Skip to Content

Anti-Spam Architecture

An overview of the Physics anti-spam architecture.

Email Delivery Flow

Email to Public SMTP Server

  1. Foreign MTA opens SMTP session with local MTA (Postfix)
  2. MTA_1 (helios:25) begins session, collecting:
    1. Sender IP address (from connection)
    2. Envelope Sender
    3. Envelope Recipient
      MTA_1 compares this triplet with its database.
      If the triplet is already present, then the message is sent along to next phase of processing.
      If the triplet is not present, the foreign MTA is sent a Temporary Failure code and expected to try again later. (Since most spammer MTAs do not try again, this remove most of the spam stream.) This temporary failure means that the first message coming from a particular sender/IP to a particular recipient will be delayed by a period dependent on the retry time of the sender's MTA. This will typically be an hour or less, but could be longer in rare cases.
  3. Accepted messages are delivered by MTA_1 to another internal Mail Transfer Agent, MTA_2.
  4. MTA_2 classifies the emails with an antivirus program (ClamAV) and an anti-spam program (Spamassassin), removing all virus emails from the mail stream and tagging spam messages with ***SPAM***.
  5. MTA_2 then hands the email off to MTA_3 for classification with Bogofilter, a program that uses Bayesian statistics and sample of spam and non-spam messages to assign a spammishness score between 0.00 and 1.00, with 0 being entirely unspammy and 1.00 being very spammy in appearance.
  6. MTA_3 then hands the message off to the local Mail Delivery Agent, procmail, which reads global and personal rules files to make final decisions on email delivery.

Email to the Authenticated SMTP Server