Recommended SPAM Settings For Smartermail Administrators


#1

Below are some recommendations for the various spam settings SmarterMail has to offer from the SmarterTools team themselves. Please keep in mind that these are only suggestions. Administrators can, and should, keep an eye on these settings and adjust them as necessary to concoct a viable antispam solution for their end users. These settings are generic and designed as a point of reference for an average mail server instance. As spam methods become more sophisticated, administrators will need to be ready to implement more thorough rules for the domain users.

Follow these steps to review your spam settings:

  1. Log into SmarterMail as a System Administrator.

  2. Once you have successfully logged in, select the ‘Settings’ gear icon.

    SmarterMail_Bindings_Settings_Icon

  3. Now, select the ‘Antispam’ category option.

    Smartmail_Antispam_category

SPAM CHECKS

In the Spam Checks, RBL Lists and URIBL Lists sections, you can enable individual spam checks for email spool filtering and incoming/outgoing SMTP blocking. (Checks that are not available for incoming or outgoing SMTP blocking are denoted with ‘N/A’. More information in the SMTP Blocking section.) Each spam check comes with unique spams weights, which can be adjusted as desired.

Determining the weight values of each spam check depends on how accurately you believe that check identifies spam messages. If you’re confident that it accurately identifies spam and has very few false positives, you would give its weight a higher value. If you are less confident in a spam check’s accuracy, assign it a lower value. By configuring your spam checks this way, those that you have less confidence in will not cause a message to be marked as spam on its own. However, if multiple checks that you have lower confidence in all consider a message to be spam, their combined weights would likely cause the messages to be marked as spam. Find our recommended spam weight values below:

Cyren Premium Antispam
(Leave disabled if you do not have the Cyren add-on)
Low Probability of Spam weight = 10
Medium Probability of Spam weight = 20
High Probability of Spam weight = 30

Message Sniffer
(Leave disabled if you do not have the Message Sniffer add-on)
Confirmed Weight = 30
None Weight = 0

Remote SpamAssassin
SpamAssassin itself is a powerful, third-party open source mail filter used to identify spam that can be easily used alongside, or in place of, SmarterMail’s spam settings. It utilizes a wide array of tools to identify and report spam.

DKIM
(DKIM is the primary mechanism for signing messages which proves to the receiving user that the message was not altered during transit and was sent from the signing domain. Not all valid messages are signed however so no spam weight should be given for no signature.)
Pass Weight = -5
Fail Weight = 5
None Weight = 0

You can find additional information about DKIM here.

Bayesian Filter (Not recommended)
Weight = 10 (spam weight assigned to a message if it fails Bayesian filter test)
Max. Memory to allocate for filtering = 10MB
Message required for filter update = 500

Note: Bayesian filtering is essentially filtering messages based on content. The obvious downside to this is that a computer will not recognize a keyword with an understanding of the context of the message. Instead, it will look for a certain number of keywords and determine the message as spam due to frequency. While not inherently a bad method of filtering, it is responsible for the most false positives. To that end, we recommend leaving disabled or with a very low weight to avoid those false positives.

SPF
Pass weight = 0 (Sender’s IP is valid for sender’s domain)
Fail weight = 30 (Sender’s IP is not valid for sender’s domain)
Soft Fail weight = 10 (Sender’s IP is questionable for sender’s domain)
Neutral weight = 0 (No strong statement can be made for or against sender’s IP)
PermError weight = 0 (The SPF record could not be processed.)
None weight = 0 (SPF is not commonly adopted therefore, we suggest setting this to 0)

You can find additional information about SPF here

Reverse DNS
Weight = 10

RBL: SpamCop
Weight = 10

RBL: SpamHaus SBL
Weight = 10

RBL: SpamHaus XBL
Weight = 10

Additional RBLs can be added and weights applied.

FILTERING

On the Filtering card within the Options tab, you can adjust the global actions taken on emails that are considered to be spam, based on one of three probabilities determined by their spam weights: Low Probability, Medium Probability, and High Probability. If a weight is equal to or higher than a certain category, then it is assigned that probability of being spam and the corresponding action is taken. The defaults for Filtering are as follows:

  • Low Probability of Spam weight = 10
    Default Action: Prefix subject with text
    Text to Add: SPAM-LOW

  • Medium Probability of Spam weight = 20
    Default Action: Move to Junk E-Mail folder
    Text to Add: SPAM-MEDIUM

  • High Probability of Spam weight = 30
    Default Action: Move to Junk E-Mail folder
    Text to Add: SPAM-HIGH

Once, you are comfortable with your SPAM settings you may wish to change the default action on the High Probability to “Delete Message.”

SMTP BLOCKING

On the SMTP Blocking card within the Options tab, you can access the configuration options for SMTP Blocking. The idea behind SMTP blocking of incoming and outgoing email is to filter out spam messages before they are delivered. For example, imagine you have four spam checks enabled for Incoming SMTP Blocking and each of those spam checks have a weight of 10. If the Incoming Weight Threshold is set to 30, that means messages being received via SMTP will be rejected if they fail three or all four of the spam checks. (Because SMTP blocks are done at the IP level and not based on message content, some spam checks do not offer incoming or outgoing SMTP blocking.)

Choosing which spam checks are used for Incoming/Outgoing SMTP Blocking is done on the Spam Checks tab. In order to actually enable the blocking feature, enable the corresponding weight threshold on the SMTP Blocking card. When an email arrives or is attempted to be sent that exceeds the threshold value, the email will be blocked and never delivered.

In addition to SMTP Blocking, this section also contains settings for the Outgoing Quarantine and Greylisting. If Outgoing Quarantine is enabled, SmarterMail will quarantine any outbound blocked messages for the specified time period. (If set to ‘None,’ messages are immediately deleted from the spool.) The Greylisting Threshold allows you to add extra options for what items get greylisted. If you prefer that messages with a high potential for spam are delayed, you can set the threshold on the SMTP Blocking card. We recommend starting the threshold at 30 and decreasing to 20 if you’re confident in your spam checks.

GREYLISTING

On the Greylisting Options card within the Options tab, you can enable greylisting. Greylisting is a popular method of fighting spam as it temporarily rejects unrecognized incoming emails that are not sent by whitelisted or authenticated users, effectively saying, “Try again later.” Valid servers will retry the email a short time later, which would be permitted and delivered. Spammers, on the other hand, rarely retry on temporary failures, therefore reducing the amount of spam that customers receive. Find our recommended values below:

  • Block Period = 3 minutes
  • Pass Period = 360 minutes (6 hours)
  • Record Expiration = 36 days

When it comes to antispam administration, it’s important to keep in mind that spammers change their tactics often and each installation/setup is unique. What one person may consider the ideal spam configuration, others may find too restrictive. What works for one mail server, may not work for all. Discussing your configuration with other server administrators is a great way to get ideas flowing on what will work best for you. If you’ve still got more questions or want additional ideas on how to configure SmarterMail’s antispam, please consider posting in the Community or reviewing one of the many threads discussing antispam topics.

source: smartertools.com