CleanMail User Manual
Contents
1. Microsoft Excel is a registered trademark of Microsoft Corporation 56 Top Spam Hosts A list of mail hosts IP address and name that delivered a spam message in the last 24 hours or yesterday complete vvith message counts and sizes For all reports you can change the sort order by clicking the column headers After selecting a line in a report you can right click the line or press the Message button to choose from a menu of actions Open Message The message is opened using the application associated with eml With many versions of Windows the default application associated with this file type is Outlook Express This feature requires that a copy of the message is cached in a mail storage This action maybe unsafe to use with virus messages depending on the associated application Send Message A verbatim copy of the message is submitted to a recipient of your choice using a mail server of your choice You can use this to forward a blocked message to its original recipients This feature requires that a copy of the message is cached in a mail storage This action maybe unsafe to use with virus messages depending on the mail client used by the recipient View Message The contents of the message are displayed in an internal viewer window The display is plain ASCII text no attachments are unpacked and no HTML code is interpreted so it is safe to use this action with virus mes sages This feature requires that a copy of the m2. 4 13 3 CleanMail SpamAssasssin Options 4 13 3 1 Spam Mail Policy Options 4 13 3 2 Multiple SpamAssassin Filters 4 14 Spam Trap Setup 4 14 1 Usage 4 14 2 Multiple Spam Trap Filters 4 15 Mail Storage Setup 4 15 1 Storage Directory 4 15 2 Max No of Days 4 15 3 Max No of Messages 4 15 4 Max Cache Size Monitoring 5 1 Status 5 22 LOB see y ee bee 4 5 3 Report 5 4 Statistics 5 4 1 Statistics Graph 5 4 2 Statistics File Maintenance 6 1 SpamAssassin Maintenance 6 1 1 Training The Bayes Database 6 1 1 1 Learning Messages From Storage 6 1 1 2 Using sa learn in a command window 6 1 2 Database Expiry 6 2 Anti Virus Filter Maintenance 7 Reference 7 1 7 2 7 3 CleanMail Configuration File 7 1 1 General Structure 72 2 Value Types ee eerste R a te Ge AD arala es 7 1 3 Session Manager Settings 7 1 4 Port Settings 7 1 4 1 General Proxy Port Settings 7 1 4 2 Monitoring Port Settings 7 1 43 POP3 Connector Settings 7 1 4 4 POP3 Port Settings 7 1 4 5 SMTP Port Settings 7 1 5 Filter Settings 7 1 5 1 General Fil
3. Choose your desired settings on the rest of the Quick Start VVizard pages or just keep the defaults and modify these settings any time later At the end of the Quick Start Wizard start the CleanMail service Now you have to reroute mail incoming from the Internet to the CleanMail proxy server in most cases one of these options will be applicable Use NAT to reroute SMTP section2 4 1 in a firewalled network with NAT Use the DNS MX record section2 4 2 to reroute SMTP If CleanMail replaces your existing mail server at the same IP address port settings there is nothing you need to do in this step To check if CleanMail is up and running use your favorite web browser to load the CleanMail monitoring page http localhost 3086 index html You should also send yourself a couple of test mails from outside using e g some free mail service If you run into troubles see Troubleshooting the Installation for trou bleshooting tips 2 3 2 POP3 Filtering CleanMail supports tvvo methods for POP3 filtering you can set up a POP3 proxy to intercept all traffic betvveen your mail client and your ISP s POP3 server or you can set up a POP3 connector to fetch mail from the ISP in regular intervals forvvarding filtered mail to your SMTP mail server 2 3 2 1 POP3 Proxy Setup POP3 filtering with a transparent POP3 proxy is the only available CleanMail setup if you do not maintain your ovvn mail server POP3 filtering in
4. The mail body is scanned for typical spam mail content such as spam key words capitalized letters or invitations to buy or click something Queries to blacklist servers are used e g to see if a mail has been submitted from a known open mail relay Probability analysis of mails Bayes filtering Spam mails can be trained so that similar mails are more likely to be identified as spam in the future Analysis of the URLs a mail refers to Spammers want you to click on hy perlinks referring to their sites so a lookup in a database of known spam advertised sites has proven to be highly effective in identifying spam mails The result of all these tests is added up to form a spam score A message is con sidered spam if the score exceeds a configurable threshold You can modify the aggressiveness of the spam checker by modifying this threshold an aggressive set ting with a low threshold will find more spam mails at a higher risk of legitimate mails falsely identified as spam false positives In the typical configuration the subject of mail identified as spam is modified to flag it as spam mail and the message is quarantined within a SpamAssassin wrapper 49 to prevent accidental infection with dialers spyware trojans or viruses by viewing HTML content Now it is up to your mail server or client software to decide what to do You can delete spam mails or move spam mails to a spam folder or leave the decision what to do wit
5. e Line Break Error The message has a single carriage return or line feed character in the message or a line is too long These MIME violations are very common in spam messages but also sometimes present in legitimate messages e 8 bit character in header This MIME violation is very common and for this reason only reported in the log For severe MIME violations vve recommend deleting messages You can choose a different setting if desired The policy you apply has to be chosen with the MIME Error Policy setting The Line Break Policy setting controls the handling of wrong line breaks Mes sages with wrong line breaks are passed by default 4 7 Blacklist Filter Setup The Blacklist filter uses static address patterns to check the sender address fields of a message A blacklist filter is very time consuming to maintain and usually not very effective as spammers can easily fake a different sender address 41 4 7 1 Sender Address Patterns This is the list of sender addresses or address patterns to blacklist You can use the wildcard characters any character and any number of any character for example like in x6obnoxious site 4 7 2 Policy The policy you choose in this setting is applied when a sender matches one of the sender address patterns 4 8 Whitelist Filter Setup The Whitelist filter uses static address patterns to check the sender address fields of a message Mail from whitelisted addresses is
6. Restricts the number of simultaneous connections to receive mail delivery failure notifications non delivery reports from other mail hosts NDR Connection Limit 1 All mail from blacklisted mail hosts is rejected Enter a list of IP addresses and or host names Use blanks or newlines to separate the entries For convenience the wildcards and be used Host Blacklist 5 bl convenienc card m Figure 4 4 Traffic Limiting 4 4 6 1 NAT and Flooding Protection If you use a firewall with network address translation NAT CleanMail will no longer be able to see the real host address of the incoming connection instead all incoming connections are forwarded from the firewall The incoming host ad dresses in this case will be something like 10 x x x or 192 168 x x und you can t use IP addresses to block sending hosts 4 4 6 2 Host BlackList Hosts can be rejected either by host IP address the IP address of the MTA that connects to CleanMail or by the name the MTA supplies with the SMTP HELO EHLO command All mail from a host matching an entry on the blacklist will be rejected with a permanent error response Mail from hosts that call themselves friendor localhost rarely come up with legitimate mail so it might be a good idea to put those on the blacklist To find more host names and IP addresses to put on the list statistics of mails received and what host names were used by the sender can be fou
7. A spam trap learns all messages sent to a honeypot address as spam This automat ically updates the Bayes DB of SpamAssassin with the latest spam available 4 14 1 Usage To use this filter create a new account such as software yourdomain com With this address do all the things you shouldn t do Put it somewhere on your web site for a spam bot to pick up post into newsgroups with this address as your mail address use it on every web site that takes registrations etc Enter this as a spam trap address for the spam trap filter you do not need to con figure this account on your mail server it is not necessary that this account exists After some time you should get lots of spam mail to this address CAUTION Never forward spam mail to the honeypot address for learning The act of forwarding modifies mails in unexpected ways to learn a forwarded mail will be useless or even counter productive 4 14 2 Multiple Spam Trap Filters As with the SpamAssassin filter you can configure the rule set path for the spam trap filter as soon as you are using multiple SpamAssassin filters The rule set path decides which Bayes DB will be trained by the spam trap 52 4 15 Mail Storage Setup The mail storage filter can be used to archive mails on the file system of your server The mail files em1 are stored in MIME Format RFC 822 and be viewed with the majority of mail client software In addition to the mail file message t
8. Anti Virus Anti Spam Anti Phishing La 0 gt b 0 Y 0 2 45 byteplant CleanMail Server Version 4 0 Manual Byteplant GmbH August 18 2009 Contents 1 Introduction 1 1 SMTP Proxy Filtering 1 2 POP3 Proxy Filtering and POP3 Connectors 1 3 Overview 2 Installation 2 1 System Requirements 2 2 Recommended Network Configurations 2 3 2 4 2 5 2 6 2 7 2 8 Quick Start Installation 2 3 1 SMTP Filtering 2 3 1 1 CleanMail runs on the Mail Server 2 3 1 2 CleanMail runs on a separate server 2 3 2 POP3 Filtering 2 3 2 1 POP3 Proxy Setup 2 3 2 2 POP3 Connector Setup CleanMail Setup 2 4 1 Using NAT to Reroute SMTP 2 4 2 Changing the MX Record to Reroute SMTP Relaying and the Handling of Outgoing Mail Troubleshooting the CleanMail Installation 2 6 1 About Sockets Ports and Listeners 2 6 2 Testing the Basic Proxy Setup 2 6 3 CleanMail and Microsoft Exchange Registering CleanMail Uninstalling CleanMail YN 16 E E MEBBREERBEERRARARERBEEEBERBE 2 8 1 3 Concepts 3 1 Proxy Ports Using CleanMail Uninstall 2 8 2 Using The Microsoft Windows Control Panel 3 2 POP3 Connectors 3 3 Filter Pipeline 4 Configuration 4 1 4
9. NAT port forwarding IP forwarding This allows incoming connections to a specific port number to be routed to some other IP address and port on your internal network and behind the firewall If CleanMail uses IP address and port settings different from the mail server IP address and port settings you used before you have to change the NAT settings of your firewall or router to forward all SMTP requests to the incoming SMTP port the CleanMail service is listening on It is beyond the scope of this document to instruct you how to configure your firewall or router to do these things 2 4 2 Changing the MX Record to Reroute SMTP MX EMail eXchanger records in DNS tell other mail servers where to forward mail for a domain The primary MX record for your domain will be set to your ex isting email server This setting has to be changed to the server you run CleanMail on Note Don t set any secondary MX records to show your existing mail server Many spammers send to the secondary MX because they assume the secondary servers are less well protected which is unfortunately true in many installations 18 The best idea is to make the IP of your mail server completely invisible to the open Internet The new DNS setting will take up to 48 hours to propagate throughout the entire Internet 2 5 Relaying and the Handling of Outgoing Mail The forwarding of mail to a domain other than your own is called relaying If your mail client conne
10. Set the text added to the subject of mails considered spam This setting allows US ASCII non control characters only character codes 32 127 4 6 Attachment Filter Setup Most worms and viruses are spread by attachments Getting rid of messages con taining potentially malicious attachments before even starting virus checkers or spam filters can be very helpful to reduce system load 4 6 1 Attachment Filtering Options CleanMail s built in attachment blocker allows you to specify a list of attachments that you want to accept or the other way round you can specify a list of attach ments you do not want to accept The attachment filter is pre configured to reject all attachment types known as potential virus vectors The configuration page allows you to enter attachment types in three input fields Settings in fields lower down override settings in the fields higher up You can use the wildcard characters any character and x any number of any character for example like in vbx CleanMail Attachment Filter Wizard Attachment Filtering Configure the attachment types you want to filter Configure the attachment types you want to filter You can use the wildcard characters 7 any character and any number of any character for example like in vb Pass List pass attachments of this type Block List remove attachments of this type Delete List delete messages with attachments of this type b
11. command line filter MaxFilterSize numeric Spam and virus messages are usually small To con serve system resources and increase throughput it is recommended to skip filtering mails exceeding a certain size given in Byte Allowable values are in the range of 1024 1kB to 1048576000 1000MB Defaults to empty in plain command line filters but this default is overridden in other filters based on the command line filter MaxMemoryRequired numeric Specifies how much system RAM the filtering program needs This setting helps CleanMail to optimize resource alloca tion Allowable values are in the range of 1048576 1MB to 1048576000 1000MB Defaults to empty in plain command line filters but this default is overridden in other filters based on the command line filter UseDOSPathNames boolean Set to true if the filter is a DOS program that re quires DOS 8 3 file names on the commandline This setting has no effect under operating systems other than Windows Commandline filters may contain multiple return code sections 7 1 5 7 Return Code Settings Return codes are defined in ReturnCode sections Filters CommandLineConfig ReturnCodes ReturnCode Code numeric The program exit code Allowable values are in the range of 0 to 255 Policy string Sets the filter action to apply if the command line program returns the exit code defined in the Code setting Allowable values are accept deliver accept deliver junk reject
12. don t integrate the virus scanner in the POP3 filter pipeline Otherwise you might end up checking your mails twice Note also that in this case both CleanMail and your virus scanner may contend for the POP3 port of your machine Read Troubleshooting section 2 6 for more information 4 13 SpamAssassin Filter Setup The SpamAssassin filter setup dialog is available in two modes normal and ad vanced Advanced mode is based on the External Filter Setup section 4 11 dialog 48 This section discusses normal mode setup The SpamAssassin filter setup dialog allovvs you to configure tvvo aspects of Spa mAssassin filters e A plugin part that controls to what messages the filter is applied and what is done with a mail once it is tagged as spam filter policy section4 5 3 The settings in this part are stored in the cleanmail cf file e Configuration of SpamAssassin itself The settings in this part are stored in the file loca1l cf in the SpamAssassin rule set directory It is important to remember this especially when you are planning to use multiple Spamassassin filters section4 13 3 2 in your configuration 4 13 1 How SpamAssassin Works SpamAssassin is a well known open source spam detection engine It uses the following techniques to identify spam e The mail headers are scanned for some small inconsistencies that can give away forgeries A mail date in the past or in the future forged message IDs and the like
13. the message vvill be delivered 77 A polite mail client will now issue a QUIT command and in reply the server will dismiss the SMTP session and disconnect QUIT 221 Bye Connection closed by foreign host 7 2 2 SMTP commands HELO hostname EHLO hostname Initiates an SMTP session MAIL FROM address Sets the envelope sender address RCPT TO address Defines the recipient address There can be multiple RCPT TO commands when a message is delivered to multiple recipients DATA Request start message transmission after sender and recipients have been specified QUIT End SMTP session RSET Reset session make the server forget sender and recipient addresses NOP No operation a null command where the server just replies OK 7 2 3 Server replies Server replies begin with a 3 digit reply code The first digit defines if the reply means OK or if an error is indicated by the server The first digit is always 2 3 A or 5 2xx The request was accepted and no error occurred 354 This is the only reply code starting with a 3 as the first digit and it is only issued by the server in reply to a DATA command The client is asked to go ahead with the mail transmission 4xx This reply indicates a temporary error The request could not be fulfilled at this time but it may be possible to fulfil the request at some later time The client should try again later 5xx This reply indicates a permanent error The r
14. 2 Batch Files You can also run batch files instead of running a program Depending on the Win dows version you are using it may be necessary to explicitly run a command line interpreter with your batch file as an argument Here is an example what this might look like for Windows XP cmd Q D C c dir batch bat IN OUT SERR To learn more about cmd type help cmd in a command prompt window 45 Test Filter Soo Input Output Received from byteplant com 1213 239 200 169 Received from localhost by User PC by localhost 127 0 0 1 with SpamAssassin version 3 2 4 with SMTP Wed 15 Sep 2004 15 31 22 0200 Sat 06 Dec 2008 14 08 30 0800 3 Subject Test spam mail GTUBE From Sender lt sender Bexample net gt Date Wed 15 Sep 2004 15 31 22 0200 _ To Recipient lt recipient example net gt From Sender lt sender example net gt E Subject SPAM 1003 4 Test spam mail GTUBE To Recipient lt recipient example net gt Date Wed 15 Sep 2004 15 31 22 0200 Content Type text plain charset us ascii Message Id lt GTUBEMessage Gbyteplant internal Content Transfer Encoding 7bit X Spam Flag YES Message ID lt GTUBEMessage Gbyteplant internal x X Spam Checker Version SpamAssassin 3 2 4 200 MIME Version 1 0 X Spam Level acres X Spam Status Yes score 1003 4 required 4 8 b This is the GTUEE the SPF_HELO_NEUTRAL autolearn no versi Generic MIME Version 1 0 Test for Content Type multipart
