Installation manual
17
Before starting full operation, we recommend that you manually configure the lists of restricted and allowed IP
addresses. To do so:
1) Open the Advanced settings window and navigate to the section Antispam protection. Make sure to check the
Enable antispam server protection field.
2) Navigate to the section Antispam Engine.
3) Click the Setup... button to set Allowed, Ignored and Blocked IP addresses lists.
The Blocked IP addresses tab contains the list of restricted IP addresses, i.e., if any non-ignored IP in Received
headers matches the address on this list, the message scores 100 and no other checks are made.
The Allowed IP addresses tab lists all IP addresses that are approved, i.e., if the first non-ignored IP in
Received headers matches any address on this list, the message scores 0 and no other checks are made.
The Ignored IP addresses tab lists addresses that should be ignored during Real-time Blackhole List (RBL)
checks. The list should include all internal IP addresses in the firewall not directly accessible from the Internet.
Doing so prevents unnecessary checks and helps to differentiate the external connecting IP addresses from
the internal IP addresses.
Greylisting
Greylisting is a method protecting users from spam using the following technique: Transport agent sends a
“temporarily reject” SMTP return value (default is 451/4.7.1) for any email from a sender it does not recognize. A
legitimate server will attempt to redeliver the message. Spammers typically do not attempt to redeliver messages,
because they go through thousands of email addresses at a time and typically cannot spend extra time on
resending.
When evaluating the message source, the method takes into account the configurations of the Approved IP
addresses list, the Ignored IP addresses list, the Safe Senders and Allow IP lists on the Exchange server and the
AntispamBypass settings for the recipient mailbox. Greylisting must be thoroughly configured, or else unwanted
operational flaws (e.g. delays in legitimate message deliveries etc.) may occur. These negative effects recede
continuously as this method fills the internal whitelist with trusted connections. If you are not familiar with this
method, or if you consider its negative side-effect unacceptable, we recommend that you disable the method in the
Advanced settings menu under Antispam protection > Microsoft Exchange Server > Transport agent > Enable
Greylisting.
We recommend disabling greylisting if you intend to test the product's basic functionalities and do not want to
configure the advanced features of the program.
NOTE: Greylisting is an additional layer of antispam protection and does not have any effect on the spam
evaluation capabilities of the antispam module.
Antivirus protection setup
Quarantine
Depending on the type of cleaning mode you are using, we recommend that you configure an action to be
performed on infected (not cleaned) messages. This option can be set in the Advanced settings window Server
protection > Antivirus and antispyware > Microsoft Exchange Server > Transport agent.
If the option to move messages into email quarantine is enabled, you need to configure the quarantine under
Server protection > Message quarantine in the Advanced settings window.
Performance
If there are no other restrictions, our recommendation is to increase the number of ThreatSense scan engines in the
Advanced settings window (F5) under Computer protection > Antivirus and antispyware > Performance,
according to this formula: number of ThreatSense scan engines = (number of physical CPUs x 2) + 1. Also, the number of
scan threads should be equal to the number of ThreatSense scan engines. You can configure the number of scan threads
under Server protection > Antivirus and antispyware > Microsoft Exchange Server > VSAPI > Performance.
Here is an example: