SpamWall Operations Manual

SpamWall Advanced Settings

 

All SpamWall Systems with the exception of the base SpamWall Lite edition have an Advanced Settings screen which allows the SpamWall admin to have additional control over some aspects of how the system deals with certain email handling functions during both the initial connection and post processing stages.

The SpamWall systems in their "out of the box" default configuration are able to filter 98% or more of all Spam and other unwanted email without the need for additional tuning or adjustments however you may decide to either enable or adjust additional advanced controls available via the Advanced Settings screen to provide additional levels of protection for destination email servers or potentially improve processing performance and/or filtering results.

If the Advanced Settings controls are available on your SpamWall system you will see a button named "Advanced Settings" in the left hand side menu.

SpamWall Advanced Settings

Mail Queue Lifetime

Most email servers and other email handling and processing systems are configured to re-try delivery of email messages destined for servers which may be initially or intermittently unreachable for varying periods of time for a wide range of technical reasons including Internet connectivity related issues, server overload and over quota type situations etc.

This requires email to be "queued" or "spooled" on the sending email server or system for a certain period with delivery attempts re-tried at various intervals.

The usual default queuing or spooling period, also known as the "Mail Queue Lifetime", on most email servers and systems is 5 days and this is also the default setting on the SpamWall systems. This means that if a destination email server should be down or unreachable for some reason then the SpamWall system will queue messages destined for this email server for up to 5 days and will retry delivery of these queued messages every few minutes until the receiving email server is back online and accepting email or the mail queue lifetime period of each queued message eventually expires, at which time messages will be deleted from the queue.

Under certain circumstances it may be necessary to extend the Mail Queue Lifetime period from the 5 day default period due to a destination email server being down or otherwise unreachable for some reason or unable to receive email for an extended period. In the Mail Queue Lifetime section of the Advanced Settings screen the SpamWall admin is able to modify this setting from as little as 1 Day if a very short mail queue lifetime is required to up to 15 Days if a longer mail queue lifetime is needed.

SpamWall Advanced Settings Mailqueue Lifetime

If a longer mail queue lifetime period than the maximum 15 Day settings is required in order to store email destined for a mail server which will be unavailable for a longer period an extension of the mail queue lifetime period to as much as 30 days (or even longer if reasonably required) can be arranged by contacting support.

Sender Spoof Protection

One common tactic used by Spammers in an attempt to try and get their messages through on the assumption that many people whitelist their own email addresses or even entire domains is to use the same "From" address as a Spam message is being sent "To" in a crude attempt to "spoof" the recipient's own address.

The Sender Spoof Protection feature is a "To=From blocker" plugin which will detect messages that have the same "from" and "to" address thus providing a form of "sender spoof protection". These sorts of messages once detected will be scored high enough that they will be sent to the quarantine rather than delivered.

As a significant proportion of Spam messages use the same from and to address and as in practice very few people actually send messages to themselves from their own email address or account some SpamWall administrators find this feature quite effective in blocking those sometimes hard to catch Spams.

To enable the Sender Spoof Protection plugin select the "Enabled' option in this section of the Advanced Settings screen and click on the "Update Spoof Protection" button to activate.

SpamWall Advanced Settings Spoof Protection

NDR / DSN Blocking

As a common Spammer tactic is to use "forged" return addresses in their Spam campaigns and as the addresses are picked at random practically anyone with an email address or domain can be the subject of hundreds or even thousands of "non delivery reports".

In some cases Spammers also try and advantage of the fact that most mail systems will attempt to send a non-delivery report (NDR) when a message cannot be delivered as addressed, and will return either some or all of the original message contents.

This type of "NDR Spam", also known as "Backscatter Spam, occurs when thousands of Spam messages are sent to email servers which are set up to issue "non-delivery reports" and are therefore vulnerable to this sort of abuse. The Spam messages are sent to random and deliberately non-existent addresses at a domain with the intended recipients of the Spam messages configured as the sender or "from" address in the expectation that the mail server will issue a non-delivery report and bounce the message back to the forged sender address, effectively delivering the Spam in the form of an NDR report from what would usually be a non blacklisted email server.

The NDR / DSN Blocking option can help to deal with these types of situations where email users or domains having their email processed by the SpamWall are the subject of either of the abusive types of NDR / DSN related activity described.

To enable NDR / DSN Blocking select the "Enabled' option in this section of the Advanced Settings screen and click on the "Update NDR / DSN Blocking" button to activate.

SpamWall Advanced Settings NDR Blocking

The NDR / DSN Blocking option should be used with caution as it can also block genuine non-delivery report type messages so in general this should only be enabled at times when your system is the subject of abusive NDR/DSN type email traffic to a point where it is causing considerable inconvenience to your email users or email handling related systems.


Unwanted Languages & Locale

The SpamWall systems are able analyze the text and character sets of an email message and then make an "educated guess" as to the language being used and the regional "locale" a message is associated with.

If your email users regularly receive Spam in foreign languages and rarely if ever receive any legitimate email messages using these languages the Unwanted Languages & Locale controls may help with this.

In order to use Unwanted Languages & Locale controls select the languages and locale, being the general region and language, that you receive legitimate mails from and messages in other languages and those detected as being associated with other locales will have their Spam Score increased.

SpamWall Advanced Settings Languages & Locales

The SpamWall Advanced settings and in particular the NDR / DSN Blocking and Unwanted Languages & Locale controls are generally considered to be features for advanced system administrators and should be used with care accordingly.

 

next topic The SpamWall API