Anti-Spam Servers for Windows - McGraw
Contents
1. f Cancel You may wish to create custom rules to apply to global definitions as we did To do this simply click the Custom Filtering Rules folder in the Global Filters tree The right pane of the management window displays current Custom Filtering Rules By default iHateSpam created its own custom filtering rule that fires on the word ihatespam and ap plies a 100 weight to that message probably allowing it to pass through the filter iHateSpam s rule language is simplistic compared to other tools and we found it fairly constricting although with several key rules applied in concert we achieved a 92 percent accuracy rating during our limited testing First let s look at iHateSpam s example rule To view the rule right click it and choose Properties The Properties window appears as shown next The Property drop down menu allows you to select the area of the message you want iHateSpam to check including the body subject sender or receiver e mail address as well as Sender IP ad dress and other header fields The Operator drop down menu has two options Like and equals sign The Like setting applies the word matching function as a regular expres sion The operator matches the word exactly The Value field holds the word you want iHateSpam to match on and the Weight field applies the score entered negative or posi tive to any mail that matches the rule Thus this particular rule scans for ihate2. 250 Anti Spam Tool Kit x great for individual users But what about tools for the organization The logical chokepoint for spam is at the mail gateway and since most organizations do not run UNIX based e mail solutions we offer the following Windows based server solutions IHATESPAM SERVER EDITION Why not start with the tool whose name says how we all really feel about spam If you think we already covered this product in Chapter 10 you re only half correct In addition to a client tool Sunbelt Software also distributes a server based anti spam tool Like the client version iHateSpam Server Edition is a multistrategy spam fighter using semantic and rules based filtering and black whitelists to block spam at the mail gateway Out of the box iHateSpam claims a 90 percent or better accuracy rate although we had a consid erably lower percentage on initial install iHateSpam runs on Windows 2000 Server with Service Pack 3 or later and MS Ex change 2000 with Service Pack 3 or later iHateSpam Server Edition is a commercial pro gram distributed either on CD or as a download from Sunbelt Software s web site at http www sunbelt software com The base install allows for 25 mailboxes with additional packs of mailboxes available for purchase separately How It Works iHateSpam controls spam at the gateway by applying word based and rules based filters blacklists and whitelists either globally to all e mail accounts or by pol
3. loading it to remote users If you use this function you ll definitely want to set the Auto matically Delete Quarantined Messages After __ Days checkbox in the Policy Quarantine Actions section of the policy This will prevent administrators from inadvertently forget ting to clear out this folder and causing a storage crisis The Policy Quarantine Actions section of the policy allows you to set custom Subject Text to prepend add before the actual subject of an incoming message set an X header hidden header and manage quarantined mail This is useful if you are not using a Quar antine folder but dumping all mail to the user s Inbox instead If a message trips the quar antine threshold your custom text is added to the Subject The user can then set filters on the local mail client to sort these messages to local folders for later review You can also add an X header to the message that trips the quarantine threshold also for the purposes of fil tering at the client level The X header contains the weight applied to the message To add anew policy right click the Policies folder under the Spam Filtering tree in the management window and choose New Create a Policy The Create A New Policy Wiz ard window appears as shown in Figure 11 10 Name the policy set Policy Thresholds and Exchange Folder Structures as desired and then click the OK button The new Policy is added to the Policies tree Add a New Policy Create a New Policy Wiz
4. Legitimate emails HAM 0 Spam emails 6974 It is recommended to have a minimum of 1000 HAM and spam emails to ensure effective filtering Figure 11 12 The Bayesian Analysis Properties window 271 272 Anti Spam Tool Kit The bottom section of this window gives you information on the Bayesian database This information details the number of legitimate and spam e mails the filter has pro cessed and learned from As stated in this window MailEssentials needs about 1000 each of legitimate and spam mails to ensure effective filtering MailEssentials is essentially dumb out of the box so you have one of two options to start using the program immediately Either use the outbound learning configuration option or download spam knowledge from GFI s web site While either method works the second is faster since it may take a couple of days for enough outgoing mail to teach MailEssentials Of course learning what spam is to your organization is possible only by examining the e mail received on your mail server The Actions tab is much like the Actions tab in the Whitelist Blacklist Properties win dow Here you can specify precisely what you want done with messages believed to be spam delete forward to a user s folder forward to an e mail address or move to a local folder You can also tag the message enable the log file and enable nondelivery mes sages as described previously Header Checking From the Heade
5. click Select the Operator input a value and input a weight to apply to the mail Click OK and the rule is added to the Filtering Rules table Policies Policies are used to apply Quarantine Delete and No Action Thresholds set paths for quarantined mail group whitelists or blacklists and quarantine handling pro cedures In addition you can apply policy specific Blocked Character Sets and Custom Filtering Rules Policies are applied to individual users although more than one user can utilize a given policy iHateSpam s Message Weighting System The weighting system that iHateSpam uses is similar to those of other tools we ve covered in this book For each e mail property that matches a given rule global or policy iHateSpam applies that value to the e mail s spam score When all weights are applied the numbers are added up and compared against the Quaran tine and Delete Threshold which is applied by Policies If the mail is rated larger than one or both of these thresholds iHateSpam handles it accordingly If it s below the threshold the mail goes on to the user s Inbox 263 w 264 Anti Spam Tool Kit To access the Policies management window click the Policies folder in the Spam Fil tering tree As with the Whitelist and Global Policy management windows iHateSpam has a Default Policy listed in the right pane of the management window Right click the Default Policy under the Policies tree and choose
6. Active Directory mode MailEssentials can apply user based rules and configurations to users automatically while in SMTP mode you must manually enter the users before applying user based rules In the Ready To Install window verify the information you ve entered and click the Next button NOTE The Ready To Install window lists your local domain MailEssentials can filter only on your local domain thus if this information is incorrect no mail will be filtered It pulls this information from your IIS setup so if the information is wrong check here first 9 The program installs About halfway through the install process MailEssentials asks whether you want to restart the SMTP service Click the Yes button to restart it You ll see the Success window where you can click Finished Chapter 11 Anti Spam Servers for Windows Configuring the Essentials MailEssentials uses a centralized management console for most of its functions though the GFI Monitor Reporting Troubleshooter and the Bayesian Analysis Wizard are separate programs To access the management console click the Start button point to Programs GFI MailEssentials MailEssentials Configuration The standard Windows management console appears with a tree of functions in the left pane and a table in the right pane The Anti Spam tree contains all of the functions covered in this section including Black list Whitelist Bayesian Analysis Header Checking and Keywo
