Installation manual
37
that is not from a recognized sender. A legitimate server will try to resend the message after a delay. Spam servers
will typically not attempt to resend the message, as they usually go through thousands of email addresses and do
not waste time resending. Greylisting is an additional layer of antispam protection and does not have any effect on
the spam evaluation capabilities of the antispam module.
When evaluating the message source the method takes into account the configurations of the Approved IP
addresses list, the Ignored IP addresses list, the Safe Senders and the Allow IP lists on the Exchange server and
the AntispamBypass settings for the recipient mailbox. Emails from these IP addresses/senders lists or emails
delivered to a mailbox that has the AntispamBypass option enabled will be bypassed by the greylisting detection
method.
The SMTP response for temporarily denied connections field defines the SMTP temporary denial response sent to
the SMTP server if a message is refused.
Example of SMTP response message:
Primary response code
Complementary status code
Description
451
4.7.1
Requested action aborted: local error in processing
Warning: Incorrect syntax in SMTP response codes may lead to malfunctioning of greylisting protection. As a result,
spam messages may be delivered to clients or messages may not be delivered at all.
Time limit for the initial connection denial (min.) - when a message is delivered for the first time and temporarily
refused, this parameter defines the time period during which the message will always be refused (measured from
the first refusal). After the defined time period has elapsed, the message will be successfully received. The minimum
value you can enter is 1 minute.
Unverified connections expiration time (hours) – this parameter defines the minimum time interval for which
the triplet data will be stored. A valid server must resend a desired message before this period expires. This value
must be greater than the value of Time limit for the initial connection denial.
Verified connections expiration time (days) – the minimum number of days for which the triplet information is
stored, during which emails from a particular sender will be received without any delay. This value must be greater
than the value of Unverified connections expiration time.
NOTE: You can also use system variables when defining the SMTP reject response.
3.3.1.2 POP3 Connector and antispam
Microsoft Windows Small Business Server (SBS) versions includes POP3 Connector that enables the server to fetch
email messages from external POP3 servers. Implementation of this "standard" POP3 Connector differs from one
SBS version to another.
ESET Mail Security does support Microsoft SBS POP3 Connector on SBS 2008 and messages downloaded via this
POP3 Connector are scanned for the presence of spam. This works because messages are being transported into
the Microsoft Exchange via SMTP. However, Microsoft SBS POP3 Connector on SBS 2003 is not supported by ESET
Mail Security, thus massages are not scanned for spam. This is because messages actually bypass SMTP queue.
There also exist a number of third party POP3 Connectors. Whether messages fetched via certain POP3 Connector
are scanned for spam or not depend on the actual method this POP Connector is using to fetch messages. For
example, GFI POP2Exchange transports messages via Pickup Directory, thus messages are not scanned for spam.
Similar issues may appear with products which transport messages via authenticated session (such as IGetMail),
alternatively when Microsoft Exchange marks these as internal messages for which antispam is bypassed by
default. This setting can be changed in configuration file. Export configuration into xml, change
AgentASScanSecureZone setting's value to "1" and import the configuration back (for details on how to import and
export configuration file see chapter Import and export settings ). You can also try disabling Accept antispam
bypass flag set on SMTP session in F5 advanced setup tree under Server protection > Antispam protection >
Microsoft Exchange Server > Transport agent. By doing this, ESET Mail Security will be scanning the SMTP
session for spam disregarding Exchange sever antispam bypass setting.
122