15. Session 0 550 unrouteable address Jul 03 2009 16 39 59 Session 0 DATA Jul 03 2009 16 39 59 Session 0 554 No valid recipients Jul 03 2009 16 40 00 Session 0 QUIT L Jul 03 2009 16 40 00 Session 0 221 byteplant com dosing connection Jul 03 2009 16 40 00 Session 0 Connection from 200 42 161 108 dosed 4 m Figure 5 2 Log Vievv To get a deeper understanding of SMTP and vvhat happens in the log especially if you enabled detailed logging please refer to RFC 2821 For a POP3 specification refer to RFC 1939 5 3 Report For every mail received or refected a line is added in CleanMail s mail log file CleanMail mail csv The mail log file is a list of comma separated val ues and thus can be easily read and processed by spread sheet softvvare such as Microsoft Excel A choice of reports based on this data can be viewed on the report tab of the CleanMail admin application Journal All messages handled in the past few days The length of the backlog is limited and depends on mail traffic Top Recipients A list of people that received mail in the last 24 hours or yesterday complete with message counts and sizes Top Senders A list of senders that mailed to accounts in your domain in the last 24 hours or yesterday complete with message counts and sizes Top Hosts A list of mail hosts IP address and name that delivered mail in the last 24 hours or yesterday complete with message counts and sizes
16. We will also try to help you with the Trial version of CleanMail if we can Contact us for information regarding other support options by email to sales byteplant com For the latest version always check the CleanMail download page Byteplant offers consulting and the development of custom software Please in quire by email to sales byteplant com 8 4 Copyright CleanMail is copyright Oby Byteplant GmbH Byteplant GmbH Heilsbronner Strasse 4 D 91564 Neuendettelsau Germany E Mail contact byteplant com Company Homepage http www byteplant com 8 5 License and Usage Terms END USER LICENSE AGREEMENT FOR CLEANMAIL This End User Li cense Agreement EULA is a legal agreement between you either an individual or a single entity and byteplant GmbH If you do not agree to the terms of this EULA do not install copy or use CleanMail SOFTWARE PRODUCT LICENSE CleanMail is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties CleanMail is licensed not sold LICENSE USAGE TERMS Freeware Edition The Freeware Edition of CleanMail may be used freely without purchase of a license for personal and non commercial use only It is limited to scanning mail for up to 10 email addresses It is expressly 82 forbidden to install CleanMail for commercial use instead a commercial license must be purchased Trial Edition The Trial Version of CleanMail may be
17. Wizard icon into the quick launch bar e Windows Firewall Setup check this to create Windows Firewall exceptions that allow mail transfers to pass through CleanMail not for all versions of Windows Click on the Next button to continue CleanMail will now install the program files and options If there were no problems during installation you will see the Finish screen From here you can launch the CleanMail Administration Application If 17 13 Setup CleanMail Server fo o Es Select Additional Tasks bi Which additional tasks should be performed E Select the additional tasks you would like Setup to perform while installing Clean Mail Server then click Next Optimize spam filtering results instal addtional rulesets Additional icons Y Create a desktop icon for CleanMail Admin V Create a Quick Launch icon for CleanMail Admin Windows Firewall Setup V Allow connections to CleanMail s SMTP POP3 ports recommended mr an Cancel Figure 2 2 Installation Options you don t want to launch CleanMail un check the corresponding checkbox Alter natively you can just start the CleanMail service Click the Finish button when done 2 4 1 Using NAT to Reroute SMTP Firewalls or routers that implement firewall functionality do generally not allow inbound connections from the Internet unless they are specifically instructed to do so by a mechanism called network address translation
18. accepted and bypasses all filters but the attachment filter and anti virus filter You can configure those filters to pass whitelisted messages as well 4 8 1 Sender Address Patterns This is the list of sender addresses or address patterns to whitelist You can use the wildcard characters any character and any number of any character for example like in byteplant com Important For security reasons anti virus filters and the attachment blocker by default ignore whitelisting You can change this behaviour by removing the check mark from the Ignore Whitelist setting in these filters 4 9 Delay Filter Setup The concept of a delay filter was born out of the observation that most spammers and bulk mailers are an impatient lot they do not wait for even a short period of time to see if a message will be accepted by a mail server at all So the delay filter is a very simple filter the mail transaction is frozen for a short time period while further processing which may be rather costly both in terms of memory and CPU usage is delayed If the mail client disconnects during this time period the message is simply discarded Even short delays of 20 to 30 seconds are usually sufficient to get rid of about a third of all spam messages The delay filter is best placed directly in front of costly filters such as the SpamAs sassin filter and after low cost filters such as the attachment filter 42 4 9 1 Delay The de
19. all admin mail messages from CleanMail e Complete the Wizard by clicking Next and then Finish The CleanMail VVindovvs service vvill be restarted automatically to put your configuration changes into effect e IMPORTANT Re configure your firewall router to redirect incoming SMTP traffic to port 26 CleanMail s incoming port number 2 3 1 2 CleanMail runs on a separate server Installing on a separate server has many advantages especially for sites vvith heavy mail traffic After installing CleanMail you have to reroute incoming SMTP traffic to the CleanMail server e Depending on which one of the three configurations outlined above tion 2 2 you use novv is the time to change the netvvork settings of your mail server softvvare if needed or to change the netvvork settings of VVin dows to assign an additional IP address to this server e Launch the CleanMail Admin application and choose SMTP Transparent Proxy in the Choose Configuration Type dialog that appears e In the Quick Start Wizard set the Incoming IP address and port to where CleanMail should be waiting for SMTP connections Enter the IP address and port number of your e mail server as the outgoing server settings 14 e On the relay settings page to be on the safe side enter the name of your domains and do not forget to add at the beginning e g x yourdomain com to make CleanMail accept only recipient addresses that belong to your domain
20. care because picking the right zones affects the RBL filter s effec tiveness When in doubt stick with the default setting 4 10 2 Policy If a relay host is listed on one of the configured DNS blacklists the mail is blocked using this policy 43 4 10 3 Relay Check Option All relays forvvarding a mail message prepend a new received header field to the mail header with information about the servers involved host name and IP the protocols used and a time stamp The header lines are parsed by the RBL filter to find the IP addresses to check against the DNS blacklists defined in the Zone List setting The last received header at the top of the message header marks the transfer to the server han dling final delivery and the first received header contains information about when a message was first submitted for transmission to an SMTP server Between these entries there can be any number of relays forwarding the message The first and last received headers can be the same when a message was directly submitted to your server The Relay Check Option defines which received headers relays are checked by the filter If DNS blacklists contain the IP addresses used by dial up services you can reduce the risk of false positives by skipping the DNSBL check for the first received header created when a dial up sender submits his message to the first SMTP server Note that the last received header final delivery will always be checke
21. charac ter to define address patterns Multiple address patterns can be separated by blanks If empty the filter is enabled for all recipients Address patterns that pass this test are then checked against the patterns in the AddressListEx setting below Defaults to empty Note This setting is ignored for filters configured for POP3 ports AddressListEx string Sets the recipients where the filter is disabled You can use the wildcard characters 2 any character and x any number of any charac ter to define address patterns Multiple address patterns can be separated by blanks If empty the filter is enabled for all recipients Defaults to empty Note This setting is ignored for filters configured for POP3 ports AddressListSameAsPrevious boolean If this is set to true the CleanMail admin application copies the address list of the previous filter to this filter Ignored by the CleanMail service Defaults to true for every filter but the first ID string Unique short filter identifier used internally A unique ID is automati cally generated by default Allowable identifiers are not empty and have up to 7 characters IgnoreWhitelist boolean If true the filter is always applied even to whitelisted messages Defaults to false for most filters with the exception of attach ment filters and anti virus filters 70 Name string Filter name used in statistics and log files Filter names should be unique A unique name is usu
22. click I accept to agree with this license Choose a folder where CleanMail should be installed The setup program will suggest a default location If you do not want to use the default location you can browse for a specific directory in the provided input field placing CleanMail in a location other than the default will not affect the operation of the program Unless your CleanMail directory already exists either the suggested default directory or one of your choosing the setup program will ask you if it can create that directory Click Yes If you want to change the location of the program click No This will keep you on the directory screen to choose another location The next step is to decide upon the name of the CleanMail program group name that you will see in the Start Menu CleanMail suggests a default but you can change that to whatever name you would like changing the name of the CleanMail program group will not affect the program operation in any way After you have decided upon a name click Next There are some optional CleanMail Setup tasks that you may choose to have done You can select these tasks by clicking on the appropriate check box Install additional ruleset Installs additional spam filtering rules not part of the SpamAssassin distribution Create a desktop icon put a shortcut for CleanMail Administration Wizard on your desktop e Create a quick launch icon put a CleanMail Administration
23. different port There is no need to modify your mail server s settings address and port settings Separate Server Configuration CleanMail runs on its own server CleanMail lis tens on port 25 and forwards SMTP to your existing mail server There is no need to modify your mail server s address and port settings There are some things you should consider before making a decision e Adding an IP address to a Windows machine is only a few mouse clicks away and IP addresses in the 192 168 x x or 10 x x x ranges are plentiful Make sure both your mail server and CleanMail are listening only on their own IP addresses and not on all IP addresses With some mail servers this setup this is required to correctly configure the relay settings CAVEAT In a two IP address setup Microsoft Exchange sometimes grabs the SMTP port on all interfaces even when it has been configured not to In these cases it is recommended to use different ports for CleanMail and Exchange to avoid conflicts If you keep the old IP address and port settings for your mail server you do not need to reconfigure the SMTP server settings of your users mail clients after all you don t want to check outgoing mail from your users for spam Avoid using the loopback interface 127 0 0 1 as outgoing server address because some mail servers consider all mails delivered from localhost 12 connections as trusted This makes it more difficult to configure the mail server
24. general is less versatile than SMTP filtering and as an additional dravvback users sometimes need to vvait for a long time until their mail is dovvnloaded and filtered for example when returning from a vacation e Download CleanMail e Install CleanMail using the setup program 15 Launch the CleanMail Admin application and choose Transparent Proxy in the Configuration Type dialog that appears The Quick Start Wizard will appear On the POP3 settings page follow the instructions to configure your mail client Step to the following pages and make adjustments according to your wishes Save the configuration by pressing the Finish button on the last page Now retrieve a couple of mails from your mail box if necessary send your self a couple of test mails If you run into troubles see Troubleshooting the Installation for troubleshooting tips In your mail client add mail filtering rules to automatically move spam mails to a separate mail folder or to automatically delete them Refer to the manual of your mail client for instructions on how to do this 2 3 2 2 POP3 Connector Setup POP3 filtering with a POP3 connector requires that you maintain your own SMTP mail server CleanMail fetches mail from your POP3 account regularly to forward it to your mail server after filtering Download CleanMail Install CleanMail using the setup program Launch the CleanMail Admin application and cho
25. greeting message 220 mail byteplant com ready The client then issues a greeting usually specifying his own name or IP address This is done by issuing a HELO hello or EHLO extended helo command like this HELO name After that the server s replies something like 250 OK After this the client first specifies the sender s email address and after that the recipient address by issuing MAIL FROM and RCPT TO commands MAIL FROM lt support byteplant com gt RCPT TO lt support byteplant com gt Each command should receive a server reply like this 250 OK Now it is time to start transmitting the message itself The client starts transmission of the message with a DATA command and again waits for the reply like this DATA 354 Start mail input end with lt CRLF gt lt CRLF gt The client now transmits the message beginning with the header fields and sepa rated by an empty line the message body The mail is terminated with a line that consists of one single dot character From god heaven To mortal earth Subject Test Message This is the body of the test messag Novv the server vvill reply something like this 250 Message scheduled for delivery You may have noticed that the addresses you used in the To and From header fields are complete bogus addresses that have nothing to do vvith the addresses you used in the SMTP commands earlier the so called envelope addresses Nonethe less
26. ico zs File View Proxy Setup Filter Setup Help Status Ljlog Report Statistics 22 Configuration A Maintenance TP Proxy wW lt all interfaces gt 25 gt 192 168 0 35 25 Add Fite Whitelist ES Pass messages from whitelisted sender without filtering 1 Attachment Filter le Removes dangerous attachments DNSBL Filter z Remove messages relayed by blacklisted host 2 Delay Filter 222 Delays message acknowledgement yA SpamAssassin Detects and tags spam messages POP3 Connector i pop3 isp com 110 192 168 0 35 25 Ad Eibar zal Whitelist i Pass messages from whitelisted sender without filtering NES ES S si B S si Y smc Figure 3 1 Example Filter Pipeline Each filter analyzes the message and returns a filter result telling CleanMail what to do with it Example filter results are accept and deliver or reject and delete The overall filtering result is always the worst result for example if the virus checker returns reject and delete it will override another filter returning accept and deliver The location of a filter in the filter pipeline matters To help conserve resources and to increase throughput filters lower down in the filter pipeline are not invoked if an earlier filter has already decided that a mail should be deleted For this reason the following guidelines should be applied when determining the order of filters in the pipeline
27. periods of time there are three possible reasons for this 54 CleanMail Admin Loja File View Proxy Setup Filter Setup Help Status Ljlog 7 Report vl Statistics 2 Configuration A Maintenance Server Info he1 deanmaild 4 0 1 1 Addresses Used Licensed 24 unlimited Active Sessions l System Load 6 37 30 AM 6 37 35 AM 6 37 40 AM 6 37 45 AM 48KBit s 4 48KBit s EE Incoming Traffic E Outgoing Traffic 32KBit s 32KBit s 16KBit s 16KBit s OKBit s OKBit s 6 37 30 AM 6 37 35 AM 6 37 40 AM 6 37 45 AM Figure 5 1 Status View e The memory usage limit is too small Within bounds it may help to in crease this limit This setting is configured with the global settings wizard section 1 1 e The server hardware might need upgrading Adding more memory usually helps too handle load peaks but increasing raw CPU power is best suited to get more mail processed See the description of the global settings wizard section 4 1 for more information e You are being flooded by a badly configured mail host usually with bogus delivery failure notices Activate traffic limiting section4 4 6 to counter this 5 2 Log This page is a live view of messages written to CleanMail s log file cleanmail 1log located in the installation directory The verbosity of the messages in this file can be modified using in the global set tings wizard section 4 1 To view the logfile