7. View Customize The right pane should populate with the Default Policy properties as shown in Figure 11 9 The values in each field are modifiable and self explanatory though we ll cover Redirection and Pol icy Quarantine Actions next No guidelines for threshold settings are available these set tings are a factor of what custom rules you re going to apply what global custom rules are in effect and the mix of spam to legitimate e mail in your enterprise The folder loca tions for Quarantine Deleted and Redirection are under the user s mailbox folder tree The default policy places them in a root Spam folder and then a subfolder for each filter action LU ag Each folder name must end in a forward slash iHateSpam Action View lt gt Tree L Console Root iHateSpam Server Edition 5 Management E E System Management w General Settings E Reporting LA Registration A SMTP Events Management Bgl Smart Caching B Replication L Domain Configuration I User Management B Spam Filtering LA Settings E Global Filters Gal Whitelisted Senders gal Blacklisted Senders E Blocked Character Sets a Custom Filtering Rules Leg Filter Plugins EL Policies Siem Default Default Policy Ug Assigned Users fl Policy Settings oe Filter Pipeline Ql Whitelisted Senders fg Blacklisted Senders LE Blocked Character Sets LA Custom Filtering Rules leg Filter Plugins a Reporting jl A
8. difference between spam and legitimate e mail over time within your specific enterprise MailEssentials filters scan each message in its entirety Chapter 11 Anti Spam Servers for Windows 267 firing on keywords checking for whitelisted blacklisted domains and e mail addresses and verifying header information such as domains forged headers mutation and the like Once the scan is done it applies a weight to the message its likely spam probability and filters it according to thresholds that you set In addition MailEssentials checks third party DNS blacklists such as those discussed in Chapter 5 of this book Messages tagged as spam can be deleted forwarded to another address or stored in customizable public or user folders MailEssentials also provides features such as archiving all incom ing and outgoing e mail to a database responding to spammers with a fake nondelivery report and appending an organization wide disclaimer to all outgoing e mail All of MailEssentials operations are logged and viewable from a reporting function Installing GFI MailEssentials MailEssentials is available from the GFI web site at http www gfi com mes MailEssentials runs on a Windows 2000 2003 Server or Advanced Server with Microsoft Exchange 2000 2003 If you plan to use the MailEssentials reporter Microsoft XML core services are also required included with the install package MailEssentials uses about 30MB of hard disk space and about 2
9. table of the Replication management window and then click the Remove button UJ fg You must add the proper SMTP sinks and domains discussed in the section Installing for iHateSpam to work correctly on more than one server This assumes that the access permissions be tween the various servers are properly configured as well 257 208 Anti Spam Tool Kit iHateSpam B iHateSpam Server Edition iHateSpam can work with multiple servers To copy the current settings 5 0 Management of this server to remote servers you must add the remote server path to E G System Management the list below L General Settings gq Reporting gl Registration 5 SMTP Events Management aman Available Servers 3 Domain Configuration Configuration Path 9 User Management ginntonic Program Files iHateS pamalot L Console Root g System Management Servers Replication H Spam Filtering Reporting J About Add Server Remove Figure 11 7 Replication management window Add Replication Server Replication Server iHateSpam can publish your local policy settings to remote iHateS pam servers To add a server to the list enter the server name and path and press OK Server Name fainntonic UNC Path Aginntonic bigshare Sunbelt Software iHateS pamSE The UNC path should point to the location where iHateSpam is installed on the remote server e g WMyServer MyShare Sunbelt Software iHa
10. these steps 1 Click the Start menu and navigate to Control Panel Scheduled Tasks Most Windows Server installations also launch the Scheduler automatically The icon is located in the Windows system tray in the lower right corner of the desktop 2 Double click the Add Scheduled Task icon The Scheduled Task Wizard begins 3 Click the Next button 4 A list of available programs appears but you ll probably have to browse to the file you want The file you re looking for is GIANTSpamDefinitionsUpdater exe located in the Programfilesroot Sunbelt Software iHateSpam Server Edition folder Programfilesroot is the directory where your program files are normally stored Ours is C Program Files 5 Once located double click the filename A Task window appears with the filename in the Program field and a series of radio buttons Select Daily and click the Next button 6 In the Time And Day window select a start time later the better though it s not much of a resource hog and select the Every radio button Have the updater run every three days or so Enter a desired start date today is the default and click the Next button Chapter 11 Anti Spam Servers for Windows Scheduling Automatic Updates with Windows Scheduled Tasks continued 7 Enter the Administrator user or a user with Administrator privileges 8 enter and confirm the user s password and then click the Next button Click the Finish button a
11. to check the MIME To or MIME From field of the e mail headers for the appropriate address or domain You may also import from or export to an XML file containing e mail ad dresses and domains DNS Blacklists The DNS Blacklists tab of the Properties window allows you to configure MailEssentials to check up to two DNS Blacklist services Simply check the appropriate checkboxes and select the services you wish to use from the drop downs provided Note that if you select two DNS Blacklists they must select different services from each drop down list More information about DNS Blacklists can be found in Chapter 5 of this book Actions The Actions tab of the Properties window allows you to configure what MailEssentials does with e mail that triggers the local blacklist and the DNS Blacklist fea tures You may select one of the following actions M Delete Deletes the mail automatically E Forward To User s Spam Folder Puts the e mail in the user s spam folder that you specify E Forward To An Email Address Allows you to forward the blocked mail to any e mail address HM Move To A Specified Folder Moves the mail to a folder on the server Chapter 11 Anti Spam Servers for Windows You can also tag the blocked e mail with a definable word or phrase prepended to the subject of the message for handling after it reaches its destination Logging of black list hits is configured from this window as well as nondelivery reports generated to the sp
12. 000 2003 server perform the following steps 1 Double click the Setup exe file in the temporary folder where you extracted the archive The Welcome Screen appears Click the Next button and in the Check For Latest Build window select the Do Not Check For A Newer Build radio button Then click the Next button Agree to the license agreement and click the Next button 4 Select a destination folder and click the Next button Enter your name or just enter Administrator your company name and the software serial number if applicable If you are installing the MailEssentials Evaluation Version Evaluation appears in the Serial Number field Click the Next button The Administrator Email window appears Enter an administrator s e mail address in the field provided This does not necessarily have to be the Exchange or Windows Administrator account This is the person or group to contact when MailEssentials issues a critical notification Once you re done click the Next button The Active Directory window provides configuration options depending on your current mail server setup If your Exchange server has access to all the users in the Active Directory that is it s not a front end server for another Exchange server behind the network DMZ select the Yes radio button If this Exchange server doesn t have access to all mail users in the Active Directory select the No radio button This runs MailEssentials in SMTP mode In
