SpamExperts

  Print
  • 03/12/2020 9:25 AM

Click here now to download this documentation




Manual

Login to Cpanel to Access your Spam Experts management Console

Watch the video below

Your browser does not support the video tag.

Incoming

Incoming Spam Quarantine

The Spam quarantine interface will show you all the incoming quarantined messages.

From the quarantine overview, you are able to view the messages and sort or search on specific criteria.

It’s also possible to mass release and mass delete messages here. Please note that releasing messages has effect on your filtering, so releasing spam/virus/phishing emails may have a negative impact on your filtering quality.

Release and Train’ will deliver the message to the recipient and train the message as ham into our datasets. This option is reccomended by Spam Experts when releasing the messages from Spam Quarantine so that the filters can be correclty adjusted.

Prressing on ‘Release’ option from this page will release this specific message from the quarantine and it will only deliver it to the intended recipient.

Choosing ‘Release and Whitelist’ will deliver the message to the indended recipient and automatically add sender’s email address to ‘Sender Whitelist’.

Remove’ will delete the message from Spam Quarantine.

Remove and Blacklist’ will delete the email and automatically add sender’s email address to ‘Sender Blacklist’.

To view the headers and full raw content of one quarantined messages:

  • Click on the subject of the relevant message
  • Click the ‘Raw’ tab
  • Click ‘Load raw body’ at the bottom of the headers
To view the reason for the blocked message, you will need to look for the “Evidence:” line of the raw header and then compare it against our classifications page at – https://my.spamexperts.com/kb/136/ Classifications.html . At the top or bottom of the raw headers page of the message in Spam Quarantine you can find the option ‘Download as eml’ which offers you the choice to download that specific spam message in .eml format so that you can afterwards report it to our datasets or save it.

If an attachment is included in the quarantined message, then this can individually be downloaded by clicking on the ‘Attachment:’ line in the normal view.

Incoming Log Search

Here you can view the log of messages, received, blocked and temporarily rejected.

All email connections (spam and not spam) to a domain are logged to the logging server. To make sure a connection can be logged, the “RCPT TO” information needs to have been received. Connections are generally only temporarily or permanently rejected after receiving this “RCPT TO” data, to ensure all connections being available from the logging system. Connections may not be logged when ratelimiting is applied because of a flood of connections from a certain IP, or when the sending server is violating certain requirements from the RFC 5321.

You can search on various strings and options, including, sender, recipient, subject, message ID, sender host and sender’s IP. In the Log Search page you can select the columns that you wish to include in the output by clicking the ‘Customize’ button. You can select the following columns to be displayed for the filtered messages in the Log Search : Datetime, Host, Sender, Recipient, Sender Hostname, Incoming/ Outgoing Size, Classification, From, To, CC, Subject.

Storage period
The connections logged are by default accessible for up to 28 days. Optionally it’s possible to store the logging for a longer time, this can be configured in Spampanel.

Access
The logs can be easily downloaded or searched from the webinterface.

Delay

The logging data is processed every 10 minutes on all filtering nodes. The average delay for the connections to be visible in the log search is therefore 5 minutes.

Information logged
  • Date/time
  • Server (email ID)
  • Sender hostname/IP
  • Sender address
  • Recipient address
  • Subject
  • Incoming Size
  • Outgoing Size
  • Classification
It’s possible to view the “delivery status” and the “error details” of the message by using the drop down box on the specific message line.

Messages that say ‘Accepted’ have not necessarily been delivered, it means the message has been accepted for delivery. If immediate delivery fails, the message will be automatically retried. If the destination server rejects the email, a bounce will be generated to the sender.

Delivery Queue

This page shows the email that cannot be temporarily delivered to the destination mail server. Messages that end up here will only be due to temporary issues (4XX error) with the destination mail servers.

On this page you have several options:

  • Retry to delivery all messages (Apply to Selected – Force Retry option)
  • View Message (View option)
  • Delete Message (Delete option)
  • Delete and Report as Spam (Delete and report as spam option)
  • Force retry individual message (Force Retry option)
  • Check the Queue Reason (Error Details option)
  • Check the Retry Time (check option under Retry time)
  • Search for messages (Delivery Queue page)
You can view the content/raw headers of a queued message by pressing the dropdown black arrow on the selected message and View.

