SpamWall Operations Manual

Spamfilter Config

The SpamWall system utilizes a number of different methods and layers to detect and filter out Spam/UCE and other unwanted email messages. This multi-layer Spam Filtering Technology results in a highly accurate Spam detection rate with only a very small number of "false positives" (legitimate email being detected as Spam/UCE).

When an email message is received by your SpamWall system it is subjected to several layers of email filtering and defense, these include Spam Fingerprint Checking, and a comprehensive rule-based Spam Scoring System incorporating Content Analysis (Heuristics) and Bayesian Analysis.

An extensive rule-based scoring system determines whether a particular email message is Spam or not-Spam.

Thousands of rules are run against every email in the space of a few milliseconds. A complex algorithm optimizes the rule-based scoring by using an archive of millions of Spam and non-Spam messages to determine the scores for the individual rules. When combined, these individual scores give each email an overall "Spam Scoring Level".

Altogether these layers form a smart filtering technology which in it's default "out of the box" configuration is able to detect and block or tag up to 98% of all Spam/UCE and other unwanted email messages processed by the system. This detection rate can be further increased as the system is utilized to filter and manage your email.

The Spam Scanning & Filtering Engine on the SpamWall system also incorporates a number of automatic "self-tuning" and "auto-learning" mechanisms including Bayesian Analysis and Learning which are able to automatically increase accuracy and sensitivity of the system over time.

It is also possible to increase the percentage of Spam/UCE detected and either blocked, quarantined or tagged by modifying the "Spam Score Levels" in the Spamfilter Config screen of the SpamWall control panel.

Spam Scoring Levels

The configuration and management of Spam Scoring settings is carried out via the Spamfilter Config screen of the SpamWall system control panel.

SpamWall Spamfilter Config


A set of default "Spam Scoring Levels" have been pre-configured to reflect a basic optimum setting which will detect and filter up to 98% of all Spam/UCE and other unwanted email.


SpamWall Spamfilter Config 2

You can change the default Spam Scoring levels set on your SpamWall system to any other level you decide will be appropriate for the type and content of email traffic which your system will be processing. More information on adjusting the Spam Scoring levels can be found in the Tuning the SpamWall System section of the manual. All email users having a control panel login account set up on the system will also have access to their own Spam scoring settings under the "My Antispam Scoring" link in their control panel.

To set or change existing Spam Scoring levels simply enter your desired levels "Tag Level", "Advanced Tag Level" and "Action/Kill Level" fields in the Spamfilter Config screen and use the "Update Setting" button. The SpamWall admin can also change the default Spam Scoring level settings for all users by selecting the "Set as default" check box when updating your scoring levels.

The Quarantine Cutoff Level setting is the score level at which emails will no longer be sent to the quarantine but will be discarded immediately by the system. The default setting for this is usually at the "150" level, a level at which it would be highly unlikely that any legitimate email message would score at however you can adjust the cutoff level higher or lower depending on your needs. The main benefit of the Quarantine Cutoff level setting is that it helps to avoid unnecessary clutter in the quarantine on your system improving quarantine access and searching performance.

While the SpamWall has been designed to "quarantine" rather than block outright most email detected as Spam/UCE although this is not recommended practice under most circumstances you can if desired use the Quarantine Cutoff Level setting to effectively block messages rather than send them to the quarantine by reducing the cutoff level to the lowest available setting.

How Spam Scoring Works

The Spam Scanning & Filtering Engine on the SpamWall system examines the content of each message received and assigns it a "Spam Level" score according to how much a "looks like" Spam/UCE based on a comprehensive set of rules and algorithms derived from analyzing millions of known Spam/UCE messages.

When a potential Spam/UCE message is detected by the system depending on the Spam Scoring Levels set in the Spamfilter Config screen of your SpamWall control panel the message is either "Passed Clean" as Non-Spam, "Tagged" with the [SPAM?] type tag and forwarded on to the recipient, or blocked from delivery to end users.

Emails that are blocked by the system are delivered to the System Quarantine. The main SpamWall admin has the ability to access and manage all quarantined email for all users and domains on the system. All email users having a control panel login account set up on the system also have access to their own quarantined email under the "My Quarantine" link in their control panel.