13. 00MB of space for temporary files MailEssentials can be installed either on the Exchange server or on a separate ma chine Though we cover only the first scenario here the User Manual describes the instal lation and configuration procedures for running MailEssentials on a separate server Running MailEssentials on a separate server requires the following configuration HB Windows 2000 2003 Professional or Advanced Server or Windows XP Professional E Internet Information Server 5 SMTP service installed and running as an SMTP relay to your mail server E Microsoft Exchange Server 2000 2003 4 5 or 5 5 Lotus Notes 4 5 or higher or an SMTP POP3 mail server Keep in mind that Windows 2000 and XP Professional accept only up to 10 incoming SMTP connections simultaneously thus if your organization uses e mail more heavily than this consider using Windows 2000 or 2003 Server or Advanced Server UL For more information about running MailEssentials as a separate server refer to the User s Manual on the GFI support web site Preinstall Checklist You don t have much to do prior to installing MailEssentials Ensure that you have Ad ministrator access to the Exchange server and enough disk space and download the in stallation archive Double click the archive to extract it to a temporary folder and perform the steps in the following section to install 268 Anti Spam Tool Kit Installing To install MailEssentials on your Exchange 2
14. 200MB MB T Redirect email address for quarantined spam messages Ee a Save Help Figure 11 15 The SPS Configuration window To enter an IP address perform the following steps Click the Edit button 2 In the field provided on the Receiving Email Servers window enter the IP address enclosed in brackets for example 10 10 10 1 3 Click the Add button and the IP appears in the list provided To enter a domain name perform the following steps 1 Click the Edit button Chapter 11 Anti Spam Servers for Windows 2 In the field provided on the Receiving Email Servers window enter the full qualified domain name with no brackets for example mail myserver tld 3 Click the Add button and the domain name appears in the list provided If mail is being routed to multiple servers multiple entries must be separated by com mas If you wish to deliver mail to a port other than 25 append the port number to the IP address or domain name separated by a colon as shown in the following examples E IP Address 10 10 10 1 2525 E Domain Name mail myserver tld 2525 The Blacklist and Whitelist features allow you to add domains IP addresses and classless interdomain routing CIDR ranges of IP addresses in the formats shown next E Domain name spamhead com E IP address 10 10 10 1 M CIDR range 10 10 10 0 12 To include more than one entry separate each with a comma You can add up to 1500 bla
15. System Management gl General Settings E Reporting Lal Registration 3 SMTP Events Management by Smart Caching B Replication LA Domain Configuration User Management J Spam Filtering i Reporting E About 9 System Management Reporting Settings Reporting provides a number of reports based on spam filtering statistics and performance of the system It requires that you have access to a Microsoft SQL server database and have the reporting components installed OR use the Microsoft Access database located in the iHateSpam installation folder You can define your report database information below Reporting Enabled You must have reporting services installed Database Type Microsoft Access C Program Files Sunbelt Software iHateSpam Server Edition iHateSpamDB MDB Refresh Figure 11 6 Reporting Settings window TIP Are your rules not working Receiving spam from a recently added blacklist domain Go to the Smart Caching window clear the cache and test again The Replication management window shown in Figure 11 7 allows you to add Ex change servers for centralized iHateSpam administration To add an Exchange server click the Add Server button The Add Replication Server window appears see Figure 11 8 where you can type the Server Name and the UNC Path to the iHateSpam installation folder in the appropriate fields Click the OK button to save it To remove a server select the server in the Available Servers
16. abase management system where iHateSpam stores its reports The default is a Microsoft Access database called iHateSpamDB MDB You can configure iHateSpam to write to an SQL database which it also creates by clicking the Database Settings button See the Preinstall Checklist section for more information about enabling iHateSpam for SQL reporting Click Reporting Enabled to enable reporting and then click the Done button The Exchange 2000 Event Sink Setup window opens This window offers one checkbox for each instance of the Exchange SMTP service you re running on Exchange and two buttons Install SMTP Sink and Cancel as shown in Figure 11 3 Check each instance listed and click the Install SMTP Sink button to register iHateSpam with each service After you click the Install SMTP Sink button a confirmation window appears letting you know how many sinks have been registered successfully Click OK and the main Event Sink Setup window reappears listing all instances of SMTP registered the checkboxes should be grayed out now Click OK to finish the initial configuration 292 Anti Spam Tool Kit y fe iHateSpam Server Edition 1 1 Setup BEI User Information 299 Enter the following information to personalize your installation a A Full Name Dev Organization Frenzy Ind The settings for this application can be installed for the current user or for all users that share this computer You must have administrator r
17. able the auto whitelisting feature that automatically adds recipient e mail addresses for all outbound e mail Enabling this feature should be approached with caution however especially if users in your organization periodically respond to spam mail even if only to remove themselves from the spammer s list or if your organization is plagued by e mail viruses originating from known e mail addresses To add a whitelist entry click the Add button type in the e mail address or domain name and then click the OK button To add a domain be sure to put before the do main name thus to add the domain astk tld you would enter astk tld To add multi ple extended domains such as support astk tld finance astk tld and so on you would simply enter astk tld Note that GFI has included GFl related domain names on the whitelist These should be removed unless you have a specific reason for adding them to your organization s whitelist The Add List button allows you to add the newsletter no tice mailing list e mail addresses and domains found not in the From field but in the MIME To field of the message headers Entry in the Add List window is the same as pre viously explained Blacklists The Blacklists tab of the Properties window allows you to add domains and e mail addresses you want to block automatically Entering the information is similar to entering information in the Whitelist tab although you can choose for MailEssentials
18. ammers that find themselves on the blacklist Bayesian Analysis To access the Bayesian Analysis Properties window Figure 11 12 click the Bayesian Analysis icon in the Anti Spam tree and then click the Properties icon in the right pane of the management console This window has only two tabs General and Actions The General tab allows you to enable disable Bayesian Analysis by clicking the re spective checkbox The Learning Updates Options section allows you to enable disable Automatic Learning based on outgoing e mails This feature builds a stronger Bayesian filter since MailEssentials learns keywords and phrases used in your organization s e mail communications likely good e mail addresses and domains and other informa tion You can also update your spam filter database from GFI s central servers by clicking the Download button GFI updates these filters every few weeks Bayesian Analysis Properties x General Actions r Bayesian Analysis Allow GFI MailEssentials to learn for three days from your outbound mail before enabling Alternatively run the Bayesian wizard see manual for more information r Learning updates options IV Automatically leam from outbound e mails Download GFI MailE ssentials gives you the ability to download an updated spam database every few weeks IF you want to download now click on the Download button r Bayesian Database Amount of emails in Bayesian database
