eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide



Similar documents
Intercept Anti-Spam Quick Start Guide

eprism Security Appliance 6.0 Release Notes What's New in 6.0

About this documentation

AntiSpam QuickStart Guide

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

Mod 08: Exchange Online FOPE

COMBATING SPAM. Best Practices OVERVIEW. White Paper. March 2007

Purchase College Barracuda Anti-Spam Firewall User s Guide

Anti Spam Best Practices

Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam .

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

Why Content Filters Can t Eradicate spam

Anti Spam Best Practices

XGENPLUS SECURITY FEATURES...

Antispam Security Best Practices

EnterGroup offers multiple spam fighting technologies so that you can pick and choose one or more that are right for you.

Comprehensive Anti-Spam Service

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Barracuda Spam Firewall

Comprehensive Filtering. Whitepaper

the barricademx end user interface documentation for barricademx users

EFFECTIVE SPAM FILTERING WITH MDAEMON

Technical Note. FORTIMAIL Configuration For Enterprise Deployment. Rev 2.1

Using Security to Protect Against Phishing, Spam, and Targeted Attacks: Combining Features for Higher Education

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

The Network Box Anti-Spam Solution

Solutions IT Ltd Virus and Antispam filtering solutions

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Migration Project Plan for Cisco Cloud Security

Webmail Friends & Exceptions Guide

SurfControl Filter for SMTP

BARRACUDA. N e t w o r k s SPAM FIREWALL 600

Configuring Your Gateman Server

CONFIGURING FUS ANTI-SPAM

AntiSpam. Administrator Guide and Spam Manager Deployment Guide

BrightVisions Spam Filter User Guide

Barracuda Spam Firewall User s Guide

Guardian Digital Secure Mail Suite Quick Start Guide

IT Services page 1 of 10 Spam Filtering. Overview

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Quarantine Central for end users: FAQs

Comprehensive Filtering: Barracuda Spam Firewall Safeguards Legitimate

Green House Data Spam Firewall Administrator Guide

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

PROOFPOINT - SPAM FILTER

SESA Securing with Cisco Security Appliance Parts 1 and 2

ModusMail Software Instructions.

How To Protect Your From Spam On A Barracuda Spam And Virus Firewall

Implementing MDaemon as an Security Gateway to Exchange Server

Mailwall Remote Features Tour Datasheet

Microsoft Exchange 2003

Quick Heal Exchange Protection 4.0

Spam Filtering Methods for Filtering

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

D3 TECHNOLOGIES SPAM FILTER

Security. Help Documentation

More Details About Your Spam Digest & Dashboard

How to Use Red Condor Spam Filtering

Collateral Damage. Consequences of Spam and Virus Filtering for the System. Peter Eisentraut 22C3. credativ GmbH.

Configuring MDaemon for Centralized Spam Blocking and Filtering

Barracuda Spam Firewall Administrator s Guide

ANTI-SPAM SOLUTIONS TECHNOLOGY REPORT FEBRUARY SurfControl Filter.

Cloud Services. Anti-Spam. Admin Guide

Panda Cloud Protection

Eloqua Enhanced Branding and Deliverability More s to the inbox means more opportunities and revenue.

MDaemon configuration recommendations for dealing with spam related issues

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

eprism Security Appliance User Guide

Visendo Suite a reliable solution for SMBs

Reputation Metrics Troubleshooter. Share it!

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

Using the Barracuda Spam Firewall to Filter Your s

How To Ensure Your Is Delivered

GFI Product Manual. Administration and Configuration Manual

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

IMF Tune Opens Exchange to Any Anti-Spam Filter

The versatile solution of anti-spam, personal backup and recovery, easy security policy management and enforcement.

Apps4Rent Hosted Exchange Spam Management Interface Guide.

KUMC Spam Firewall: Barracuda Instructions

WatchGuard QMS End User Guide

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

How To Manage Your Quarantine On A Blackberry.Com

How To Filter From A Spam Filter

Protect your brand from phishing s by implementing DMARC 1

How does the Excalibur Technology SPAM & Virus Protection System work?

