TUTORIAL ΠCONFIGURING MDAEMON TO DEAL WITH SPAM
Description
Zen Software LtdWeb: http://www.zensoftware.co.uk Email: sales@zensoftware.co.uk Tel: 0845 058 9058 TUTORIAL – CONFIGURING MDAEMON TO DEAL WITH SPAM Overview Since v6.8, MDaemon Pro has come with powerful spam filtering technology built into it. In its default state following installation, MDaemon will score the content of all messages using sophisticated pattern matching techniques. It will then ‘flag’ messages that have gone above a specified score threshold and could therefore potentially be spam - users will see the subject line pre-pended with ‘***SPAM*** Score/Req: 07.10/05.00 - …’. Unless a small amount of further configuration is made, MDaemon itself will still deliver the flagged messages to end users. This document describes a suitable way to configure MDaemon to automatically filter potential spam away from end users to allow final checking prior to deletion by an administrator. In its default state, users can expect an accuracy of about 70 – 80% with a virtually negligible false positive rate i.e. the number of genuine messages incorrectly flagged as potential spam. This document also describes how to manage MDaemon’s Bayesian spam filtering features to increase the level of accuracy to +95% whilst still maintaining a virtually negligible rate of false positives. A quick overview of IMAP IMAP is an alternative collection method to POP3 that most popular email clients such as Outlook and Outlook Express support. While a ...
Informations
| Publié par | Soob |
| Nombre de lectures | 187 |
| Langue | English |
Extrait
Page 1 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
TUTORIAL
CONFIGURING MDAEMON TO DEAL WITH SPAM
Overview
Since v6.8, MDaemon Pro has come with powerful spam filtering technology built
into it. In its default state following installation, MDaemon will score the content of all
messages using sophisticated pattern matching techniques. It will then ‘flag
messages that have gone above a specified score threshold and could therefore
potentially be spam - users will see the subject line pre-pended with ‘***SPAM***
Score/Req: 07.10/05.00 - … .
Unless a small amount of further configuration is made, MDaemon itself will still
deliver the flagged messages to end users. This document describes a suitable way
to configure MDaemon to automatically filter potential spam away from end users to
allow final checking prior to deletion by an administrator.
In its default state, users can expect an accuracy of about 70
80% with a virtually
negligible false positive rate i.e. the number of genuine messages incorrectly flagged
as potential spam.
This document also describes how to manage MDaemon s
Bayesian spam filtering features to increase the level of accuracy to +95% whilst still
maintaining a virtually negligible rate of false positives.
A quick overview of IMAP
IMAP is an alternative collection method to POP3 that most popular email clients
such as Outlook and Outlook Express support. While a POP3 client collects email
from an account on the server and deletes it following collection, an IMAP client
synchronises with the account on the server, replicating the folders and messages
that exist on the server back to the client. This gives IMAP users many advantages
such as personal email folders being able to be shared between users concurrently;
the ability for users to switch between different mail clients and PCs and the ability to
create permission controlled public folders on the server.
In the context of managing spam, IMAP access is really a necessity for
administrative users and is highly recommended for end users so that a set of public
spam management folders can be created and ‘subscribed to (when using IMAP,
users must ‘subscribe to public folders to access them). Switching to IMAP is simply
a case of creating a new account in your email client but, when prompted, selecting
that you are connecting to an IMAP server instead of a POP3 server
accounts in
MDaemon Pro can be accessed using IMAP or POP3.
Page 2 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Creating a public folder in MDaemon to hold flagged spam
Select ‘Shared IMAP folders from MDaemon s ‘Setup
menu.
Tick the option to ‘Enable public folders , click
‘Apply and then click the ‘Public Folders tab.
A quick note on organizing public folders
It s generally recommended that you maintain all public folders relating to a domain
under a single ‘root public folder which you can create first e.g. ‘yourdomain.com .
This will help when controlling access permissions on the sub-folders and will also
make viewing the folders clearer for end users.
Create the ‘root folder first, naming it after your
own domain name as shown here.
To set the appropriate default permissions for the
folder, highlight it and click the ‘Edit access control
list button.
Page 3 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Configure the permissions as shown here.
You should remove all access rights for the
‘Default rights (anyone) user.
Now
create
default
access
rights
for
‘anyone@yourdomain.com of
Lookup
and
Read
as shown here.
All folders created under this root folder will
initially inherit their access rights from it
however, rights on the sub-folders can then be
modified as required.
Now
create
a
new
mail
sub-folder,
called
‘yourdomain.com/Spam as shown here.
Once done, you ll need to configure permissions
on this folder.
To do this, highlight the new
‘Spam
sub-folder and click the ‘Edit access
control list button.