We have also reintroduced the option ‘Error details’ to check the reason why messages are stored in Delivery Queue.

It is possible to execute “bulk removal” on selected messages by putting a tick in the check box of the selected messages and choose “Remove messages” from the actions at the bottom of the screen.

Choosing the “Delete & Report as Spam” option will report the selected message(s) to the training server and delete the message from the queue.

It’s also possible to search the delivery queue using the search option in the interface: When a message cannot be delivered to its recipients nor returned to its sender, the message is marked as “frozen”, and only occasional delivery attempts are made before eventually giving up on the message. You can now search the Delivery Queue for all the queued messages(including frozen messages), or only ones that are “frozen”, or only normal messages excluding frozen messages.

Domain Aliases

If you have multiple domains, you can make use of the domain aliasing option. Domain aliases can be added to your main domain directly in the webinterface. Any email sent to the domain alias will be delivered to the same user on the main domain.

Alias domains don’t have separate access to the control panel. Since all SMTP traffic to the domain alias is rewritten to the main domain, any changes/lookups on the main domain will simply include the alias domain traffic as if it was sent directly to the main domain. If you are searching for a specific email sent to a domain alias using the log search, the recipient will therefore show as user@maindomain.

Domain Settings

With the Domain Settings in the Control Panel you can control certain domain settings. The settings apply to the particular domain that have not yet explicitly set a custom value for the setting yet.

You can set the following options :

Basic Settings:

  • Primary Contact Email for that domain
  • Email notifications From address
  • Enable/disable logging for invalid recipients
  • Rejected local-part characters
  • Timezone
Advanced Settings:

  • Administrator’s Contact
  • Maximum bounces per hour
  • Days to keep log messages
  • Maximum days to retry
  • Disable catch-all check
  • Block password attachments
  • Block dangerous attachements:
At this section(Spam Panel – domain level – Domains Settings page) you can set the maximum bounces, enable/disable logging for invalid recipients, and set accessible/inaccessible logging days for your domain.

The Rejected local-part characters are the characters that are allowed in the local part (before the @ part ) of the email address. As regex is used, anything inside the [] is not allowed. So removing a character here will allow that character in the local part.

When having the ‘Block password attachments’ option enabled in Domains Settings page – Advanced Settings, the system will check all ZIP files attached to a message, and if any are password-protected, then the message will be rejected.

The ‘Block dangerous attachements’ option allows you to control whether messages containing executables files in the attachment should be blocked or not.

Domain Statistics


domain-statistics2.png


Statistics are displayed for :

  • Spam ratio (of total messages)
  • General accuracy
  • Not Spam messages
  • Unsure messages
  • Spam messages blocked
  • Viruses blocked
  • Whitelisted
  • Blacklisted

Edit Routes

With this function you edit the route(s) (destination mail server) and their respective delivery order.

You have the option to add and delete routes. Also, the list allows you to dynamically move the order of the routes by drag dropping them to the right position in the list.

Whenever there are temporary problems with the first route (e.g. 4xx temporary rejects), we’ll automatically try delivery to the second route (etcetera). If there are permanent failures with a route (e.g. hostname not resolvable) we’ll directly start queing email and won’t try the next route.

In Spam Panel – domain level – Edit Routes page you can now perform telnet tests for recipient callouts by pressing on the following icon next to the destination route:

By performing this web interface telnet test , you can verify the existence of recipient’s email address on the destionation mail server (the one set in Edit Routes page). For fulfilling the recipient callout test you will be requested to type sender’s email address(which can be blank if you want to use emtpy mail from address eg: MAILFROM:<>) and you’ll also need to input recipient’s email address for which the destination server accepts email (recipient’s email address which needs to be verified if exists or not on the destination mail server).

Filter settings

Here you can set the filter settings that are applied to the domain and its users.

With the Filter settings function, you can control the activation of the quarantine system. This is available via the control panel.

Threshold
The Quarantine Threshold slider (in red) indicates what score you have set for spam messages. The higher the score the means the higher the threshold our systems detect and flag the message as spam. We recommend setting this level to 0.90 to avoid any mail delivery problems.