19. ard To create a new policy please fill out the information required below Once this is complete use the console tree to find the new policy and manage it Policy ID 3 Name Bubba Jack s Policy Policy Thresholds a Quarantine Threshold 100 Default Threshold 100 Delete Threshold e000 Default Threshold 6000 No Action Threshold 1000 Default Threshold 100 r Policy Exchange Folder Structures Quarantine Folder Path fs pam Spam Quarantine Ez Whitelist Folder Path fs pam Spam Whitelist Ez BlacklistFolder Path Spam Spam Blacklist ral Redirection Path fs pam Redirected OK Cancel Figure 11 10 The Create A New Policy wizard 265 266 Anti Spam Tool Kit If you then click the symbol next to your new policy folder in the management win dow the tree expands with functions you ll recognize from previous sections Here you can view add to or delete users from the policy with the Assigned Users function and view and change the Policy Settings Whitelisted and Blacklisted Senders Blocked Char acter Sets and Custom Filtering Rules All of these functions operate exactly as described earlier in this section Remember that these settings are specific to this policy only After performing a major update remember to reset the Smart Cache from the Smart Caching management window Reporting The Reporting tool allows you to generate iHateSpam default reports on vari ous criter
20. ates a shortcut on your desktop but you can also access the management console by navigating to Start Programs iHateSpam Server Edition iHateSpam Server Edition Manager The iHateSpam man agement console appears as shown in Figure 11 4 To access the main management console window click the iHateSpam Server Edition folder in the left pane The right pane populates with big friendly icons Management Spam Filtering Reporting About Help and Registration Clicking any of these icons al lows you to access the various functions described in the following sections You may also navigate the management functions through the folder tree in the left pane and you can always access the Help window by pressing the F1 key Management The Management group gives you access to both User and System Man agement configuration options User Management The User Management tool allows you to set policies for each individ ual user as well as disable filtering entirely per user The User Management tool provides a search function as well as a list of preconfigured searches as shown in Figure 11 5 To assign a policy to a user enter the user s mailbox username in the User Search field and click the Search button The user appears in a table detailing his or her e mail address amp iHateSpam Action View Tree iHateSpam Server Edition Manage your entire Exchange Spam Filtering Solution H Spam Filtering 2 Reporting LE Abou
21. ation function communicates with Sunbelt and your registration is processed The information field at the bottom of the window details iHateSpam s registration status The Number Of Seats is synonymous with the number of Exchange user mailboxes you pay for when you buy the software Each seat equals an Exchange Mailbox If you re running iHateSpam in Trial Mode and the trial period expires mail passes through to the users normally without filtering Once you register filtering kicks back in as previously configured Spam Filtering Finally we get to the business end of this spam fighter iHateSpam blocks and filters spam globally and locally to the user with the following functions whitelists blacklists blocked character sets and weighted word filters All of these functions are configurable for all users via the global filters or for individual users or groups of users with policies These configuration options are available from the Spam Filtering management window We discuss each option in the following sections General Settings The General Settings window allows you to enable disable Bounce Message Filtering and enable disable X Header tags to nonspam You may also update iHateSpam s global filtering definitions from this window iHateSpam Isn t Filtering Panic The trial version expired I registered it and the software did not begin filtering Relax Go to the Smart Caching window under Systems Management and cl
22. bout Policy Settings Default Policy Default Manage the setting for this policy in the sections below Press the Update button after you have completed your modifications Policy Details Manage basic policy information Policy ID 1 This is the default policy all unassigned users will have this policy Policy Name Default Policy I Enabled Policy Policy Thresholds Quarantine Threshold 100 Defaul Delete Threshold 6000 Defaul No Action Threshold 1000 Defaul Policy Exchange Folder Structures Quarantine Folder F Spam Spam Quarantine Redirection Mailbox Redirection Folder Whitelist Folder Path Spam Spam Whitelist g BlacklistFolder Path Spam Spam Blacklist 2 M Auto create whitelist folder Auto create blacklist folder 2 Policy Quarantine Actions Prepend Subject Text I Add X Header to quarantined messages 2 Automatically delete quarantined messages after 30 _ days IT Automatically delete messages that are in the blacklist 2 IT Mark quarantined messages as read 2 Default Policy Policy Settings Figure 11 9 The Default Policy properties Chapter 11 Anti Spam Servers for Windows The Redirection Mailbox function allows you to set up an e mail box to direct all quar antined mail for a specific policy This is useful if users do not want the bother of sifting through quarantined mail or if the sheer volume of quarantined mail precludes down
23. button A text field appears for the name of the filter Enter a name and click the OK button The Exception Filter Editor window appears as shown in Figure 11 17 Select an area of the message to scan for the string pattern all the headers various header areas and areas of the body enter the string to search for and select either the Case Sensitive Match or Case Insensitive Match radio button Then select an action for SPS to perform when it finds this string in a message Once done click the OK button and the exception filter is added to the list Updates Logs and Reports SPS uses three main utilities to track update and report on its spam fighting activities To set up SPS for automatic updates simply click the ActiveUpdate tab enable the scheduled update process and set a time and frequency to check for updates If you re on a network with a proxy server you can configure that from this window as well 282 Anti Spam Tool Kit Exception Filter Editor Part of message to scan Select an Area Strings and patterns to match Edit Delete Case sensitive match Case insensitive match Action to perform if filter triggers Selectandction O00000 Filter description Part of message to scan Select an Area Strings and patterns to match case insensitive match Action to perform if filter triggers Select an Action id Cancel Help Figure 11 17 The Exception Filter Editor window Finally the Rep
24. cklist and 1500 whitelist entries The IPLOCK feature prevents sender address spoofing a common spammer tactic of low grade identity theft To enable IPLOCK enter a domain name with an IP address or range SPS then checks to see whether the IP address of the sender matches the range of IP addresses for the sender s domain This setting is most useful if the spammer is attempt ing to spoof your domain name or one commonly used by legitimate senders to your mail server Other advanced features on this tab include these M Specify Service Port Configures SPS to listen for incoming mail on an alternative port other than 25 the default M Redirect Email Address For Quarantine Spam Messages Lets you enter an e mail address or addresses to which you will send quarantined messages M Check Message Size Directs SPS to check the size of incoming e mails and tag those that exceed the size threshold as spam Spam Filters The Spam Filters tab shown in Figure 11 16 allows you to configure you guessed it the SPS spam filters sensitivity Four category filters and one general spam level are available These sliders control the actual thresholds to which SPS compares the weighted e mail messages To set the sensitivity level simply slide the sliders on each fil ter left for less sensitive or right for more sensitive 279 280 Anti Spam Tool Kit E General Spam Level This threshold is the base or bulk filter for all e mail that passes t
25. d to troubleshoot a problem The Reporting icon or the Reporting folder in the System Management tree brings up the System Management Reporting Settings window as shown in Figure 11 6 This window should already be populated as configured during the installation with the Database Type default Microsoft Access Path default RootProgramFiles Sunbelt Software iHateSpam Server Edition iHateSpamDB MDB and the Reporting Enabled checkbox checked If this is not the case click the Install Configure Reporting button and the default settings should populate the fields Check the Reporting Enabled checkbox and then click the Done button The settings should populate the fields in the Reporting Settings window Smart Caching is an iHateSpam feature that holds user policy configuration and fil tering information in a cache to increase the performance of the filtering engine The cache updates automatically on regular intervals The Smart Caching window displays the Current Status default Smart Caching Enabled and provides a button that you can click to clear reset the cache Normally this isn t necessary but if you make changes to user policies filters or other configuration information you should clear the cache to ap ply the settings immediately Si iHateSpam Chapter 11 Anti Spam Servers for Windows etn view lt fem e a Tree L Console Root iHateSpam Server Edition 4 Management E E