The only user that will need access to this folder is the user that will be doing final
checks on detected spam prior to it being deleted. In this example Fred will be doing
this as he is also the postmaster.
The first thing to do is to turn off all the access
rights for the ‘anyone@yourdomain.com user by
highlighting it, deselecting all the access rights
and then clicking the ‘Replace button.
The next thing to do is to give back the
administrator the appropriate access rights to the
folder.
Select the administrative user s email
address from the drop-down box, tick the
Lookup
,
Read
, and
Delete
rights, then click the ‘Add
button and click ‘OK once done.
Page 4 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Using the Content Filter to divert the spam
We now need to create a rule in MDaemon s content filter that will divert messages
that have been flagged as potential spam to the newly created ‘Spam public folder.
To access the content filter, select ‘Content filter from
MDaemon s ‘Security menu.
Click ‘New rule and configure as shown here.
The
condition
for the rule will be looking to
see if the user defined header ‘
X-Spam-Flag
exists.
The
action
for the rule will be to move the
message to the ‘Spam public folder.
Click ‘OK once the rule has been built and
then click ‘OK once again to leave the content
filter.
This new rule will now act to divert any messages the spam filter has flagged as
being potential spam into the ‘Spam public folder for the administrative user to do
final checks on prior to deletion.
Page 5 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Bayesian filtering
the key to better accuracy
The default ‘heuristic spam filter rules that MDaemon applies to messages are
effectively fixed and so, with this method alone, will only achieve an accuracy of
approximately 70
80%.
The key to increasing that accuracy to 95% and above is to have the server learn the
difference between spam emails and genuine emails. To do this it needs to be fed
all the spam emails that it misses and also samples of genuine emails received by
users. In order to be effective this needs to be an ongoing process and requires
some administrative work to set-up and manage.
The main issue in making this manageable is giving all users somewhere to drop the
spam email that got through to them along with a similar method for them to provide
regular samples of genuine email that they ve received.
Once again, the
recommended method here is to utilise IMAP public folders.
Assuming that suitable samples of spam and genuine messages can be placed in
folders on the server, MDaemon s spam filter can then be configured to process
these each night. Once it has processed 200 messages of each type it will begin to
supplement the existing spam filter rules with the ‘knowledge gained
thereby
improving the accuracy of the spam filter.
Creating a couple of new ‘learning folders
Access the Public Folders settings once again (Setup -> Shared IMAP folders ->
Public Folders tab)
Create two more mail folders:-
yourdomain.com/Genuine email
yourdomain.com/Missed spam
Once again, appropriate permissions will need
to be configured on these two folders.
Page 6 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
For both of these new folders, the access rights should be as follows:-
Default rights (anyone)
<none>
anyone@yourdomain.com
Lookup, Insert
Admin user
Lookup, Read, Insert, Delete
The access rights for the ‘Missed spam folder
are shown here.
The ‘Genuine email folder
should be configured with the same access
rights.
The permissions on these two folders are such
that while the administrative user will have the
ability to access them to insert/delete email
messages to/from them, end users will only be
able to see the ‘Missed spam and the ‘Genuine
email folders to drop messages into them - they
won t have access to see the actual contents of
the folders. The reason for this is that so much
spam contains offensive material, that users being able to view the missed spam that
other users have placed in there could be seen by some as distributing offensive
material! Similarly, items dropped in to the ‘Genuine email folder by users could
contain sensitive information and so the contents of this folder also need to be
inaccessible.
Enabling the ‘Bayesian filtering options
Access the spam filter options by selecting
‘Spam filter from MDaemon s ‘Security menu.
Go to the ‘Bayesian tab and configure the
options as shown here.
IMPORTANT: You should ensure that the
two paths are configured to point to the
appropriate folders!
Page 7 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Using the new ‘learning folders
The final step is to actually get users to start using these two new folders correctly .
This means that users must be encouraged to drop all missed spam emails they
receive into the ‘Missed spam folder; and drop samples of genuine emails they
receive into the ‘Genuine email folder at regular intervals.
Generally, users will consist of the following 3 types of user:-
1. An IMAP user;
2. A WorldClient web-mail user;
3. A POP3 user.
Users in groups 1 and 2 present no real problem as they will be able to subscribe
and access the two IMAP public learning folders right away. Users in group 3 are a
bit trickier as a POP3 user will not be able access the folders in the same way
for
this group there are a number of potential options.
1. Switch the user from POP3 to IMAP;
2. Switch the user to use WorldClient web-mail;
3. Create a second IMAP connection to their MDaemon account that they can
use simply to access the two ‘learning folders;
4. Use the ‘spamlearn@yourdomain.com
and ‘hamlearn@yourdomain.com
system addresses to forward messages to the appropriate folders.