The Unsure Notation Threshold slider (in green) indicates at what threshold our systems classify the message as unsure, the higher the number set here, the higher threshold our systems have to reach before we class it as unsure. The default here should be 0.1

When a message gets blocked using this method, you can see the combined score in the headers of the email. For example:

X-BrandedHostname-Evidence: Combined (0.96)

Quarantine days
Here you can set the number of days for how long you wish to store the spam emails in the Spam Quarantine. This applies globally to all the domains using the default settings.

Skip SPF Check
This means that emails for all the domains using the default settings will not be subject to SPF (Sender Policy Framework) checks.

Skip Maximum Line Length

This means that emails for all the domains using the default settings will not be subject the RFC line length checks.

Quarantine Response
This you can set if you, for example, do not want senders to receive a bounce message when their mail gets blocked and quarantined. If you set it to Accept the message, the SMTP response would be 2xx accept however the message would still be blocked and shows in the Spam Quarantine. Since that technically breaks with the SMTP RFC specification, it’s not recommended.

If you disable the quarantine system, emails detected as spam will not be kept in the quarantine system but will be delivered to your destination email server. Under “Spam notation” you can mark these messages with a specific subject notation. Note that we do NOT return a 5xx reject message for messages classified as spam if the quarantine has been disabled, we do return a 5xx reject message for messages classified as spam if the quarantine is enabled. Every email gets a special header added “X-Recommended-Action: accept” or “X-Recommended-Action: reject”. You can filter the message based on this header if quarantine is disabled.

Manage list of domains and IP addresses with disabled SPF check

Here you can set the list of domains/IP’s to skip the SPF (Sender Policy Framework) check. Other checks still apply when adding IP’s here. This is particulary useful when dealing with forwarding servers or when you wish to ignore all the SPF failures for the (recipient) domain.

Local Recipients

In normal setups, the cluster is doing cached recipient callouts to verify existence of a mailbox before accepting email for it. In some cases, for instance you have a very large domain with thousands of mailboxes or in situations that requires this, you can switch to “Local Recipients” instead.

With local recipients you have to add all recipients by hand. If you do not add these users, you will not be able to receive emails on that account.

Therefore you have the option to disable the automatic recipient detection system and to enforce a local list of valid recipients. If “Use local recipients” is enabled, the system will only accept email for the listed recipients. Emails sent to not-listed recipients will be permanently rejected.

Report Non-Spam

With this option you can drag drop or upload messages you wish to classify as non-spam (ham) for training.

These must be in .eml . /.txt format and it must contain the full headers, including the Spamexperts additional headers.

Report Spam

At this section you can drag drop or upload spam messages that passed the filter for immediate training to the systems.

These must be in .eml / .txt format and it must contain the full headers, including the Spamexperts additional headers.

Clear Callout Cache

At this section you can manually clear the domain’s callout cache. This is extremly useful to be cleared after changing the domain routes, DNS records and for removing the bad/good responses from the destination mail server.

Blacklist / Whitelist

Sender Whitelist

To allow the domain administrator to remain in control over the filtering, it’s possible to whitelist a sender. The check works based on the MAIL FROM provided by the sender at SMTP level, or the “From:” header in the email.

All filtering checks are disabled for whitelisted senders. We recommend only using the sender whitelist if the system would otherwise wrongly block email from a certain sender. Spammers often use fake senders matching the recipient domain, or domains the recipient may have received emails from before, to try and bypass the filtering in that way. In addition, if the system is generally wrongly blocking a sender, you can always contact our customer support so we can research what problem is causing the rejection and resolve that issue.

You can whitelist a specific sending email address, or a full sending domain. To whitelist all senders from a domain, you should only enter the domain (without *@).

If you want to add multiple whitelisted senders at once you can upload a Comma Separated Values (CSV) file. Each line in the file must contain one column: emailaddress. Example CSV file content:

user1@example.com user2@otherdomain.example.com example.com

Recipient Whitelist

To whitelist a specific recipient address, the local part of the address should be entered. For example if your domain is example.com and you add “nofilter” to the recipient whitelist, all emails sent to nofilter@example.com will not be scanned for spam/viruses. To whitelist all recipients for a domain (so all emails sent to the domain are not scanned/blocked), you can enter the wildcard “*” for the local part.

