Contents
- Anti-Spam protection
- About Anti-Spam protection
- About Anti-Spam message scan status labels
- Enabling and disabling Anti-Spam protection of messages
- Enabling and disabling Anti-Spam scanning of messages for a rule
- Configuring Anti-Spam engine settings
- Setting default values for Anti-Spam engine settings
- Configuring the custom DNSBL list for the Anti-Spam engine
- Configuring the custom SURBL list for the Anti-Spam engine
- Configuring Anti-Spam scan settings for a rule
- Configuring Anti-Spam scan actions on messages
- Configuring tags added to message subjects after Anti-Spam scanning
Anti-Spam protection
This section contains information about Anti-Spam protection of messages and how to configure it.
About Anti-Spam protection
Kaspersky Secure Mail Gateway filters messages passing through the mail server to remove unsolicited mail (spam).
Messages are scanned for spam by the Anti-Spam engine. Anti-Spam engine scans each message for signs of spam. First, Anti-Spam engine scans the attributes of the message, such as sender and recipient addresses, size, and headers (including the From and To fields). Second, Anti-Spam engine analyzes the message content (including the Subject header) and attached files. Anti-Spam engine is enabled by default. If required, you can disable the Anti-Spam engine or disable Anti-Spam scanning for any rule. You can also limit the size of messages to be scanned for spam.
Depending on the sensitivity level, the application assigns messages in which spam or probable spam has been detected the specific statuses in accordance with the spam rating calculated by Anti-Spam. Spam rating is a whole number from 0 to 100 that reflects the number of times Anti-Spam engine was actuated in processing the message. The application also takes into account the responses from the DNSBL, SURBL and UDS servers, SPF technology, and results of reputation filtering to assign the spam rating to messages.
Reputation filtering is a cloud service that uses a technology that determines the reputation of messages. Information about new kinds of spam appears in the cloud service sooner than in Anti-Spam module databases, making it possible to improve the speed and accuracy of spam detection.
Depending on the status assigned, the application performs actions in accordance with the message processing rule settings. You can select actions to be performed by the application on messages with a certain status and configure tags to be added to messages based on the Anti-Spam scanning result. The default action performed on messages is Skip.
Anti-Spam functionality can be configured by editing the settings file for the Anti-Spam engine. In the settings file, you can change, for example, statuses of Anti-Spam scanning of messages or the level of detail of email message information recorded in the Kaspersky Secure Mail Gateway event log.
The settings file of the Anti-Spam engine can be accessed from the Kaspersky Secure Mail Gateway Administration Console in Technical Support Mode with super-user account privileges.
About Anti-Spam message scan status labels
Based on the results of scanning for spam, the Anti-Spam engine assigns one of the following Anti-Spam scan statuses to messages:
- Clean (Not Spam) – the message contains no spam.
- Spam – the application unambiguously recognizes the message as spam.
- Probable Spam – the message may contain spam.
- Blacklisted – the sender's email address is on the global or custom black list of addresses, or the host IP address or DNS name are on the DNSBL black list.
- Massmail – the message belongs to a mass mailing campaign.
- Scan Error – message scanning returned an error.
Enabling and disabling Anti-Spam protection of messages
To enable or disable Anti-Spam protection of messages:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, do one of the following:
- Flip on the toggle switch next to the name of the Anti-Spam settings group to enable Anti-Spam protection of messages.
- Flip off the toggle switch next to the name of the Anti-Spam settings group to disable Anti-Spam protection of messages.
Enabling and disabling Anti-Spam scanning of messages for a rule
You can enable or disable Anti-Spam scanning of messages for one or several rules. Anti-Spam scanning of messages is enabled by default.
Before enabling or disabling Anti-Spam scanning of messages for a rule, make sure that Anti-Spam engine of Kaspersky Secure Mail Gateway is enabled.
To enable or disable Anti-Spam scanning of messages for a rule:
- In the main window of the application web interface, open the management console tree and select the Rules section.
- In the list of rules, click the name of the rule to open the rule for which you want to enable or disable Anti-Spam scanning of messages.
- Select the Anti-Spam section.
- Do one of the following:
- Flip on the toggle switch next to the name of the Anti-Spam settings group to enable Anti-Spam scanning of messages for a rule.
- Flip off the toggle switch next to the name of the Anti-Spam settings group to disable Anti-Spam scanning of messages for a rule.
- Click the Apply button in the lower part of the workspace.
Configuring Anti-Spam engine settings
To configure the Anti-Spam engine settings:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click any of the following links: Use KSN, Use enforced Anti-Spam Updates Service, Use reputation filtering, or Maximum scanning time to open the Anti-Spam settings window.
- In the External services settings group, select one of the following options in the Use KSN drop-down list:
- Yes — if you want to use KSN.
- No — if you do not want to use KSN.
- In the External services settings group, select one of the following options in the Use enforced Anti-Spam Updates Service drop-down list:
- Yes — if you want to use enforced Anti-Spam Updates Service.
- No — if you do not want to use enforced Anti-Spam Updates Service.
- In the External services settings group, select one of the following options in the Use reputation filtering drop-down list:
- Yes — if you want to use the reputation filtering service.
