46
You can take any of the following actions with spam messages:
Retain the message even if it is marked as spam
Send the message to the quarantine mailbox
Delete the message
If you want to include information about a message’s spam score in its header, enable the
Write spam score to
scanned messages
option.
The
Enable Greylisting
function activates a feature that protects users from spam using the following technique: The
transport agent will send a “temporarily reject” SMTP return value (default is 451/4.7.1) for any received email that is not
from a recognized sender. A legitimate server will try to resend the message after a delay. Spam servers will typically
not attempt to resend the message, as they usually go through thousands of email addresses and do not waste time
resending. Greylisting is an additional layer of antispam protection and does not have any effect on the spam
evaluation capabilities of the antispam module.
When evaluating the message source the method takes into account the configurations of the
Approved IP addresses
list, the
Ignored IP addresses
list, the
Safe Senders
and the
Allow IP
lists on the Exchange server and the
AntispamBypass settings for the recipient mailbox. Emails from these IP addresses/senders lists or emails delivered to
a mailbox that has the AntispamBypass option enabled will be bypassed by the greylisting detection method.
The
SMTP response for temporarily denied connections
field defines the SMTP temporary denial response sent to
the SMTP server if a message is refused.
Example of SMTP response message:
Primary response code
Complementary status
code
Description
451
4.7.1
Requested action aborted: local
error in processing
Warning:
Incorrect syntax in SMTP response codes may lead to malfunctioning of greylisting protection. As a result,
spam messages may be delivered to clients or messages may not be delivered at all.
Time limit for the initial connection denial (min.)
- when a message is delivered for the first time and temporarily
refused, this parameter defines the time period during which the message will always be refused (measured from the
first refusal). After the defined time period has elapsed, the message will be successfully received. The minimum value
you can enter is 1 minute.
Unverified connections expiration time (hours)
– this parameter defines the minimum time interval for which the
triplet data will be stored. A valid server must resend a desired message before this period expires. This value must be
greater than the value of
Time limit for the initial connection denial
.
Verified connections expiration time (days)
– the minimum number of days for which the triplet information is
stored, during which emails from a particular sender will be received without any delay. This value must be greater
than the value of
Unverified connections expiration time
.
NOTE:
You can also use system variables when defining the SMTP reject response.
4.4 FAQ
Q:
After installing EMSX with Antispam, emails stopped being delivered into mailboxes.
A:
If Greylisting is enabled, this is normal behavior. In the first hours of full operation emails may arrive with several
hours of delay. If the issue continues for a longer period, we recommend you turn off (or reconfigure) Greylisting.
Q:
When the VSAPI scans email attachments, does it also scan email message bodies?
A:
In Microsoft Exchange Server 2000 SP2 and later, the VSAPI scans email message bodies as well.
Q:
Why does message scanning continue after the VSAPI option has been disabled?
A:
Changes to VSAPI settings run asynchronously, meaning the modified VSAPI settings have to be called by the
Microsoft Exchange Server to go into effect. This cyclic process runs in intervals of approximately one minute. The
same applies to all other VSAPI settings.
