F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
60
•
Database updating proxy settings is also used for the spam detection engine proxy.
•
The spam detection engine connects to the following server:
o
Host: ct-cache%d.f-secure.com (%d can be digit from 1 to 9)
o
Port:
TCP/80
o
Protocol:
HTTP
•
The spam detection engine increases the memory consumption for SMTP and POP
services.
•
The Spam Detection Engine includes the detection name:
FSIGK/SPAM_CT/[Class]/[ThreatLevel]/RefID
Class:
0: Messages that are confirmed, without doubt, as coming from a trusted
source. This classification is very rarely used.
1:
No information is available for this value. Status could not be determined
at this time.
2:
Messages that are sent to slightly larger than the average distribution.
3: Spam messages that originate from sources, which are not confirmed
spammers.
4: Spam messages that originate from known spam sources (for example,
zombies).
ThreatLevel:
0: Threat for virus could not be determined at this time.
1:
Probable threat of virus in the message has been detected.
2: High likelihood of the message presenting a virus threat.
3: Confirmed that the message contains a virus.
RefID:
The RefID is a parameter that is returned by ctEngine with every message
classification. It contains a transaction tracing code that can help to track the
reason for the classification.
RBL
RBL
(spam_rbl)
These settings enable or disable the use of RBLs (Realtime Black Lists) for spam checking
and specify the RBL servers which are used when checking for spam. Specify the servers
separated by commas. Specify up to 199 characters.
E-mail is scanned by checking whether the source IP address (in the case of SMTP) and the
IP addresses in the Received headers are registered in an RBL server. Although the RBL
and SURBL servers are queried together, a delay of several hundred milliseconds occurs
while waiting for the server replies. If no reply is received within one second, the operation
times out and the e-mail is not identified as spam.
The maximum number of queries per e-mail is 32. Because three RBL servers are set by
default, the number of addresses from the Received headers that can be checked is 9 or 10
(for SMTP, as the source address is also checked) or 10 or 11 (in the case of POP).
Excluded addresses are not counted.
The detection name for RBL is "FSIGK/SPAM_RBL/(detected address)[(RBL server
name):(RBL reply address)]".
Detected address
: Address registered in the RBL server