Introduction | Documentation | News | Download | Feedback and Support | Project Information
Fluffy the SMTPGuardDog - spam and virus filter for any SMTP server
Hosted by 
You can download the latest online help file from the project summary page. This is included in the full installation download.
You use Fluffy the SMTPGuardDog as a gateway (proxy) between the Internet and your existing SMTP server. Fluffy will check incoming mail connections in an attempt to filter out spam.
Capabilities
- You can accept or reject all connections from a particular IP address/range or (wildcarded) domain name
- You can set up 'spam traps' of invalid email addresses (if you accept email for a domain) and then reject all email from sources that try to send to those 'spam trap' addresses
- You can choose from a list of real-time IP spam blacklists (DNSBL) to use to reject incoming spam, with customised rejection messages.
- You can map from a (wildcarded) address to another
Features
- Messages from a new source (ie not recently seen) are delayed. This immediately cuts down on spam because spam software usually doesn't retry. It also means there is time for the spammer to be shut down or listed in a DNSBL. Fluffy can also review the intended recipient list for matches against the 'spam trap' list.
- All rejected email generates a message sent back to the sender. Messages are not simply 'binned' or sent to a junk mail folder which requires your manual review. If a genuine correspondent is blocked they will immediately be told why and can contact you by some other means. This is also a service to them - it warns them that they may have other messages being blocked (without any notification)
- A full log file is kept, and you can view the log file in a scrolling window
- DNSBL performance is monitored and queries are run in a priority order against the systems that provide the highest spam detection rate in the shortest amount of time
Fluffy is for Windows 95 or later. You must have an existing SMTP server that actually stores/delivers mail to individual mailboxes. This SMTP server can be running on the same computer as Fluffy (and thus run under Windows, eg VPOP3) or it can be running on any other computer system (and so need not be running under Windows). If you are running Windows 95 you need Internet Explorer version 4 or later (the current version is 5.5).
The program will run on slow hardware. My system is running under Windows 95 on a 233 MHz Pentium machine on a 128k/128k ADSL connection. It has handled 1500 x 30k messages over a period of 10 minutes without a fault. It rejects over 1200 spam messages coming in per day.
- I have users connecting from outside my local network, authenticating by POP lookup, but then getting caught in the Spam Trap when sending valid outbound mail. How can I stop this from happening?
New in version 0.4 on the Local Email tab you can list the domain names you accept (or specfic email addresses if you prefer), and choose the SMTP authentication option. Anyone who connects to Fluffy to send email from a domain or email address that matches will be considerd a local network user and spam trap tests will not apply.
- SpamCop thinks my machine is the spammer when I report spam that has got past Fluffy. What's wrong?
This arises when Fluffy is running on a computer with a public internet IP address (ie not a private network address such as 192.168.x.x) server and the computer doesn't have a valid name that corresponds to the domain that is receving the email. The solution is to change your computer name to be a domain name that on reverse IP lookup, correspond with your IP address name, where that IP address is the target of incoming email. In other words, make sure your network is correctly configured to be on the internet, if you are using public internet addresses.
Ask a question.
Download and unzip the latest version and then run setup.exe. Then set Fluffy to run on startup.
Now we need to configure the SMTP server
You have an existing SMTP server that listens on port 25 (standard) for incoming mail connections. We need to have Fluffy listen for incoming mail and redirect genuine email to the existing SMTP server. There are a variety of ways to achieve that which makes this section appear more complicated than it really is. We'll present a simple case for running Fluffy and the VPOP3 mailserver on the same computer, and then go into detail for alternatives.
But first an important word on open relaying. An open relay is when your computer is set up to deliver email from anyone to anyone. This is often used for sending spam. It is something you want to avoid, especially if you pay for your bandwidth. Some SMTP servers will validate email based on IP address. This will not work with Fluffy because all email will appear to be coming from the computer running Fluffy (ie a local machine).