28. rejected RCPT TO addresses exceeds this limit the remote host is disconnected and blocked for 20 minutes This counter is reset whenever a RCPT TO command is successful Set to 10 by default Allowable values are in the range of 5 to 1000 OutgoingPort numeric Sets the port number of the SMTP service CleanMail connects to The default depends on the protocol involved Allowable values are in the range of 0 to 65535 OutgoingServer string Sets the IP address or host name of the SMTP service CleanMail connects to 69 RedirectRecipient string Sets the recipient address vvhere redirected mails are sent to reject redirect or accept redirect filter actions Defaults to postmaster RejectMessage string Sets the error string returned with the 550 error code when a message is rejected Defaults 10 Your message vas not delivered for policy reasons TLS boolean Enables or disables TLS negotiation between mail servers Mails transmitted using TLS are not scanned Disabling TLS makes sure that all mails received and forwarded by an unprotected relay or mails received from spammers supporting TLS are scanned Disabled by default The SMTP port section may contain multiple filter subsections see filter settings section7 1 5 7 1 5 Filter Settings 7 1 5 1 General Filter Settings AddressList string Sets the recipients where the filter is enabled You can use the wildcard characters any character and x any number of any
29. s relay settings correctly 2 3 Quick Start Installation When you start CleanMail for the first time the Quick Start wizard will guide you through the installation process The quickstart installation procedure covers the SMTP filtering setup in one of the recommended network configurations outlined above and POP3 filtering setup SMTP filtering is suitable when a maintain your own SMTP mail service whereas POP3 filtering is used when you fetch mail from your ISP using the POP3 protocol 2 3 1 SMTP Filtering With SMTP filtering the client is some other MTA mail transfer agent trying to send mail and the server is your mail server The MTA that connects to CleanMail can be either another mail server or a mail client CleanMail acts as a transparent proxy and you need to change your mail configuration to redirect inbound SMTP traffic through CleanMail 2 3 1 1 CleanMail runs on the Mail Server Running CleanMail on the same server as your mail server can be recommended for sites with only little mail traffic as mail filtering AV and spam filtering can cause heavy CPU and memory usage The following setup instructions assume that your mail server software listens on the default SMTP port 25 and that you are installing CleanMail on the same machine as your mail server After installing CleanMail you have to re configure your firewall router to redirect incoming SMTP traffic to CleanMail e Install CleanMail on the Mail Ser
30. than Outlook or Outlook Express This mail client can then be used to fetch the mails to learn by POP3 or IMAP A step by step example using Mozilla Thunderbird is described on this 6 1 2 Database Expiry As SpamAssassin continues to learn from spam and ham mails its Bayes database continues to grow SpamAssassin regularly checks if the database size exceeds certain limits 150 000 tokens or words about 10MB in database size Once the limit is reached old tokens words that were not encountered in mails for a long time are removed from the database This is called database expiry On slow systems it can happen that database expiry takes longer than the SMTP session timeout In this case the automatic database expire fails and you may need to expire the database manually SpamAssassin database maintenance is best done from the maintenance tab of the admin application This tab shows you some database statistics like the number of words tokens learned and the database file size By pressing the Expire Now button database expiry is started Be prepared that expiry usually takes several minutes to complete Note Check the directory where the database resides If you find bayes_toks expire files there this indicates expiry failures You may consider disabling automatic expiry as implemented by SpamAssassin add the following line to your local cf file bayes_auto_expire 0 Instead ei ther run database expiry regularly by ha
31. types where you want to delete the entire message if it contains a restricted attachment You can use the wildcard characters any character and x any number of any character to define attachment types Multiple attachment types can be separated by blanks If empty no messages are deleted The block list is the last attachment type list checked Defaults to a list of attachment types commonly used in virus messages DropListPolicy string Filter action applied to messages containing attach ment s of a blocked type Defaults to reject delete Allowable values are in order of precedence reject redirect accept redirect reject delete accept delete ErrorLineBreak boolean If this is set to true bad line breaks are treated like other MIME errors and handled as defined in the ErrorPolicy setting De faults to false 71 ErrorPolicy string Filter action applied to messages with unrecoverable MIME syntax violations This usually involves malformed attachment specifica tions or other techniques that could be exploited to bypass the attachment filter or virus checkers Defaults to accept deliver Allowable values are in order of precedence accept deliver reject redirect accept redirect reject delete accept delete PassList string Sets the attachment types you want to always accept You can use the wildcard characters any character and x any number of any char acter to define attachment types Mu
32. 0 or 250 recipient addresses Please in quire at sales 6 byteplant com for information about unlimited or site licenses as vvell as volume discounts You can explicitly specify a number of recipients for which spam checking is en abled Mail to recipients vvithin the list is checked up to the maximum count of different addresses Mail to recipients in excess of the maximum count is not checked Mail to recipients not matching an entry in this list is not counted and not checked Recipient addresses rejected by your mail server never count You can upgrade to a higher address count anytime by simply paying the price difference The number of virtual hosts domains is not restricted 8 2 Ordering CleanMail For the latest pricing information please visit our CleanMail is distributed online electronically and shipped on CD ROM if re quested Please visit our to place your order online Ordering online and paying by credit card is by far the fastest way to order Your license key is usually delivered in a matter of minutes 81 If you do not vvant to order online using your credit card vve offer a variety of alternative ordering methods Please visit our to find out more For high volume and multi server license packages of CleanMail Server please contact sales byteplant com for a price quote 8 3 Support A purchase of CleanMail includes maintenance and support for 12 months Please write to us at support byteplant com
33. 2 4 3 44 CleanMail Admin Mail Options Memory and Buffering Options POP3 Server and Port Settings Global Settings 4 1 1 41 2 Logging Options 4 1 3 4 1 3 1 Message Size Limit 4 1 3 2 Memory Usage POP3 Proxy Port Setup 4 2 1 4 2 2 Changing the Mail Account Settings POP3 Connector Setup 4 3 1 4 4 1 4 4 2 4 43 4 4 4 4 4 5 4 4 6 POP3 Server and Account Settings 4 3 2 POP3 Mailboxes and Forwarding Account 4 3 3 POP3 Connector Options SMTP Proxy Port Setup Incoming and Outgoing SMTP Settings Reject Options 4 4 2 1 4 4 2 2 Mail Reject Message Mail Redirect Address Relay Settings Directory Harvest Attack Protection Connection Limit Mail Flooding Protection 4 4 6 1 4 4 6 2 4 4 6 3 NAT and Flooding Protection Host BlackList Connection Count 4 4 6 4 NDR Connection Count 4 5 Mail Filter Setup 451 FilterName x ua sz sa Rod oe ob aw eed 4 5 2 Recipient Address Patterns 4 5 2 1 Enable Disable Address Pattern Settings 4 5 2 2 Same Address Settings As Previous 1453 Filter Res lis 2 224 2224 2 24544 yad a 4 5 4 Subject Tag 4 6 Attachment Filter S
34. 24 e Filters with the lowest resource usage and the highest selectiveness should go first For this reason the attachment filter should always be one of the first filters in the filter pipeline e Filters which use a lot of processing power and with low selectiveness should go last Most people won t delete spam mails without at least giving hu mans the chance to look them over For this reason the selectiveness of the SpamAssassin filter is low while it uses a lot of resources Therefore the SpamAssassin filter should be one of the last filters When configuring CleanMail with the Admin application every new filter will be automatically moved to the best position in the filter pipeline Afterwards you can still change the order of filters but only within limits You can also move filters as you please though we do not recommend it by editing the configuration file with a text editor see CleanMail Configuration File section 7 1 25 Chapter 4 Configuration Configuration of CleanMail is best done using CleanMail Admin The settings are organized in a set of configuration dialogs each covering some aspect of the configuration You can access these dialogs from the Proxy Setup and Filter Setup menus note that some of the dialogs are only available if you have a filter or a proxy port selected on the configuration page of the CleanMail Admin VVithin the configuration dialogs you can freely step forvvard and backvva
35. 5 CleanMail forwards commands and messages to the outgoing SMTP server your mail server Outgoing Server 192 168 0 35 Outgoing Port 25 rest Ga Figure 4 2 Incoming and Outgoing Server Setup 4 4 2 Reject Options 4 4 2 1 Mail Reject Message When configuring your mail filters you can choose to reject mail If a mail is rejected the sending mail transfer agent MTA notifies the sender that his mail could not be delivered You can configure a short response in CleanMail that the MTA that connects to CleanMail is supposed to pick up and return to the user In the case of a mail client this will be a popup window if it is another mail server it will be a delivery failure notice Note You can configure this in CleanMail reject message setting but the mes sage will always be created by the MTA that connects to CleanMail Don t enter very long or multi line responses our experience has shown that there are many MTAs about that only pick up the first or last line of such a response and drop the remainder 4 4 2 2 Mail Redirect Address When configuring your mail filters you can choose to reject mails and redirect them to another account The redirect address you enter MUST be a valid mail address on the outgoing mail server otherwise all redirected mail will be deleted Use the Test button to verify that the redirect address works 4 4 3 Relay Settings CleanMail operates as a transparent proxy To a
36. E PURCHASE PRICE LIMITATION OF LIABILITY NO LIABILITY FOR CONSEQUENTIAL DAM AGES To the maximum extent permitted by applicable law in no event shall byteplant GmbH or its suppliers be liable for any damages whatsoever includ ing without limitation damages for loss of business profit business interruption loss of business information or any other pecuniary loss arising out of the use of or inability to use this software product even if byteplant GmbH has been advised of the possibility of such damages LEGAL NOTICES CleanMail uses the spam filtering engine of the Apache Software Foundation open source project SpamAssassin TM SpamAssassin and Powered by SpamAssassin are trademarks of the Apache Softvvare Foundation The SpamAssassin TM open source project resides at http spamassassin apache org CleanMail uses the cairo http www cairographics org and wxWidgets http www wxwidgets org libraries 83
37. IncludeRecipientsList boolean If enabled sends daily a list of licensed recipi ents to the admin account Defaults to false MaxBufferSize numeric The maximum message size in Byte larger messages are rejected This is an important security feature if you set this too large users of your mail service can crash your server by submitting a very large message Allowable values are 10485760 10MB to 1048576000 1000MB the default is 20971520 20MB MaxLogFileDays numeric The log file is cycled after so many days Set to 1 by default daily log file cycling both unsetting this value or setting it to 0 disables this feature MaxLogFileSize numeric The log file is cycled once it is larger than the given size Allowable values are 1048576 1MB to 1048576000 1000MB the default is unset disabling this feature MaxMemoryUsage numeric A load factor determining cleanmail s memory us age The default value is 0 8 allowable values are in the range between 0 to 1 PreferEnableFilter boolean Determines cleanmail s filter behaviour if a mail is addressed to multiple recipients Defaults to true in this case a filter is applied if the filter is enabled for at least one recipient and not applied otherwise If set to false a filter is not applied if the filter is disabled for at least one recipient and applied otherwise StatisticsTimeFrame boolean Sets the number of days how long statistics data is kept Defa
38. Mail is the mail filter software that was designed from the beginning to make installation configuration and maintenance as simple as possible The CleanMail product family brings the power of the award winning open source spam filter SpamAssassin to the Windows environment The filter pipelining architecture makes CleanMail a flexible multi purpose mail processing tool It allows for an easy integration of additional filtering programs like virus filters into the SMTP POP3 checking pipeline These filter types are included in CleanMail Blacklist Whitelist Filter Blacklist and whitelists allow filtering based on the sender address of a message Delay Filter SMTP filtering only The delay filter has proven to be very effective against the bulk mailer software used by spammers DNSBL Filter The DNSBL filter also known as remote blacklist filter can get rid of spam messages at the cost of a few DNS lookups Attachment Filter The attachment filter can remove potentially malicious attach ments at very little processing cost SpamAssassin is a trademark of the Apache Software Foundation Windows is registered trademark of Microsoft Corporation Virus Filter CleanMail uses ClamVVin Clam Anti Virus to protect you from email borne viruses It also supports many third party virus scanners out of the box e g Computer Associates Anti Virus F Prot Anti Virus Kaspersky NOD232 just to name a few Virus mails are rejected and d
39. Set the return code policies accordingly VVhen testing a virus filter test it both against the sample virus mail and against the sample spam mail The virus mail must be blocked reject delete with the filter output empty while the spam mail must pass filter output the same as the input Important For security reasons anti virus filters and the attachment blocker by default ignore whitelisting You can change this behaviour by removing the check mark from the Ignore Whitelist setting Note 1 Integrating a virus checker in CleanMail requires that you install the virus checker software first If you have not installed the virus checker yet run the anti virus setup wizard again once you have installed the virus checker Note 2 If you want to use F Prot for DOS right click F PROT EXE in the Win dows Explorer to bring up the properties dialog and make sure the close window on terminate or similar property is checked Note 3 If you have a virus scanner vvith On Access scanning enabled it may interfere with the temporary files CleanMail creates for filtering in the temporary directory To get rid of the error messages that may occur in CleanMail s log file make sure you disable On Access scanning for the temporary directory used by CleanMail On startup CleanMail writes the location of the temporary directory used to the log file cleanmail log Note 4 If you enabled POP3 mail virus checking in your anti virus software
40. ally generated by default Allowable identifiers are not empty and up to 30 characters SubjectTag string If not empty the message subject is modified to indicate that a message is junk This setting allows US ASCII non control characters only character codes 32 127 The default setting is SPAM Note This setting has no effect for the SpamAssassin filter Change the local cf file instead see SpamAssassin documentation 7 1 5 2 Attachment Filter Settings Attachment filter settings are defined in an AttachmentConfig section Filters AttachmentConfig Attachment filters support the following additional configuration options BlockList string Sets the attachment types you want to block deliver the mes sage with the attachment s removed You can use the wildcard characters any character and x any number of any character to define attachment types Multiple attachment types can be separated by blanks If empty no at tachments are blocked The block list is the first attachment type list checked attachments that match a type pattern on this list are not checked against the drop list Defaults to a list of attachment types that may carry macro viruses BlockListPolicy string Filter action applied to messages containing attach ment s of a blocked type Defaults to reject deliver Allowable values are accept deliver reject deliver The attachment is always removed DropList string Sets the attachment
41. amAssassin Filter is the only filter that supports substitutions in the subject tag e g spam score 50 4 13 2 3 Tweaking The SpamAssassin Rule Set If you vvant to further customize SpamAssassin consult the SpamAssassin docu mentation files included with the installation files find it in the sa doc subdirec tory of the installation directory To customize the SpamAssassin rule set for example to modify the score for a particular rule you can do so by editing the corresponding configuration file using your favorite text editor See the document Mail SpamAssassin Conf htm for details Note 1 Configuration changes in files other than 1ocal cf are not backed up upon installation of an update If you want to keep your changes copy the files you changed and restore them after installation Note 2 To validate your changes use the lint option of SpamAssassin cd InstallationDirectory sa spamassassin x siteconfigpath salruleset lint 4 13 3 CleanMail SpamAssasssin Options 4 13 3 1 Spam Mail Poliey Options On the first page of the spam mail policy options you can choose vvhat happens vvith spam See Filter Result section4 5 3 for a list of different spam mail policies CleanMail SpamAssassin Filter Wizard Es Spam Mail Policy Options Choose what to do with spam mails Define what to do with spam mails If you choose to reject mail the sending mail transfer agent MTA notifies the sender that his mai
