Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam e-mail.



Similar documents
Collax Mail Server. Howto. This howto describes the setup of a Collax server as mail server.

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

AntiSpam QuickStart Guide

XGENPLUS SECURITY FEATURES...

Migration Manual (For Outlook 2010)

What is a Mail Gateway?... 1 Mail Gateway Setup Peering... 3 Domain Forwarding... 4 External Address Verification... 4

Exim4U. Server Solution For Unix And Linux Systems

Migration Project Plan for Cisco Cloud Security

Security. Help Documentation

Analysis of Spam Filter Methods on SMTP Servers Category: Trends in Anti-Spam Development

Collax Archive

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

SpamPanel Level Manual Version 1 Last update: March 21, 2014 SpamPanel

Technical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1

Securepoint Security Systems

Avira Managed Security AMES FAQ.

Guardian Digital Secure Mail Suite Quick Start Guide

MDaemon configuration recommendations for dealing with spam related issues

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

Intercept Anti-Spam Quick Start Guide

SESA Securing with Cisco Security Appliance Parts 1 and 2

Anti Spam Best Practices

SPAM FILTER Service Data Sheet

Implementing MDaemon as an Security Gateway to Exchange Server

Avira Managed Security (AMES) User Guide

Configuration Information

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Migration Manual (For Outlook Express 6)

Using the Barracuda Spam Firewall to Filter Your s

ESET Mobile Security Business Edition for Windows Mobile

IT Services page 1 of 10 Spam Filtering. Overview

eprism Security Appliance 6.0 Release Notes What's New in 6.0

AVG Server Edition

The Network Box Anti-Spam Solution

Antispam Security Best Practices

KUMC Spam Firewall: Barracuda Instructions

Barracuda Spam Control System

Introduction. Friday, June 21, 2002

AntiSpam. Administrator Guide and Spam Manager Deployment Guide

Green House Data Spam Firewall Administrator Guide

Using the Barracuda to Filter Your s

Sonian Getting Started Guide October 2008

A D M I N I S T R A T O R V 1. 0

Barracuda Spam Firewall

Configuring Your Gateman Server

MDaemon Vs. Microsoft Exchange Server 2013 Standard

Avira Exchange Security Version 12. HowTo

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Barracuda Spam Firewall User s Guide

Reliable & Secure . Professional, Dependable, Complete Easy to Learn, Use and Grow

Serial Deployment Quick Start Guide

Basic Exchange Setup Guide

UserGate Mail Server 2.X Administrator's Manual

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011

Administration Guide Revision E. SaaS Protection

EFFECTIVE SPAM FILTERING WITH MDAEMON

English Translation of SecurityGateway for Exchange/SMTP Servers

escan Anti-Spam White Paper

Administrator Manual v3.0

Service Launch Guide (US Customer) SEG Filtering

Using Barracuda Spam Firewall

Troubleshooting IMAP Clients and ViewMail for Outlook in Cisco Unity Connection 8.x

1 Accessing accounts on the Axxess Mail Server

PureMessage for Microsoft Exchange Help. Product version: 4.0

ETH Zürich - Mail Filtering Service

Collax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.

POP3 Connector for Exchange - Configuration

PANDA CLOUD PROTECTION / Administrator s Manual / 1

s and anti-spam Page 1

Solutions IT Ltd Virus and Antispam filtering solutions

About this documentation

Frequently Asked Questions

Feature Comparison Guide

How to use the ISS filtering service to remove unwanted messages with Webmail

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

Eiteasy s Enterprise Filter

Instructions Microsoft Outlook Express Page 1

Nokia for Business. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

IceWarp Unified Communications. AntiSpam Reference. Version 10.4

Protect your brand from phishing s by implementing DMARC 1

Personal Spam Solution Overview

Secure Messaging Service

Quick Start Policy Patrol Spam Filter 9

Advanced Settings. Help Documentation

ASAV Configuration Advanced Spam Filtering

ModusMail Software Instructions.

Configuring MDaemon for Centralized Spam Blocking and Filtering

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Trustwave SEG Cloud Customer Guide

ESET Mobile Security Windows Mobile. Installation Manual and User Guide

Mail Service Reference

Comodo KoruMail Software Version 4.0

ESET Mobile Security Windows Mobile

Aloaha Mail and Archive

Support for Microsoft Outlook

How to Build an Effective Mail Server Defense

User guide Business Internet features

Collateral Damage. Consequences of Spam and Virus Filtering for the System. Peter Eisentraut 22C3. credativ GmbH.

