Internet Exchange Messaging Server

Technical Overview

The Internet Exchange Messaging Server (IEMS) is a highly modular and scalable open architecture system. It can be used from small single machine installations to fully distributed systems linking geographically distributed sites into a common set of logical domains. Its various components can be run on a single machine or in a distributed environment. Administrators can install IEMS on Windows 98 and ME (Anti-Virus Detached Machine), NT, 2000, and XP. For Linux administrators, IEMS can be installed on RedHat Linux 6.2 through 9.0; Mandrake 8.2 through 9.1; SCO Linux Server 4.0 (United Linux 1.0); RedFlag, and Cosix (CS&S).

IEMS 7 introduces a new integrated Anti-Spam approach to message reception and delivery. The MTA Pass-Through technology employed by IEMS 7 allows end users (message store accounts), individual distribution list maintainers, and connector modules to define their own security profiles independent of the rest of the system. At the same time the messaging system administrator can still define an overall global security policy, where some anti-spam measures will be handled directly by the MTA (such as reliable DNS-BL identified traffic). Other measures which may be desired by part of the user community, such as DNS-BL's with known high false positive rates can then be passed through to the users for consultation on a case by case basis.



The Internet Exchange Message Transfer Agent (MTA) is high performance messaging switch capable of switching messages between many input and output channels concurrently. Routing decisions are based upon a combination of information obtained from the local configuration and directory services. The overall system IEMS architecture is summarized below:

In addition to providing a very comprehensive and integrated approach to spam prevention, many other essential services are supported. Messages are exchanged with other Internet MTAs using either SMTP or Batch SMTP. The IEMS SMTP subsystem is tuned for high volume applications and supports virtual channel queuing, SMTP Authorization, and SSL. Full connection control is provided further allowing administrators to protect their systems from outside threats. The IEMS MTA works transparently with SpamAssassin content filtering to provide additional spam detection capabilities. Spam non-delivery reports are automatically tagged by the system so that they can be quickly removed by the system should they become blocked due to non-existant return addresses, significantly reducing administration costs.

The Anti-Virus module allows for the integration of third party anti-virus engines. Attachments can also be automatically removed during transit based upon attachment type. Disclaimers can be automatically inserted to messages that pass through the MTA depending on source input channels. The Distribution List processor allows for many different types of lists, supporting mail blocking, automatic list subscription / unsubscriptions, and message digest (both MIME and non-MIME). Security policies can be set on a per-list basis.

Messages arriving for local users are subject to optional Bayesian Filtering, MTA Pass-through checks, and MailSort filtering. Users connect to the Message Store using any standard POP3 or IMAP mail client (Outlook, Eudora, Evolution, etc), the included web mail client, or easily built custom applications. Online storage is provided with the Web Mail client. Administrators can easily manage user accounts using the Quota Manager, which manages both mail as well as web folder storage tasks. Sites supporting multiple domains can offload administration tasks to domain administrators responsible for their own user communities.

Additional output channels supported include connectors for Lotus cc:Mail and Notes. Migration tools are provided for Microsoft Exchange sites wishing to move to IEMS. Developers can make use of the open API's for developing any additional site specific connectors or preprocessor agents necessary. The open Client API provides both C++ as well as PHP4 controls for developers wishing to deploy custom message enabled applications.



In most conventional messaging systems, security measures are employed on a system wide basis, making the choice of tools, such as DNS-BL's, critical. IEMS MTA Pass-Through technology changes this by allowing the administrator to be able to use many more countermeasures, enabling only those that have been proven to be universally effective at the MTA, or global level, and letting users pick and choose what additional measures they may or may not wish to apply to their individual message traffic.

System administrators are often caught in the middle of conflicting sets of requirements. On one hand, it is their responsibility to protect their organization and systems from outside (and sometimes inside) attacks from virus infected messages as well as spam. At the same time, they serve the users of these systems.

Traditional spam fighting techniques are performed by the MTA based upon policies set by the administrator. These global policies normally are set to ensure the maximum protection for the organization with minimal impact on the end user. In the case of spam detection and handling, the definition of what constitutes spam can vary widely from community to community, as well as from user to user within a single organization. Sales and marketing related messages may be very welcome in a sales group, while not being tolerated in a nearby engineering group. Advertisements pitching lower mortgage rates may be undesirable by most but a small group of people looking to purchase a new home. Viagra advertisements and other personal enhancement types of advertisements may not be at home for any users, especially if the site caters to the young or corporate users.