42. anMail MessageID header in the message you want to learn Using the MessagelD you can locate the em1 file in the mail storage directory To learn a message as spam from the command window use the following command line cd InstallationDirectory salsa learn siteconfigpath salruleset spam Path To forget or learn as ham use forget or ham instead of the spam op tion Learn a message folder Most mail clients are using the mbox mail folder format or have an export function to export a mail folder to an mbox file Collect the spam messages you want to learn in a mail folder and export this folder to an mbox file Then use the following commands in a command line window 61 cd InstallationDirectory sa sa learn siteconfigpath sa ruleset spam mbox Path For repeated use create a batch file with the commands above An example is provided in the installation directory of CleanMail If you are using Microsoft Outlook or Outlook Express you can t learn entire mail folders because there is no simple way to export to an mbox file There is not even a way to export a single message to a text file in RFC 822 format There are some tools around look for out 1ook2mbox or similar with your favorite Internet search engine but your mileage may vary However there is a way even if you are using Microsoft Exchange as mail server This requires the administrator to install one email client other
43. apter 5 CleanMail does not require maintenance but some of the filters employed by CleanMail do See Maintenance chapter 6 to find out about regular maintenance required by SpamAssassinTMand virus filters See the Reference chapter 7 chapter for details about the structure and content of the CleanMail configuration file See Licensing chapter 8 for ordering and license details There are additional resources available online Take a look at the FAQ list if you are running into problems You will also find some How to documents there You may also want to look in the CleanMail support forum CleanMail support can also be contacted by email to support byteplant com Chapter 2 Installation The installation section covers system requirements CleanMail installation and CleanMail uninstallation procedures It applies to any mail server software such as e Microsoft Exchange 5 5 2000 2003 2007 e Microsoft Small Business Server SBS Lotus Notes Domino Server e Mail 2 1 System Requirements CleanMail runs as a Windows Service requires Windows 2000 XP 2003 2008 Vista CPU and memory requirements depend on the desired e mail throughput Spam checkers and virus filters need a lot more system resources than simple E Mail delivery Apply the following rules of thumb when planning your system e Filtering messages requires more CPU performance than just receiving mes sages so the server running the filter should pe
44. are allowed all others are delayed with a temporary error response This way no non delivery report is lost while a single server can no longer flood your mail server with in most cases useless non delivery reports 4 5 Mail Filter Setup This section discusses filter settings common to all filters Please read Filter Pipeline section 3 3 for an intorduction to filter pipelines 4 5 1 Filter Name Filter names are used to identify individual filters in statistics charts and reports The name should be unique 36 If you do not have more than one filter of the same type there is usually no need to override the default name Therefore this setting is usually hidden It is only accessible once you have more than one filter of the same type in use 4 5 2 Recipient Address Patterns Filters are applied only to messages addressed to selected recipients You can but need not specify these recipients for each filter individually Note The address patterns apply to the envelope recipient address the recipient address used in the SMTP commands issued by the sending mail server The To field of the MIME message headers may shovv a different address 4 5 2 1 Enable Disable Address Pattern Settings There are two settings that control the recipient addresses where a filter is applied e Address Patterns To Enable Filter put all the addresses here were the filter should be applied If you leave this empty CleanMail applies this f
45. are three different possible ways to setup CleanMail as an SMTP proxy for your existing mail server Same Server Two IP Address Configuration CleanMail runs on the same server as your mail server software Use two IP addresses on the same ma chine one for CleanMail and one for your mail server You have to use one 11 of these IP addresses in your e mail server software as the incoming mail IP address The other IP address will be used by CleanMail You can use the default SMTP port number 25 in both cases Same Server Same IP Address Configuration CleanMail runs on the same server as your mail server software Use the same IP address for both Clean Mail and your mail server but use different ports There are two variations of this setup Set the incoming SMTP port of your e mail server software to a num ber other than 25 CleanMail Server listens instead of your mail server at your original SMTP address port Note that this approach will dis rupt e mail delivery while you are configuring Depending on the mail server software you use you may need to restart this software after changing the port or you may even need to restart the server machine to activate this setting Set the incoming SMTP port of CleanMail to a number other than 25 This requires a firewalled network where you can change your NAT settings network address translation sometimes also called port for warding or IP forwarding to redirect SMTP traffic to a
46. at chm cmd com cpl crt dil exe hip hta inf ins isp js jse Ink mdb msi msp nws ops ocx pcd pif prf reg rm rt sef ser sct shb shm shs shtm shtml url vb vbe vbs vbx vxd wsc wsf wsh List of attachment ty or more attachment Gana Figure 4 5 Attachment Filter Setup Here is an example Pass Attachment List zip bmp Block Attachment List x Delete Attachment List scr pif 40 This passes only zip and bmp attachments all else are blocked If a mail has a pif or scr attachment the attachment is not only blocked but the entire mail is deleted pif and scr are very common as virus vectors 4 6 2 Ignore Whitelist For security reasons anti virus filters and the attachment blocker by default ignore whitelisting You can change this behaviour by removing the check mark from the Ignore Whitelist setting 4 6 3 MIME Error Policy MIME violations can disrupt mail server operation and sometimes crash mail clients Also worm authors try to hide executable attachments with deliberate MIME syntax violations The attachment blocker is also capable of detecting MIME violations and you can choose which policy to apply for messages affected e General MIME syntax violation SEVERE Worm authors could try to hide executable attachments with deliberate MIME syntax violations e ASCII 0 character SEVERE The mail contains an ASCII 0 character This problem can disrupt mail server operation and sometimes crash mail clients
47. ate the message in the ournal Report of the admin ap plication Right clicking the message opens a menu that allovvs learning messages 60 Learn As Ham The message is learned as a ham message Learn As Spam The message is learned as a spam message Forget All database entries already learned from a message are deleted If you accidentally learn a spam message as ham or spam you can undo it this way Depending on how you configured the the mail storage filter a message file may have been deleted already when you try to learn it as either spam or ham To avoid this in the future change your mail storage settings to keep a longer backlog of older messages 6 1 1 2 Using sa learn in a command window Using sa learn directly allows learning multiple messages or entire mail folders at once and it gives you more flexibility to adapt your CleanMail installation to your environment The documentation of sa learn can be found in the sa doc subdirectory or Hovvever the official documentation has to be taken vvith a grain of salt as it hasn t been written with Windows as a target operating system in mind Most important Bevvare of blanks in pathnames Be sure to use double quotes if a path or file name contains blanks CAUTION Never learn forwarded spam mails The act of forwarding modi fies mails in unexpected ways to learn a forwarded mail will be useless or even counter productive Learn single messages Find the X Cle
48. canner you want to use is not on the list of supported scanners See the vendor s documentation about command line scanner usage instructions Vendor Name ClamWin Free Antivirus If the virus scanner was installed into another directory than the default modify the scanner executable setting accordingly Scanner Executable C Program Files ClamWin bin clamscan exe a Figure 4 8 Anti Virus Filter Setup To configure a virus filter CleanMail needs to know the vendor name You can set the scanner path in the Scanner Executable setting if you did not install your virus checker in its default location 47 If your virus scanner is not on the list of supported scanners choose Other on the first page of the setup dialog Consult the virus scanner s documentation to find out command line options and usage instructions For most filters the output of a filter is forvvarded to the next filter as its input This can t be applied to most virus checkers because virus checkers analyze a message only signalling yes this is a virus or no this is not a virus vvith different program exit codes For this reason virus filters are by default configured in a vvay that the input file is forvvarded to the output by leaving the use console output svvitch unchecked Normally you will want to delete a message if the return code of the filter indicates a virus has been found and deliver a message if not
49. che Size This sets the maximum disk space used by the cache Once the limit is exceeded the storage manager starts deleting old messages Leave this setting empty if you don t vvant to use this feature 53 Chapter 5 Monitoring You can monitor a local or remote CleanMail installation in different ways e Using a web browser you can access the monitoring page served by the CleanMail service when it is running http localhost 8086 index html By default this also works for remote hosts if you connect to CleanMail over a private network The CleanMail admin application likewise connects to the CleanMail ser vice using the default setting Localhost 8086 To connect to a re mote host chose a different connection setting in File Connection This also works over private networks only The monitoring facilities of the CleanMail Admin application are visible in four views Status section 5 1 Log section 5 2 Report section 5 3 and Statistics section 5 4 5 1 Status This page shows the CleanMail status The following live data is available The number of recipient addresses in use and the number of recipient ad dresses licensed e CleanMail s resource usage If the bar is at 100 CleanMail is at the pre configured memory usage limit The number of currently active SMTP or POP3 sessions and a graph show ing the traffic on this port If the resource usage bar is at 100 for prolonged
50. cipient address while a message is submitted use this setting to block messages to invalid recipients You can use the wildcard characters any character and any number of any character Usually you will want to accept mail for recipients in your domains only like in Gbyteplant com Multiple address patterns can be separated by blanks Note Make sure that users always connect to your mail server directly when submitting outgoing mail for delivery Recipient Address Patterns Figure 4 3 Relay Settings Setup Page Run the Open Relay Test from the File menu to make sure your setup is not an open relay that can be abused by spammers Note 1 Be very careful when using this option since all recipients not listed here WILL NO LONGER RECEIVE ANY MAIL AT ALL A spelling error here may cut you off completely Note 2 With this setting in use your CleanMail server will not relay outbound mail of your users Consult Relaying and the Handling of Outgoing Mail for a discussion of this topic Note 3 Some mail servers have the vexing habit to accept mails to any recipient address in the local domain Undeliverable mails are silently forwarded to the postmaster If you can t find a way to turn this off you can use CleanMail s relay settings to achieve the same Enter all allowable mail addresses and aliases here and all other mail will be rejected outright by the CleanMail proxy 33 4 4 4 Directory Harvest Atta
51. ck Protection Directory harvest attacks are used by spammers to find valid mail addresses in your domain The attacker for example goes through a list of common first names and combines them vvith your domain name to issue SMTP RCPT TO commands like this RCPT TO joe yourdomain com If a your mail server accepts this address the spammer takes this as an indication that this address is valid CleanMail counts the number of failed RCPT TO commands in a SMTP session As soon as this counter exceeds a configurable limit the remote host is discon nected and blocked for another 20 minutes This counter is reset whenever a RCPT TO command is successful You can set the limit on this page of the SMTP proxy port setup vvizard The default setting is 10 Note If your server is behind a mail relay and not exposed to the Internet you should disable this setting leave it empty othervvise the relay might get blocked if it accepts messages for non existent users 4 4 5 Connection Limit You can impose an absolute limit of simultaneous connections on a port This limit might never be reached depending on system memory size and the memory usage limit you configured in the CleanMail s memory settings 4 4 6 Mail Flooding Protection CleanMail s traffic limiting options are also useful to protect yourself against the impact of mail flooding The most common kind of mail flooding are excessive amounts of non delivery reports This can
52. cts to a SMTP server to deliver mail this server is providing a relay service for you Usually the e mail server software is configured to offer relay services to users in the internal corporate network If you configure CleanMail to replace your existing mail server at the same IP address and port settings you should change the SMTP transport settings of the mail client software used Have the mail clients connect to your server directly The CleanMail server is meant to filter incoming emails from the Internet and not the mail of your trusted users So as a general rule avoid relaying outgoing mail through CleanMail Also make sure you exclude the IP of the CleanMail server from the list of hosts that your mail server software relays for otherwise you may get an open relay Run CleanMail s built in open relay test to verify your setup Note Some servers implicitly trust all mails from localhost or from its own IP address If this is the case run CleanMail on another server or use a different IP address for CleanMail see Recommended Configurations section 2 2 Caution If your setup is an open relay your mail service may end up in the open relay databases The majority of sites nowadays reject mail from known open relays 2 6 Troubleshooting the CleanMail Installation This section is intended to help you if you run into trouble during installation If this section does not help with your problem please consult the FAQ lis
53. d even when there is only one received header Allowable values are a11 all but first and last only The default settingis all but first 4 11 External Filter Setup The external filter is used to pass a mail through another program The SpamAs sassin filter and the anti virus filter both are based on external filters External filters can be used for many tasks such as archiving mails providing additional statistics or storing mails in an SQL database The CleanMail development team is ready to provide custom made filters designed to fit your specifications 4 11 1 Command Line The command line setting page is the core of external filter setup Here you can control which program to run with what arguments 4 11 1 1 Message Text Input and Output The message to check is passed to the standard input of a external program If a program does not modify a message virus checkers for example only analyze a message you can choose to ignore the output of a program in this case the 44 CleanMail SpamAssassin Filter Wizard es Command Line and Exit Codes Set the command line and the exit code policies for this filter The command line setting speciftes the filter executable and optional command line arguments You can use IN OUT and ERR as placeholders for input output and error files When the filter is executed these placeholders will be replaced with the real file names salspamassassin exe FLAGS x si
54. deliver reject redirect accept redirect reject delete accept delete 74 7 1 5 8 Mail Storage Settings Mail storage filter settings are defined in a CacheConfig section CacheDirectory string Specifies the directory where messages are stored De faults to empty If empty the filter vvill store files in the temporary directory MaxCacheDays numeric Sets the maximum number of days messages are kept in storage Values can be in the range of 1 to 31 days Defaults to unset MaxCacheFiles numeric Sets the number of messages to store in the cache di rectory Once the limit is reached for every new message stored the oldest message is deleted Allowable values depend on the file system used De faults to 1000 MaxCacheSize numeric Sets the maximum disk space used in KByte note that values are displayed as MByte in the admin application Allowable values are in the range of 102 400 100MB to to 10 485 760 10GB Defaults to unset 7 1 5 9 Antivirus Filter Settings Anti virus filter settings are defined in a AntiVirusConfig section In addition to the general filter settings and the command line filter settings the anti virus filter supports the following settings CommandLine string In difference to plain command line filters antivirus fil ters substitute the SSCANNERS placeholder with the executable defined in the scanner setting The default setting is operating system dependent and vend