Transcription:

Collax Spam Filter Howto This howto describes the configuration of the spam filter on a Collax server. Requirements Collax Business Server Collax Groupware Suite Collax Security Gateway Collax Platform Server including Collax Mail Security module Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam e-mail. We assume that the mail server has already been set up, and want to filter as much unsolicited e-mail as possible. The values entered in the screenshots are empirical values that may need to be adapted to your environment. Mechanisms Which mechanisms are there? Distinction is made between two basic types: There are mechanisms that are effective during the SMTP reception and filter mechanisms that are applied after the e-mail has been received. The former can only be used if the e-mail is delivered directly to the server on the basis of an MX record. Some filter mechanisms cannot be used if e-mail is fetched from a provider server. Mechanisms Before Accepting E-Mail E-mails can be rejected as soon as the sending e-mail server establishes the initial contact. However, this is only possible if the e-mail is received directly. The MX record must point to the server's external IP. These filters do not make sense if the e- mail is fetched from a provider. A number of simple spam protection mechanisms can be configured under "Services Mail and Messaging Mail Transport SMTP Reception". If "Validate user address" is enabled, e-mail will only be accepted if the authenticated user belongs to the sender address. This means that mails with spoofed sender cannot be transmitted even if the password of an employee is hacked. 2014 Collax GmbH Status:Final Version: 5.8 Date: October 28, 2014

Enable SMTP-AUTH Normally, the SMTP service only accepts e-mail that is addressed to an internal mail domain or delivered by a system that is permitted to relay. The latter is usually only permitted for IP addresses in the local network. If you enable this option, systems or users in other networks will also be able to use the SMTP service to relay e-mail. For this, these users must authenticate with the system. Validate user address If you enable this option, the sender address will be validated for authenticated users. E-mail will only be accepted if the login and the sender address match. Do not enable this option if you want this system to accept and forward e-mail from other mail servers if these systems are required to authenticate. This function causes the e-mail to be rejected, as the sender addresses are not associated with the login of the other mail server. Force authentication with TLS Normally, the password for SMTP authentication is transmitted in clear text and could be intercepted. Secure, encrypted password transmission is only possible if TLS (Transport Layer Security) is enabled. This option makes sure that the SMTP only performs the authentication if TLS is enabled. If TLS is not possible on the remote party, the SMTP service will not send the access data in unencrypted form. Certificate To use TLS, a certificate must first be generated or imported for the SMTP service. This list displays all suitable certificates available on the system. Select the respective certificate for the mail server. If no certificate is selected, TLS cannot be used. Request certificate Secure login to a mail server is only possible if the access data are transmitted in encrypted form. For this purpose, TLS (Transport Layer Security) must be enabled for every SMTP connection. Both systems need certificates for the TLS connection. If you enable this option, a certificate will always be requested from the remote party for incoming connections. Firstly, "Global mail filter" should be enabled in the "Options" tab. HELO identification required This parameter defines how the HELO message of incoming SMTP connections is examined. The setting No allows the client to send any information with the HELO. If this option is set Yes, to the client must send a host name with the correct syntax. However, the name is not validated against the DNS database. If you select Strict, the specified name must be a DNS-resolvable FQDN. Collax Spam Filter Howto 2/8

The settings Yes and Strict can prevent communication with some incorrectly configured remote parties. No e-mail is accepted from these systems. This is an effective anti-spam measure, but may cause problems in some cases. Maximum message size This parameter defines the maximum size of an individual e-mail in MB. The following should be taken into consideration when entering this value: As incoming or outgoing e-mails with attachments are coded by the e- mail client, the size at transmission or reception is approximately one third larger than when the e-mail data were composed on the client. Check sender address If you enable this option, the system will check whether the sender's mail domain exists in the DNS database (A or MX record). If this is not the case, the e-mail will be rejected. For local senders, the system will also check whether the sender address exists on the Collax server. If this is not the case, the e-mail will be rejected. Further settings for the spam SMTP filter can be configured under "Services Mail and Messaging Mail Security Spam". You can leave the default values as they are, unless you have problems receiving certain e-mails. If this is the case, you can adjust the values according to your needs. Use graylisting Enable this option to activate graylisting. Every new e-mail delivered via SMTP from systems that do not have the "Mail relay" permission is first rejected with a temporary error message. Upon expiry of a specified blocking period, the e-mail is accepted. This prevents the system from accepting e-mail from programs that do not have a mail queue (and are therefore not genuine mail servers). Emulate tarpit This option enables the tarpit function for additional protection against spam e-mail and the spread of worms. If this function is enabled, the communication between two connection stages, i.e. between the Collax server and the connecting SMTP server, is delayed. Please note that this option blocks the incoming e-mail server for the period of the delay from stage 1 and stage 2. Collax Spam Filter Howto 3/8

