Senin, 24 Juni 2013

The Spam Filter increases MDaemon's already extensive suite of spam prevention tools. The Spam Filter incorporates new technology to heuristically examine incoming email messages in order to compute a "score" based on a complex system of rules. The score is then used to determine the likelihood of a message being spam, and certain actions can be taken based on that score-you can refuse the message, flag it as possible spam, and so.
Addresses can be white or black listed, or designated as completely exempt from Spam Filter examination. You can have a spam report inserted into messages, showing their spam scores and how those scores were achieved, or you can generate the repot as a separate email and have the original spam message included with it as an attachment. Further, you can even use Bayesian learning to help the Spam Filter learn over time to identify spam more accurately and thus increase its reliability.
Finally, by examining many thousands of known spam messages, the rules have been optimized over time and are very reliable in detecting the fingerprint of a spam message. You can, however, customize or add new rules by editing the Spam Filter's configuration files to meet your specific needs.
MDaemon's Spam Filter uses an integrated, popular open-source heuristic technology. The homepage for the open-source project is:
http://www.spamassassin.org

Spam Filter Options

If a message is determined to be spam then…
The Spam Filter will take the action chosen below if a message's spam score is greater than or equal to the spam score specified on the Heuristics tab.
…bounce the message back to sender
Choose this option if you want to attempt to bounce each spam message back to its sender. Spam is notorious for having invalid return paths, so these messages may frequently be undeliverable.
…just delete the message completely
Choose this option if you want to simply delete any incoming message whose spam score exceeds the designated limit.
…put the message in the spam trap public folder
Choose this option if you want to flag messages as spam and then move them to the spam public folder rather than allow them to be delivered.
…flag the message but let it continue down the delivery path
Choose this option if you want to go ahead and deliver each spam message to its intended recipient, and flag it as spam by inserting various spam headers and/or tags designated on the Heuristics tab.
Don't filter messages sent from local sources
Click this check box if you want messages from local users and domains to be exempt from filtering.
Don't filter messages from trusted or authenticated sources
Enable this option if you want messages sent from trusted domains or authenticated senders to be exempt from spam filtering.
Don't filter messages larger than XX kb (0=filter all messages)
It is typical for spam messages to be fairly small since the usual goal of the spammers is to deliver as many messages as possible in the shortest amount of time. If you want messages over a certain size to be exempt from spam filtering then specify that amount (in KB) here. Use "0" as the amount if you don't want size to be a factor in determining exemption from spam filtering-messages will be processed through the spam filter regardless of size.
Don't forward messages marked as spam
Click this check box if you do not wish to allow spam messages to be forwarded.
Automatically filter spam messages into user's IMAP spam folder
Click this option and MDaemon will automatically place each message that the Spam Filter determines to be spam into each user's "Spam" IMAP folder (if such a folder exists). It will also automatically create the folder for each new user account that is added.
When you click this option you will also be asked whether or not you would like MDaemon to create this folder for each of your already existing user accounts. If you choose "Yes" then a folder will be created for all users. If you choose "No" then a folder will only be created when each new user is added. Any folders that already exist for some or all of your users will not be altered or affected in any way.
A white list match subtracts this many points from the spam score
Including an address on one of the Spam Filter white lists does not automatically guarantee that a message to or from that address will not be considered spam. Instead, white listed addresses will simply have the amount specified in this control subtracted from their spam scores. For example, if you have the spam score threshold set to 5.0 and this value set to 100, and then a particularly excessive spam message arrives that gets a spam score of 105.0 or higher before the white list value is subtracted, then the final spam score of the message will be at least 5.0-thus denoting it as spam. This would rarely happen, however, because spam rarely has a value that high unless it contains some other exceptionally high-scoring element, such as a blacklisted address. Of course, if you set the white list subtraction value to a much lower amount then it would occur much more frequently.
A black list match adds this many points to the spam score
As with the white list option above, including an address on the Spam Filter's black list doesn't guarantee that a message from that address will be considered spam. Instead, the value specified in this option will be added to the message's spam score, which will then be used to determine whether or not the message is spam.
DNS-BL match adds this many points to the spam score
If you are using DNS Black Lists then you can use this option to specify a value that will be added to a message's spam score when a DNS-BL match results. Sometimes the Spam Filter's heuristic examination of a message may not score it high enough to be considered spam, but a DNS-BL lookup may show that it probably is spam. Adding this value to the spam score of these messages can help to reduce the number of spam messages that manage to slip through undetected by the Spam Filter.
Scheduled updates
Click this button to open the AntiSpam Updates event scheduling dialog (Setup Event Scheduling…) on which you can schedule the times that the Spam Filter will check for heuristic engine file updates.