Appending the [SPAM?] type tag to the subject line makes it easy for end users to identify email detected as Spam/UCE. This Spam tag can be changed to any other reference desired in the Spam Tag Configuration section of the Spamfilter Config screen by editing the "Subject Prefix" and selecting the "Update Setting" to implement the change.

Spam Tag Configuration

Messages detected as likely Spam/UCE and forwarded on to the end user recipient can be further acted on by the end user's email client, which on detecting the [SPAM?] type tag or keyword in either the subject line or the "X-Spam-Status" type tag in the message header of an email message can be set up to re-direct these "tagged" or "flagged" email messages to an alternative "spam" mailbox or "junk" folder.

Microsoft Exchange, MS Outlook and most other email clients have this capability. This "spam" or "junk" folder or mailbox can then be checked at the discretion of the end user recipient for possible legitimate emails or an expected message that may have been incorrectly identified as Spam/UCE.

You may notice that the "full headers" of email messages you receive which have been processed by your SpamWall system include header tags of "X-Spam-Status", "X-Spam-Level" and "X-Spam-Flag". These email headers are usually not visible unless you use the "show full headers" option in your email program.

When the SpamWall system identifies an email as Spam/UCE it marks and identifies the message as such by appending tags to the message header, "Subject" line, or both.

Unless something has been set up on the receiving email server or email client end these headers do not have any effect on anything. However they can be used as detailed previously to detect and divert any messages "tagged" as Spam/UCE to a "spam" or "junk" folder or mailbox at the discretion of the end user recipient.

Here are some example "headers" from a Spam message: 

From: "Margaret Knox" <fairplayah@imagine.ie> 
To: "noc" <noc@isecure.net> 
Subject: [SPAM?] As everyone maunabo 
Date: Sat, 28 May 2011 12:47:50 +0100 
MIME-Version: 1.0 
Content-Type: multipart/alternative; 
boundary="----=_NextPart_000_0018_01C79F94.119593A0" 
X-Priority: 3 
X-MSMail-Priority: Normal 
X-Mailer: Microsoft Outlook Express 6.00.2462.3000 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 
X-SPAM-VIRUS-Scanned: Anti-Spam Firewall Ver 4.1 at spamwall.isecure.net 
X-Spam-Status: Yes, hits=13.803 tagged_above=2 required=5 tests=BAYES_99, 
DNS_FROM_RFC_POST, HELO_DYNAMIC_DHCP, HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET, TVD_FUZZY_SYMBOL, UPPERCASE_25_50 
X-Spam-Level: ************* 
X-Spam-Flag: YES

As you can see, this particular message has been detected and marked as "[SPAM?]" and the "X-Spam-Status", "X-Spam-Level" and "X-Spam-Flag" tags have been added to the email headers along with their related values and associated processing and scoring information.

The "X-Spam-Status" tag indicates whether an email has been detected as Spam/UCE based on the current "Spam Scoring Levels" set in the Spamfilter Config screen of the SpamWall system.

The "X-Spam-Status" tag of this example email indicates that this message was detected as Spam/UCE ("Yes") and that the Spam Scoring Level (the number of "hits") was "13.803".

The "X-Spam-Status" tag also indicates at what Spam Scoring Level the "X-Spam-Status" and "X-Spam-Level" headers are set to be added to this email message, this being "2", and also the Spam Scoring Level "required" to add the "[SPAM?]" tag to the "Subject" line of the message, this being "5".

There is also an "X-Spam-Level" tag containing a number of "star" characters, the higher the number of stars indicating the greater probability of a message being Spam/UCE.

This particular message received a Spam Level Score of "13.803" as a result of the various checks and tests which were performed on the message by the system. Some of these are detailed in the "X-Spam-Status" tag line, these being BAYES_99, DNS_FROM_RFC_POST, HELO_DYNAMIC_DHCP, HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET, TVD_FUZZY_SYMBOL, UPPERCASE_25_50.


Additional detailed information on the tuning and adjustment of Spam Scoring Level settings can be found in the Tuning the SpamWall System section of this manual

 

next topic Manage User Accounts