Unsolicited message rejecting communications processor
First Claim
1. A method for a receiving networked computer system with an Internet connection, a mail transport agent MTA_1, IP address IP_1, a domain name D_1, a recipient, A_1, an allow_address database, a prevent_address database, a suspect_domain database, a bad_from database, a no_filter database, a rejected_connection database, an allowed_connection database, and an operating system capable of executing the method to reject unsolicited messages from a transmitting networked computer system with an Internet connection, a message transfer agent MTA_0, an IP address of IP_0, a declared domain name D_0, a real domain name DD_0, and a sender address of A_0 comprising the steps of:
- a) waiting for a SMTP connection request on the receiving networked computer system'"'"'s Internet connection;
b) sending a 220 reply to MTA_0 to acknowledge the requested connection;
c) extracting IP address IP_0 from the connection request;
d) testing if the DNS database has a domain name DD_0 for IP_0;
e) testing if IP_0 is in an open relay database;
f) testing if IP_0 is in the allow_address database;
g) testing if IP_0 is in the prevent_address database;
h) requesting a connection with MTA_1;
i) waiting for a 220 reply from MTA_1 to acknowledge the requested connection;
j) waiting for a reply from either MTA_0 or MTA_1;
k) jumping to step n) if the reply is not from MTA_1;
l) relaying the reply from MTA_1 to MTA_0;
m) jumping to step j) to wait for a new reply;
n) jumping to step t) if the reply from MTA_0 is not a HELO;
o) extracting domain D_0 from the reply;
p) testing if declared domain D_0 of MTA_0 matches domain D_1 of MTA_1;
q) testing if declared domain D_0 does not match real domain DD_0 of MTA_0 AND declared domain D_0 is in the suspect_domain database;
r) relaying the HELO reply from MTA_0 to MTA_1;
s) jumping to step j) to wait for a new reply;
t) jumping to step z) if reply from MTA_0 is not a MAIL;
u) extracting sender_address A_0;
v) testing if A_0 is in the bad_from database;
w) testing if DD_0 does not match the domain of A_0 and the domain of A_0 is in the suspect_domain database;
x) relaying MAIL reply to MTA_1;
y) jumping to step j) to wait for a new reply;
z) jumping to step kk) if reply from MTA_0 is not a RCPT;
aa) extracting recipient A_1;
bb) testing if A_1 is in no_filter database;
cc) testing if A_0 matches A_1;
dd) jumping to step hh) if NOT(t_allow OR t_no_filter OR NOT (t_prevent OR t_open OR t_DD) OR t_bad_from OR t_suspect_domain OR t to_from OR t_echo_domain OR t_forged_domain);
ee) logging time and recipient A_1 in the allowed_connection database;
ff) relaying RCPT reply to MTA_1;
gg) jumping to step j) to wait for a new reply;
hh) logging the time, from-address sender_address A_0, recipient A_1, and the reason for rejecting the connection in the rejected_connection database;
ii) rejecting the connection to MTA_0 by sending a 550 reply to MTA_0;
jj) jumping to step j) to wait for a new reply;
kk) jumping to step vv) if reply from MTA_0 is not DATA;
ll) relaying DATA reply to MTA_1;
mm) waiting for a 354 reply from MTA_1;
nn) relaying the 354 reply from MTA_1 to MTA_0;
oo) waiting for the data from MTA_0;
pp) relaying the data from MTA_0 to MTA_1;
qq) waiting for a .\r\n from MTA_0;
rr) relaying the .\r\n from MTA_0 to MTA_1;
ss) waiting for a 250 reply from MTA_1;
tt) relaying the 250 reply to MTA_0;
uu) jumping to step j) to wait for a new reply;
vv) jumping to step yy) if reply from MTA_0 is not RSET, SEND, SOML, SAML, VRFY, NOOP, EXPN, HELP, or TURN;
ww) relaying reply to MTA_1;
xx) jumping to step j) to wait for a new reply;
yy) jumping to step ddd) if reply from MTA_0 is not a QUIT;
zz) relaying the QUIT reply to MTA_1;
aaa) waiting for 221 reply from MTA_1;
bbb) relaying 221 reply from MTA_1 to MTA_0;
ccc) jumping to step a) to wait for a new connection;
ddd) sending a 500 reply to MTA_0 to signal a syntax error; and
eee) jumping to step a) to wait for a new connection, wherein t_allow represents the results of the testing in step (f);
t_no_filter represents the results of the testing in step (bb);
t_prevent represents the results of the testing in step (g);
t_open represents the results of the testing in step (e);
t_DD represents the results of the testing in step (d);
t_bad_from represents the results of the testing in step (v);
t_suspect_domain represents the results of the testing in step (w);
t_echo_domain represents the results of the testing in step (p);
t_to_from represents the results of the testing in step (cc); and
t_forged_domain represents the results of the testing in step (q).