Heuristic Engine Options

Enable heuristic message scoring system
Click this check box to activate the heuristic message-scoring, spam filtering system. No Spam Filter options on any of the tabs will be available until this option is enabled.
A message is spam if its score is greater or equal to XX (0.0-500.0)
The value that you specify here is the required spam threshold that MDaemon will compare to each message's spam score. Any message with a spam score greater than or equal to this amount will be considered spam, and then the appropriate actions will be taken based on your Spam Filter settings.
SMTP rejects messages with scores greater or equal to XX (0=never)
Use this option to designate a spam score rejection threshold. When a message's spam score is greater than or equal to this score it will be rejected completely rather than proceed through the rest of the options and possibly be delivered. The value of this option should always be greater than the value of the "A message is spam if its score…" option above. Otherwise, a message would never be considered spam and have the rest of the Spam Filter's options applied to it-it would simply be rejected during delivery. Use "0" in this option if you do not want MDaemon to reject any messages regardless of their scores.
Example, If you have the spam score threshold set to 5.0 and the rejection threshold set to 10.0 then any message with a spam score that is greater than or equal to 5.0 but less than 10.0 will be considered spam and handled according to the rest of the settings on the Spam Filter dialog. Any message with a spam score greater than or equal to 10.0 will be rejected by MDaemon during the delivery process.
Show heuristic results within SMTP session transcripts
Click this option to display heuristic processing results inline with SMTP session transcripts. This option is not available when you have your Spam Score rejection threshold set to "0"- meaning that spam will never be rejected because of its score. For more information see, "SMTP rejects messages with scores greater or equal to XX (0=never)" above.
Subject tag
This tag will be inserted at the beginning of the Subject header of all messages that meet or exceed the required spam score threshold. It can contain information about the spam score, and you can use your IMAP message filters to search for it and filter the message accordingly (assuming that you have the Spam Filter configured to continue delivering spam messages). This is a simple method for automatically routing spam messages to a designated "spam" folder. If you want to dynamically insert the message's spam score and the value of the required spam threshold then use the tag "_HITS_" for the message's score and "_REQD_" for the required threshold. Alternatively, you can use "_SCORE(0)_" instead of "_HITS_"- this will insert a leading zero into lower scores, which can help ensure the proper sort-order when sorting messages by subject in some email clients.
Example, A subject tag set to: ***SPAM*** Score/Req: _HITS_/_REQD_ will cause a spam message with a score of 6.2 and the subject: "Hey, here's some spam!" to be changed to "***SPAM*** Score/Req: 6.2/5.0 - Hey, here's some spam!" Score/Req: 06.2/5.0 - Hey, here's some spam!"
If you do not wish to alter the subject header then leave this option blank. No subject tag will be inserted.
The Spam Filter supports Bayesian learning, which is a statistical process that can optionally be used to analyze spam and non-spam messages in order to increase the reliability of spam recognition over time. You can designate a folder for spam messages and non-spam message that will be scanned each night about midnight. All of the messages in those folders will be analyzed and indexed so that new messages can be compared to them statistically in order to determine the likelihood that they are spam. The Spam Filter can then increase or decrease a message's spam score based upon the results of its Bayesian comparison.
be sufficiently equipped to begin applying the results of a Bayesian comparison to each incoming message's spam score. By continuing to analyze even more messages the Bayesian classifications will become more accurate over time.