The preferred method is for SMTP Authentication provided that you do not require SMTP authentication for local (internal) email. Your email software must support SMTP authentication to use this option, and you need to turn it on in your email software. For example, in Outlook, choose email accounts and on the Servers tab choose My server requires authentication under outgoing email server. If VPOP3 is your SMTP server you change the settings under Services (formerly Local Servers), and enable Require SMTP Authentication and also Do not require SMTP authentication for internal/incoming mail.
If your mail software or SMTP server does not support SMTP authentication in this way, you should validate by the the From: address rather than by IP address. In VPOP3 settings, you do this by clicking on the the SMTP link (formerly Configure button), and selecting SMTP Anti-Relay Protection as Check From: Address. You should make sure Don't allow addresses with '%' in their address is enabled. This introduces another problem - what if a spammer fakes your From: address to try and use your SMTP server to send email? Fluffy will detect such attempts and prevent external (outside your network) connections from using an internal From: address as the sender of the email. If you are running a very sophisticated operation with validated relaying for some users, or just want to talk about your options for using Fluffy then you can email me or start a public discussion. Basically you can achieve what you want very simply, but you can probably work that out for yourself.
Ok, on to setting things up.
Simple case of Fluffy and an SMTP Server (eg VPOP3) running on the same computer
The simplest approach is to run Fluffy on port 25 (the default) and change your SMTP server to listen on a different port. For VPOP3 you change the settings under Services (formerly Local Servers), and set the SMTP server to use port 26.
Fluffy and SMTP Server running on a different computer
In this case you could run both Fluffy and your SMTP server on port 25. The trick is to set this up so that incoming (Internet) traffic talks to Fluffy rather than your SMTP server. It doesn't matter which system your local mail clients talk to.
To direct connections to Fluffy you'd do so as you did for your SMTP server. For example, if you are using a NAT you'd forward port 25 connections to the IP address of the computer running Fluffy. Or if your mail server is listed in a DNS record you could change the MX (or A if you don't use MX) record for your domain to point to the IP address of the computer running Fluffy. Or you could swap the IP addresses of the computers running Fluffy and your SMTP server. Again, this may sound complicated, but that's because you have a choice of options, some of which you may never have heard of. Just ignore the ones you don't know anything about. If you need more help with this, you can email me or start a public discussion.
Not running Fluffy on port 25
You can run Fluffy on any port (eg 26) which means your SMTP server could continue to run on port 25 (on the same computer or a different one). Internet mail connections expect to talk to port 25 so in this case you'd need to use NAT or port forwarding to direct incoming (Internet) traffic to Fluffy. If you need more help with this, you can email me or start a public discussion.
Other options
There are other combinations to make Fluffy work. If you are interested in doing this, you probably have the skills to set it up. If you need help with this, you can email me or start a public discussion.
For local mail clients you don't need to change their settings. If Fluffy is listening on port 25 then you can still connect to port 25 as a default. If you are running your Fluffy on port 26 (for example) you can choose to redirect your mail clients to use port 26.
Multiple SMTP Servers
If you run multiple SMTP servers on different IP addresses (a secondary MX record) then be aware that spammers will often send to all MX entries rather than just the first. And if a spammer is rejected by Fluffy on your first SMTP server, a spammer will try your secondary server. In summary, you need a consistent filter on each SMTP server you are running. Otherwise one SMTP server will block it, but the next will accept it. One answer is to also run Fluffy for each SMTP server you have.
When you first run Fluffy you will be taken to the Fluffy Training Centre screen. Once Fluffy is running you can access the Training Centre by double clicking on the three-headed Fluffy dog icon on the notification area (system tray), and then clicking on the Configure button.
When you first run Fluffy you will be prompted to use the default DNSBL servers, default Spam Trap address list, and default Black/White lists. If you choose to use any of these, you should then edit them for your own use.