- No — if you do not want to use the reputation filtering service.
- In the Performance settings group, in the Maximum scanning time field specify the maximum Anti-Spam scan time in seconds.
If Anti-Spam scanning of a message does not finish within the time limit you specified, Kaspersky Secure Mail Gateway:
- Stops scanning the message (Skip action).
- Assigns Error (Scan error) status to the message.
- Adds the
as-status="Error"
label to the message subject. - Delivers the message to the recipient.
- Adds the following entry to the /var/log/maillog event log:
<scan date and time> <Kaspersky Secure Mail Gateway host name>: not clean: message-id=<message ID>: relay-ip=<IP address of message recipient's computer>: action="Skipped": rules=<rule ID>: size=<message size>: mail-from=<message sender's email address>: rcpt-to=<message recipient's email address>: av-status="Clean", ap-status="Error", as-status="Error", ma-status="NotScanned, disabled by settings", cf-status="NotScanned, disabled by settings">
- Click the Apply button.
Setting default values for Anti-Spam engine settings
To set default values for Anti-Spam engine settings:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click any of the following links: Use KSN, Use enforced Anti-Spam Updates Service, Use reputation filtering, or Maximum scanning time to open the Anti-Spam settings window.
- In the lower part of the Anti-Spam settings window, click the Set default values link.
- Click the Apply button.
Configuring the custom DNSBL list for the Anti-Spam engine
You can create a custom list of DNSBL servers to improve the accuracy of spam detection. DNSBL servers stores lists of IP addresses that were previously detected as sources of spam and to which the Anti-Spam engine assigns a spam rating and one of the Anti-Spam message scan status labels.
To create the custom DNSBL list of the Anti-Spam engine:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click the Custom DNSBL list link to open the Custom DNSBL list window.
- In the field under the window name, type DNS names or IP addresses into the DNSBL list.
You can use only these symbols: a–z, A–Z, 0–9, "-" and ".", and the "-" symbol must not come last. For example, you can add the sender's DNS name dns-bl.example.com or the sender's IP address 10.0.0.1 to the list.
Separate the addresses with the ";" symbol.
- Click the Apply button.
To view the custom DNSBL list of the Anti-Spam engine:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click the Custom DNSBL list link to open the Custom DNSBL list window.
- Click the Apply or Cancel button after you finish managing the list.
The Custom DNSBL list window closes.
To remove an entry from the custom DNSBL list of the Anti-Spam engine:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click the Custom DNSBL list link to open the Custom DNSBL list window.
- In the field under the window name, select one or several accounts that you want to delete.
- Press the Delete key.
- Click the Apply button.
Configuring the custom SURBL list for the Anti-Spam engine
You can create a custom list of SURBL servers to improve the accuracy of spam detection. SURBL servers store lists of web addresses that were previously detected in the subject or body of messages recognized as spam and to which the Anti-Spam engine assigns a spam rating and one of the Anti-Spam message scan status labels.
To create the custom SURBL list of the Anti-Spam engine:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click the Custom SURBL list link to open the Custom SURBL list window.
- In the field under the window name, type DNS names or IP addresses into the SURBL list.
You can use only these symbols: a–z, A–Z, 0–9, "-" and ".", and the "-" symbol must not come last. For example, you can add the DNS name dns-bl.example.com or the IP address 10.0.0.1 to the list.
Separate the addresses with the ";" symbol.
- Click the Apply button.
To view the custom SURBL list of the Anti-Spam engine:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click the Custom SURBL list link to open the Custom SURBL list window.
- Click the Apply or Cancel button after you finish managing the list.
The Custom SURBL list window closes.
To remove an entry from the custom SURBL list of the Anti-Spam engine:
- In the main window of the application web interface, open the management console tree and select the Settings section and Protection subsection.
- In the Anti-Spam section, click the Custom SURBL list link to open the Custom SURBL list window.
- In the field under the window name, select one or several accounts that you want to delete.
- Press the Delete key.
- Click the Apply button.
Configuring Anti-Spam scan settings for a rule
You can configure the settings of the Anti-Spam engine for one or several rules.
To configure the settings of the Anti-Spam engine for a rule:
- In the main window of the application web interface, open the management console tree and select the Rules section.
- In the list of rules, click the link with the name of the rule to open the rule for which you want to configure the Anti-Spam engine settings.
- Select the Anti-Spam section.
- Flip on the toggle switch next to the name of the Anti-Spam settings group if it is off.
- In the General settings section, select check boxes next to the names of the general settings that you want to enable:
- Use graphical image processing technologies — if you want to use GSG technology that identifies images containing text in order to determine whether such text is spam. The text is recognized regardless of whether it has been modified, rotated in the image, hidden behind "noise" or otherwise modified to conceal the purpose of the image.
- Scan RTF attachments — if you want the Anti-Spam engine to scan all message attachments in RTF format.
- In the Scan using external services settings group, select check boxes next to the names of settings that control usage of external services you want to enable:
- Use provided DNSBL list if you want the Anti-Spam engine to check senders' addresses against the Kaspersky Lab-provided list of addresses previously detected as spam sources.