26. e spam and to delete all messages detected as spam by simply checking the appropriate boxes I The SPS documentation contains a lengthy description of filter sensitivity and a great testing method ology for balancing sensitivity to performance Refer to the SPS User s Guide on the Trend Micro web site for more information Exception Filters Exception filters allow you to configure filters to identify specific text strings case sensitive or insensitive and immediately do something with that incoming message be it delete quarantine in a specific category respond to the sender with an Er ror 50 or pass the message through The most obvious use for this feature is as a verifica tion method for legitimate e mail If your organization receives a lot of messages with the same text string such as a disclaimer message signature and the like configuring that string and setting the filter to pass through diminishes the probability that the mes sage will be misidentified as spam Likewise if you see spam messages that use the same string of text over and over and for some reason SPS is not catching these mails simply set up an exception filter to find that string and automatically delete or quarantine the of fending messages It is important to note that using literal string matching with the body of a message can create numerous false negative scenarios To set up an exception filter click the Exception Filters tab and click the New
27. er as configured by the sender s e mail client The Received field is an ex ample of an SMTP generated e mail header field Note that MIME fields are not reli able sources of spam indication by themselves For example a misconfigured e mail client such as one without a name in the Name field mail to multiple e mail ac counts such as a legitimate mailing list and the like could cause one of these rules to fire Use them with care Chapter 11 Anti Spam Servers for Windows Keyword Checking Properties x General Subject Actions r Scan email body Conditions Add keyword H R 3113 Add condition 100 confidential 100 free 100 guaranteed 100 legal Remove 100 money 100 nude 100 proven Import 100 risk free 100 true Expott 18 to enter PE er 2 Edit Br Jer Jer Jer Je Be dee Figure 11 14 The Keyword Checking Properties window You may also add a condition which is a series of keywords linked by the operands OR AND AND NOT and OR NOT To access the Conditions window shown here click the Add Condition button in the General tab Type a keyword into the field provided and then click the Add button The keyword appears in the table with the operator IF be side it Continue building the condition with the appropriate operators Create a combination of keywords that will identify a particular e mail as spam For example IF word AND word2 OR word3 will classify a
28. es you would like to assign to this user You can manage this user s assigned policy group as well as disabling spam filtering bubba astk org Hawdawg Bubba Status Spam Filtering Enabled Policy Group Default Policy 1 Disable Filtering Disabled Filtering for this user OK Cancel Apply 255 256 Anti Spam Tool Kit System Management If you click the System Management icon from the main manage ment console you ll see another console view with the following functionality General Settings Reporting Registration SMTP Event Bindings Smart Caching Replication and Domain Configuration The General Settings window allows you to turn spam filtering on and off and also al lows you to configure iHateSpam for Tracing Mode Tracing Mode records all iHateSpam events to various trace or log files This mode is used for troubleshooting problems but click the Settings button now A Trace Settings window appears as shown next Simply check the events you wish to log and click the OK button Then click the On radio button to enable Trace Mode Trace Settings ol x OK Errors Spam Filter Cancel Check the boxes next to the Trace sections you want to turn on 1i Trace Mode is used for tracking down problems such as mail bottlenecks and other specific errors iHateSpam in Trace Mode quickly generates very large log files It s recommended therefore that you use this mode only if you nee
29. figuration window shown in Figure 11 15 by navigating to Start Programs Trend Micro TrendSPS The following configuration tabs hold all the SPS goodness Configuration Spam Fil ters Exception Filters ActiveUpdate Report and Log The two big icons in the upper left corner of the Configuration window start and stop the SPS service The big message that appears at the top of the window always tells you the state of the service Configuration The Configuration tab allows you to configure receiving e mail servers trusted domains the whitelist and blacklist the IPLOCK feature as well as Advanced configuration options The Receiving Email Servers setting controls where SPS routes the incoming mail when it s through filtering it Click the Edit button and enter either an IP address or the fully qualified domain name of your mail server 277 aas Anti Spam Tool Kit p Trend Micro Spam Prevention Service Configuration gt SPS Service is stopped Configuration Spam Filters Exception Filters ActiveUpdate Report Log r General settings Receiving email servers 127 0 0 1 Vv Only accept mail for the following domains customer com I Globally approved senders whitelist I Globally blocked senders blacklist M IPLOCK gt Advanced I Suppress platform and version information in SMTP greeting T Specify service port l I Specify message size if disabled the default is
30. hrough SPS E Sexual Content All word triggers associated with sexual content increase the message s Sexual Content value This threshold controls whether a message is filtered or not E Make Money Fast Another of the Big Four spam messages This filter has the potential to keep you poor but also spam free ls Trend Micro Spam Prevention Service Configuration x SPS Service is stopped Configuration Spam Filters Exception Filters ActiveUpdate Report Log Settings Least sensitive Most sensitive General spam level a 12 Category filters Least sensitive Most sensitive Sexual content 12 Make Money Fast Commercial offers Racist content m Result handling IM Add SPAM to subject line if message is determined to be spam r Delete all messages detected as spam on the least sensitive setting deleted email cannot be recovered Save Default Help Figure 11 16 The Spam Filters tab 281 Chapter 11 Anti Spam Servers for Windows E Commercial Offers A catchall filter for advertisements of any kind other than the mentioned three If you re a socialist set this really high To support capitalism set this very low E Racist Content Though not exactly a common spam criteria racially charged spam could land an organization in deep legal trouble The Spam Filters configuration window also allows you to add the word SPAM to the subject line of messages determined to b
31. ia To access the Reporting tool click the Reporting icon in the Management tree The Reporting management window appears in the right pane as shown here We found the reporting to be well done although no function is available for generating cus tom reports To generate a report select a report type Start Date and End Date from the drop down lists provided and click the Refresh button The report appears in the box pro vided Although you cannot output reports from the management console iHateSpam includes a stand alone report viewer that allows for printing Reports Select a report select the date range then press Refresh to view the report Select Report Spam amp Non spam vs Time Bar Chart lolx Start Date Spam amp Non spam vs Time Spam and Non spam Table End Date Spam and Non spam Top 50 Table Spam by User Table Spam by User Top 50 Table Spam Domains Top 25 Table Spam vs Non spam Pie Chart GFI MAILESSENTIALS MailEssentials is a Bayesian filter based anti spam server solution available from GFI Inc In addition to spam filtering MailEssentials adds server based e mail tools such as global disclaimer signatures reporting mail archiving and auto replies How It Works MailEssentials controls spam at the gateway by applying Bayesian rulesets blacklists and whitelists and other functions to all incoming mail Like most Bayesian filter based tools MailEssentials learns the
