15
settings will be optimized in regard to the catch rate. Clicking
Custom > Open configuration file
allows a user to edit
the spamcatcher.conf file. This option is recommended for advanced users only.
Before starting full operation, we recommend that you manually configure the lists of restricted and allowed IP
addresses. To do so:
1) Open the Advanced settings window and navigate to the section
Antispam protection > Mail server protection
.
2) Make sure to check the
Enable mail server antispam protection
field.
3) Click the
Setup...
button to set
Allowed, Ignored
and
Blocked IP addresses
lists.
The
Blocked IP addresses
tab contains the list of restricted IP addresses, i.e., if any non-ignored IP in
Received
headers
matches the address on this list, the message scores 100 and no other checks are made.
The
Allowed IP addresses
tab lists all IP addresses that are approved, i.e., if the first non-ignored IP in
Received
headers
matches any address on this list, the message scores 0 and no other checks are made.
The
Ignored IP addresses
tab lists addresses that should be ignored during
Real-time Blackhole List (RBL) checks
.
The list should include all internal IP addresses in the firewall not directly accessible from the Internet. Doing so
prevents unnecessary checks and helps to differentiate the external connecting IP addresses from the internal IP
addresses.
Greylisting
Greylisting is a method protecting users from spam using the following technique: Transport agent sends a
“temporarily reject”
SMTP return value (default is 451/4.7.1) for any email from a sender it does not recognize. A
legitimate server will attempt to redeliver the message. Spammers typically do not attempt to redeliver messages,
because they go through thousands of email addresses at a time and typically cannot spend extra time on resending.
When evaluating the message source, the method takes into account the configurations of the
Approved IP
addresses
list, the
Ignored IP addresses
list, the
Safe Senders
and
Allow IP
lists on the Exchange server and the
AntispamBypass settings for the recipient mailbox. Greylisting must be thoroughly configured, or else unwanted
operational flaws (e.g. delays in legitimate message deliveries etc.) may occur. These negative effects recede
continuously as this method fills the internal whitelist with trusted connections. If you are not familiar with this
method, or if you consider its negative side-effect unacceptable, we recommend that you disable the method in the
Advanced settings menu under
Antispam protection > Mail server protection > Microsoft Exchange Server >
Transport agent > Enable Greylisting.
We recommend disabling greylisting if you intend to test the product's basic functionalities and do not want to
configure the advanced features of the program.
NOTE:
Greylisting is an additional layer of antispam protection and does not have any effect on the spam evaluation
capabilities of the antispam module.
Antivirus protection setup
Quarantine
Depending on the type of cleaning mode you are using we recommend that you configure an action to be performed
on infected (not cleaned) messages. This option can be set in the
Advanced settings window > Antivirus and
antispyware > Mail server protection > Microsoft Exchange Server > Transport agent.
If the option to move messages into email quarantine is enabled, you need to configure the quarantine under the
section
Message quarantine
in the Advanced settings window.
Performance
If there are no other restrictions, our recommendation is to increase the number of ThreatSense scan engines
according to this formula:
number of scan engines = number of scan threads
and increase the number of VSAPI scanning
threads based on this formula:
number of scan threads = (number of physical CPUs * 2) + 1
in the Advanced settings
window under
Antivirus and antispyware > Performance
.
NOTE:
We recommend that you set the number of ThreatSense scan engines equal to the number of scan threads
used.