You can optionally also upload a Comma Separated Values (CSV) file to add multiple whitelisted recipients at once (this is only available for domain users). Each line in the file must contain one column: emailaddress. Example CSV file content:

user1@example.com user2@otherdomain.example.com

Sender Blacklist

To allow the domain administrator to remain in control over the filtering, it’s possible to blacklist a sender. The check works based on the MAIL FROM provided by the sender at SMTP level, this may be different from the “From:” header in the email. If you check the headers of an email, the “envelope-from” address specifies the actual sender address.

Emails from senders listed on the blacklist will be automatically rejected. The messages are NOT quarantined. The messages are rejected with a 5xx SMTP error code, so legitimate sending SMTP servers will generate a bounce message to the sender.

You can blacklist a specific sending email address, or a full sending domain. To blacklist all senders from a domain, you should only enter the domain (without *@).

You can upload a Comma Separated Values (CSV) file to add multiple blacklisted senders at once. Each line in the file must contain one column: emailaddress. Example CSV file content:

user1@example.com user2@otherexample.com example.net

Recipient Blacklist

Emails to recipients listed on the blacklist will be automatically rejected. The messages are NOT quarantined. The messages are rejected with a 5xx SMTP error code, so legitimate sending SMTP servers will generate a bounce message to the sender.

To blacklist a specific recipient address, the local part of the address should be entered. For example if your domain is example.com and you add “nofilter” to the recipient backlist, all emails sent to nofilter@example.com will be rejected. To blacklist all recipients for a domain (so all emails sent to the domain will be rejected), you can enter the wildcard “*” for the local part.

You can optionally also upload a Comma Separated Values (CSV) file to add multiple blacklisted recipients at once. Each line in the file must contain one column: emailaddress. Example CSV file content:

user1@example.com user2@otherdomain.example.com

Outgoing

Outgoing Log Search

All email connections (spam and not spam) to a domain are logged to the logging server. To make sure a connection can be logged, the “RCP TO” information needs to have been received. Connections are generally only temporarily or permanently rejected after receiving this “RCPT TO” data, to ensure all connections being available from the logging system. Connections may not be logged when ratelimiting is applied because of a flood of connections from a certain IP, or when the sending server is violating certain requirements from the RFC 5321.

You can search on various strings and options, including, sender, outgoing user, recipient, subject, message ID, sender host and sender’s IP. In the Log Search page you can select the columns that you wish to include in the output by clicking the ‘Customize’ button. You can select the following columns to be displayed for the filtered messages in the Log Search : Datetime, Filtering Server, Message ID, Outgoing User, User Identification, Sender, Recipient, Sender IP, Sender Hostname, Incoming/Outgoing Size, Classification, From, To, CC, Subject.

In the outgoing log search, you can now include in your results the identification of the end-user, if you have that configured. As a reminder: when you are creating or editing an outgoing user, you can “tell” the software to identify users by their authentication username, the envelope sender, or by searching for a username in a message header. We strongly recommend that everyone using a “smarthost” configuration do this, so that we are able to provide you with detailed information about which of your end-users are causing problems.

Storage period
The connections logged are by default accessible for up to 28 days. Optionally it’s possible to store the logging for a longer time, this can be configured in Spampanel.

Access
The logs can be easily downloaded or searched from the webinterface.

Delay
The logging data is processed every 10 minutes on all filtering nodes. The average delay for the connections to be visible in the log search is therefore 5 minutes.

Information logged
  • Date/time
  • Server (email ID)
  • Sender hostname/IP
  • Sender address
  • Recipient address
  • Classification
It’s possible to view the “delivery status” of the message by using the drop down box on the specific message line.

Manage Outgoing Users

With this option you can create/manage outgoing users.

When adding Outgoing Users you can either choose from: “‘Authenticating User” which means that the SMTP AUTH username will be ‘Username@outgoingdomain.ext’, and the password will be ‘Password’ set for this outgoing user. “‘Authenticating Domain” which means that the domain name is the username for authentication (with the configured password). “‘Authenticating IP or range” will be an IP outgoing user(without a password) and any connection from that IP will be considered authenticated without needing to use SMTP AUTH.

<p style="

Did you find this article useful?   0 out of 0 people found this article useful.

Related Articles


  • Comments

Add Comment

Replying to  

Self-Hosted Help Desk Software by SupportPal.

Login

 
Forgot password?
Register now

Language