32. icies to one or groups of e mail accounts While both rules and e mail lists are customizable Sunbelt Soft ware provides a regularly updated ruleset that covers most of the spam strategies out there Mail that hits its spam rules are assigned a spam probability and if the administrator definable threshold is reached the mail is either deleted or pushed to a user accessible quar antine folder for review Additionally iHateSpam has a powerful reporting engine that builds regular spam reports and stores them in an Access database file included or SQL file I previous chapters we ve talked a lot about client anti spam tools and how they are Installing iHateSpam iHateSpam should be installed on the Windows server running Exchange As stated previously iHateSpam is distributed either as a single installation file from the Sunbelt Software web site or via CD We installed the downloaded version on a Windows 2000 Server running Exchange 2000 Preinstall Checklist Other than the system requirements you must have Administrator access to the machine where you wish to install iHateSpam If you wish to install the Reporting facilities for MSSQL either SQL 2000 or MSDE 2000 you must have SQL installed and running and mixed mode authentication turned on Refer to SQL Windows and iHateSpam docu mentation for more information on using SQL with iHateSpam Chapter 11 Anti Spam Servers for Windows 251 Installing To instal
33. ick the Clear SmartCache Contents button Everything should work as before 259 260 Anti Spam Tool Kit The Bounce Message Filtering flag allows or disallows bounced messages through the filter without processing Thus if for some reason one of your users receives a bounce mes sage from a mailer daemon or postmaster for example if a message was sent to a nonexis tent e mail address iHateMail would let this message through without attempting to filter it The filter engine processes bounce messages normally if this feature is disabled NOTE You ll probably want to filter bounce messages since forging these messages is a well known spammer tactic The downside is that if a legitimate bounce gets filtered it will make undelivered mail more difficult for you to troubleshoot The Spam Definitions tool allows you to update iHateSpam s global filtering defini tions manually from Sunbelt Software s central server Since these updates occur quite frequently you ll want to configure automatic updates See the sidebar titled Sched uling Automatic Updates with Windows Scheduled Tasks If you update the defini tions be sure to clear the Smart Cache for the settings to take effect immediately Scheduling Automatic Updates with Windows Scheduled Tasks Although no tool is available for configuring automatic definition updates the task is easy to do using the Windows Scheduled Tasks tool To set up automatic updates perform
34. ights to install the settings for all users Install this application for Anyone who uses this computer C Only for me Dev lt Back Cancel Figure 11 1 The User Information Window iHateSpam Installation Utility Object iHateSpam Reporting Database Setup This will install the iHateSpam report database Please enter the information below to install the database This feature requires that you have one of the following installed Microsoft Access or Microsoft SQL Server version 7 or later If you wish to use MS Access a database has already been installed for you in the iHateSpam installation folder If you wish to use MS SOL Server the installation process will connect to your database server and create a new database Database Type Microsoft Access Database Settings Path C Program Files Sunbelt Software iHateSpam Server Edition iHateSpamDB MDB I Reporting Enabled Figure 11 2 The Installation Utility Object window Chapter 11 Anti Spam Servers for Windows iHateSpam Installation Utility Object ba Exchange 2000 SMTP Event Sink Setup Setup the SMTP service event sink bindings for all or the selected SMTP instances on this ped Exchange server For multiple Exchange servers with SMTP services you will need to install the WN Event Sinks for as well SMTP Event Sink Installation The Spam Filtering Engine connects to the Exchange 2000 SMTP Server Gateway via SMTP On rrival Event Sinks This Event Sin
35. k needs to be registered with the application in order to provide spam filter capabilities You will need to install an SMTP Event sink on each of your Exchange SMTP services as well as all instances of the services that Exchange Utilizes Select SMTP instances to install on T Instance 1 Install SMTP Sink Cancel Figure 11 3 The Exchange 2000 Event Sink Setup window 13 A window proclaiming success appears Click the Finish button and iHateSpam prompts you to restart Exchange SMTP OnArrival Sink iHateSpam uses the Exchange SMTP OnArrival Sink to scan incoming e mail This function communicates the incoming e mail message along with the transport en velope fields to iHateSpam for rules processing You don t really have to know how the SMTP sink works since iHateSpam configures and registers itself for communi cation with Exchange but be sure to check each Instance listed on the Exchange 2000 SMTP Sink Window Figure 11 3 If you re curious a very thorough descrip tion of SMTP NNTP sinks and other Collaboration Data Objects CDO COM com ponents appears on Microsoft s MSDN site at http msdn microsoft com library default asp url library en us cdosys html _cdosys_smtp_nntp_transport_event_ sinks_with_cdo asp 254 Anti Spam Tool Kit Hating Spam in the Enterprise Straight out of the box iHateSpam does nothing for you You have to configure it to get mail and apply its rules and policies iHateSpam cre
36. l iHateSpam Server Edition on Windows perform these steps 1 a PF YS N 10 11 12 Log in to your Windows server as Administrator or as user with Administrator rights Double click the installation file and the initial splash window appears Click Next The Welcome screen appears Click Next The User Information window appears as shown in Figure 11 1 Enter your name and your organization s name and choose who will have access to the program We suggest you choose the Only For Me radio button for security reasons Then click the Next button At the License Agreement window click the I Agree radio button and then click Next In the Destination Folder window select an install directory We suggest the default Windowsroot SunbeltSoftware iHateSpam Server Edition unless you have some other policy regarding program installation on your server Click the Next button when you re ready The Select Features window allows you to install either the Server Components or Standalone Report Viewer or both For this install leave it set at the default which is both and click Next The Ready window allows you to click Back if you want to change any of the settings or click Cancel to cancel the install Click Next when you ve pondered all that could go wrong and you decide to go ahead anyway After iHateSpam installs the Installation Utility Object window appears as shown in Figure 11 2 Here you can set up the dat
37. n e mail as spam if both word and word2 are in the e mail or if just word is in the e mail 5 4 o a a g i a a Operator Remove t JF pongo Move Down OK Cancel 275 276 Anti Spam Tool Kit The Subject tab allows you to add subject keywords and conditions and operates ex actly the same as the body keyword condition function The Actions tab operates the same as the Actions tabs on the other Properties windows in this section allowing you to block e mail that meets the conditions on the Keyword Checking Properties configura tion and either delete the message forward it to the user s spam folder forward the mes sage to an e mail address or move it to a local folder You can also tag the message with a word or phrase enable logging of keyword events and generate a fake nondelivery mes sage back to the spammer Other E Mail Functions MailEssentials contains several other e mail management utilities including Mail Ar chiving and Mail Monitoring as well as Auto Reply and Global Disclaimer generation Although these functions are outside the scope of this chapter be aware that GFI has packed this anti spam tool with a lot of functionality For more information about these functions refer to the MailEssentials User Guide and other documentation on the GFI web site TREND MICRO SPAM PREVENTION SERVICE Spam Prevention Service SPS is a feature rich spam fighting tool from Trend Micro Al th
