MDaemon Spam Filter Recommended Settings

© 2016 Alt-N Technologies

Spam Filter Recommendations


Introduction

Is spam making you pull your hair out? Follow these best practices to reduce spam.


Standard Defense Layers Before Acceptance

• IP Screening• Host Screening• Reverse Lookup • IP Shielding• Backscatter

Protection• Tarpitting

• Greylisting• DNS Black Lists• DKIM, SPF• Inline Spam

Filtering


Defense Layers Before Acceptance with SecurityPlus

• IP Screening• Host Screening• Reverse Lookup• IP Shielding• Backscatter

Protection• Tarpitting• Greylisting

• DNS Black Lists• DKIM, SPF• Inline Spam

Filtering• Inline Virus Scan• Outbreak

Protection


Important Recommendations

Use the latest version of MDaemon

Use the Help menu to check for updates.



Install the latest SecurityPlus plug-in

Signature-based antivirus scanning engine (with automatic updates)



Install the latest SecurityPlus plug-in

Outbreak ProtectionFilters emails based on distribution patterns in real-time



Enable Bayesian Classification

Helps train the spam filter to be more accurate by feeding it samples of spam & non-spam


Spam filter settings

Place spam in Spam Trap folder for

Administrator Review. Helps reduce false-

positives.



SMTP rejection threshold should be

higher than the Spam Score threshold



Black List (by sender) adds 100 points to

spam score by default.



Black List (by sender) adds 100 points to

spam score by default.

Use for blocking legitimate addresses.

Blacklisting spoofed addresses is not effective.


DNS-BL

Enable DNS-BL to check connections

against publicly hosted DNS blacklists.


DNS-BL

By default, MDaemon will check DNS blacklists for IP addresses within received headers on SMTP and POP

collected mail.


DNS-BL

By default, 3 points are added to the spam score for messages from IP’s on a blacklist.

You can optionally refuse messages from blacklisted IPs.


Spam Honeypots

Enable spam honeypots.

Messages addressed to a honeypot are fed to the Bayesian Learning engine.


Block relaying attempts with ‘Relay Control’

Check these three boxes to prevent relaying


Block spoofing with the ‘IP Shield’

Mail from specific domain must have come from designated IP address or IP address range.


Block spoofing with the ‘IP Shield’

Local users connecting from outside of your network can be exempt from IP Shielding when SMTP authentication is used.


Require Strong Passwords


Require SMTP Authentication


Enable Reverse Lookups

These three boxes are checked by default


Reverse Lookups

Check this box to exempt authenticated sessions.


Handling annoyance emails with ‘Address Blacklist’

Block emails from legitimate addresses or domains


Still Suffering from too much Spam?

• Make sure you haven’t whitelisted or excluded the sender’s or recipient’s address from MDaemon’s spam filter.

• Make sure the spammer didn’t authenticate their SMTP session by guessing a local account’s password.

• Make sure the connection didn’t originate from a trusted or local IP address.

To check the above, check the following two logs:

• MDaemon-yyyymmdd-SMTP-(In).log• MDaemon-yyyymmdd-AntiSpam.log•

…located in the MDaemon/Logs directory.


Rebuilding the Bayesian Filtering Database

1. Stop MDaemon

2. Rename the \MDaemon\SpamAssassin\Bayes folder to \MDaemon\Spamassassin\Bayes_old

3. Restart MDaemon

You will then need to feed the Bayesiarn Learning folders at least 200 spam & 200 non-spam messages to start the Bayesian learning process again.

See the following knowledge base article for instructions:http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults?Number=KBA-01746


Conclusions

Install SecurityPlus Use Bayesian Filtering Configure spam scoring Use whitelists & blacklists with caution Use DNS blacklist Use spam honeypots

Block relay attempts

Use the IP shield Use strong passwords Require SMTP authentication Enable reverse lookups Use address blacklists

Enable these settings to cut down on spam:


®

Trusted Messaging Solutionswww.altn.com

Thank You

MDaemon Spam Filter Recommended Settings

Software

Transcript of MDaemon Spam Filter Recommended Settings