55. dress Port Choose one of the IP addresses available Use lt all interfaces gt if you want the proxy to listen on all interfaces This setting will make CleanMail listen on all IP addresses including the loopback interface 127 0 0 1 Usually the port number will be the SMTP port number 25 Outgoing IP Address Port Set the server and port number to which CleanMail forwards all incoming SMTP requests here The Test button can be used to test if the server and port settings do in fact point to a live mail server It sends a test message to the postmaster account on this server RFC 2821 specifically requires that mail to the postmaster account must always be accepted so if this test fails you can be fairly sure there is no mail server listening at the server port settings you have chosen If you re sure that your outgoing server settings are OK check if your mail server is up and running with the correct configuration settings 31 CleanMail SMTP Port VVizard Ed Server and Port Settings Set the server names and port numbers In this step you have to specify the interface and port number where CleanMail will listen for incoming SMTP connections and the address and port where your mail server the outgoing server is listening Choose call interfaces gt if you want CleanMail to listen on all interfaces The default SMTP port number is 25 Incoming IP lt all interfaces gt xi Incoming Port 2
56. e the argument is the number of the message to be fetched RETR 1 OK 344 octets Received from 127 0 0 1 From god heaven To mortal earth 79 Subject Test Message This is the body of the test messag Fetching a message vvith the RETR command does not delete this message it still remains in the mailbox For deleting a message the DELE command is used DELE 1 FOK message 1 deleted Hovvever POP3 servers do not actually delete messages until the session has been closed Interrupting a POP3 session for this reason may cause messages to be transmitted to the POP3 clients multiple times So in order to make deleting the message permanent the session has to be closed using the QUTT command QUIT OK Bye Connection closed by foreign host 7 3 2 POP3 commands USER Specify a mailbox or user name PASS The password for the mailbox LIST Lists messages in the mailbox RETR Fetch a particlar mail from the mailbox DELE Mark a message for deletion QUIT End POP3 session delete messages marked for deletion 7 3 3 Server replies POP3 server replies begin with a OK if no error occurred or with ERR in case of an error 80 Chapter 8 Licensing and Contact Information 8 1 License Information Licenses are restricted by the number of recipient addresses a 250 recipients li cense vvill enable you to check the mail of up to 250 different recipient addresses There are licenses on sale for 25 50 10
57. e POP3 protocol CleanMail can either act as a transparent proxy filtering messages retrieved by your mail client from your nternet service provider s POP3 server or it can fetch mail on its ovvn and forvvard the retrieved and filtered messages to an SMTP mail server All messages have already been accepted and acknowledged by your ISP s mail server so CleanMail is unable to reject the messages received For this reason there can be no feedback to the sender of a message if a message is classifed as spam and deleted CleanMail is designed to work with all known POP3 and SMTP servers and with all mail clients supporting the POP3 protocol This includes popular mail clients as MS Outlook Mozilla Thunderbird Eudora or The Bat Note that the APOP and IMAP protocols are not supported Mail retrieved using these protocols is not filtered by CleanMail 1 3 Overview Installation procedures and recommended netvvork configurations are covered in Installation chapter 2 This chapter also introduces the CleanMail application This application gives you access to all configuration options and lets you view the CleanMail filtering status and statistics To learn about the concepts implemented in CleanMail see Concepts chapter 3 Configuration of CleanMail is described in Configuration chapter 4 To find out what happens to your mail CleanMail offers a lot of useful monitoring features Learn about these capabilities in Monitoring ch
58. eleted by default SpamAssassin Filter SpamAssassin is the world leading open source spam filter Though it is one of the best spam filters around vvith a very good spam detection rate and only few false positives it processes mails only slowly and causes a rather high CPU load Spamtrap Filter SMTP filtering only This filter can be used together with Spa mAssassin to train the spam mail database Bayes database used by Spa mAssassin Mail Storage Use this filter to store verbatim copies of incoming messages some vvhere on your hard disk or on netvvork attached storage in a folder you can configure External Commandline Filter This is the svviss army knife of mail filtering You can supply your own home made filters and integrate them easily into the filtering pipeline of CleanMail 1 1 SMTP Proxy Filtering The best place to stop SPAM is at the mail server for tvvo reasons e Spam mails can be deleted outright before they enter your system This saves your money as you need less storage bandvvidth and less of your users time e If a legitimate email is identified as spam false positive the sender be notified that his message might not be read by the recipient CleanMail works as a transparent proxy designed to work with any SMTP server software such as IMail Lotus Domino MS Exchange or Novell Groupwise 1 2 POP3 Proxy Filtering and POP3 Connectors You can use CleanMail to filter mail fetched using th
59. equest could not be fulfilled and it is pointless to try again The mail client is supposed to inform the user about this error condition either by popping up a window to inform the client about the error or if the client in fact is another mail server by generating a mail delivery failure notice and sending it to the message s sender 78 7 3 POP3 command quick reference POP3 is readable by humans This section provides the necessary knovvledge to interpret the information given in cleanmail s logs if you enable detailed logging and understand vvhat happens during a POP3 mail retrieval session The complete specification of the POP3 protocol is given in the RFC 1939 document and avail able online http www 1etf org rfc rfc1939 txt 7 3 1 Example POP3 Session For testing purposes you can also retrieve mail by means of a text only terminal session e g using telnet to connect to the POP3 port of a POP3 server Once the connection has been opened the POP3 server issues a one line greeting Here s an example OK pop3 byteplant com ready Now is the time for the client to sign in issuing the USER and PASS commands USER test OK PASS fred OK The LIST command can now be used to get a listing of all messages stored in the mail box LIST OK 2 messages 1 344 2 857 In the example two messages are in the mailbox numbered 1 and 2 with lengths of 344 and 857 byte The RETR command now fetches the messag
60. er results for different filters counted separately for each proxy port The number of attachments blocked by the attachment blocker and the num ber of mails were MIME violations were detected only if attachment filter is used 59 Chapter 6 Maintenance CleanMail itself needs no maintenance but the mail filters such as SpamAssassin do 6 1 SpamAssassin Maintenance SpamAssassin requires regular maintenance of its Bayes database Some of this is done automatically but training the Bayes database learning false positives or false negatives is something that should be done regularly by the administrator Otherwise SpamAssassin filtering quality will be less than optimal or may even decline 6 1 1 Training The Bayes Database Some spam messages aren t detected by the static rule set of SpamAssassin false negatives and some are tagged as spam even when they aren t false positives Bayes training in short is about teaching SpamAssassin to do better for similar messages in the future The program to train the database is sa learn which is part of the SpamAssas sin distribution You can start sa learn from the admin application or manually from a command line vvindovv Note The results of the Bayes tests are ignored by SpamAssassin until at least 200 messages have been learned 6 1 1 1 Learning Messages From Storage If you configured a mail storage filter you can learn messages directly from mail storage Loc
61. essage is cached in a mail storage View Envelope Displays mail transmission data depending on the transmission protocol used This feature requires that a copy of the message is cached in a mail storage Transmission Log Searches the CleanMail log file to find the session that actu ally handled the selected message and displays all information about this session The transmission log may be unavailable if the log file has already been cycled To get the most from this feature enable detailed logging Copy To Clipboard Use this menu item to copy ie the message subject sender or the recipient to the clipboard Learn Use this menu item to train the SpamAssassin Bayes database section6 1 1 or to blacklist or whitelist a sender address If you use black list or whitelist filters be sure to check and optimize these filters regularly Bloated blacklists whitelists may degrade overall performance Bayes train ing requires that a copy of the message is cached in a mail storage blacklist ing or whitelisting works even when the message is not stored 57 5 4 Statistics CleanMail maintains a number of counters to collect statistics data such as raw SMTP network traffic mail counters and filter result counters CleanMail Admin tea File View Proxy Setup Filter Setup Help A Status Ljlog Report lil Statistics 2 Configuration A Maintenance Display Type Message Count 7 Time Range lt auto gt y Ref
62. etup 4 6 1 Attachment Filtering Options 4 6 2 Ignore Whitelist 4 6 3 MIME ErrorPoliey 4 7 Blacklist Filter Setup 4 7 1 Sender Address Patterns 472 Poll o a2 8S Be does ea a irl r Aa AR 4 8 Whitelist Filter Setup 4 8 1 Sender Address Patterns 4 9 Delay Filter Setup 491 Delay sa dios aie ed A a BOR ALI Bon a s 492 0000000077 4 10 RBL Filter Setup so snr sw sw a BETA 4 10 1 DNSBL ZoneList 20777 4 10 3 Relay Check Option 4 11 External Filter Setup 4 11 1 Command Line 4 11 1 1 Message Text Input and Output 4 11 1 2 BatchFiles 4 11 2 Advanced Settings A 11 2 1 Timed t 2 er oea ede e m 4 11 2 2 Ignore Whitelist 4 11 2 3 SkipSize 4 11 2 4 Memory Usage 4 11 3 Return Code Policy 4 12 Anti Virus Filter Setup 4 13 SpamAssassin Filter Setup 4 13 1 How SpamAssassin Works 4 13 2 SpamAssasssin Options 4 13 2 1 Required Score 4 13 2 2 Subject Tag 4 13 2 3 Tweaking The SpamAssassin Rule Set
63. h spam mails to your users 4 13 2 SpamAssasssin Options CleanMail SpamAssassin Filter Wizard E SpamAssassin Settings Set required hits and subject tag for spam mails Set the threshold score required for a mail to be considered spam Smaller scores are more aggressive more spam is removed but at the same time false positives are more likely Required Score 44 Set the text added to the subject of mails considered spam The keyword _SCORE_ will be substituted by the calculated spam score for the message will be replaced by the threshold value see above Do NOT use the character Subject Tag SPAM 5 lt Back Next gt cancel Figure 4 9 SpamAssassin Options Setup 4 13 2 1 Required Score SpamAssassin tests each incoming mail against its spam detection ruleset Each matching rule adds a predefined score to the overall spam score Set the threshold score required for a mail to be considered spam The default setting is 5 0 which is quite aggressive increase this value to reduce the probability of false positives 4 13 2 2 Subject Tag Set the text added to the subject of mails considered spam The keyword _SCORE_ will be substituted by the calculated spam score for the message _REOD_ will be replaced by the threshold value see above This setting allows US ASCII non control characters only character codes 32 127 Do NOT use the character Note The Sp
64. happen after a spammer or a virus has used one of your email addresses as From address After that you may get thousands of non delivery reports from all around the world within a short period of time Typically you will find a pattern only a few badly configured mail hosts are the source of these mails Mail servers try to deliver mail as fast as possible and so they open more than one connection to your mail server If a server has thousands of non delivery reports queued for you it can easily happen that this server alone is capable of pushing your server to its limit with spam filtering and anti virus checking for several hours 34 During this time your legitimate incoming mail traffic can be slowed down to a trickle Sometimes it might help to send the admin of these sites a mail to inform them of the errors of their ways they could have rejected the mail outright instead of accepting it and sending a non delivery report to the wrong person afterwards but this is rarely successful CleanMail provides the means to reduce the impact of this problem You can put the offending mail host on a reject list and or you can limit the number of simul taneous connections accepted from the same host CleanMail SMTP Port Wizard zsal Traffic Limiting 2 of 2 Configure traffic limiting based on info about the host submitting a message Restricts the number of simultaneous connections from a mail host Connection Limit
65. ilter found unwanted content Receipt of the mail is re jected The MTA that connects to CleanMail is supposed to notify the user see Mail Reject Message 4 4 2 1 for details The mail is redi rected to a quarantine account you can configure see Mail Redirect Address section4 4 2 2 If the Subject Tag setting is not empty CleanMail will flag the message as junk by modifying the subject 38 accept redirect The filter found unvvanted content The mail is accepted The mail is redirected to a quarantine account you can configure see Mai Redi rect Address section4 4 2 2 If the Subject Tag setting is not empty Clean Mail will flag the message as junk by modifying the subject reject delete The filter found unwanted content Receipt of the mail is rejected The MTA that connects to CleanMail is supposed to notify the user see Mail Reject Message section4 4 2 1 for details The mail is deleted accept delete The filter found unwanted content Receipt of the mail is acknowl edged but the mail is deleted The mail simply vanishes the sender is not notified and the recipient never sees it accept deliver whitelisted The sender address is whitelisted All filters except attachment blockers and anti virus filters are bypassed and the mail is ac cepted and delivered delete unexpected client disconnect The client disconnected without waiting for the mail server to acknowledge receipt of the message The
66. ilter to all addresses except those that are listed in the Address Patterns To Disable Filter setting e Address Patterns To Disable Filter put all the addresses here were the filter should not be applied This setting overrides the Address Patterns To Enable Filter setting You can use the wildcard characters any character and x any number of any character for example like in ebyteplant com Here are some examples Address Patterns To Enable Filter x or empty Address Patterns To Disable Filter admin yourdomain com The filter is applied to all recipients with the exception of one mail address admin yourdomain com Address Patterns To Enable Filter yourdomain com Address Patterns To Disable Filter empty The filter is only applied to x yourdomain com If a message is addressed to multiple recipients the message is filtered if filtering 1s enabled for at least one of the recipients 37 4 5 2 2 Same Address Settings As Previous If you do not vvant to specify the address settings for every filter separately leave this setting enabled for all filters Enter the address pattern settings only for the first filter of your filter pipeline All other filters then use the settings of the first filter If you add a new filter to a filter pipeline Same Address Settings As Previous Filter is checked by default 4 5 3 Filter Results All filter configurations have a setting that allows you to choose what happen
67. in size given in Byte Allowable values are in the range of 1024 1kB to 1048576000 1000MB Defaults to 262144 256kB 72 7 1 5 5 RBL Filter Settings RBL filter settings are defined in a DNSBLConfig section Filters DNSBLConfig The following additional configu ration options are supported ZoneList string List of DNSBL zones to query Multiple zones are separated by blanks Policy string Filter action applied to blocked messages Defaults to reject delete RelayCheck string Defines which received headers relays are checked by the filter If DNS blacklists contain dial up services you can reduce the risk of false positives by skipping the DNSBL check for the first received header created when a dial up sender submits his message to the first SMTP server Note that the last received header last relay will always be checked even when there is only one received header Allowable val ues are all all but first and last only The default setting is all but first Timeout numeric When the timeout is exceeded all DNS queries are cancelled and the message is forwarded to the next filter Result unknown Recom mended values are in the range of 15 30 seconds the default is 30 seconds 7 1 5 6 External Filter Settings These settings can be used with all filters based on this filter type External filters may also be used by themselves in this case the settings are defined in a Comman dLineConfig secti