Do you need to... Do you need to...

Blackbaud Communication Services Overview of Delivery and FAQs

DMA s Authentication Requirement: FAQs and Best Practices

Transcription:

eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection configuration while minimizing false positives (messages incorrectly marked as spam.) eprism provides an easy to use, flexible, and comprehensive Anti-Spam solution designed to defend against sophisticated spam campaigns. The Intercept solution provides the following benefits: An anti-spam approach that combines multiple technologies into a single, unified solution providing a comprehensive approach to fighting spam. Multiple spam categories (Certainly, Probably and Maybe Spam) allow administrators to classify messages depending on their overall level of "spaminess". These categories allow messages to be handled differently depending on their respective spam scores. Intercept provides the administrator with separate actions for each spam category. For example, messages marked as Certainly Spam can be rejected, Probably Spam messages can be quarantined, and Maybe Spam messages can be marked in the subject header and delivered to a user's mailbox. These configurable actions allow administrators to customize the solution to the needs and requirements of their organization. Intercept Anti-Spam Solution Intercept s default Anti-Spam settings provide a strong default configuration to ensure that organizations can deal with a majority of spam messages with little additional configuration. Intercept s improved anti-spam technologies require no training to capture a majority of spam when first enabled. As eprism processes messages and the end users provide feedback, the Intercept engine can be tuned to provide optimal spam protection. The eprism Intercept Anti-Spam engine uses multiple filtering technologies that are combined together to provide a definitive spam score. Individual components can be

included or excluded in the calculation and each component can be individually weighted to provide a different contribution to the score. Intercept includes the following components: Specific Access Patterns Pattern Based Message Filtering Spam Dictionaries IP Reputation DNS Block List Bulk Analysis Token Analysis SPF DomainKeys Authentication Select Mail Delivery Anti-Spam Intercept on the menu to configure eprism's Intercept Anti-Spam engine. Note: The "Reject on unknown recipient" feature is an advanced option that is not covered in this document. For more information, see the eprism 6.0 User Guide. Specific Access Patterns This filter provides SMTP connection and message attribute controls such as "maximum message size" and "maximum number of recipients". This option is always enabled. Pattern Based Message Filters This filter is used to override the Intercept engine for whitelisting and blacklisting purposes. Messages can be filtered based on any aspect of a mail message, including the envelope, header, body, and any attachments. Spam Dictionaries This filter allows administrators to tune the Intercept engine to the specific needs of an organization by blocking a configurable list of spam words and phrases. To avoid false positives, review the default dictionary before enabling this filter. IP Reputation The IP reputation service provides both local and remote reputation services for incoming connections. Local reputation uses real-time 2

information collected locally on eprism to determine the likelihood that a connecting system is malicious. Remote reputation uses centralized information collected on the BorderWare Security Network (BSN) to determine the likelihood of a connecting system being malicious (such as a known spammer, virus sender, or other attacker.) It is recommended that both local and remote services be enabled (enable both Reputation Indicators and BorderWare Security Network in the Mail Delivery Anti- Spam Intercept IP Reputation screen.) The default configuration (shown below) provides excellent protection from malicious systems. DNS Block List (DNSBL) This filter is used to identify known malicious systems, such as spammers, relay sites, ISP dial-ups, and so on. It is recommended that DNSBL be enabled using the default configuration. Bulk Analysis This filter uses a specialized counting method to determine whether a message has been sent to a large number of users. Spam campaigns are usually sent out to a large amount of users, and counting the number of times a message has been seen is a good indicator of spam. It is recommended that the Bulk Analysis filter be enabled using the default configuration. Token Analysis This filter uses Bayesian analysis to determine the likelihood of a message being spam. Token Analysis scans all outbound mail for good keywords and 3

