Installation manual
43
Type - can have the following values: SPAM, PHISH, BOUNCE, ADULT, FRAUD. If you enter other
value that those listed above, the SPAM value will be used automatically. SPAM defines phrases
that occur in classical spam messages (offers of goods and services). PHISH are phrases
occurring in fraudulent messages (phishing), that are aimed at extraction of confidential data
(names, passwords, credit card numbers, etc.) from users. BOUNCE are phrases used in
automatic server responses - Non-Delivery Notification (used when spoofing sender's address).
ADULT represents phrases typical for messages offering pornographic content. FRAUD stands
for phrases used in fraudulent emails (scam) offering suspicious banking operations (money
transfers via your account etc.). A typical example of this spam type is the so-called Nigerian
spam.
Confidence - value from 0 to 100. Defines the probability of the phrase to be member of a specific
spam category (listed above). If the Type PHISH has the Confidence 90, there is a very high
probability of the phrase being used in phishing messages. The higher the Confidence score, the
bigger impact it exerts on the overall spam score of the message. The Confidence value of 100
presents a special case, where the message spam score will also be 100, i.e. message will be
marked as 100% spam. Analogically, if the value is 0, the message will be marked as not-spam.
CaseSensitivity - values 0 or 1. 0 meaning the phrase is case insensitive. 1 meaning the phrase is
case sensitive.
Examples:
replica, SPAM, 100, 0
Dear eBay member, PHISH, 90, 1
return to sender, BOUNCE, 80, 0
Further options for blacklisting/whitelisting are offered by files approvedsenders and blockedsenders, which can be
found under C:\Documents and Settings\All Users\Application Data\ESET\ESET Mail Security\ServerAntispam in Windows
Server 2000 and 2003, and for Windows Server 2008 under C:\ProgramData\ESET\ESET Mail Security\ServerAntispam.
You can add sender addresses or domains to these lists, while the approvedsenders file represents the list of allowed
addresses/domains, the blockedsenders file represents the list of blocked addresses/domains.
NOTE: In case you are performing migration / upgrade of ESET Mail Security from version 4.3.10023 (and below) to
version 4.3.10025, it is important to backup file approvedsenders and blockedsenders located in:
C:\Documents and Settings\All Users\Application Data\ESET\ESET Mail Security\MailServer (applies to Windows
Server 2000 and 2003)
C:\ProgramData\ESET\ESET Mail Security\MailServer (applies to Windows Server 2008, 2008 R2)
After the new version (4.3.10025 and above) of ESET Mail Security is installed, restore previously backed up files
approvedsenders and blockedsenders to:
C:\Documents and Settings\All Users\Application Data\ESET\ESET Mail Security\ServerAntispam (applies to
Windows Server 2000 and 2003)
C:\ProgramData\ESET\ESET Mail Security\ServerAntispam (applies to Windows Server 2008, 2008 R2)
Warning: As senders' addresses are very often spoofed (altered to appear as original), we do not recommend to use
the approvedsenders and blockedsenders files as means of whitelisting/blacklisting. The use of allowed and blocked IP
addresses for this purpose is much more reliable and secure. If you need to whitelist by the address/domain of the
sender (the approvedsenders file), you should always employ an additional method of message validation (e.g. SPF).
Other settings:
enable_spf
This option enables/disables validation by Sender Policy Framework. This validation method
checks the public rules of a domain - domain policy to determine whether a sender is
authorized to send messages from that domain.
enable_all_spf
This option is to determine whether domains not on the spf_list or Mailshell file can bypass
the SPF validation. For this option to work correctly, the enable_realtime_spf parameter must
be set to yes.
enable_realtime_spf
Is the option enabled, DNS requests will be sent in real-time during SPF validation. This can