© 2016 Alt-N Technologies
Spam Filter Recommendations
© 2016 Alt-N Technologies
Introduction
Is spam making you pull your hair out? Follow these best practices to reduce spam.
© 2016 Alt-N Technologies
Standard Defense Layers Before Acceptance
• IP Screening• Host Screening• Reverse Lookup • IP Shielding• Backscatter
Protection• Tarpitting
• Greylisting• DNS Black Lists• DKIM, SPF• Inline Spam
Filtering
© 2016 Alt-N Technologies
Defense Layers Before Acceptance with SecurityPlus
• IP Screening• Host Screening• Reverse Lookup• IP Shielding• Backscatter
Protection• Tarpitting• Greylisting
• DNS Black Lists• DKIM, SPF• Inline Spam
Filtering• Inline Virus Scan• Outbreak
Protection
© 2016 Alt-N Technologies
Important Recommendations
Use the latest version of MDaemon
Use the Help menu to check for updates.
© 2016 Alt-N Technologies
Important Recommendations
Install the latest SecurityPlus plug-in
Signature-based antivirus scanning engine (with automatic updates)
© 2016 Alt-N Technologies
Important Recommendations
Install the latest SecurityPlus plug-in
Outbreak ProtectionFilters emails based on distribution patterns in real-time
© 2016 Alt-N Technologies
Important Recommendations
Enable Bayesian Classification
Helps train the spam filter to be more accurate by feeding it samples of spam & non-spam
© 2016 Alt-N Technologies
Spam filter settings
Place spam in Spam Trap folder for
Administrator Review. Helps reduce false-
positives.
© 2016 Alt-N Technologies
Spam filter settings
SMTP rejection threshold should be
higher than the Spam Score threshold
© 2016 Alt-N Technologies
Spam filter settings
Black List (by sender) adds 100 points to
spam score by default.
© 2016 Alt-N Technologies
Spam filter settings
Black List (by sender) adds 100 points to
spam score by default.
Use for blocking legitimate addresses.
Blacklisting spoofed addresses is not effective.
© 2016 Alt-N Technologies
DNS-BL
Enable DNS-BL to check connections
against publicly hosted DNS blacklists.
© 2016 Alt-N Technologies
DNS-BL
By default, MDaemon will check DNS blacklists for IP addresses within received headers on SMTP and POP
collected mail.
© 2016 Alt-N Technologies
DNS-BL
By default, 3 points are added to the spam score for messages from IP’s on a blacklist.
You can optionally refuse messages from blacklisted IPs.
© 2016 Alt-N Technologies
Spam Honeypots
Enable spam honeypots.
Messages addressed to a honeypot are fed to the Bayesian Learning engine.
© 2016 Alt-N Technologies
Block relaying attempts with ‘Relay Control’
Check these three boxes to prevent relaying
© 2016 Alt-N Technologies
Block spoofing with the ‘IP Shield’
Mail from specific domain must have come from designated IP address or IP address range.
© 2016 Alt-N Technologies
Block spoofing with the ‘IP Shield’
Local users connecting from outside of your network can be exempt from IP Shielding when SMTP authentication is used.
© 2016 Alt-N Technologies
Require Strong Passwords
© 2016 Alt-N Technologies
Require SMTP Authentication
© 2016 Alt-N Technologies
Enable Reverse Lookups
These three boxes are checked by default
© 2016 Alt-N Technologies
Reverse Lookups
Check this box to exempt authenticated sessions.
© 2016 Alt-N Technologies
Handling annoyance emails with ‘Address Blacklist’
Block emails from legitimate addresses or domains
© 2016 Alt-N Technologies
Still Suffering from too much Spam?
• Make sure you haven’t whitelisted or excluded the sender’s or recipient’s address from MDaemon’s spam filter.
• Make sure the spammer didn’t authenticate their SMTP session by guessing a local account’s password.
• Make sure the connection didn’t originate from a trusted or local IP address.
To check the above, check the following two logs:
• MDaemon-yyyymmdd-SMTP-(In).log• MDaemon-yyyymmdd-AntiSpam.log•
…located in the MDaemon/Logs directory.
© 2016 Alt-N Technologies
Rebuilding the Bayesian Filtering Database
1. Stop MDaemon
2. Rename the \MDaemon\SpamAssassin\Bayes folder to \MDaemon\Spamassassin\Bayes_old
3. Restart MDaemon
You will then need to feed the Bayesiarn Learning folders at least 200 spam & 200 non-spam messages to start the Bayesian learning process again.
See the following knowledge base article for instructions:http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults?Number=KBA-01746
© 2016 Alt-N Technologies
Conclusions
Install SecurityPlus Use Bayesian Filtering Configure spam scoring Use whitelists & blacklists with caution Use DNS blacklist Use spam honeypots
Block relay attempts
Use the IP shield Use strong passwords Require SMTP authentication Enable reverse lookups Use address blacklists
Enable these settings to cut down on spam:
© 2016 Alt-N Technologies
®
Trusted Messaging Solutionswww.altn.com
Thank You