Bayesian Classification

Apply Bayesian knowledge to heuristic message scoring
Click this check box if you want each message's spam score to be adjusted based on a comparison to the currently known Bayesian statistics.
Enable Bayesian scheduled learning
Activate this option if you want the Spam Filter to analyze all messages contained in the folders specified below. The contents of these folders will be analyzed once each day at midnight and then deleted.
Learn
Click this button to initiate a manual Bayesian analysis of the designated folders rather than waiting for the automatic analysis at midnight.
Enable Spam and Ham forwarding addresses
Click this check box if you wish to allow users to forward spam and non-spam (ham) messages to designated addresses so that the Bayesian system can learn from them. The default addresses that MDaemon will use are "SpamLearn@" and "HamLearn@". Messages sent to these addresses must be received via SMTP from a session that is authenticated using SMTP AUTH. Further, MDaemon expects the messages to be forwarded to the above addresses as attachments of type "message/rfc822". Any message of another type that is sent to these email addresses will not be processed.
You can change the addresses MDaemon uses by editing the following key in the CFILTER.INI file:
[SpamFilter]
SpamLearnAddress=SpamLearn@
HamLearnAddress=HamLearn@ </p>
Note:the last character of these values must be "@".
Create
Click this button to create Spam and Ham public IMAP folders automatically, and to configure MDaemon to use them. The following folders will be created:
<Bayesian Learning> -root IMAP folder <Bayesian Learning\\Spam> -this folder is for false negatives (spam that doesn't score high enough to get flagged as such). <Bayesian Learning\\Ham> -this folder is for false positives (non-spam messages that erroneously score high enough to get flagged as spam).
By default, access permission to these folders is only granted to local users of local domains and is limited to Lookup and Insert. The postmaster's default permissions are Lookup, Read, Insert, and Delete.
Path to known spam directory (false negatives):
This is the path to the folder that will be used for Bayesian analysis of known spam messages. Only copy messages to this folder that you consider to be spam. You should not automate the process of copying messages to this folder because of the potential for errors. Automating this process could sometimes cause non-spam messages to be analyzed as spam, which would decrease the reliability of the Bayesian statistics.
Path to known non-spam directory (false positives):
This is the path to the folder that will be used for Bayesian analysis of messages that are definitely not spam. Only messages that you do not consider to be spam should be copied to this folder. You should not automate the process of copying messages to this folder because of the potential for errors. Automating this process could sometimes cause spam messages to be analyzed as non-spam, which would decrease the reliability of the Bayesian statistics.
Pub Folder
Click one of these buttons to designate one of your Public Folders as the Bayesian directory. This is an easy way for your users to place their messages incorrectly categorized as spam or non-spam into your Bayesian directories for analysis. Note, however, that giving access to more people increases the likelihood that some messages will be put into the wrong folders thus skewing the statistics and decreasing reliability.
Advanced
Click this button to open the Bayesian advanced options dialog, which contains options for automatic Bayesian learning and designating Bayesian database token limits. See Bayesian Advanced Options below.

Automatic Learning

Enable Bayesian automatic learning
With automatic Bayesian learning you can designate spam and non-spam scoring thresholds. Any message scoring below the non-spam threshold will be treated by automatic learning as non-spam, and any message scoring above the spam threshold will be treated as spam. Although automatic learning is not generally recommended, it can be beneficial if you are careful in setting your thresholds values because it will allow old expired tokens that are removed from the database files (see Token expiration message count below) to be replaced automatically. This prevents the need for manual retraining to recover expired tokens.
Non-spam score threshold
Messages with a spam score below this value will be treated as non-spam messages by the Bayesian Classification system.
Spam score threshold
Messages with a spam score above this value will be treated as spam messages by the Bayesian Classification system.
Non-spam samples required before learning starts
The Spam Filter will not apply a Bayesian classification to messages until this number of non-spam messages (and spam messages specified in the next option) has been analyzed by the Bayesian system. This is necessary in order for the Spam Filter to have a sufficient pool of statistics to draw from when making the Bayesian comparison. Once you have given the system these messages to analyze, it will be sufficiently equipped to begin applying the results of a Bayesian comparison to each incoming message's spam score. By continuing to analyze even more messages the Bayesian classifications will become more accurate over time.
Spam samples required before learning starts
Just as the previous option applies to non-spam messages, this option is for designating the number of spam messages that must be analyzed before the Spam Filter will begin applying a Bayesian classification to them.

