Stopping unsolicited incoming email (commonly known as spam) is a primary goal for most organizations. The Trustwave SpamCensor and SpamBotCensor technology filter spam efficiently with minimal overhead. The SpamProfiler is a signature based check performed at the Receiver, that allows MailMarshal to refuse delivery of spam or quarantine it with minimal processing.
5.2.1 Anti-Spam Configuration and Rules
The default email policy provided with MailMarshal includes a policy group titled Anti-Spam. This policy group includes a number of rules to block spam. Some basic rules are enabled by default. Additional rules can be enabled and/or customized to suit each installation.
To view the Spam policy group:
1.In the left pane of the Management Console, expand the item Email Policy.
2.In the right pane, expand Content Analysis Policy and select Anti-Spam.
3.To view details of each rule, including a description of its intended use, select the rule and click Edit in the toolbar.
|
|
Tip: To see a list of all conditions and actions in a rule, enable Preview using the toggle at top right of the rule panel. |
The default rules include:
•Rules to quarantine spam using the SpamBotCensor, SpamCensor and SpamProfiler.
|
|
Note: To ensure the reliability of SpamCensor and SpamProfiler, verify that they are enabled and correctly configured. See “Configuring SpamProfiler” and “Configuring SpamCensor, SpamProfiler, and YAE Updates”. To ensure the reliability of SpamBotCensor, ensure the processing nodes receive connections directly from the Internet. |
•A rule to allow email messages from specific addresses.
•Rules to implement lists of blocked senders and safe senders for each user. Users can update these lists through the MailMarshal Spam Quarantine Management Website.
•A rule to quarantine email messages that contain text relating to scams, using the MailMarshal TextCensor.
•A rule to block spam email that contains spam-linked URLs in the message header or body. The rule uses the URLCensor function to compare URLs in received messages with listings maintained by external blocklist sites. URLCensor decodes URLs intentionally obscured with decimal, octal, or hexadecimal notation. For more information about using URLCensor, see the Trustwave Knowledge Base.
|
|
Note: To use URLCensor, you must ensure that MailMarshal uses a reliable, efficient DNS server. For more information, see “Configuring Default Delivery Options”. |
5.2.2 Configuring SpamProfiler
SpamProfiler is a signature based service that examines email at the MailMarshal Receiver. SpamProfiler can significantly reduce the load on the MailMarshal Engine. By default MailMarshal enables SpamProfiler and uses Content Analysis Policy rules to quarantine messages in a folder. You can also use this facility to block messages at the receiver, without unpacking them.
To configure SpamProfiler:
1.In the Management Console, select System Configuration and then expand Receiver Properties.
2.To enable SpamProfiler, select it from the menu and select Enable SpamProfiler.
3.To block message at the receiver, select the option Deny messages. You can exclude groups of senders from blocking using the additional options. For details of the options, see Help.
|
|
Tip: A message is blocked at the Receiver if SpamProfiler classifies it as confirmed spam. To take action on other messages that SpamProfiler classifies, use the Content Analysis Policy rule condition Where message is detected as spam by SpamEngine. |
4.To quarantine or delete messages, enable SpamProfiler and then use the Content Analysis Policy rule condition Where message is detected as spam by SpamEngine. For more information see “Where message is detected as spam by SpamEngine”.
|
|
Tip: When SpamProfiler is used with Content Analysis rules (not blocking at the Receiver), some suspect messages may be held briefly for rescan. Rescanning helps to improve the accuracy of SpamProfiler detection. Rescanning does not significantly delay processing. |
5.2.3 Configuring SpamCensor, SpamProfiler, and YAE Updates
Trustwave provides updates for the SpamCensor, SpamProfiler, and Yara Analysis Engine (YAE) facilities to all customers with current MailMarshal maintenance contracts. The updates are delivered through the Web by HTTP and HTTPS.
|
|
Tip: To check the maintenance entitlement for this installation, see the Maintenance Expiry section on the License page (System Configuration > License). |
5.2.3.1 Configuring and Checking Automatic SpamCensor Updates
Automatic updating of the SpamCensor is enabled by default. You can choose to download updates manually or automatically.
To monitor and configure SpamCensor updates:
1.In the Management Console, select System Configuration and then expand Array Properties.
2.Select Automatic Updates from the menu. The display shows the time and result of the last update attempt, and the time of the next attempt.
3.If you do not want the SpamCensor to update automatically, toggle off Enable Automatic Updates.
4.If you want to be notified by email when a SpamCensor update is received or a problem occurs, toggle on Send email to the administrator. MailMarshal sends an email message to the administrator address configured on the Notifications page of MailMarshal Properties.
5.If you want to perform a check for SpamCensor updates immediately, click Check for Updates Now.
5.2.3.2 Configuring Proxy Settings for Updates
If the MailMarshal server(s) do not have direct access to the Web, you can configure MailMarshal to use a proxy server to download the updates. This proxy server setting applies to SpamCensor and SpamProfiler updates.
SpamCensor updates are downloaded by the Array Manager. SpamProfiler updates are downloaded by each processing node.
To configure proxy settings for the updates:
1.In the Management Console, select System Configuration and then expand Array Properties.
2.Select Internet Access from the menu.
3.You can configure the following settings for the Array Manager (SpamCensor updates) and for the processing nodes (SpamProfiler updates).
a.If you want MailMarshal to access the Web directly, select Direct Access.
b.If you want MailMarshal to use a specific proxy server, select Proxy. Enter a proxy server name and port. If necessary, enter a user name and password for proxy authentication.
4.To apply the proxy settings, click Save and then commit MailMarshal configuration changes.
You can also configure different proxy settings for each processing node if necessary. For more information, see “Customizing Settings for Nodes”.