68. l This vvay most of your mail server settings remain in effect even vvhile CleanMail intercepts unvvanted mail Usually CleanMail is a proxy service only for a single mail server Small ISPs may have more than one mail server and may vvant to filter mail for all these servers and domains CleanMail allovvs to configure an unlimited number of proxy ports each with its own incoming and outgoing server settings and each with its own filter pipeline An ISP can use this to configure each proxy separately and adapt it to the needs of each of his clients CleanMail features proxy ports for use vvith POP3 mail retrieval and for SMTP mail transfers 23 3 2 POP3 Connectors You can configure POP3 connectors in CleanMail A POP3 connector is a POP3 to SMTP protocol adapter It can be used to retrieve messages from a POP3 server and forward these messages after filtering to a mail account on your SMTP server The forwarding process implements a safe transaction scheme Only mails com pletely transmitted and accepted by the SMTP mail server are deleted from the POP3 mailbox Mails not forwarded 1e spam messsages 1f you choose to delete spam messages are just deleted and never enter your mail server 3 3 Filter Pipeline CleanMail feeds incoming mail to a series of mail filters the so called filter pipeline Examples of mail filters are the built in attachment blocker third party virus checkers or SpamAssassin CleanMail Admin
69. l could not be delivered If you choose to accept mail the sender will assume that his mail was delivered without problems accept deliver junk reject deliver accept delete reject delete accept redirect reject redirect 20 52 Gas Figure 4 10 Spam Filter Policy Setup The second page allows to set a Reject and Delete threshold Mails are deleted reject delete policy 1f the spam score is higher than this value regardless of the policy setting you entered on the previous page 51 4 13 3 2 Multiple SpamAssassin Filters If you are using multiple SpamAssassin filters by default all filters use the same SpamAssassin configuration settings stored in the local cf file of your default rule set directory the sa ruleset subdirectory of your installation If you intend to use different SpamAssassin configurations for your SpamAssassin filters copy the sa ruleset directory to a different directory and update the fil ter settings of the SpamAssassin filter that uses this directory accordingly a special setup page to enter the directory becomes visible in the SpamAssassin filter setup wizard as soon as you add a second SpamAssassin filter to your configuration Note that CleanMail s installer only updates the default SpamAssassin rule set never any additional rule sets You may need to update additional rule set directo ries add remove update configuration files other than local cf manually 4 14 Spam Trap Setup
70. lay in seconds After the delay time has elapsed the SMTP session is thavved and message processing continues Make sure that overall processing of messages the total time it takes for a message to pass all filters does not exceed about one or tvvo minutes on average because even legitimate senders may disconnect if the processing takes too long more than about 5minutes Hovvever legitimate senders vvill retry to transmit the message later so no mail will be lost 4 9 2 Skip Size While an SMTP session is frozen the message is held on the server Occupying the server s resources by holding large messages during the delay time is not necessary as large messages usually are legitimate messages So to conserve system resources and increase throughput it is recommended to skip delaying mails exceeding a certain size 4 10 RBL Filter Setup DNS blacklists are Internet resources maintaining databases of known spam relay hosts Mail servers can query these databases in an efficient manner using the DNS domain name service protocol The RBL filter rejects all mail that has been relayed by a blacklisted host The RBL filter is highly efficient and typically capable of getting rid of half the spam messages at a low resource usage 4 10 1 DNSBL Zone List This setting defines the DNSBL blacklists to query If a relay host is listed in one of these zones the message is blocked using the filter policy you can define below Choose with
71. lse but CleanMail values in the range of 80 100 are best Use a value of 40 80 if CleanMail shares the server hardware with other software e If you find that CleanMail operates close to its memory limit over lengthy periods of time while at the same time CPU load is comparatively low in crease this setting If you are already at 100 memory usage upgrade your hardware with more system RAM e If you are being flooded by non delivery messages or other unwanted traffic activate selective traffic limiting to reduce the load The SMTP proxy port setting wizard gives you a number of effective options If you find during normal operation that the server s CPU load is at 100 over extended periods of time caused by multiple instances of SpamAssas sin or other filters you should consider to decrease this limit to make the system more responsive to other tasks Also faster hardware might be an option Always provide enough system RAM As a rule of thumb the maximum number of simultaneous connections will be the available RAM memory divided by 25MB 28 4 2 POP3 Proxy Port Setup The POP3 Proxy Port Setup dialog is invoked vvhenever you edit or add a POP3 proxy port 4 2 1 POP3 Server and Port Settings This page allovvs to set the basic connectivity settings of the proxy port you are configuring Incoming IP Address Port Choose one of the IP addresses available Use lt all interfaces gt if you want the proxy to lis
72. ltiple attachment types can be separated by blanks The pass list is the first attachment type list checked attachments that match a type pattern on this list are not checked against the block list or the drop list Defaults to empty 7 1 5 3 Blacklist and VVhitelist Filter Settings Blacklist filter settings are defined in a BlacklistConfig section Filters BlacklistConfig whitelist filters in a Whitelist Config section Filters WhitelistConfig The following additional configuration options are supported SenderList string List of sender address patterns You can use the wildcard characters any character and x any number of any character Multiple addresses are separated by blanks Policy string Filter action applied to messages that have a sender address match ing a pattern in the sender list Defaults to reject delete for a blacklist filter and to accept deliver whitelisted for a whitelist filter 7 1 5 4 Delay Filter Settings Attachment filter settings are defined in an DelayConfig section Filters DelayConfig Delay filters support the following additional configuration options Delay numeric The delay time in seconds The default value is 20 seconds allowable values are in the range from 5 to 100 seconds MaxFilterSize numeric Spam and virus messages are usually small To con serve system resources and increase throughput it is recommended to skip filtering mails exceeding a certa
73. mail was probably spam so good riddance A legitimate sender will try to resend the message later reject delete non recoverable error Some processing error in the filter caused the message to be irretrievably lost The MTA that connects to CleanMail is supposed to notify the user see Mail Reject Message for details If this filtering result appears 1t is usually due to a configuration problem Check the log for details reject delete mail too large The mail was larger than the message size limit section4 1 3 1 you have configured The message is rejected and the MTA that connects to CleanMail is supposed to notify the user see Mail Reject Message section4 4 2 1 for details accept deliver license count exceeded The filter was disabled because the re cipient address count covered by your license was exceeded The mail is accepted and delivered All messages that have been processed by CleanMail will have a X CleanMail Result header field This can be used by the mail client or server to quarantine or delete mails See your mail software s documentation to find out how to set up filtering rules Note Filter results lower down in the list take precedence Filters further down in the filter pipeline can override results of earlier filters For a discussion of this see Filter Pipeline section 3 3 Note Rejecting a message or redirecting a message is not possible when POP3 is used 39 4 5 4 Subject Tag
74. mit kByte 20480 This setting defines the maximum memory CleanMail may use as a percentage of system RAM This setting can be used to keep mail filtering from draining resources away from other services Once the memory usage high watermark has been reached CleanMail will delay pending incoming connections Use a value of 40 80 if CleanMail shares the server hardware with other software For a dedicated server running CleanMail only use a value in the range of 80 100 Max Memory Usage 80 ma Figure 4 1 Memory Options Setup Page 27 4 1 3 1 Message Size Limit The message size limit is the maximum amount of storage that vvill be available to buffer a message If a message exceeds this size the message will be rejected and deleted If you set this too high CleanMail s throughput vvill be reduced and large mails can destabilize or even crash your system Typical values are in the range of 10 to 20MB 4 1 3 2 Memory Usage The memory usage high vvatermark controls the maximum amount of memory used by CleanMail and its filters Once the memory usage high watermark has been reached CleanMail will delay pending incoming connections The maximum memory CleanMail may use is entered as a percentage of system RAM The primary purpose of this setting is intended to keep mail filtering from draining resources away from other services The default setting is 80 For a dedicated server running nothing e
75. mixed boundary Unsolicited 4 m 2 m Log Output Dec 06 2008 14 08 19 Session 0 SpamAssassin Executing sa spamassassin exe x siteconfigpath sa Dec 06 2008 14 08 30 Session 0 SpamAssassin Command line exit code is 255 Dec 06 2008 14 08 30 Session 0 SpamAssassin Filter result is reject deliver Dec 06 2008 14 08 30 Session 0 SpamAssassin Spam score 1003 4 m Filter finished Figure 4 7 Test Filter Screen 4 11 2 Advanced Settings The advanced settings allovv choosing a timeout for the external program a size limit and setting the memory usage 4 11 2 1 Timeout If the external program does not return a result vvithin the set timeout period the program is terminated and the filter result is set to accept deliver unknown result section4 5 3 The program will also be terminated when the SMTP session times out or if the MTA that connects to CleanMail disconnects The SMTP timeouts used by most MTAs are in the range of 5 to 10 minutes If you set a timeout a value in the range of 3 4 times the normal execution time is advisable External filter programs should not take longer than 20 seconds to execute 4 11 2 2 Ignore Whitelist Use this setting to configure if the filter should run for whitelisted senders or not This setting is disabled by default for all types of external filters with the exception of anti virus filters where it is enabled by default for securit
76. nCount numeric Set the maximum number of simultaneous active connections on this port Defaults to 1000 allowable values are in the range of 1 to 1000 OutgoingTimeout numeric Sets a timeout in seconds for waiting on data from the server connected Upon timeout the incoming connection is reset and resources held by the connection are freed The default depends on the pro tocol involved Allowable values are in the range of 10 to 3600 7 1 4 2 Monitoring Port Settings Monitoring ports HTTP ports only support the general port settings and the fol lowing additional settings 67 Allow string A list of IP addresses or hostnames that may access the monitoring port All addresses within private network IP address blocks RFC 1918 are automatically allowed If you want client access over the Internet enter the remote hosts that may access the server Note that dynamic DNS is supported Defaults to an empty value Deny string A list of IP addresses or hostnames that may not access the moni toring port Defaults to an empty value 7 1 4 3 POP3 Connector Settings POP3 connectors support the general port settings Diffent semantics apply to the incoming server and port settings They do not describe a local listening port but a remote server instead POP3 connectors contain one or more account sections to define the mailboxes retrieved from the server and the forwarding address Each account section holds the following se
77. nd or use the built in Windows scheduler to run expire bat daily located in your installation directory Microsoft Microsoft Outlook and Microsoft Outlook Express are registered trademarks of Microsoft Corporation 62 6 2 Anti Virus Filter Maintenance Please update the virus signature files of your virus checker regularly Read your virus checker s documentation to find out what you have to do to keep the virus signature databases up to date 63 Chapter 7 Reference 7 1 CleanMail Configuration File CleanMail s configuration is saved in a plain text file cleanmail cf For easy configuration you can access the configuration settings using the cleanmail admin application but advanced users can also use a simple text editor to change the settings by modifying the file directly Note To make CleanMail re read its configuration file simply restart the service using either the Windows services manager or the admin application choose Ap ply Settings from the file menu Likewise the admin application only re reads the configuration file upon restart Note Some configuration files originated on other operating systems than Win dows and the editor supplied with Windows notepad may be unsuitable for editing these files Install some other text editor package available in the Internet such as crimson textpad or ultraedit just to name a few 7 1 1 General Structure The configuration file format is simila
78. nd on the report tab of the 35 main window It often helps to put an offending host on the blacklist temporarily only You usually can revoke this restriction after a fevv days The Host Blacklist option also supports wild cards You can use 11 22 33 x or similar to reject IP address ranges Likevvise you can use vvildcards with host names vvhich is helpful if the site flooding you operates a pool of mail servers somedomain org blocks all mail hosts of somedomain org 4 4 6 3 Connection Count Setting the Connection Count restricts the number of simultaneous connections per host Additional connection requests are delayed with a temporary error re sponse the temporary error response causes the submitting host to retry delivery later This way a single host can no longer occupy all your mail server s resources 4 4 6 4 NDR Connection Count This setting works similar to the Connection Count setting with the difference that the limit is applied to connections trying to send a non delivery report Con nections sending other messages are not affected Any mail you send should not result in the return of more than a few non delivery reports NDRs so it is acceptable to limit the traffic of incoming NDRs to only 1 2 at the same time from the same site By setting the NDR Connection Count to a small numeric value in the range of 1 2 only 1 2 simultaneous connec tions per host to send a non delivery report
79. of CleanMail Admin 2 6 3 CleanMail and Microsoft Exchange In a two IP address setup Microsoft Exchange 20004 sometimes grabs the SMTP port on all interfaces even when it has been configured not to Look at for a Microsoft knowledge base article that tells you what to do 2 7 Registering CleanMail To register CleanMail enter the registration name and license key you received when you purchased in the registration window To make sure you enter the license key correctly use copy paste CTRL C and CTRL V keys To obtain a license key please visit our 2 8 Uninstalling CleanMail When uninstalling CleanMail do not forget to undo any changes you might have made to your network firewall configuration DNS MX records mail client con figuration CleanMail itself can be uninstalled in one of two ways 2 8 1 Using CleanMail Uninstall This program is located in the CleanMail program group the program group name may be different if you chose another name during setup You can access it through the Start menu Find and select Uninstall CleanMail to run the uninstall program You will be asked if you want to completely remove CleanMail and all of its com ponents Click Yes to continue with the de installation or No to cancel If you click Yes all installed files will be removed any configuration files you created will be preserved If removal was successful a success message will appear 1f you encounter p
80. ogram configured to listen on the SMTP port This can be done two ways by using different ports for the mail server and for CleanMail or by using different IP addresses for CleanMail and for your mail server Once both your mail server and CleanMail are up and running it is time to check that everything is working right 2 6 2 Testing the Basic Proxy Setup SMTP communication was designed to be readable by human eyes Because of this the ubiquitous telnet program proves most useful to test your setup In Win dows you can run telnet from the start menu choose Execute and type telnet or from the command prompt Try to connect with telnet to both your mail server and to CleanMail Once you have seen the SMTP server s welcome message start ing with 220 issue a QUIT command Here is the transcript of a sample telnet session C gt telnet 192 168 0 12 25 Trying 192 168 0 12 Connected to mail byteplant com Escape character is l 220 mail byteplant com ready QUIT 221 mail byteplant com closing connection Connection closed by foreign host 20 If everything vvorks you vvill get exactly the same replies both times If you can t connect to the mail server troubleshoot the mail server softvvare If you can t connect to CleanMail or if CleanMail sends you a 421 reply look into CleanMail s log file for an error message the simplest way to access the log is by viewing the Log tab