- Use custom DNSBL list, if you want the Anti-Spam module to check if the senders' addresses are listed on DNSBL servers specified in the custom DNSBL list.
You can view the custom DNSBL list by clicking the custom link in the name of the Use custom DNSBL list setting.
- Use provided SURBL list if you want the Anti-Spam engine to scan the message subject and body for web addresses appearing in the Kaspersky Lab-provided list of addresses that were previously detected in the subject or body of messages categorized as spam.
- Use custom SURBL list, if you want the Anti-Spam module to check if web addresses present in the message subject and body are listed on SURBL servers specified in the custom SURBL list.
You can view the custom SURBL list by clicking the custom link in the name of the Use custom SURBL list setting.
- In the Raise spam rating if settings group, select check boxes next to the names of languages and fonts that, when used in the message, increase the spam rating of the message:
- Message written in Chinese — if you want the Anti-Spam engine to increase the spam rating of messages written in Chinese.
- Message written in Japanese — if you want the Anti-Spam engine to increase the spam rating of messages written in Japanese.
- Message written in Korean — if you want the Anti-Spam engine to increase the spam rating of messages written in Korean.
- Message written in Thai — if you want the Anti-Spam engine to increase the spam rating of messages written in Thai.
- Message uses Cyrillic script — if you want the Anti-Spam engine to increase the spam rating of messages written using the Cyrillic script.
- Click the Apply button in the lower part of the workspace.
In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that Anti-Spam scanning of messages is enabled for the rule and the rule for which you have configured settings is enabled.
Configuring Anti-Spam scan actions on messages
To configure the actions to be performed by Kaspersky Secure Mail Gateway on messages during Anti-Spam scanning:
- In the main window of the application web interface, open the management console tree and select the Rules section.
- In the list of rules, click the link with the name of the rule to open the rule for which you want to configure actions on messages during Anti-Spam scanning.
- Select the Anti-Spam section.
- Flip on the toggle switch next to the name of the Anti-Spam settings group if it is off.
- In the If spam is detected drop-down list, select one of the following actions to take on messages containing spam:
- Delete message.
- Reject.
- Skip.
- In the If probable spam is detected drop-down list, select one of the following actions to take on messages containing probable spam:
- Delete message.
- Reject.
- Skip.
- In the If mail sender's address is blacklisted by DNSBL drop-down list, select one of the following actions to take on messages whose sender has been detected in the DNSBL list and that has been assigned Blacklisted status:
- Delete message.
- Reject.
- Skip.
- In the If mass mailing is detected drop-down list, select one of the following actions to take on messages found to contain mass mailing:
- Delete message.
- Reject.
- Skip.
- Click the Apply button in the lower part of the workspace.
In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that Anti-Spam scanning of messages is enabled for the rule and the rule for which you have configured settings is enabled.
Configuring tags added to message subjects after Anti-Spam scanning
To configure tags that Kaspersky Secure Mail Gateway to the message subject after Anti-Spam scanning:
- In the main window of the application web interface, open the management console tree and select the Rules section.
- In the list of rules, click the name of the rule to open the rule for which you want to configure tags added to message subjects after Anti-Spam scanning.
- Select the Anti-Spam section.
- Flip on the toggle switch next to the name of the Anti-Spam settings group if it is off.
- Add a tag to the Subject field of messages that contain spam. To do so, perform the following:
- In the If spam is detected settings group, click the link on the right of the name of the Add the following text to subject of email message setting to open the Tag for spam messages window.
- In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages containing spam. For example, you can add the Spam tag.
- Click OK.
The Tag for spam messages window closes.
- Add a tag to the Subject field of messages that contain probable spam. To do so, perform the following:
- In the If probable spam is detected settings group, click the link on the right of the name of the Add the following text to subject of email message setting to open the Tag for probable spam messages window.
- In the field under the name of the window, enter the text that you want to add at the beginning of the subject of probable spam messages. For example, you can add the Probable spam tag.
- Click OK.
The Tag for probable spam messages window closes.
- Add a tag to the Subject field for messages whose sender has been detected in the DNSBL list and assigned Blacklisted status. To do so, perform the following:
- In the If mail sender's address is blacklisted by DNSBL setting section, click the link on the right of the name of the Add the following text to subject of email message setting to open the Tag for messages blacklisted by DNSBL window.
- In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages from blacklisted senders. For example, you can add the Blacklisted tag.
- Click OK.
The Tag for messages blacklisted by DNSBL window closes.
- Add a tag to the Subject field of messages that contain mass mailing. To do so, perform the following:
- In the If mass mailing is detected settings group, click the link on the right of the name of the Add the following text to subject of email message setting to open the Tag for mass mailing window.
- In the field under the name of the window, enter the text that you want to add at the beginning of the subject of messages found to contain mass mailing. For example, you can add the MassMail tag.
- Click OK.
The Tag for mass mailing window closes.
- Click the Apply button in the lower part of the workspace.
In order for the settings you have configured to be used during operation of Kaspersky Secure Mail Gateway, make sure that Anti-Spam scanning of messages is enabled for the rule and the rule for which you have configured settings is enabled.