Database Management

Enable Bayesian automatic token expiration
Click this option if you want the Bayesian system to automatically expire database tokens whenever the number of tokens specified below is reached. Setting a token limit can prevent your Bayesian database from getting excessively large.
Maximum Bayesian database tokens
This is the maximum number of Bayesian database tokens allowed. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value, or 100,000 tokens, whichever is higher. The number of tokens will never fall below the larger of those two values regardless of how many tokens are expired. Note: 150,000 database tokens is approximately 8Mb.
Restore all settings to server defaults
Click this button to restore all of the Bayesian advanced options to their default values.

Spam Filter Reporting

Insert spam report into the headers of the original message
Choose this reporting option if you want the Spam Filter to insert a spam report into each spam message's headers. The following is an example of a simple spam report:
X-Spam-Report: ----Start Spam Filter results
5.30 points, 5 required;
* -5.7 -- Message-Id indicates the message was sent from MS Exchange
.* 2.0 -- Subject contains lots of white space * -3.3 -- Has a In-Reply-To header
.* 3.0 -- Message has been marked by MDaemon's DNS Black List .* 2.9 -- BODY: Impotence cure .* 2.2 -- BODY: Talks about exercise with an exclamation! .* 0.5 -- BODY: Message is 80% to 90% HTML .* 0.1 -- BODY: HTML included in message .* 1.6 -- BODY: HTML message is a saved web page .* 2.0 -- Date: is 96 hours or more before Received: date ---- End of Spam Filter results
Create a new message and attach the original message to it
Choose this reporting option if you want spam to cause a new email message to be created containing the spam report. The original spam message will be included with it as a file attachment.
Same as above but attach the message as text/plain
Like the previous reporting option, this option will generate the spam report as a new message that includes the original spam message as a file attachment. The difference is that the original message will be attached using the text/plain MIME type. Because spam sometimes contains HTML code that is unique for each message and can potentially reveal to the spammer which email and IP address opened it, this method can prevent that from happening by converting the HTML code to plain text.
HashCash is a "proof of work" system that is both an anti-spam tool and a Denial of Service countermeasure similar to an electronic form of postage. Using the HashCash system MDaemon can mint HashCash stamps, which are in effect "paid for" with CPU processing time rather than actual currency. A HashCash stamp is inserted into an outgoing message's headers and then verified by the recipient's email server and weighed according to the value of the stamp. Stamped messages are more likely to be legitimate and can therefore be passed through the receiving server's anti-spam systems. Use of HashCash stamps can help to reduce false positives and prevent messages from being erroneously rejected due to their failing to pass a word-filter or blacklist system.
Spammers rely on the ability to send many hundreds or even hundreds of thousands of messages in extremely short periods of time, and they frequently send a single copy to many recipients by using BCC and similar techniques that do not require a significant amount of processing time for any given recipient. A spammer attempting to use a HashCash system, however, would have to mint a unique HashCash stamp for each recipient each time that recipient was sent a message. This would be highly prohibitive and inefficient for the typical spammer. Conversely, for the typical legitimate mail server and sender, the extra cost in CPU time required to stamp outgoing messages is essentially insignificant and will not affect mail delivery speeds or mail processing time in any noticeable way, especially since outgoing mailing list messages are never stamped.
Stamps are only generated for outbound remote messages that are either from or to the addresses designated on the Mint List, and they are never generated for mailing list messages. Further, by default MDaemon will only generate those HashCash stamps when the message arrives via an authenticated SMTP session. Requiring authenticated sessions is recommended but optional. You can deactivate this requirement if you wish to stamp messages arriving on unauthenticated sessions.
For incoming messages, only stamps contained in messages for recipients designated on the Validation List will be checked for validity. If an incoming message contains a HashCash stamp but the recipient isn't on the list, then the stamp will be ignored and the message will be processed normally as if it didn't contain a HashCash stamp at all. By default, only your primary domain is contained on this list. Click the Validation List button if you wish to add secondary domains or domain gateways to it.
For more information on HashCash, visit http://www.hashcash.org/.