Language tab
Here you can choose the language used by Fluffy. Click on Apply to make the change immediately, before choosing other configuration options. Only United Kingdom English (the default) is currently available.
Addresses and Ports tab
Here you can set the address and port of your SMTP server, and the port address that Fluffy should listen on. You can test that these connections are working.
Connections tab
Here you can set:
- the size of the connection cache
- the duration of blacklisting sources that trigger a spam trap
- how long to delay accepting mail from a new connecting source
- how long before we consider a connecting source to be 'new' again
Local Network tab
Here you can configure which IP addresses are part of your local network (and are allowed to send emails to external email addresses). All IP addresses are considered external unless explicitly designated as part of your local network. Click on the Add your detected IP button to try and autodetect your network settings.
DNSBL tab
Here you can configure which IP spam blacklists (DNSBL) you wish to use.
Each entry consist of the address of the DNSBL, an optional message used to reject messages listed in the DNSBL, and an optional list of response codes that are not used to reject email. The message can include %%IP%%, in which case the originating, black-listed IP address will be included in the rejection message.
You can choose not to enabled a DNSBL, in which case it remains in the list but is not used.
DNSBL Speed
Here you can test the responses given, and time taken, for your selected DNSBL servers. You can choose the IP address to test. This screen also lists the historic performance of your chosen DNSBL servers, reporting the number of positive (spam) detected per second taken to respond. Higher scores are better.
You can choose to include DNSBL servers that are not enabled, in your test.
Local Email tab
Here you should list which addresses/domains are valid for originating local email. Then if any external connection tries to send email purporting to be from that address, it cannot be used to relay messages outside of your network. * is used to wildcard sub-domains.
Important: If you are not using SMTP authentication you must update this list or Fluffy will pass on all mail messages to your SMTP server which may then relay such messages back to an external email address (if someone fakes a local address). See the section on open relays
If you are using SMTP authentication for people connecting outside your local network, you shoudl list their email address or domain and then choose the option "My SMTP Server uses authentication.". Connecting users will then be considered local by SMTPFilter and email they send will not be checked against the Spam Trap.
Black/White Lists tab
You can list IP addresses and (wildcarded) domains that are always accepted or always rejected (with an optional rejection message). Note that when matching domain names you can use * as a wildcard character to match 0 or more characters in the domain name. So *.hotmail.com would match smtp1.hotmail.com and smtp2.hotmail.com and *dav*.hotmail.com would match pop3-dav69-bay4.hotmail.com
IP address ranges can be specified using subnet masks. A subnet mask of 255.255.255.255 means the IP address must match exactly.
Spam Trap tab
You can list email addresses that are invalid. Then if someone tries to send an email to that invalid address they can be rejected as a source of spam trying to guess likely email addresses on your network. Obviously this is only useful if you accept email for one or more domains.
You can also choose a wildcard match. I don't use any numbers in my email addresses, and lots of spammers try to guess email addresses with numbers in them (eg wayne2). So I add all the digits as a wildcard spam match. If any email comes in with any digit anywhere in the address preceding the @, then the email is rejected, and the source is blocked as a spammer. So wayne2@codeworks.gen.nz is blocked (matching 2) and abc3def@codeworks.gen.nz is blocked (matching 3).
All the digits are listed in the default Spam Trap listing supplied, so you will want to remove some or all of them if you do use digits in your local email addresses. You must check the whole Spam Trap list to make sure it doesn't include any valid names (like your own) that you do want to receive!
If mail comes in for multiple recipients, the mail is blocked for all recipients if any one of the addresses is listed in the Spam Trap.
If a whitelisted source sends email to a Spam Trap address, that email is blocked, but the source remains whitelisted.
Mapping tab
You can change an incoming mail message addressed to a (wildcard) address to another address. The main message contents are not changed - just the delivery address target. This must be a target address that the SMTP server will accept for delivery.
The list of addresses are processed in order, so the first address that matches will be applied. A final entry of * will match everything not previously matched.