38. nd the GiantSpamDefinitionsUpdater icon should appear in the Scheduled Tasks window You re done Global Filters As stated previously global filters affect all e mail users managed by iHateSpam These filters include Whitelist Rules Blacklist Rules Custom Rules Charac ter Set Blocking and Filter Plug ins 1 Click the Global Filters icon on the Spam Filtering management window to bring up an explanation of all the global filters First we ll configure the Whitelist and Blacklist rules Click the Whitelisted Senders folder in the left pane to open the Whitelist rules You should see a Domain Address Type and sunbelt software com as a whitelisted E mail Sender in the table in the right pane To add a whitelisted sender either a full domain or an individual e mail address right click anywhere on the table and choose New Whitelist Address The Add An Allowed Sender window appears Select E mail Address or Domain from the drop down list and type the appropriate address into the field provided When you re done click the OK button The e mail address or domain is added to the whitelist and allowed through the filter with almost no processing NOTE The Blacklisted Sender window works exactly the same way except of course those domains and CAUTION While the sample whitelist setting allowing any mail from sunbelt software com to pass your filtering NOTE users are blocked process is fine for the sake of illustration here
39. ort tab allows you to construct various reports of SPS s activities over time and output that report either to text or HTML format The Log tab provides a config uration interface to set up rotating log files of SPS s activities You can either manually ro tate logs by clicking the Rotate Now button or set up a schedule for SPS to rotate its log files automatically
40. ough its spam filtering process is similar to that of other tools covered in this chapter its deployment strategy is different SPS fights spam as a pass through SMTP server meaning that instead of applying rules to e mail already received by the mail server SPS filters mail before it ever touches the mail server How It Works Deployed between the mail server and the Internet SPS assigns a numeric value to in coming e mail based on an equation formed by rules that apply a spam score or weight to the incoming message The spam score is then compared to a global threshold and the mail is either forwarded on to the mail server tagged as spam and forwarded on held on the SPS server or deleted entirely SPS runs on its own machine and monitors port 25 the SMTP port In addition to its complex filter set SPS also filters mail using the standard whitelist blacklist features and limited header scanning Installing SPS SPS is available via CD or as an installation archive from the Trend Micro web site at http www trendmicro com Though Trend Micro also distributes SPS for Linux and Solaris we cover the Windows 2000 Server version in this chapter SPS should be installed on its own machine with at least the following specifications E 1GHz Intel Pentium 4 processor E 512MB RAM Chapter 11 Anti Spam Servers for Windows E 100MB of hard disk space for software only logging and reporting require more space though how much space depends on
41. r Checking configuration window you can specify certain header checks that can assist MailEssentials spam profiling operations including MIME header fields scanning DNS lookups character set blocking and handling actions To access the Header Checking Properties window shown in Figure 11 13 click the Header Checking icon in the Anti Spam tree and then click the Properties icon in the right hand pane of the management console General Settings The General tab of the Header Checking Properties window allows you to configure specific checks on MIME and SMTP fields in an incoming e mail message s headers Using the General and General Contd tabs checkboxes you can configure MailEssentials to check the following information E MIME From This checks to see whether the sender has configured an e mail address in the mail client E Malformed MIME From This check verifies that the MIME From field matches the specifications of RFC 822 E Maximum number of recipients Though currently this is rarely an indication of spam you can set the maximum number of recipients on a given e mail This is useful if you have internal or external annoyance spammers that send joke lists or chain e mails or that tend to reply to all recipients on a bandwidth chewing e mail thread that just won t die E SMTP To and MIME To comparison This setting compares the two settings in a given message and kicks out those that don t match Of course e mail li
42. rd Checking Blacklists Whitelists Click the Blacklists Whitelists icon in the Anti Spam tree to access these functions Click the Properties icon in the right pane to pull up the Blacklist Whitelist Properties win dow as shown in Figure 11 11 The Properties window allows you to configure the Whitelists and auto whitelisting feature Blacklists and DNS Blacklists as well as per form actions on e mail that s blocked by the Blacklists Blacklist hitelist Properties x Whitelist Blacklist DNS Blacklists Actions Enable Whitelist mieg gfi com Show all J D gfiusa com D gfisoftware com aa D gfisoftware de Add List D gfiap com W gfi co uk Remove D gficom at p Legend D gfihispana com SY Check MIME TO gfsfrance com TO Check MIME FROM Import Auto Whitelist M Enable Auto Whitelist The Auto Whitelist automatically adds email addresses of recipients in outbound emails to the list Maximum entries allowed in the Auto Whitelist 30000 There are currently 0 entries in the Auto Whitelist OK Cancel Appi Figure 11 11 The Blacklist Whitelist Properties window 269 270 Anti Spam Tool Kit Whitelists The Whitelist configuration window is similar to other tools covered in this book Here you may add an e mail address domain name and mailing list MIME To fields and you can import and export the whitelist Additionally you can enable or dis
43. spam as a reg ular expression in the Subject field of incoming e mails If the value is found iHateSpam applies a 100 weight to the mail Depending on the other rules that fire on a particular message the server either passes the message on or quarantines it Chapter 11 Anti Spam Servers for Windows Subject LIKE iHateSpam Properties 24 x Use the properties below to modify this custom rule Please refer to your help documentation for infromation on how thresholds for custom rules work Modify Custom Rule for Global Filter Property Subject z Operator Like z Value ihatespam Weight 1 100 gt For more information on weights on how they apply to the a z policies threshold levels please refer to the help manual Current Rule Script Subject Like ihatespam Cancel ppl SLU While this example rule is fine for illustration you ll probably want to delete it from the Custom Filtering Rules window since any spammer can figure out from the documentation this book or the iHateSpam program itself that a default rule applies a negative weight to the Value ihatespam affording such a message a pretty good chance of getting through the filter To create a rule right click the Custom Filtering Rule folder and choose New Custom Rule The Properties window shown previously appears Select the Properties you want iHateSpam to scan To select multiple properties hold down the CTRL key while you
44. st servers often fit this profile so if your organization subscribes to e mail discussion lists newsletters and the like be sure to add the e mail address or domain name to the whitelist if you enable this feature 278 Chapter 11 Anti Spam Servers for Windows Header Checking Properties x General General contd Languages Actions Mail can be identified as spam by analyzing the fields of an email header SMTP fields are specified by the SMTP server whereas MIME fields are specified by the client V Checks if the email header contains a malformed MIME FROM field T Maximum number of recipients allowed in email I Marks emails with different SMTP TO and MIME TO fields in the email addresses as spam Check if email contains remote images only To circumvent keyword filters spammers are now sending out image only mails Mails which have only images and a minimal amount of text can be flagged as spam Cancel Apply Figure 11 13 The Header Checking Properties window E Remote images To combat a fairly new spammer tactic this setting flags e mails that contain only an image or an image with little text in the body of the e mail The drawback to this setting is that if your users often receive image files attached to e mail messages this could cause problems E Domain validation This setting is on the General Contd tab MailEssentials can look up the domain of an incoming message to verif