Mechanisms After Accepting E-Mail This dialog is located under "Services Mail and Messaging Mail Security Spam". Spam Content Filter Activate the spam content filter. Automatic update This option regularly updates the spam rules for the spam content filter. Trusted mail relays In this field, enter the IP addresses of the mail servers that accept e-mail for your own domain. For certain tests (analysis of the "Received:" lines in the mail header), the system needs a list of all networks and hosts to be regarded as "trusted". In this context, "trusted" means that these hosts are not spam sources. Nevertheless, these hosts may be misused to forward spam. The list automatically contains all hosts and networks that are permitted to forward e-mail over this system (permission: Mail relay without authentication). Additionally, enter all mail servers that are responsible for the domain as MX (Mail Exchanger). These can be determined via DNS (usually one or several mail servers of your provider). E-Mail Is Probably Spam From threshold Every e-mail is evaluated on the basis of various criteria. For every matching criterion, the e-mail gets a number of points that are added up to a score. This parameter determines the score from which an e-mail is treated as spam. A value of "5" is a reasonable setting. With this value, the negative recognition level is very low, but the efficiency in detecting spam is also limited. First, start with a high threshold value, and gradually lower it if necessary. Moreover, in time the auto whitelist function will reduce the negative recognition. Mark in the e-mail subject The spam filter saves a report about the score and the applicable rules to the header of an e-mail. As this information is stored in the header, the mail appears to be unchanged at first glance. The report reveals how the system works and how thresholds should be adjusted (by examining the score of every e-mail wrongly marked as spam). If this option is activated, a mark will additionally be inserted in the subject line of the e-mail. Collax Spam Filter Howto 4/8

Message Is Doubtlessly Spam From threshold Here you can determine how e-mail recognized as spam is to be handled. Spam can be deleted, saved in a special folder, or blocked ("quarantine"). Enter an integer threshold value in this field. If you leave this field blank, spam e- mail will not be handled separately, but will be delivered to the respective mailbox like normal e-mail. Action If the option "Send to recipient with warning" is selected, the e-mail will be delivered as plain text. This setting is necessary in order to prevent the users or mail clients from opening the attachments and executing any contents. If the option "Quarantine" is selected, the e-mail can be further processed with other actions. The action "Discard" immediately deletes the e-mail; however, the sending mail server is sent a confirmation stating that the e-mail has been delivered. Thus, to the sender it appears as though the e-mail has been delivered. The risk associated with this action is that even desired e-mails may wrongly be assigned a high score and be deleted ("false positive"). Therefore, it should only be enabled after having tested the determined thresholds for some time. Quarantine procedure The action "Hold in mail queue" holds the e-mail in the queue. It must be explicitly deleted or released by the administrator. For this purpose, the administrator can examine it in the mail queue. The action "Place in admin.spam folder" works in a similar way. However, the e-mail is stored in a mailbox that can be screened for false positives from time to time. The action "Forward to mailbox" causes the e-mail to be sent to an external mailbox for further administrative processing. The action "Zarafa folder" works in a similar way. The e-mail is sent to the public folder admin.spam in Zarafa Groupware for further administrative processing. E-mail address In this field, specify the quarantine location in the form of an e-mail address. This address may be allocated to a user mailbox, an IMAP folder, or an IMAP administration folder on an e-mail server. If an administrative IMAP folder is defined as public quarantine folder, the read and write permissions should be highly restrictive. Moreover, the folder should be directly accessible by e-mail. The address for the direct allocation to an IMAP folder of a user, may have the form userid+folder@domain.tld. Subaddressing with address extensions is only possible if the mail server supports RFC 3598. Moreover, the p flag must be set for the folder on this mail server. Auto-delete after (days) Files stored in the administrative folder can be auto-deleted after the specified number of days. Administrative rights for IMAP folder admin.spam In this field, specify the groups that are to review and manage filtered spam e-mails. Heuristics (Bayes) Though the evaluation of the spam filter is relatively reliable, e-mail may be misclassified from time to time. The different spam detection approach does not use a fixed set of rules with a point system, but tries to make a decision on the basis of a knowledge database. To set up this database, the user needs to provide a certain number of spam and ham e-mails. The advantage of this procedure is that such a system adapts to the individual needs of the user. The disadvantage is that the provision of the spam and ham folders requires a certain measure of discipline. If this option is set, the detection will take place using the probability-based filter. Collax Spam Filter Howto 5/8