1 Assignment
0 Petitions
Accused Products
Abstract
The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0'"'"'s IP address IP—0, MTA—0'"'"'s declared domain D—0, sender_address A—0; and recipient A—1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA—0 sends a command specifying the recipient (an “RCPT” command) and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message, sends an error reply to MTA—0 which forces MTA—0 to terminate the connection with MTA—1 before the body of the message is transmitted; else it logs the allowed message, releases the intercepted RCPT command which allows the conversation between MTA—0 and MTA—1 to proceed.
-
Citations
1 Claim
-
1. A method for a receiving networked computer system with an Internet connection, a mail transport agent MTA_1, IP address IP_1, a domain name D_1, a recipient, A_1, an allow_address database, a prevent_address database, a suspect_domain database, a bad_from database, a no_filter database, a rejected_connection database, an allowed_connection database, and an operating system capable of executing the method to reject unsolicited messages from a transmitting networked computer system with an Internet connection, a message transfer agent MTA_0, an IP address of IP_0, a declared domain name D_0, a real domain name DD_0, and a sender address of A_0 comprising the steps of:
-
a) waiting for a SMTP connection request on the receiving networked computer system'"'"'s Internet connection; b) sending a 220 reply to MTA_0 to acknowledge the requested connection; c) extracting IP address IP_0 from the connection request; d) testing if the DNS database has a domain name DD_0 for IP_0; e) testing if IP_0 is in an open relay database; f) testing if IP_0 is in the allow_address database; g) testing if IP_0 is in the prevent_address database; h) requesting a connection with MTA_1; i) waiting for a 220 reply from MTA_1 to acknowledge the requested connection; j) waiting for a reply from either MTA_0 or MTA_1; k) jumping to step n) if the reply is not from MTA_1; l) relaying the reply from MTA_1 to MTA_0; m) jumping to step j) to wait for a new reply; n) jumping to step t) if the reply from MTA_0 is not a HELO; o) extracting domain D_0 from the reply; p) testing if declared domain D_0 of MTA_0 matches domain D_1 of MTA_1; q) testing if declared domain D_0 does not match real domain DD_0 of MTA_0 AND declared domain D_0 is in the suspect_domain database; r) relaying the HELO reply from MTA_0 to MTA_1; s) jumping to step j) to wait for a new reply; t) jumping to step z) if reply from MTA_0 is not a MAIL; u) extracting sender_address A_0; v) testing if A_0 is in the bad_from database; w) testing if DD_0 does not match the domain of A_0 and the domain of A_0 is in the suspect_domain database; x) relaying MAIL reply to MTA_1; y) jumping to step j) to wait for a new reply; z) jumping to step kk) if reply from MTA_0 is not a RCPT; aa) extracting recipient A_1; bb) testing if A_1 is in no_filter database; cc) testing if A_0 matches A_1; dd) jumping to step hh) if NOT(t_allow OR t_no_filter OR NOT (t_prevent OR t_open OR t_DD) OR t_bad_from OR t_suspect_domain OR t to_from OR t_echo_domain OR t_forged_domain); ee) logging time and recipient A_1 in the allowed_connection database; ff) relaying RCPT reply to MTA_1; gg) jumping to step j) to wait for a new reply; hh) logging the time, from-address sender_address A_0, recipient A_1, and the reason for rejecting the connection in the rejected_connection database; ii) rejecting the connection to MTA_0 by sending a 550 reply to MTA_0; jj) jumping to step j) to wait for a new reply; kk) jumping to step vv) if reply from MTA_0 is not DATA; ll) relaying DATA reply to MTA_1; mm) waiting for a 354 reply from MTA_1; nn) relaying the 354 reply from MTA_1 to MTA_0; oo) waiting for the data from MTA_0; pp) relaying the data from MTA_0 to MTA_1; qq) waiting for a .\r\n from MTA_0; rr) relaying the .\r\n from MTA_0 to MTA_1; ss) waiting for a 250 reply from MTA_1; tt) relaying the 250 reply to MTA_0; uu) jumping to step j) to wait for a new reply; vv) jumping to step yy) if reply from MTA_0 is not RSET, SEND, SOML, SAML, VRFY, NOOP, EXPN, HELP, or TURN; ww) relaying reply to MTA_1; xx) jumping to step j) to wait for a new reply; yy) jumping to step ddd) if reply from MTA_0 is not a QUIT; zz) relaying the QUIT reply to MTA_1; aaa) waiting for 221 reply from MTA_1; bbb) relaying 221 reply from MTA_1 to MTA_0; ccc) jumping to step a) to wait for a new connection; ddd) sending a 500 reply to MTA_0 to signal a syntax error; and eee) jumping to step a) to wait for a new connection, wherein t_allow represents the results of the testing in step (f);
t_no_filter represents the results of the testing in step (bb);
t_prevent represents the results of the testing in step (g);
t_open represents the results of the testing in step (e);
t_DD represents the results of the testing in step (d);
t_bad_from represents the results of the testing in step (v);
t_suspect_domain represents the results of the testing in step (w);
t_echo_domain represents the results of the testing in step (p);
t_to_from represents the results of the testing in step (cc); and
t_forged_domain represents the results of the testing in step (q).
-
Specification