Leaving the target as blank means that if the address matches it will not be changed (and no furtehr addresses considered for matching).
Headers tab
Here you can enter text to match against message header lines. You can use * to match 0 or more characters. The matching is not case sensitive.
So for example, you can enter lines such as
Subject:*viagra*
To:*nacjack*
*yahoo.tw*
If an email message contains a matching header, the email message is blocked.
Virus Scanning tab
Here you can choose whether to scan messages for viruses. If you choose an antivirus programme, Fluffy will look for it in the default location. If it can't find it, it will prompt you for the location of the antivirus programme. You can also enter the text that appears at the top of a message sent to an intended recipient when a mail message is blocked because it contains a virus.
We would be pleased to consider adding support for other anitvirus software. Please let us know
By default Fluffy will block any mail messages broken into parts. The most common use of partial messages is to send the first half of a virus in one message and the second half in another message. A virus checker can't detect the virus without both parts available. Since there is no need to send messages in parts, we recommend you block any messages that comes in parts.
You can also maintain a list of attachment types to block. Fluffy comes with a default list of executable types that you should not normally need to accept.
Fluffy does not yet support a pass-through address for people to resubmit emails that have been blocked. As a temporary measure, we have added this pass through email address text field. If you enter an email address here, people whose email is blocked will be advised to resend their email to this address. This must be an email address that is NOT processed by Fluffy (or it will be blocked again). A POP3 account, or a webmail based account (eg hotmail.com) may be suitable.
Advanced Settings tab
Here you can set:
- the maximum number of connections Fluffy will process simultaneously
- the level of detail in the log files
- whether to block junk mail, or flag it as junk mail in the subject line
- turn on an automatic daily check for updates to the Fluffy program
- carry out a manual check for program updates.
Reports tab
Here you can enter an email address to receive daily reports on the emails accepted, rejected and dferred by Fluffy. Your local SMTP server must accept delivery to this email address.
About Fluffy tab
Here you can read about who created Fluffy and the online help file.
When Fluffy is running, a three headed dog icon appears in the notification area (system tray) near the clock. Double click on the Fluffy icon to bring up a window displaying the current log file and control buttons. Click on the Configure button to train Fluffy. Click on the Shutdown button to send Fluffy to sleep. If Fluffy detects a serious issue for your attention a red icon with a white bar will appear in the notification area - the message is also recorded in the log file.
Log files are stored in the file logyyyymmdd.tx where yyyy is the year, mm is the month number, and dd is the day of the month.
A change log tells you what has changed from previous version
Version 1.4
- Each DNSBL list entry can have its own score weighting - different handling options can be select by total score weight
- Improved speed of handling connection requests
- Significant speed increase in processing Base64 encoded data
- Significant speed increase in passing data to the local SMTP server
- Identifying when spammers drop the connection because Fluffy takes too long (30 seconds) to validate their connection - caught in an inadvertent 'tar pit'
- Add option to send log files to multiple syslog devices
- Ability to control detail of debug level logging
- Right click on console window gives menu to freeze display and copy selection (or all of the displayed log if no selection is made)
- General GUI font and colour improvements
- DNSBL list changes are saved on clicking OK to finish Configuration, even if that DNSBL entry hasn't been changed
- Separate active and inactive DNSBL lists
- Add seconds to the display log
- Fluffy will automatically remove DNSBL entries found in a removefromdnsbl.txt file in the Fluffy application folder
Version 1.3
- Added support for XEXCH50 command used between Microsoft Exchange servers
- Handle cases of invalid blank lines in SMTP conversations being ignored by local SMTP server
- Add colour coding to status log display
- Always apply the current setting for DNS chache expiry, rather than the setting in force when the connection was stored in the cache
- Fixed bug in handling blank sections encoded in quoted-printable
- Fixed bug where blacklist messages were not being included in the blocking message sent back to connecting server