45. t Figure 11 4 The iHateSpam management console Chapter 11 Anti Spam Servers for Windows amp iHateSpam Action View amp gt amle 2 Tree L Console Root User Manager B C HateSpam Server Edition The user manager allows you manage a few properties on your Active Directory 5 0 Management users You can manage the user s Policy Group as well as completely disable a Gl System Management user independent of their policy group settings User Management User Search To find a specific set of users use the search feature a Spam Filtering 7 il About Advanced Search Assign Display Name First Name Policy Group rator astk org Administrator Default Policy Of k org g He O Sonja astk org Sonja Red Red O SystemMailbox E92544D8 E7 SystemMailbox Default Policy Figure 11 5 The User Management tool display name first and last name Policy Group applied default is Unassigned and Dis abled status default is False Double click the username and the Manage User window appears as shown here Select the policy you want to apply from the Policy Group drop down and if desired disable filtering by clicking the Disabled Filtering checkbox if desired Click the OK button Since only the Default Policy is available right now we ll talk more about assigning user policies in the Spam Filtering Policies section Manage User bubba astk_org Manage User Properties Select the properti
46. tabs in the previous con figuration windows It blocks e mails that fit the criteria set in this Properties window and either deletes forwards to a user folder forwards to an e mail address or moves the message to a local folder You can also enable the Tag e mail function enable logging of events that meet this Properties window configurations and generate a fake non delivery e mail to the spammer Keyword Checking In addition to the other header and list checks we ve covered MailEssentials also uses a complicated yet easy to configure Keyword Checking function to identify spam You can scan keywords or combinations of keywords in the message body or subject To ac cess the Keyword Checking Properties window shown in Figure 11 14 click the Key word Checking icon in the Anti Spam tree and then click the Properties icon in the right pane of the management console The General tab contains the Scan Email Body table of keywords It offers a sizable list of keyword and keyword combinations by default but to add a keyword click the Add Keyword button In the text box type the word or phrase you want MailEssentials to scan for and then click OK MIME Fields in the Message Header In a message header MIME fields are generated by an e mail sender s mail client while SMTP fields are specified by the SMTP server through which the message passes An example of a MIME field is the From field designating the e mail address of the send
47. teSpamSE OK Cancel Figure 11 8 Add Replication Server window Chapter 11 Anti Spam Servers for Windows The Domain Configuration window allows you to query user accounts filter mail for them on all the domains available to you In most cases you will not have to bother with this window iHateSpam automatically populates this table with the appropriate do mains based on the SMTP sinks you configured during installation However if you manage many domains and you want iHateSpam to filter on only a few of them pull up this window and uncheck those domains you don t wish to query for users Again this should not be necessary since you probably didn t add the SMTP sink for those un wanted domains in the first place Of course if you happen to add a domain with an Ex change server to your wide area network WAN you ll have to add the SMTP sink discussed in the following paragraph The domain itself will populate automatically in this case The SMTP Events Management window and the Registration window are rarely used As discussed in the preceding paragraph if you add another Exchange server you will have to go to the SMTP Events management window and bind an SMTP sink to that server if you want to filter spam for its users The Registration window allows you to reg ister your software with iHateSpam Simply enter your Registration Key and Number Of Seats in the appropriate fields and click the Register button The registr
48. the volume of e mail you receive and your configuration choices While several different deployment options exist especially in conjunction with other Trend Micro products we cover only the most basic SPS setup in this chapter one SPS server and one e mail server Preinstall Checklist Before you can install SPS make sure that a port is available for SPS to listen on and that the port is reachable through the firewall The default port is 25 SMTP port You ll also want to have Administrator access to the computer where SPS is to be installed as well as the ability to change the mail exchanger MX records on the mail server The MX records should be changed to point to the SPS server for mail exchange Once you have all this under control you re ready to install Spam Prevention Services Installing Log in to the Windows 2000 server as a user with Administrator rights and perform the following steps to install SPS 1 Disable any services running on port 25 even if you plan to run SPS on a different port By default SPS installs listening to port 25 and if another service is running on that port the installation process fails 2 Double click the install archive and follow the prompts to install SPS No complex configuration options are required during the install process You will agree to a license agreement set a destination folder and that s it Initial Configuration Once the install process completes open the SPS con
49. y that it s real and flag the message if it s not The drawback is that the network overhead necessary to accomplish this may be excessive Depending on e mail volume this could slow down both mail processing and spam filtering E MIME from number limits A wily spammer tactic is to auto generate a unique e mail name anything before the sign to thwart blacklists These generated names often contain numbers Enable this feature and enter the threshold of numbers an e mail name can contain before it s flagged M Subject checking This feature checks to see whether the Subject field of the message contains your name or e mail name Often spammers generate 274 Anti Spam Tool Kit personalized subjects from the recipient s e mail address Many e mail administrators have received a message with the subject PostMaster you re not going to believe this You can also add e mail addresses to Except this rule in cases where you often receive e mails from legitimate sources that fit this profile Languages and Actions The Languages tab of the Header Checking Properties window allows you to specify lists of character sets other languages to block or not block auto matically To enable click the Block Mails That Use These Languages checkbox and select either Block The List Below or Block All Except The List Below and then select the charac ter sets accordingly The Actions tab performs the same functions as the Actions
50. you ll want to delete that whitelist entry since any spammer can forge the From field of a spam message as coming from the whitelisted domain It s never a good idea to stick with default settings such as these since this information is freely available to anyone The Blocked Character Sets configuration automatically blocks any e mail composed in whole or in part of the character sets designated Thus if you block all Arabic character sets any e mail iHateSpam processes composed in Arabic is automatically blocked To add or 261 eee 262 Anti Spam Tool Kit remove character set blocks right click the Blocked Character Sets folder in the Global Set tings tree choose New Blocked Character Sets The Add A Blocked Character Set win dow appears as shown here Simply check the checkbox next to the character sets you wish to block or uncheck those to unblock and click the OK button The blocked character sets should appear in the right pane Add a Blocked Character Set Add a Blocked Character Set Select a character set from the list below you would like to add or enter a P character set name that you would block if it is not on the list Blocked Character Set for the Global Filter Check all the character sets below you would like to add to this filter O asmo 708 Arabic O iso 8859 6 Arabic O mac arabic Arabic O windows 1256 Arabic Diso 8859 4 Baltic O windows 1257 Baltic z Custom Character Set Add
Download Pdf Manuals
Related Search