 3.5 of RFC 1034 (Internet Standard 13), section 2.1 of RFC 1123 (Internet Standard 3, which refers to RFC 952), section 4.1.2 of RFC 821 (Internet Standard 10) and sections 4.1.2 and 4.1.3 of RFC 2821. This filter will block hosts with underscores in their HELO/EHLO name, those hosts are not compliant with these standards. If you wish to allow mail from hosts with underscores, use the filter below.

Click here to download Host Syntax Filter 1.0.1 for Mac OS 7/8/9 (Stuffit archive - 2K) posted August 2003
Click here to download Host Syntax Filter 1.0.1 for Mac OS X (Stuffit archive - 2K) posted August 2003

Host Syntax (_) Filter

This filter is the same as the Host Syntax Filter, except it allows underscores. Underscores are treated the same as a hyphen, so are still not allowed at the start or end of a domain, or before or after a '.'.

Click here to download Host Syntax (_) Filter 1.0.1 for Mac OS 7/8/9 (Stuffit archive - 2K) New July 2005
Click here to download Host Syntax (_) Filter 1.0.1 for Mac OS X (Stuffit archive - 2K) New July 2005

Host Name Filter

This filter checks the SMTP HELO/EHLO name against the one in the STR# resource. This can be useful for blocking dictionary attacks that always use the same HELO/EHLO host name, and for blocking spam and viruses that use your servers IP address or name as the HELO/EHLO host name.

Click here to download Host Name Filter 1.0 for Mac OS 7/8/9 (Stuffit archive - 2K)
Click here to download Host Name Filter 1.0 for Mac OS X (Stuffit archive - 2K)

NUL and LF filter

This filter will bounce any message that has NUL characters in it, or stray LF characters. Stray LF characters are ones that are not part of a CRLF line break. This filter can be useful for preventing problems where clients stall downloading messages with NULs or stray LFs. This filter does not check messages sent with the SMTP BINARYMIME extension.

Click here to download NUL and LF Filter 1.0.2 (Stuffit archive - 2K)

Route Address filter 1.0b2

This filter will bounce any recipient that has a % or ! in it, or starts with an @. This is useful if you are using EIMS as a firewall for a system that will relay route addresses.

Click here to download Route Address Filter 1.0b2 (Stuffit archive - 2K)

Archive filter

This filter stores a copy of all messages received using SMTP (which includes outgoing messages from users) and stores the copy in a folder called Archived Mail in the Mail Folder. The messages are stored in EIMS Save as Files format.

Click here to download Archive Filter 1.0b1 for Mac OS 7/8/9 (Stuffit archive - 5K)
Click here to download Archive Filter 1.1a1 for Mac OS X (Stuffit archive - 3K) posted May 2004

Bulk Mailer Filter

This filter checks the headers of messages for the signature of a common bulk mailer program. At least it was common once, this filter is largely obsolete now.

Click here to download Bulk Mailer Filter 1.0 (Stuffit archive - 3K)

Attachment filters

These filters are basically obsoleted by the above Attachment Filter, although if you need a filter that will block a specific file extension without blocking it in zip files you could use one of these.

These filters will bounce any message that contains a file with a particular extension. These filters work well at blocking PC email viruses. This checks all MIME parts for a Content-Type header with a "name" parameter that ends with the extension or a Content-Disposition header with a "filename" parameter than ends with the extension. Version 1.1 also checks for uuencoded attachments. Version 1.2 also checks for unusual headers that Outlook and Outlook Express will interpret as being executables. The CLSID filter blocks attachments with names that end with a }.

Click here to download BAT Filter 1.2 (Stuffit archive - 6K)
Click here to download COM Filter 1.2 (Stuffit archive - 6K)
Click here to download EXE Filter 1.2 (Stuffit archive - 6K)
Click here to download HTM Filter 1.2 (Stuffit archive - 6K)
Click here to download LNK Filter 1.2 (Stuffit archive - 6K)
Click here to download PIF Filter 1.2 (Stuffit archive - 6K)
Click here to download SCR Filter 1.2 (Stuffit archive - 6K)
Click here to download VBS Filter 1.2 (Stuffit archive - 6K)
Click here to download CLSID Filter 1.2 (Stuffit archive - 6K)

VBS/Loveletter virus filter

This filter is largely obsolete, for blocking PC viruses the Attachment Filter is more effective. This filter is just a generic "header starts with string", it can be modified with ResEdit to check for any header starting with any string.

This filter will bounce any message with a Subject: header starting with "ILOVEYOU".

Click here to download VBS/Loveletter Virus Filter (Stuffit archive - 3K)

Melissa virus filter

This filter is largely obsolete, for blocking PC viruses the Attachment Filter is more effective. This filter is just a generic "header starts with string", it can be modified with ResEdit to check for any header starting with any string.

This filter will bounce any message with a Subject: header starting with "Important Message from". Version 1.1.1 fixes the filter to not be so strict about line ends.

Click here to download Melissa Virus Filter 1.1.1b1 (Stuffit archive - 3K)

Happy99 virus filter

This filter is largely obsolete, for blocking PC viruses the Attachment Filter is more effective. This filter is just a generic "header starts with string", it can be modified with ResEdit to check for any header starting with any string.

This filter will bounce any message with an X-Spanska: header starting with "yes". Version 1.1.1 fixes the filter to not be so strict about line ends.

Click here to download Happy99 Virus Filter 1.1.1b1 (Stuffit archive - 3K)

Papa virus filter

This filter is largely obsolete, for blocking PC viruses the Attachment Filter is more effective. This filter is just a generic "header starts with string", it can be modified with ResEdit to check for any header starting with any string.

This filter will bounce any message with an Subject: header starting with "Fwd: Workbook from all.net and Fred Cohen". Version 1.1.1 fixes the filter to not be so strict about line ends.

Click here to download Papa Virus Filter 1.1.1b1 (Stuffit archive - 3K)

Home

Questions?

Features

Demo

Support
  EIMS Quick Start
  Email client configuration
  EIMS 3.3 Documentation
  Relay Security
  OS 9 to OS X

Updates

EIMS mailing lists

Spam and virus filters



Last modified 28 October 2022. Copyright 1997-2022 Glenn Anderson.

Valid HTML 4.01!