- Fixed bug where a change in the new contact delay time reported in a temporary rejection SMTP response was not updated until Fluffy was restarted
- Fixed bug where the fact that a new contact was being forgotten too quickly
Version 1.2
- Added asynchronous queries of DNSBL servers, retrieving name servers from the registry
- Added an option to monitor IPs and addresses to see if they are listed on DNSBL sites
- Fixed too slow processing of a binary file encoded as quoted-printable
- Added option for matching message header content that warns as possible junk mail, rather than blocking
- Changed log file format to be compatible with Syslog RFC 3164
- Include bypass address in warning message for temporary deferral
- Included a list of all known DNSBL to add to Fluffy's resources, especialyl for monitoring of listing
- DNSBL lists now listed in alphabetical order
- Added a reference to foreign translation of the GPL
- Fixed bug in handling too many simultaneous connections
- Removed Winsock module
- Removed unused code, and consolidated library code
Version 1.1
- Added the ability to specify whether each DNSBL is to be used to block or to warn only
- Added a global option to log actions, rather than block, as well as warn only (only applies to DNSBL use)
- Will now parse Subject lines using character set encodings for matching against blacklisted header contents
- Added a monitoring option so you can get a report if an IP or domain name is listed on a DNSBL
- Added a sanity check so we only use DNSBL that appear to be working correctly (don't use ones that reject everybody)
- Don't allow the local SMTP server to admit we support CHUNKING or XEXCH50 because we don't - yet
- Added an option to log IP addresses we consider valid and invalid, suitable for submitting to spam monitoring services
- Added explict identification and support for all known ESMTP command extensions
- Fixed a bug in handling mapped email addresses
- Fixed more bugs in shrinking the connection cache
- Fixed a bug where we didn't read in the connection cache on a restart
- Fixed a bug where we didn't send all lines in a multi-line response from the local SMTP server
- Fixed a bug where the first part of an SMTP blocking message was trimmed off
- Fixed a bug where the EHLO/HELO greeting got corrupted
- Fixed a bug where we were purging old connection cache entries in the wrong order
- Fixed a bug that would cause an overflow if there was no free connection in 5 minutes
- Added a new log level 10 to record memory copy when retrieving domain names
- Added new log level 11 to record incoming and outgoing SMTP conversations
- Fixed a bug where the deferred and then later received counter was not working
- Fixed a bug where the message "you are a forced data server" was not being sent properly
Version 1.0
- Adding matching of wildcard text strings against message headers
- Added a pass-through email address for notification of blocked users.
- Fixed bug in applying wildcard domain matching, introduced in 0.9
- Improved performance over 0.9 version, including ensuring closing connection messages are sent
- Removed automatic download and installation of updates until this can be tested
- Improved navigation of configuration screens for keyboard users
- Handle shrinking the connection cache without errors
Version 0.9
- Adding matching of IP address ranges using subnet maskes
- Adding mapping of incoming addresses to a different address
- Fixed bug in running on a clean install with no IP black/white list
- Fixed bug in removing spamtrap/white/black list entries without a restart
- Fix a bug in handling a connection cache larger than 32767
- Fix bug where daily reports sent too many times
- Improved speed in loading a large connection cache
- Rewrite connection handler as timer loop driven, rather than event driven
Version 0.8
- Improved wildcard matching of domain names for white/black lists
- Fixed bug that could cause infinite loops processing certain nested MIME messages
Version 0.7
- Added blocking of file attachment types
- Added virus scanning support for Sophos for Windows NT/2000/XP
- Added tracking of numbers of messages accepted, rejected and deferred, with an optional daily email report
- Adding blocking of partial mail messages
- Added option to test non-enabled DNSBL servers
- Handle cases of missing MIME boundaries of internally nested multipart messages
- Fixed bug in disabling DNSBL servers
Version 0.6
- Added virus scanning of emails
- Made online help context sensitive
- Added X-Fluffy-RejectionReason header explainig reason for identifying email as junk mail
- Fixed bug in using default, unchanged spam trap and black/white list on clean install
Version 0.5
- Fixed bug that would precent a clean install of version 0.4 from starting.