Automatic learning Depending on the Bayes database, the e-mails are automatically classified as "ham" or "spam" and stored in the database of the spam filter. Learning interval Here you can select the time interval for the automatic training. This setting applies to the training from local and remote spam/ham folders. Learning from local spam/ham folders If this option is activated, shared folders will be set up for storing spam and ham e- mails. These folders serve the storage of e-mails qualified by users. The spam filter automatically learns from these folders. Write permissions for spam/ham folders In this field, specify the groups that are to review and manage filtered spam e- mails. Learning from non-local spam/ham folders With this option, the spam filter can be trained with the help of an external IMAP mailbox. The mailbox should be defined on a mail server and contain two folders that can be filled with ham and spam e- mails. The learning processing takes place by reading the e-mails in the mailbox, separated as ham and spam. Reputation Services Another spam detection approach makes use of reputation services in order to dynamically use the contents and senders of e-mail for classification. The world's largest reputation database "SenderBase" analyzes the Internet traffic in real time and regularly delivers the latest information on threats from the network. Further information on this service, which was initiated by Cisco, is available at www.senderbase.org. Collax implements "SenderBase" and combines numerous other services to avoid spam e-mails. Collax Spam Filter Howto 6/8

Use blacklists If you enable this option, the system will validate the delivering IP number of every incoming message against these blacklists. Use predefined blacklists Enter the blacklist servers to query in this list. The basic configuration contains a list of freely accessible DNS blacklists. You do not need to sign up in order to use these lists. Enter blacklists manually Here, further blacklists can be added manually. Some providers offer commercial blacklists or dynamic online blacklists that require registration. Use Enable this option to query the spam blacklists stored in the DNS system. These tests can increase the detection rate of spam considerably at the expense of additional network requests. If you enable this option, the "Received" lines in the mail header will be analyzed. The system analyzes every station on this route, checking whether it may be a known spam source. This option is similar to that in the section "Online blacklists for SMTP reject". However, instead of rejecting the e-mail, this setting merely activates an additional evaluation option for determining the spam score. This does not necessarily result in the rejection of the e-mail from blacklisted mail servers. If the SMTP server or the provider already uses DNS block lists, you can disable this option without losing the evaluation functionality. The preconfigured block lists include various free services. This list and the respective evaluation cannot be modified. Use SenderBase SenderBase is a global monitoring network for e-mail, which serves the reliable identification of spam e- mails. Weighting for SenderBase entry Additionally, a weighting of 10% to 200% can be entered here for the value that the e-mail receives from SenderBase. Use NiX spam filter NiX Spam is a spam filter project of the ix magazine. It forms checksums over the e-mail body including attachments and compares these checksums in a continually updated blacklist that can be queried via DNS (DNSBL). This option enables incoming e-mails to be checked via DNS for placement within the NiX spam filter. NiX spam value If a sender IP address of an e-mail is listed in the NiX spam filter database, the value entered here will be added to the spam score. Collax Spam Filter Howto 7/8

Use Razor Enable this option to analyze every e-mail on the basis of the signatures of the Razor online check. An e-mail message that Razor classifies as spam gets a higher score in the SpamAssassin evaluation. DomainKeys Identified Mail (DKIM) DomainKeys Identified Mail (DKIM) is a procedure developed by Yahoo that enables the recipient to check whether an e-mail actually originates from the claimed sender. When using DKIM, the sender signs his e- mails and provides the public key via the TXT record of the same domain. When receiving the e-mail, the recipient can subsequently verify the authenticity of the e-mail by means of the signature and the key, using the DNS. Use DKIM e-mail check Incoming e-mail can be checked for a DKIM signature. Bonus points for sender in DKIM whitelist If the sender exists in the whitelist, the specified points will be deducted from the spam score. Bonus points for e-mail with valid DKIM signature If the incoming e-mail contains a valid DKIM signature, the specified points will be deducted from the spam score. Sign outgoing e-mail with DKIM To increase the trustworthiness of the own e-mail, this option enables e-mails to be furnished with a DKIM signature. Use SPF If you enable this option, a sender policy framework check will be performed for every e-mail, making it more difficult to spoof the sender of an e-mail at SMTP level. Spam Whitelist/Blacklist DKIM Whitelist This dialog is located under "Services Mail and Messaging Mail Security Spam Whitelist/Blacklist". This dialog serves the administration of a list of sender addresses for which no spam filtering is performed. Though technically speaking, filtering is performed, the sender is granted such a high bonus for the spam evaluation that his e-mails are never classified as spam. Similar to the whitelist, this dialog is used to administer a list of senders whose e-mails are always classified as spam by means of a high spam score. This dialog is also used for the administration of a list of sender addresses for DKIM for which no spam filtering is performed. Though technically speaking, filtering is performed, the sender is granted such a high bonus for the spam evaluation that his e-mails are never classified as spam. Enter the sender addresses in this field. Separate the individual addresses with blank spaces, line breaks, or commas. The two address components (recipient and domain) are used as pattern. Wildcards are supported: a question mark represents a single character, and an asterisk (*) stands for any number of characters (regular expressions are not used). Collax Spam Filter Howto 8/8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information