This is a technical discussion that is aimed at domain administrators for customers of LCR.
The quick flowchart of email here at LCR is:
All incoming email from the Internet hits our primary spam & virus filter appliance. This unit does our rbl checks, virus scanning and content scanning(spam filtering).
Inside the appliance, we first gather the ip address of the sending mail server, the envelope From address and the envelope To address. At this point, the appliance checks our RBL(relay block list) servers(we use 4 outside RBL's plus an in house custom RBL list) then checks with the appropriate mail server to see if the email address in the envelope To field exists. If the message passes these tests, then we allow the sending email server to send the actual message.
Note: The envelope From may not be the same email address you see when you open an email. Compare this to a letter received via the USMail. On the outside of the envelope, they may print the address of a mass mailer company while the letter inside may come from a local company looking for your business. In that case, what is printed on the envelope may not have any bearing on who wanted this letter sent to you.
After the message is successfully received, the message is virus scanned and then the content of the message is scanned and compared to several databases to assign a spam score. In the appliance, a score higher than 9.0 causes the message to be blocked. A score higher than 3.4 will cause the message to be tagged as spam, by modifying the subject line and adding a custom header to the message.
There is one more check on the content. There is a feature called Intent in the appliance. They maintain a database of website names that are known to send spam with their website address in it. If a link to a known website is in the body of the email, the message will be blocked.
One note here. The appliance keeps a log of the last 1 million emails received. If the entire email was received by the filter, it's possible to have it resent or find it and send it if it was caught up in the Intent database for instance.
1 million emails is about 3 – 4 weeks of email right now.
If you have your own mail server, the appliance will then forward the email directly to your server.
If your domain is hosted here at LCR, the message is sent to Mail3. Here we have some magic. The new mail server software we switched to in March/April of 07, supports mirroring of the email databases. With that we put a NAT (Network Address Translation) router(Mail3) in front of the two actual mail servers.
In normal operation, the NAT server forwards all email to Mail3A. Mail3A then sends(mirrors) the messages to Mail3B. Now Mail3A and Mail3B has copies of all pending emails for each mailbox. So if Mail3A dies, we can swap in Mail3B by a simple table change to on the NAT to push all traffic to Mail3B and you never know we had an outage.
And of course, as you download and delete email from Mail3A, it's also automatically deleted from Mail3B.
In the mail servers, we have virus and spam/content scanning. The virus scanner here allows us to add in custom definitions. We have added some extra phishing and image spam definitions in this scanner. Any hits in the virus scanner are deleted.
The spam/content scanner in the mail server puts what it tags as SPAM into the HELD folder. If the message was tagged as SPAM by the appliance, it's put in the Spam folder. At this time, we do not have any way to merge these folders. Nor do we really want to as managing messages falsely tagged is quite different depending on what/where it was tagged.(see http://www.lcrcomputer.com/spam.html ).
This duplication of scanning allows us to catch more spam and bad stuff and allows redundancy. If the appliance quits working, we can push all incoming email directly to the mail servers and feel confident that most viruses and spam will be caught.
If either the NAT or one of the Mail servers quit working, again this redundancy allows us to quickly restore service to you.
All connections from client computers is done via the NAT box to one of the mail servers. Client computers do not directly talk to the filtering appliance.
If you operate your own mail server, incoming email is sent directly to your server from the appliance normally. Your outgoing email can be sent direct to other mail servers on the Internet, if you are on a static IP address.
Or you can arrange for us to relay your email. If we relay your outgoing email it will be sent to Mail3A via Mail3 using an assigned login & password just like a client connection and then relayed to the final destination.
One of the advantages of relaying your outbound email through us is that your outbound email is virus scanned here and it well be sent from an ip address that is trusted and has a good reputation in the Internet email world.