To assist the IEMS administrator in providing for both system security as well as keeping the collateral damage associated with improper spam detection and handling to an absolute minimum, several new tools can be applied. These can be applied on a system wide basis (global) and/or on an individual basis. Some tools such as virus scanning, certain SMTP connection controls, site-wide blacklists, and SMTP Authentication affect an entire site and are global in scope.

Others such as Bayesian Filtering and mail sorting based upon pattern matching are tools end users can apply. Other tools such as DNS Blacklists (DNS-BL), header analysis, and message content analysis occur within the MTA, however can be acted upon either as directed by a system security policy, or end user security policy. The ability for end users to be able to set security policies on actions normally only associated with system activities is made possible by the IEMS MTA Pass-Through features. These allow for the optional tagging of suspect messages by the MTA. The local mail delivery agent (working on behalf of the user) can then act upon these tagged messages later. This allows for both much more aggressive checking at the MTA level, as well as far more control of what messages are rejected at the user level (see the figure above).

System Wide Security Settings
It is usually desirable to apply specific security measures to all messages that pass through your systems. Some of the tools that by their nature are applicable to all message traffic include the following:

  • Anti-Virus Scanning
  • Reverse DNS Lookup of SMTP Data
  • SMTP Authentication
  • Loop Detection
  • Mail Relay Control
  • SMTP Sender Check
The application of the tools listed above apply to all messages that pass through an IEMS system, and cannot be overridden by user preferences. The only exception is anti-virus scanning, whose behavior can be modified through the anti-virus channel action matrix settings.

MTA Pass-Through
IEMS 7 Pass-Through technology allows the system administrator to be able to perform MTA level checks on messages, and then to optionally defer any action until being handled by an agent controlled by the end user. These agents are typically output channel processors, such as the Local Mail Delivery Agent, the Distribution List Processor, and others. As not all output channels are capable of handling deferred actions (such as the cc:Mail and Notes connector modules), the administrator can define default actions to be performed on a channel by channel basis, which will then be carried out by the preprocessor.



Local services make up the modules and services not associated with message transport across the Internet (SMTP) or MTA switching. These include Distribution Lists, Message Storage and retrieval, user directed Anti-Spam measures, Web folders (storage), private address books, and Microsoft Outlook compatible calendaring / scheduling features. Messages are delivered into the local environment through the Distribution List manager and the Local Mail Delivery Agent (LMDA)

The Local Mail Delivery Agent (LMDA) and the Distribution List Engine perform actions on behalf of their respective users (Message Store, and Distribution Lists). Both of these channel processors can be configured on a per DNS-BL basis as to what actions to perform. The LMDA components are shown above in Figure 7. In addition to MTA Pass-Through processing, the LMDA can configured to perform Bayesian messaging filtering on behalf of the user. This filtering technique utilizes per-user message databases made up of user identified spam as the basis for its message blocking. Users, using either the Web Mail Client, or any IMAP client can place received SPAM into a special folder where the system can later process and update the individual Bayesian Filter databases. After an initial learning phase, accuracy rates for Bayesian filters can exceed 98%.

The combination of SMTP controls, Content Filters, Bayesian Filters, DNS-BL's, and the extension of these controls to the end users allows for an extremely flexible protection system, designed to block the maximum number of problem messages.



A summary of the features provided in the different IEMS 7 Editions can be found in the table below.



MTA / Preprocessor

Directory Services

Message Store

Web Mail Client


IMAP4 Server

POP3 Server

Anti-Spam: Content Filtering

Anti-Spam: Bayesian Filtering

Anti-Spam: Multiple DNS-BL

Anti-Spam: Header Filtering

Anti-Spam: Connection Control

Anti-Spam: Sender Site Verification


Web Folders (Online Storage)
Web Online Bookmarks
SMTPD Message Flow Control
SMTP Authorization
Automatic Attachment Removal
BSMTP Client
MTA Pass-Through Capabilities
Distribution Lists
Distributed Operations
Multi-Domain Administration
cc:Mail Connector
Lotus Notes Connector
Microsoft Exchange Migration Tools
Calendaring / Scheduling
BSMTP Server
ISP / ASP Toolkit
Open Client API