81. on Filters CommandLineConfig External filters support the following additional configuration options CommandLine string Sets the command line to execute this filter You can use SINS S0UTS or SERRS as placeholders for the input output and error file names If INS is not used the input message is available as standard input if SOUTS is not used output is collected from standard output if SERRS is not used error output is collected from standard error The defaults depend on the filter implementation CommandLineOutput boolean Some filters do not modify a message If you unset this option the filter input is forwarded to the next filter in queue and any filter output other than the exit code is ignored Defaults to true in plain command line filters but this default is overridden in other filters based on the command line filter 73 CommandLinePriority numeric Sets the scheduling priority of the process exe cuted On Linux Mac this setting corresponds to the process nice value and defaults to 0 normal priority On Windows allowable values are 0 for low priority and 1 for normal priority the default CommandLineTimeout numeric Sets a timeout in seconds If the timeout is exceeded the message is accepted without changes Result unknovvn Al lowable values are in the range of 10 1000s Defaults to 60s in plain com mand line filters but this default is overridden in other filters based on the
82. or Updates Proxy setting to use this proxy for the update check connection 4 1 2 Logging Options The log output can be seen on the Log page of CleanMail Admin or by viewing the file cleanmail log The log file is cycled whenever its size exceeds the limit or at midnight when a configurable number of days has passed The verbosity of the log file is controlled by the following flags e Extended logging adds some more output to the log that might be interesting Turning this option on will log the To From and Subject mail headers of every mail received e Detailed logging among other things adds a transcript of the entire SMTP POP3 communication to the log This is most useful for debugging mail transport problems e Filter error logging collects error or debug output of the mail filters and writes it to the log file Virus filters often log the type of virus found to their error output With this option on you can see it in CleanMail s log 4 1 3 Memory and Buffering Options This page allows you to configure CleanMail s resource usage CleanMail General Settings Wizard mb Memory and Buffering Options These settings apply to all mail filters and proxies Set the maximum message size here If you set this too high CleanMail s throughput will be reduced and large mails can destabilize or even crash your system Messages that exceed the maximum size will be rejected and not delivered Message Size Li
83. or dependent Scanner string Specifies the complete path and file name of the command line scanner executable Defaults to empty VendorName string The name of the anti virus scanner vendor Defaults to empty Allowable names are operating system dependent This setting only affects the CleanMail admin application 7 1 5 10 SpamAssassin Filter Settings SpamAssassin filter settings are defined in a SpamAssassinConfig section In addi tion to the general filter settings and the command line filter settings the SpamAs sassin filter supports the following settings 75 CommandLine string In difference to plain command line filters SpamAssassin filters substitute the SCONFIGPATHS placeholder with the ruleset path defined in the SpamAssassinRulesetPath set ting Also the FLAGS placeholder is substituted with run time flags and should not be omitted The default setting is salspamassassin exe SFLAGS x c SCONFIGPATHS DropThreshold numeric If you set a DropThreshold mails are deleted if the spam score is higher than this value regardless of the return code policy settings Allowable values are in the range of 3 0 to 1000 0 the default is empty If empty this feature is disabled SpamAssassinRulesetPath string Specifies the complete path and of the Spa mAssassin ruleset directory The default is operating system dependent CommandLineOutput boolean Defaults to false see section Command Line Filter Set
84. ose to SMTP Con nector in the Choose Configuration Type dialog that appears The Quick Start Wizard will appear Set the POP3 server name according to the information given by your ISP and enter your SMTP mail server s name or IP address A POP3 connector can be used to fetch mail for more than one mailbox be sure to enter the mailbox credentials for at least one mailbox on this page You can add more mailboxes later Step to the following pages and make adjustments according to your wishes Save the configuration by pressing the Finish button on the last page Send yourself a couple of test mails Mails should be placed in a mailbox on your mail server within 5 minutes If you run into troubles see Trou bleshooting the Installation for troubleshooting tips In your mail client add mail filtering rules to automatically move spam mails to a separate mail folder or to automatically delete them Refer to the manual of your mail client for instructions on how to do this 16 2 4 CleanMail Setup CleanMail setup features a standard Microsoft Windows setup interface and you need only complete a few steps You can cancel setup at any time by clicking the Cancel button Double click cleanmai 1 exe or similar filename file on either the distribution media or from the downloaded ZIP file This will launch the CleanMail Setup Wizard Click Next on the Welcome screen Read the CleanMail license and
85. r to the Windows x ini file format e The first line identifies the file format version At present only file format versions 3 0 2 1 and legacy files CleanMail version 1 x are supported e Configuration settings are grouped in sections Each section starts with a section label in square brackets 11 e A section may include other sections subsections The section label of such a section repeats the section label of the enclosing section and its own label 64 e Configuration settings are given as lt name gt lt value gt Note that values should always be quoted using double quote characters Empty values denoted by a pair of double quotes with no other characters between may be allowable for some settings e Lines starting with the character are ignored and can be used to add com ments All settings not explicitly overridden in the configuration file take on their default value 7 1 2 Value Types Configuration settings can have the following types boolean Set to either 0 meaning false no disable or to 1 meaning true yes enable In some cases it may be allowable that a boolean value may be empty or unset meaning unset undefined unknown numeric Set to a numerical value Numbers must be given as classic decimal numbers a leading denotes negative numbers the dot character is used as decimal point In some cases it may be allowable that a numeric value is unset empty string A seq
86. ransmission data such as the SMTP sender and recipients is saved in an envelope file The envelope file can be viewed with a text editor Many of the message browsing and learning functions see raining The Bayes Database section6 1 1 require that a message has been saved with a mail storage filter 4 15 1 Storage Directory Sets the directory where the mail files will be stored If empty the system tempo rary directory is used Note 1 Make sure that CleanMail or the account used by the service normally the system account has access permissions to create read write or delete files in the target directory This is especially important 1f the target directory resides on a network drive Note 2 Make sure that unprivileged users do not have access to this directory otherwise a user s mail would be readable by others Note 3 If you have a virus scanner with On Access scanning enabled it may interfere with the mail storage whenever a virus message is stored As a result you may see error messages in CleanMail s log file 4 15 2 Max No of Days This sets the maximum number of days messages are kept in storage Leave this setting empty if you don t vvant to use this feature 4 15 3 Max No of Messages This sets the number of messages to store in the cache Once the limit is exceeded the storage manager starts deleting old messages Leave this setting empty if you don t vvant to use this feature 4 15 4 Max Ca
87. rd using the Next and Back buttons You can cancel your changes anytime by pressing Cancel Once you pressed Finish your changes become permanent and are stored in CleanMail s configuration file cleanmail cf Important Once you have saved new settings they are not yet in use by the Clean Mail service To make the service re read the configuration file choose Apply Settings from the file menu once you are ready Note Apply Settings automatically runs the open relay test 4 1 Global Settings The Global Settings dialog can be found in the File menu 4 1 1 CleanMail Admin Mail Options On this page a mail account to receive daily CleanMail statistics and important administration information can be configured You have to enter a mail server default is the outgoing server see above a recipient and a sender email address Use the test button to see if your settings really work Check the Daily Spam Filtering Report option to get a daily mail filtering sum mary If you want to check the recipient addresses currently in use by CleanMail select the Daily Licensing Summary option By checking Check For Updates 26 you will receive information about important new versions of CleanMail once they become available This feature requires a http port 80 connection to the web server www byteplant com Be sure to configure your firewall appropriately If you run an HTTP proxy server use the Check F
88. resh Port SMTP Proxy y 2006 2007 2008 2009 8000 8000 m 06 6 Passed E 93 4 Blocked m 00 0 Not Filtered 6000 6000 Figure 5 3 Statistics View 5 4 1 Statistics Graph The statistics page of the admin application offers a graphical visualization of some core counters total mail received mail passed mail blocked Historical data dis played is read from the statistics file section5 4 2 Additionally the graph is continuously updated with live data 5 4 2 Statistics File The statistics data is kept in a file called CleanMail Statistics csv lo cated in the installation directory The statistics file is a list of comma separated values and thus can be easily read and processed by spread sheet software such as Microsoft Excel The data is organized in lines each line the counter values for a day The first field Of a line contains the date The statistics file is eycled every day at midnight or whenever the service is stopped At the same time today s values vvill be added or updated Once the date of the first line is older than 365 days CleanMail vvill delete this line This vvay the statistics file keeps data for up to one year back Statistics counters are identified by descriptive names The data collected includes the follovving 58 e Totals counted for a proxy port mails filtered mails passed mails blocked total traffic received sent on the incoming outgoing ports e Filt
89. rform at least as well as your mail server To process 1000 mails per hour an 800MHz CPU should be sufficient As a rule of thumb CleanMail can process one message per Mhz of CPU clock frequency e Each concurrent instance of the SpamAssassin filtering engine requires about 20 30MB of memory To optimize throughput CleanMail runs the SpamAs sassin engine only if all the other mail filters are unable to determine that a 10 mail is spam Also CleanMail will automatically check the amount of avail able memory on your system and limit the number of concurrent instances accordingly Increase system memory to improve mail throughput 2 2 Recommended Network Configurations Note 1 Depending on the SMTP proxy configuration you choose for your network you may have to interrupt your ability to receive email during the setup process for a short period of time Itis advisable that you plan installation in advance and make sure that the proxy installation can be performed without prolonged downtimes Note 2 SMTP is a fault tolerant protocol so no mail will be lost E mails that cannot be delivered at the moment will be retried by the sending servers at some later time Note 3 After installation it is a good idea to send yourself some test mails from somewhere outside Use some other account or an e mail echo server e g echoOtu berlin de L1 Ll g L1 NINAS 11 Client Figure 2 1 Mail Paths with CleanMail Filtering There
90. roblems during de installation please visit the Trouble Shooting section of this manual Click okay to close this message CleanMail is no longer installed on your computer Microsoft Exchange is a trademark of Microsoft Corporation 21 2 8 2 Using The Microsoft VVindovvs Control Panel Select Add or Remove Programs icon and then CleanMail This will launch the CleanMail uninstall program Follow the process as described in the previous section section2 8 1 22 Chapter 3 Concepts This chapter is intended to help you understand the basic concepts in the design of CleanMail Servers 3 1 Proxy Ports A proxy is a server that sits betvveen a client and a server The proxy intercepts all requests to the server to either handle them by itself or to forvvard them to the server VVith SMTP filtering the client is some other MTA mail transfer agent trying to send mail and the server is your mail server The MTA that connects to CleanMail can be either another mail server or a mail client CleanMail is a transparent proxy t is intended to be invisible to the outside The MTA that connects to CleanMail does not see any difference in the service your mail server usually provides By default CleanMail does not accept or reyect mail on its behalf it alvvays checks vvith your mail server to find out if a certain recipient address is acceptable or not even before acknovvledging an address to the MTA connected to CleanMai
91. s command or the special address postmaster will work but mail servers exist that do not accept one or the other If mail forwarding fails for a non empty POP3 mailbox try different settings here Note that the mail sender address is an entity different from the From header field of a message even though they often happen to be set to the same address Mail Redirect Address 30 Some mail filters allovv to redirect spam messages to another account Redirected messages are delivered to the address specified in this setting If you use this feature the redirect address must be a valid mail address on the outgoing mail server otherwise POP3 mail retrival will be stalled Mails per Session Messages already forwarded to the SMTP server are only deleted from the POP3 server after the POP3 session is regularly terminated If the connection to the POP3 server is unstable you may experience duplicated messages If this happens repeatedly reduce the mail per session count POP3 Scan Interval This settings defines the time between scans of the mailboxes The default setting 1s 300 seconds or five minutes 4 4 SMTP Proxy Port Setup The SMTP Proxy Port Setup dialog is invoked whenever you edit or add an SMTP proxy port 4 4 1 Incoming and Outgoing SMTP Settings This page allows to set the basic connectivity settings of the proxy port you are configuring Consult Recommended Configurations section 2 2 when in doubt Incoming IP Ad
92. s with a mail if the filter finds unwanted content such as a virus or spam The following summarizes the filter results you may encounter and their reasons accept deliver check disabled A filter returns this result if the filter has been disabled for all recipients of a message Look at Recipient Address Patterns section4 5 2 to find out how to configure this accept deliver The filter did not find unwanted content accept deliver skip size exceeded Some filters do not check mails larger than a configurable size For example spam mails are typically small so the SpamAssassin filter by default passes large mails without checking accept deliver junk The filter found unwanted content but the mail is accepted and delivered nonetheless If the Subject Tag setting is not empty Clean Mail will flag the message as junk by modifying the subject accept deliver unknown result For some reason the filter was unable to check the message The filter will write additional information about the problem to cleanmail log The mail is accepted and delivered reject deliver The filter found unwanted content Receipt of the mail is rejected The MTA that connects to CleanMail is supposed to notify the user see Mail Reject Message section4 4 2 1 for details The message is still delivered to its recipients If the Subject Tag setting is not empty CleanMail will flag the message as junk by modifying the subject reject redirect The f
93. t This page also offers access to some How to documents 2 6 1 About Sockets Ports and Listeners A network server is constantly ready to receive incoming connections from net work clients In other words it is listening 19 An SMTP server will be listening on the SMTP port of your machine waiting for incoming connections from other mail transfer agents MTAs mail clients or other mail servers to send mail SMTP simple mail transfer protocol is used to forward or deliver mail and cannot be used to fetch mail POP3 servers listen on the POP3 port providing a service for mail clients only Mail clients can use POP3 post office protocol version 3 to lookup if there are new mails available and to fetch mails POP3 cannot be used to send mail Ports are identified by port numbers by convention the SMTP listening port is port 25 and the POP3 listening port is 110 As a rule only one program can be listening at the same time at any given port and IP address combination If you run CleanMail and the mail server software on the same machine this is the first trouble you may run into Your mail server and CleanMail contend for the SMTP port of your machine but only one can use it while the other fails to initialize If CleanMail fails to grab the port it will write an error message in its log file look for a address in use message in cleanmail log and exit To fix this problem make sure CleanMail is the only pr
94. teconfigpath CONFIGPATH e 255 a Some filters do not modify a message or have no meaningful output other than the exit code If you unset this option the filter output is discarded and the filter input used instead 4 Use filter output Spedify what to do depending on the exit code of the filter Use the test buttons to see if your filter works Exit Code Policy 0 accept deliver 255 reject deliver Test with Sample Test with Sample Virus lt Back next gt concer Figure 4 6 External Filter Setup unmodified message will be forwarded to the next filter Otherwise standard output of the program will be used If you ve enabled filter error logging see Global Settings section4 1 2 the stan dard error output of a program is collected and printed to the log Instead of piping the message through standard input or output you can use the placeholders 5105 SOUT and SERRS as arguments to a program Here is an example c dir clamscan exe SINS mbox no summary Notes Be sure to use double quotes where needed If your temporary directory path for example contains blanks IN must be quoted because the filter input and output files reside in the temporary directory The working directory of external programs always is the CleanMail installation directory To test your settings with a sample spam mail or a sample virus mail use the test buttons provided 4 11 1