inbound mail marked as spam for bad keywords, and builds its database over a period of time. This filter automatically adapts to an organization's mail flow with increased accuracy over time. It is recommended that the Token Analysis filter be enabled with the "Enable X-STA Headers" option. SPF (Sender Policy Framework) This filter is a Sender Authentication technology used to stop phishing attacks and fraudulent mail messages. SPF is a relatively new technology that has not yet been widely implemented. Only experienced administrators who understand the implications of using SPF should enable this filter. DomainKeys This filter is a Sender Authentication technology used to stop phishing attacks and fraudulent mail messages. DomainKeys is a relatively new technology that has not yet been widely implemented. Only experienced administrators who understand the implications of using DomainKeys should enable this filter. Spam Categories and Actions The Intercept engine provides three spam categories (Certainly, Probably and Maybe Spam) each with its own configurable action. This granularity allows administrators to achieve maximum protection with minimal false positives. 4

Certainly Spam Messages marked as Certainly Spam are definitely spam and can be safely rejected and prevented from entering the network. It is very unlikely that a message marked as Certainly Spam will result in a false positive. Rejecting these messages also eliminates the need to quarantine them for user review. Use the following recommended settings: o Threshold: 99 o Action: Reject mail Probably Spam Messages marked as Probably Spam are almost certainly spam and will unlikely result in false positives. These messages can be sent to the user s inbox where they can be placed in a quarantine folder for the end users to review. Use the following recommended settings: o Threshold: 90 o Action: Modify Subject Header o Action Data: [SPAM] Note: eprism provides a built-in quarantine server that can be used for quarantining messages for end user review. Otherwise, administrators must create filters in the end user's mailboxes to quarantine locally. See the eprism 6.0 User Guide for more information. Maybe Spam Messages marked as Maybe Spam represent a grey area where a message is most likely to be spam, but may occasionally be legitimate mail and result in a false positive. These messages can be sent to the user s inbox with text in the subject line indicating that they could be spam. Use the following recommended settings: o Threshold: 70 o Action: Modify Subject Header o Action Data: [MAYBE SPAM] Anti-Spam Header For diagnostic and tuning purposes, enable the Anti-Spam header. This will include special header information in the messages to help provide diagnostics to deal with false positives and false negatives. 5

Intercept Decision Strategy Intercept can utilize one of many different strategies when making a decision about whether a message is spam. The option to set the decision strategy is available by selecting the Advanced button on the main Intercept page. It is recommended that administrators choose the Heuristic2 decision strategy. This strategy has been found to be the most effective based on extensive testing. Note: Advanced administrators should proceed with caution when choosing a different strategy other than Heuristic2. Choosing the wrong strategy could result in false positives and a lower spam capture rate. To help reduce administrative effort, an Anti-Spam calculator tool has been created that allows users to evaluate and test anti-spam strategies before implementing them. Managing Your Intercept Solution After the Intercept Anti-Spam engine is initially configured, it is important that the solution is managed to ensure optimum spam capture rates and minimal false positives. Set up Trust relationships For proper spam detection, eprism requires that a Trust relationship be set up for each mail server in the organization. Trusted mail is considered to be any mail from a private, trusted mail source and is not checked for spam. Untrusted mail is considered to be any unknown mail source and is always checked for spam. Create a Pattern Based Message Filter (via Mail Delivery Content Management Pattern Filters on the menu) as follows, where 172.16.43.25 is the IP address of the organization's mail server: 6

User Feedback Use the following suggested feedback mechanisms and the diagnostics tools included with eprism to maximize the spam capture rate and minimize false positives. Do not be overzealous in the attempt to fight spam. Use the suggested default configuration for the Intercept engine, then adjust the filters accordingly as feedback is received. Report false positives The administrator should create a feedback account (such as notspam@example.com) to which end users forward messages incorrectly marked as spam (false positives). This allows the administrator to determine why a message was marked incorrectly and whitelist the sender or adjust the filters as required. Report missed spam The administrator should create a feedback e-mail address (such as spam@example.com) to which end users forward spam messages that were missed and not marked by the Intercept engine. This allows the administrator to determine why the message was missed and blacklist the sender or adjust the filters as required. Last Document Revision: January 23, 2006 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information