HashCash

Mint and insert HashCash stamps into outbound mail
Click this check box to activate the HashCash system. MDaemon will generate stamps for outbound remote messages that are either from or to the addresses designated on the Mint List
…but only if message arrived via AUTH'ed SMTP session
Click this check box if you wish to generate stamps only for those messages arriving on authenticated SMTP sessions. Clear it if you do not wish to require authentication, but this is not recommended.
Mint List
Click this button to open the Mint List. MDaemon will only generate HashCash stamps for addresses on this list. By default only your primary domain is listed. If you wish to generate stamps for your secondary domains, domain gateways, or for messages addressed either to or from specific individuals then you will need to add those addresses to the list.
Mint stamps of this many bits (10-32)
This is the bit count MDaemon will use when generating HashCash stamps. The larger the count the greater the amount of processing time required to generate a stamp.
Test
Click this button to test the amount of time required to generate a stamp with the designated bit count.
Check inbound mail for HashCash stamps
Enable this option if you wish to check inbound messages for HashCash stamps and adjust their spam scores based on the results. Only messages with recipients specified on the Validation List will be checked. If an incoming message contains a HashCash stamp but the recipient isn't on the list, then the stamp will be ignored and the message will be processed normally as if it didn't contain a HashCash stamp at all.
Validation List
MDaemon will only attempt to validate HashCash stamps in messages for recipients designated on the Validation List. Incoming messages for recipients who are not on the list will be processed normally. No HashCash stamp check will be performed. Only your primary domain is listed by default.

Messages sent to addresses on this list will not be filtered

Use this tab to designate recipient addresses that you wish to be exempt from spam filtering. Messages destined for these addresses will not be processed through the spam filter.

Automatic White Listing

Enable address book white listing
Click this option to add private address book entries to the white list automatically. Using this option, MDaemon can query each user's private address book file with each incoming message. If the sender of the message is in the recipient's address book file then the message will be automatically white listed. If you do not wish to apply automatic white listing to every MDaemon user then you can disable it for individual users by clearing the Use private address book as Spam Filter white list option on the Options tab of the Account Editor.
Keeping your address book updated and synchronized with WorldClient, Outlook, Outlook Express, the Windows Address Book, and other MAPI mail clients that use the Windows Address Book, can be done easily using ComAgent.
Enable automatic address book updating
This option automatically adds to your address book any non-local email addresses to which you send mail-non-local recipients are added to your XML address book file. When used in conjunction with the option to use your private address book file as your white list, the number of Spam Filter false positives can be drastically reduced.
If you do not wish to apply automatic address book updating to every MDaemon user then you can disable it for individual users by clearing the Update private address book when the account sends mail check box on the Options tab of the Account Editor.
Note:This option is disabled for accounts using auto-responders.