Option 1
is the smartest option and will be a preferable solution in the long run.
Many companies are now switching to IMAP for the flexibility it offers in terms of
users being able to move between different client PCs and different IMAP email
clients whilst being able to access the same set of email folders and messages.
IMAP also centralizes where messages are stored
making back-ups easier - and
gives the ability to access shared public folders as well as allowing users to share
their own email folders for other users to access where required.
Negative aspects to option 1 are that a small amount of retraining of users will be
needed (although this is minimal) and users email clients will need to reconfigured
and messages/folders transferred
again, not a huge amount of work.
Option 2
is a nice solution depending on users email requirements. For most users,
MDaemon s WorldClient web-mail interface offers all the features needed, but other
users may find using a web-mail interface a bit ‘clunky and lacking in features when
compared to other email clients such as Outlook or Outlook Express.
Page 8 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Option 3
is a good work-around for POP3 users who want to remain as POP3 users.
Email clients like Outlook and Outlook Express both support a user accessing the
same account via POP3 for normal email management while at the same time
accessing the account via IMAP simply to access the IMAP public folders on the
server. Messages can be dragged and dropped from the POP3 folders straight into
the IMAP public folders. Below are two screenshots showing Outlook Express and
Outlook configured in this way.
Page 9 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Option 4
is a new feature introduced at MDaemon 7.10. Once enabled - which you
will now have done - two system managed email addresses are made available
spamlearn@yourdomain.com
and
hamlearn@yourdomain.com
. Users are able to
forward missed spam emails to the spamlearn@ address and samples of genuine
emails to the hamlearn@ address. A couple of important things to note are that the
emails MUST be forwarded as attachments and that the user s email client must be
configured to use SMTP Authentication for the messages to be accepted.
Forwarding as an attachment
In Outlook Express, this option is accessed by right-clicking on a message in the
Inbox and selecting ‘Forward as Attachment .
In Outlook, it s a little more complicated
you need to create a new message and
then select ‘Item from the ‘Insert menu. You are then able to select your Inbox,
then the message(s) in question ensuring that you select to ‘Insert as Attachment .
Enabling SMTP Authentication
In Outlook Express, select ‘Accounts from the ‘Tools
menu, select your account and click ‘Properties . Go to
the ‘Servers tab and tick the option under ‘Outgoing
mail server to say ‘My server requires authentication .
In Outlook, select ‘E-mail Accounts from the ‘Tools
menu. Click ‘Next to ‘View or change existing e-mail
accounts . Select your account and click ‘Change , then
click ‘More Settings . Go to the ‘Outgoing Server tab
and tick the option to say ‘My outgoing server (SMTP)
requires authentication.
Page 10 of 10
Registered office: Moss Bridge Road, Rochdale, Lancs, OL16 5EA
Registered in England: 4097823
VAT registration number: 748 8527 79
Zen Software Ltd
Web: http://www.zensoftware.co.uk
Email: sales@zensoftware.co.uk
Tel: 0845 058 9058
Final pointers
Bayesian ‘knowledge won t take effect until MDaemon has been ‘fed at least 200
spam messages (i.e. spam it s actually missed) and samples of 200 genuine emails.
Bayesian ‘knowledge will expire with time and so the server needs to be fed
regularly with both spam and genuine email. With the spam, this isn t such an issue
as users will generally transfer spam that has been missed without further prompting.
However, they must also be encouraged to regularly transfer samples of genuine
emails that they ve received. If they don t, then one side of the knowledge may
eventually lapse and so the Bayesian scoring will not take place. It may be a good
idea to encourage your users to transfer copies of 5 genuine emails that they receive
each day
this should keep this side of the knowledge up to date.
Any messages that are incorrectly flagged as spam which end up in the ‘Spam
folder should be transferred to the ‘Genuine email folder by the administrative user
so that the server can learn from it s mistakes.
The spam filtering can easily be made more aggressive by lowering the target score
threshold. This setting (5.0 by default) can be found in Security -> Spam filter ->
Heuristics tab -> ‘A message is spam if its score is greater or equal to… .
By
lowering this score, to say 4.0, you will see an immediate increase in the number of
detected spam messages. However, it s very important to note that this may also
increase the number of messages that get incorrectly flagged as potential spam
while this will initially be a problem, these should be detected by the administrative
user who can then feed them back to the ‘Genuine email folder so giving the server
the chance to learn from its mistake. The pay-off in the long run will be the ability to
run a lower threshold score with very few false positives.
You can white-list messages or domains based on who the message is to or from
and you can also black-list specific addresses or domains. MDaemon also has an
auto white-listing feature which can be used to drastically reduce the chances of
false positives. These features can be found in Security -> Spam filter.
© 2010-2024 YouScribe