Santronics Software, Inc.,
wcSAP - Installation

wcSAP focuses on the "delivery mail process" for anonymous mail senders.   By anonymous, we mean, non-authenticated or non-trusted mail sessions.    For authenticated/trusted sessions,  wcSAP is not necessary and will not be called by wcSMTP. The system works well because the majority of all spam is sent by spammers using fake or bad addresses or sent by machines who have a bad "reputation" for sending spam.

Installation:

  1. Stop Wildcat! SMTP server.

  2. Unzip WCSAP.ZIP into your \WCx root directory. 

    The wcx WCSAP.WCX should be available in this directory.

    NOTE:  The only way to turn off WCSAP would be to remove, rename or delete the wcsap.wcx file.

  3. Manually edit and configure the files:

    wcsap\wcsap.ini
    wcsap\wcsapfilter.txt

  4. Start Wildcat! SMTP server.

wcsap\wcsap.ini

The wcSAP.ini file is self-commented with help.  A standard text editor like NOTEPAD can be used to edit this file.   There is no need to restart wcSMTP when you edit this file.   

The following are the minimum options needed to get started:

Enabling the test/check methods:

EnableFLTCheck True ; White/black Filter List (FLT)
EnableRBLCheck True ; Realtime Black List (RBL)
EnableSPFCheck True ; Sender Policy Framework (SPF)
EnableCEPCheck True ; Microsoft's CallerId Email Policy (CEP)
EnableCBVCheck True ; SMTP based CallBack Verification (CBV)

SPF and CEP are similar technologies using DNS records to validate the sender IP with the sender domain.  wcSAP supports both.   To gain full benefits of SPF and CEP,  you will need to create SPF and CEP DNS TXT records in the DNS Server.  See the WCSAP Product Description on examples for setting up SPF and CEP records.

Defining the order of the test performed:

CheckingOrder FLT RBL SPF CEP CBV

The above is the default test order. The Filter file is checked first since it describes your White/Black accept/reject list.  RBL offers a "reputation test" followed by a SPF/CEP test.  Finally ended up with a CBV (Callback Verification) test if none of the preceding test validate or reject the sender.

Preparing the CBV (Callback Verifier):

There are many options for the CBV test.  However, the main one is the SapHost keyword:

SapHost [serverdomain] ; ** USE YOUR WCSMTP MX DOMAIN! **

You can specify your MX host name, i.e., SapHost mail.yourdomain.com.  However,  you may leave the [serverdomain] option as is.  This is a special macro which tells wcSAP to use the domain name for the current machine as used by wcSMTP. 

wcsap\wcsapfilter.txt

The wcsapfilter.txt is your internal Accept/Reject rules allowing for quick validation or rejection.

The file is commented with sufficient help.  You may use a normal text editor like NOTEPAD to edit this file.