Update Bayesian engine with copies of white listed messages

Click this option to cause qualified messages to be copied automatically into the Bayesian non-spam learning folder (designated on the Bayesian tab). This helps to automate the process of providing the Bayesian engine with samples of non-spam email, or "ham". Regularly providing the Bayesian engine with new examples of non-spam to learn from will increase its reliability over time and help to reduce the number of false positives (i.e. messages that are erroneously classified as spam).
To qualify for this feature, an incoming message must be addressed to a local user and the sender must be someone in his WorldClient address book. If the message is outgoing, then it must be the recipient who is in the address book. If you do not want any outgoing messages to qualify, then use Notepad to edit the following setting in the MDaemon.ini file:
[SpamFilter]
UpdateHamFolderOutbound=No (default = Yes)
When a message qualifies, it is copied into the Bayesian non-spam learning folder even if Bayesian scheduled learning is disabled on the Bayesian tab. Thus, when scheduled learning is later enabled, or when learning is manually activated, a set of non-spam messages will be ready for analysis. Not every message that qualifies, however, is copied into the learning folder. When the feature is activated, MDaemon will copy qualified messages until a designated number is reached. Subsequently it will copy single messages at designated intervals. By default, the first twenty-five qualifying messages will be copied and then every tenth qualifying message after that. The initial number copied is equal to the number designated in the option, "Non-spam samples required before learning starts" located on the Bayesian Advanced dialog. Changing that setting will also change this value. If you wish to change the interval by which subsequent messages are copied, you can do so by editing the following setting in the MDaemon.ini file:
[SpamFilter]
HamSkipCount=10 (default = 10)
Finally, once a designated total number of messages has been copied, the entire process will be begin again-twenty-five will be copied and then every tenth (or an alternate value if you have changed these settings). By default, the process will be restarted after 500 qualifying messages have been copied. You can change this value by editing the following setting in the MDaemon.ini file:
[SpamFilter]
HamMaxCount=500 (default = 500)

Enable white list forwarding address

When your account is set to "Use private address book as Spam Filter white list" on the Account Editor's Options tab, enabling this option will allow you to forward messages to whitelist@<domain.com>
SPAM FILTER
and have MDaemon add the sender of the original message to your personal address book. The white listed address is taken from the forwarded messages From header.
Messages forwarded to whitelist@<domain.com> must be forwarded as attachments of the type message/rfc822, and they must be received by MDaemon via SMTP from a session that is authenticated using SMTP AUTH. Forwarded messages not meeting these requirements will not be processed.
You can change the address MDaemon uses by editing the following key in the CFILTER.INI file:
[SpamFilter] WhiteListAddress=WhiteList@
Note:the last character must be "@".

Messages to addresses on this white list are not usually spam

Including an address on this white list does not automatically guarantee that a message to that address will not be considered spam. Instead, messages to the white listed addresses will have the amount specified on the Spam Filtering tab subtracted from their spam score. For example, if you have the spam score threshold set to 5.0 and the white list value on the spam filtering tab set to 50, and then a particularly excessive spam message arrives that gets a spam score of 55.0 or higher before the white list value is subtracted, then the final spam score of the message will be at least 5.0-thus denoting it as spam. This would rarely happen, however, because spam rarely has a value that high unless it contains some other exceptionally high-scoring element, such as a blacklisted address.

Messages from addresses on this white list are not usually spam

Including an address on this white list does not automatically guarantee that a message from that address will not be considered spam. Instead, messages from these white listed addresses will have the amount specified on the Spam Filtering tab subtracted from their spam score. For example, if you have the spam score threshold set to 5.0 and the white list value on the spam filtering tab set to 50, and then a particularly excessive spam message arrives that gets a spam score of 55.0 or higher before the white list value is subtracted, then the final spam score of the message will be at least 5.0-thus denoting it as spam. This would rarely happen, however, because spam rarely has a value that high unless it contains some other exceptionally high-scoring element, such as a blacklisted address.

Messages from addresses on this black list are usually spam

Including an address on this black list does not automatically guarantee that a message from that address will be considered spam. Instead, messages from the black listed addresses will have the amount specified on the Spam Filtering tab added to their spam score. For example, if you have the spam score threshold set to 5.0 and the black list value on the spam filtering tab set to 50, and a particularly low-scoring message arrives that gets a spam score of -50.0 or lower before the black list value is added, then the final spam score of the message will be less than 5.0-thus denoting it as a legitimate non-spam message. This would rarely happen, however, because messages rarely have that much subtracted from their spam scores unless they contain some other special element, such as a white listed address.

0 komentar:

Posting Komentar

Popular Posts

geotoolbar desktop
free counter

Recent Posts