95. ten on all interfaces This setting will make CleanMail listen on all IP addresses including the loopback interface 127 0 0 1 Usually the port number will be the POP3 port number 110 Outgoing IP Address Port The outgoing IP address cannot be configured in advance It depends on the ac count a user wants to connect to and it is specified in the mail client see below The outgoing port number is always set to 110 4 2 2 Changing the Mail Account Settings If you want to use the POP3 proxy to filter incoming mail you have to change the mail account settings in the configuration of the mail client software you use Usually you will find the following settings Outgoing mail server SMTP server Do not modify this setting the POP3 fil ter of CleanMail does not interfere with outgoing mail Incoming mail server POP3 server Write down this setting and modify it to the hostname or to the IP address of your CleanMail server Make sure you use the POP3 protocol to fetch mail User Account Modify this setting to username mailserver using the mail server name you wrote down in the previous step Password Leave this unchanged Note that CleanMail does not support the IMAP protocol If your mail client is configured to use IMAP reconfigure it to use POP3 Repeat this procedure for all mail accounts and mail clients you use Test your new settings immediately Send yourself a test mail Use your account to send a message to
96. ter Settings 7 1 5 2 Attachment Filter Settings 7 1 5 3 Blacklist and Whitelist Filter Settings 7 1 5 4 Delay Filter Settings 7 1 5 5 RBL Filter Settings 7 1 5 6 External Filter Settings 7 1 5 7 Return Code Settings 7 1 5 8 Mail Storage Settings 7 1 5 9 Antivirus Filter Settings 7 1 5 10 SpamAssassin Filter Settings SMTP Command Quick Reference 7 2 1 Example SMTP Session 7 2 2 SMTP commands 7 2 3 Server replies POP3 command quick reference 7 3 1 Example POP3 Session 7 3 2 POP3 commands 7 3 3 Server replies S Licensing and Contact Information 8 1 8 2 8 3 8 4 8 5 License Information Ordering CleanMail Support Copyright License and Usage Terms Chapter 1 Introduction Spam wastes time clogs mail servers can slow your server to a crawl and is very difficult to get rid of Most mailboxes today are constantly flooded with SPAM unwanted advertising of any kind Today the majority of all emails worldwide are spam mails While there is no shortage of solutions to this ever growing problem installing using and working with them often proves to be very complex Clean
97. tings section7 1 5 6 for more information CommandLineTimeout numeric Defaults to unset disabled see section Com mand Line Filter Settings section7 1 5 6 for more information MaxFilterSize numeric Defaults to 262144 256kB see section Command Line Filter Settings section7 1 5 6 for more information MaxMemoryRequired numeric Defaults to 268435456 25MB see section Command Line Filter Settings section7 1 5 6 for more information SpamAssassin filters define two return codes one for exit code O non spam or ham message and for exit code 255 spam message As ham message policy accept deliver is recommended and as spam policy one oft the following should be chosen accept deliver junk reject deliver reject redirect accept redirect reject delete accept delete 7 2 SMTP Command Quick Reference SMTP is readable by humans This section provides the necessary knowledge to interpret the information given in cleanmail s logs if you enable detailed logging and understand what happens during a mail transfer The complete specification of the SMTP protocol is given in the RFC 2821 document and available online http www 1etf org rfc rfc2821 txt 76 255 7 2 1 Example SMTP Session For testing purposes you can also deliver mail by means of a text only terminal session e g using telnet to connect to the SMTP port of a mail server After connection the mail server presents a
98. ttings Password string POP3 account password This setting must not be empty Recipient string Messages retrieved from this mailbox are forwarded to the re cipient mail address on your mail server This setting must not be empty User string POP3 account name This setting must not be empty Several additional settings can be defined for POP3 connectors MailsPerSession numeric Number of messages retrieved in a POP3 session Al lowable values are in the range of 1 to 100 the default is 10 This setting must not be empty RedirectRecipient string Recipient mail account for redirected messages Must be a valid mail address on your mail server the default value is postmaster Scaninterval numeric Sets the interval in seconds between connections to the POP3 server to poll a mailbox The default setting is 300 allowable values are in the range from 60 seconds to 86400 seconds one day This setting must not be empty Sender string Sender mail address used when forwarding to your mail server The default value is empty Try postmaster or a real mail address if the default setting is not accepted by your mail server POP3 connectors may contain multiple filter sections describing the filters config ured for this port see filter settings section7 1 5 68 7 1 4 4 POP3 Port Settings POP3 ports support the general port settings Also POP3 ports may contain mul tiple filter sections describing the filters config
99. uence of printable US ASCII characters other than the double quote character 7 1 3 Session Manager Settings The first section of the config file is a session manager section labelled ServerSessionManagerl CheckForUpdates boolean Enables or disables the check for program updates at midnight This value defaults to 1 enabled CheckForUpdatesProxy string Sets the HTTP proxy server and port used for the update check Defaults to an empty value in this case CleanMail con nects directly to www byteplant port 80 to perform the update check DetailedLogging numeric Sets the logging level of cleanmail Individual bits in the binary representation of this number enable different logging options Defaults to 16 1 Detailed logging 65 2 Filter error output 16 Extended logging DNSServer string List of DNS servers to use Defaults to an empty value in this case CleanMail tries to determine the DNS servers automatically MailRecipient string Daily admin mail is sent to this recipient address MailSender string Daily admin mail sender address MailServer string Mail server used for sending the daily admin mail Can be given as host name or IP address You can optionally add a port number separated by the character Some examples 127 0 0 1 25 localhost 25 MailStatistics boolean If enabled CleanMail sends a message every midnight with statistics data and other info Defaults to false
100. ults to 365 allowable values are in the range of 7 one week to 10000 about 30 years 66 7 1 4 Port Settings The session manager section may contain multiple proxy port subsections Clean Mail supports different types of proxy ports vvith the port type determined by the section label A POP3 port for example has the following section label ServerSessionManager Ports POP3Port All types of proxy ports have several settings in common 7 1 4 1 General Proxy Port Settings These settings apply to all types of ports IncomingConnectionCount numeric Sets the length of the listening queue on the proxy port server socket Defaults to 20 allowable values are operating system dependent IncomingPort numeric Sets the port number of the server socket The default depends on the protocol involved Allowable values are in the range of 0 to 65535 IncomingServer string Sets the IP address or name of the server socket If empty the socket is bound to all interfaces Defaults to an empty value IncomingTimeout numeric Sets a timeout in seconds for waiting on data from the client connected Upon timeout the incoming connection is reset and resources held by the connection are freed The default depends on the pro tocol involved Allowable values are in the range of 10 to 3600 Name string Port name used for housekeeping purposes Port names should be unique The default depends on the protocol involved OutgoingConnectio
101. ured for this port see filter settings section7 1 3 7 1 4 5 SMTP Port Settings In addition to the general proxy port settings SMTP ports support the following configuration settings DomainList string Limits the recipients CleanMail accepts You can use the wildcard characters any character and any number of any character to define address patterns Multiple address patterns can be separated by blanks If empty mail to all recipients is accepted Defaults to empty HostComnectionCount numeric Restricts the number of simultaneous connec tions from a single mail host identified by its IP address or by the name given in the SMTP HELO command Unset by default Allowable values are in the range of 1 to 1000 HostNDRConnectionCount numeric Restricts the number of simultaneous connections for delivery status notifications from a single mail host iden tified by its IP address Unset by default Allowable values are in the range of 1 to 1000 HostRejectList string List of mail hosts as identified by IP address by the name given in the SMTP HELO command Mail from these hosts is not accepted at all You can use the wildcard characters any character and x any number of any character to define address patterns Multiple patterns can be separated by blanks If empty mail from all hosts is accepted The default setting is empty MaxRejectRecipients numeric Directory Harvesting Protection As soon as the number of
102. used freely without purchase of a license for commercial and non commercial use for up to 30 days After this time a commercial license must be purchased Commercial Editions For payment of the license fee the licensee is granted one 1 non exclusive non transferable license to install and use CleanMail on one 1 computer at a time or install CleanMail on one 1 computer to be used by multiple users It is expressly forbidden to install CleanMail for use on multiple computers without paying additional license fees Licensee warrants that they will make a reasonable effort to remove unused licenses of CleanMail Please contact us via email at mailto support byteplant com for site licenses and volume discounts DISCLAIMER OF WARRANTY CLEANMAIL AND THE ACCOMPANYING FILES ARE SOLD AS IS BYTEPLANT MAKES AND CUSTOMER RE CEIVES FROM BYTEPLANT NO EXPRESS OR IMPLIED WARRANTIES OF ANY KIND WITH RESPECT TO THE SOFTWARE PRODUCT DOCU MENTATION MAINTENANCE SERVICES THIRD PARTY SOFTWARE OR OTHER SERVICES BYTEPLANT SPECIFICALLY DISCLAIMS AND EX CLUDES ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABIL ITY FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT DUE TO THE VARIETY OF USER EXPERTISE HARDWARE AND SOFT WARE ENVIRONMENTS INTO WHICH CLEANMAIL MAY BE SUB JECTED THERE IS NO WARRANTY FOR TECHNICALLY ACCURATE PER FORMANCE THE USER ASSUMES ALL RISK OF USING CLEANMAIL THE MAXIMUM LIABILITY OF BYTEPLANT WILL BE LIMITED EXCLU SIVELY TO TH
103. ver using the setup program e Launch the CleanMail Admin application and choose SMTP Transparent Proxy in the Choose Configuration Type dialog that appears e In CleanMail s Quickstart Wizard set the Incoming IP to lt all interfaces gt and set the Incoming Port Number to 26 Set Outgoing Server to the internal network address usually something like 10 x x xor192 168 x x of your mail server and leave the Outgoing Port Number at its default setting Port 25 13 e Press the Test button to check if the Outgoing Server is available If this fails your mail server is not running or it is listening on some other IP address port e On the next page you can configure CleanMail s Open Relay Protection At this point you can just click Next You may need this feature later if your setup fail to pass the open relay test CleanMail internally runs this test once you have finished setup e Click through the following pages of the Quickstart Wizard Usually it is safe to accept the defaults until you arrive on the CleanMail Admin Mail Options page e On this page you should enter the IP address or name of your mail server an existing recipient address and a descriptive sender address e g cleanmail lt your domain com gt Activate both the Send Daily Spam Filtering Report and the Send CleanMail Update Information options Again use the test button to test your admin mail settings This will make sure that you can receive
104. void that your mail server becomes an open relay and to stay within the licensing you should configure your mail 32 server to accept mails only for valid recipient addresses in your domains and to reyect all other addresses It is important to make sure that your SMTP server is configured in a vvay that mail received from CleanMail is not relayed unless au thenticated using e g SMTP AUTH Only if this is not possible for some reason you must enter all the recipient addresses in this setting or a pattern that matches all recipient addresses If you vvant to limit the set of recipient addresses Clean Mail accepts enter the valid recipient domains or recipient addresses below Mail to other addresses will be rejected You can use the wildcard characters any character and x any number of any character Normally you will want to accept mail for recipients in your domain only like in x byteplant com Multiple address patterns can be separated by blanks CleanMail SMTP Port Wizard esa Relay Settings optional Set local recipient addresses To make sure your setup is not an open relay your mail server must be configured in a way that mail received from CleanMail is not relayed unless authenticated using e g SMTP AUTH If this is not possible for some reason you must enter all recipient addresses here or a pattern that matches all recipient addresses Also if your server does not immediately check the re
105. with your default text editor press the View Log File With Editor button You will probably find many connection closed by client messages in the log These messages do not indicate an error on your side of the mail transaction These messages appear whenever a mail client disconnects thus violating the SMTP stan dard The SMTP standard says that only the server is allowed to disconnect and end a mail transaction 55 B CleanMail Admin lt Ja File View Proxy Setup Filter Setup Help Status Lj Log 5 Report LLJ Statistics Configuration A Maintenance Jul 03 2009 16 39 57 Session 0 DATA Jul 03 2009 16 39 57 Session 0 554 valid recipients Jul 03 2009 16 39 58 Session 0 RSET Jul 03 2009 16 39 58 Session 0 250 Reset OK Jul 03 2009 16 39 58 Session 0 MAIL FROM lt shu_chiew zdnetasia com gt Jul 03 2009 16 39 58 Session 0 250 OK Jul 03 2009 16 39 58 Session 0 RCPT TO lt e 1j0kdq 00084 00 byteplant com gt Jul 03 2009 16 39 58 Session 0 550 unrouteable address Jul 03 2009 16 39 58 Session 0 DATA Jul 03 2009 16 39 58 Session 0 554 No valid recipients Jul 03 2009 16 39 59 Session 0 RSET Jul 03 2009 16 39 59 Session 0 250 Reset OK Jul 03 2009 16 39 59 Session 0 MAIL FROM lt stamoso domainnews com gt Jul 03 2009 16 39 59 Session 0 250 OK Jul 03 2009 16 39 59 Session 0 RCPT TO lt e1j0kdq 0008tn 00 byteplant com gt Jul 03 2009 16 39 59
106. y reasons 4 11 2 3 Skip Size Spam and virus messages are usually small To conserve system resources and increase throughput it is recommended to skip filtering mails exceeding a certain size 46 4 11 2 4 Memory Usage Specify here how much system RAM your filtering program needs This setting helps CleanMail to optimize resource allocation Worst case memory usage of virus checkers for large mails is usually about 3 4 times the size of the checked mail 4 11 3 Return Code Policy On this page configure the mapping of exit codes 0 255 to filter results Clam Anti Virus for example returns O if a mail is not infected with a virus 1 if a virus is found Therefore the return code O is mapped to the result accept deliver and return code 1 is mapped to refect delete Consult the sections on filter pipelines section 3 3 and on filter results section4 5 3 for more info 4 12 Anti Virus Filter Setup Every virus checker that offers a command line interface can be integrated into CleanMail In the Anti Virus Filter Setup dialog you can easily adapt and test the operation of third party virus checkers The Anti Virus Filter Setup dialog is based on the External Filter Setup tion 4 11 dialog See there for an explanation of settings not explained here CleanMail Anti Virus Filter Wizard ES Virus Checker Settings Integrate a third party virus checker for use with CleanMail Choose xother x if the virus s
107. yourself or use an e mail echo server e g echo tu berlin de 29 4 3 POP3 Connector Setup The POP3 Connector Setup dialog is invoked whenever you edit or add a POP3 connector 4 3 1 POP3 Server and Account Settings This page allovvs to set the basic connectivity settings of the POP3 connector you are configuring and the accounts and mailboxes involved POP3 Server Port Set this to the POP3 server and port information of your ISP s POP3 server You can use both a domain name or an IP address Usually the port number will be the default setting the POP3 port number 110 Your Mail Server Port Enter the name or IP address of your SMTP mail server here The default SMTP port number is 25 If you have configured an SMTP proxy at the same time be sure to forvvard to the mail server directly and not to the SMTP proxy provided by CleanMail 4 3 2 POP3 Mailboxes and Forwarding Account CleanMail can poll multiple mailboxes on the same POP3 mail server for new messages For each mailbox you have to specify the user name and password and a forwarding account on your mail server If you want to you can forward multiple POP3 mail boxes to the same mail account 4 3 3 POP3 Connector Options These can be used to modify the operational parameters of the POP3 connector Usually there is no need to change the defaults Mail Sender Address SMTP requires a MAIL TO command to be submitted Usually using an empty address in thi
Download Pdf Manuals
Related Search