- Added a time for the automatic check of program updates, and fixed the bug that caused it to crash when an update was found
- Added online help - not yet context sensitive
- Added blocking of spammers trying to push through email with an HTTP POST command
- Added warning if you try to cancel from configuration without saving changes
- Removed automatic testing of SMTP servers if no changes made to SMTP server addresses/ports during configuration
Version 0.4
- Changed program name from SMTPFilter to Fluffy the SMTPGuardDog
- Improved DNSBL configuration, with an option to disable a DNSBL server
- Added a check for program updates
- Changed log file names to include full date, with a configuration for how many days to keep the logs
- Option to allow non-local network users to be considered local, based on their email address
- Sundry improvements and minor fixes to the GUI configuration
- Fix a problem causing error 40006 to be generated
Version 0.3
- Completed GUI configuration screens
- Added wildcard matching to Spam Trap addresses
- Option to automatically apply sample DNSBL servers, spam trap lists, and black/white lists on first use
- Option to mark mail as Junk Mail, rather than block it
- Capturing of incoming mail as text files on disk, in preparation for anti-virus scanning in a later version
- Added Received: headers and RFC compliant HELO greeting
Version 0.2
- Configuration screens for most options
- Spam trap addresses will now trigger a rejection of a whitelisted domain/IP connection, but only for the duration of that connection
- More informative error message if the connection is temporarily swamped
Version 0.1
- Figure out how SLMail can work as an authenticated closed relay with Fluffy
- Add support for RFC 3030 - Chunking and BDAT synonym for DATA command
- Allow pass through addresses
- Automatic whitelisting when outgoing mail passes through
- Run as a service
- Add support for BINHEX attachments
- Handle more forms of invalidly formatted mail messages
- Improve memory of old connections and adjust defer time appropriately
- Put all text into language files
- Create a larger list of DNSBL servers - fetchable
- Add text based Bayesian filtering a la Paul Graham
- Update online documentation
Fluffy the SMTPGuardDog Copyright (C) 2003 Wayne McDougall
Help files Copyright (C) 2003 Hairydog Ltd
Fluffy comes with ABSOLUTELY NO WARRANTY; for details read GPL.txt
This is free software, and you are welcome to redistribute it under certain conditions;
read GPL.txt for details.
The help file was developed by Hairydog Ltd in grateful thanks to the
creators of Fluffy. At Hairydog Ltd, we specialise in software documentation
and help systems, web site design, development, maintenance and hosting.
We produce help in winhelp, htmlhelp, webhelp, javahelp and other formats.
Contact us - we can help you:
- get the best from your product with good, user-friendly documentation
and help
- reduce support costs by giving the users the information they want
- turn web browsing visitors into your customers by giving them the
information they want about your product
- reach your customers with clear, informative and easy-to-use web pages
that rate well on the important search engines.
You won't get the hard sell. We're more interested in doing a good job for our
clients!
Hairydog Ltd
info@hairydog.co.uk
Tel +44 (0)845 124 9504
You can download the latest file releases from the project summary page
You can check out the latest source code in development using CVS
This website and these services are kindly provided by Sourceforge.Net. You can acces all these services, and more, at the Fluffy Project Summary Page. If you want to post a message or join a mailing list, you need to login to Sourceforge.Net. If you are not an existing member you can create a new account for free.
You can read any news about Fluffy. We report on new versions and anything that may affect your use of Fluffy. You can add your own comments to news items if you login.
There are web-based discussion forums where you can ask for help or just have a general discussion about Fluffy. You can read all the messages but to post your own message, you need to login.
If you prefer email, you can join a mailing list
You can report any bugs, ask for help or request new features in the online tracking system