User guide
Table Of Contents
10
2.
Quarantine
This option excludes the risk of deleting legitimate
email. Messages can be restored and resent to the
original recipients immediately. The drawbacks of this
method are higher consumption of system resources
and additional time required for email quarantine
maintenance. You can use two methods to quarantine
email:
A. Internal Exchange Server quarantine:
- If you want to use the internal server quarantine
make sure the Common message quarantine
field on the right pane in the advanced settings
menu (under Mail server protection > Message
quarantine) is left blank. Also make sure that the
Quarantine message to the mail server system
quarantine option is selected from the drop-
down menu at the bottom.
B. Custom quarantine mailbox:
- If you type the desired mailbox in the Common
message quarantine field ESET Mail Security will
move all new spam messages into your custom
mailbox.
3.
Forwarding spam
Spam will be forwarded along to its recipient.
However, ESET Mail Security will fill in the relevant
MIME header with the SCL value into each message.
Based on the SCL value the relevant action will be
executed by the Exchange server IMF (Intelligent
Message Filtering).
Spam filtering
Antispam Engine
The Antispam engine offers the three following
configurations - Recommended, Most accurate,
Fastest.
If there is no need to optimize your configuration to allow
maximum throughput (e.g. high server load), we
recommend you select the Most accurate option. When
the Recommended configuration is set, the server will
automatically adjust its settings based on scanned
messages to balance the load. When Most accurate is
enabled, the settings will be optimized in regard to the
catch rate. Clicking Custom > Open configuration file
allows a user to edit the spamcatcher.conf file. This
option is recommended for advanced users only.
Before starting full operation, we recommend that you
manually configure the lists of restricted and allowed IP
addresses. To do so:
1)
Open the Advanced settings window and navigate to
the section Antispam protection > Mail server
protection.
2)
Make sure to check the Enable mail server antispam
protection field.
3)
Click the Setup... button to set Allowed, Ignored and
Blocked IP addresses lists.
The Blocked IP addresses tab contains the list of
restricted IP addresses, i.e., if any non-ignored IP
in Received headers matches the address on this list,
the message scores 100 and no other checks are
made.
The Allowed IP addresses tab lists all IP addresses
that are approved, i.e., if the first non-ignored IP in
Received headers matches any address on this list,
the message scores 0 and no other checks are
made.
The Ignored IP addresses tab lists addresses that
should be ignored during Real-time Blackhole List
(RBL) checks. The list should include all internal IP
addresses in the firewall not directly accessible from
the Internet. Doing so prevents unnecessary
checks and helps to differentiate the external
connecting IP addresses from the internal IP
addresses.
Greylisting
Greylisting is a method protecting users from spam using
the following technique: Transport agent sends a
“temporarily reject” SMTP return value (default is 451/4.7.1)
for any email from a sender it does not recognize. A
legitimate server will attempt to redeliver the message.
Spammers typically do not attempt to redeliver
messages, because they go through thousands of email
addresses at a time and typically cannot spend extra time
on resending.
When evaluating the message source, the method takes
into account the configurations of the Approved IP
addresses list, the Ignored IP addresses list, the Safe
Senders and Allow IP lists on the Exchange server and
the AntispamBypass settings for the recipient mailbox.
Greylisting must be thoroughly configured, or else
unwanted operational flaws (e.g. delays in legitimate
message deliveries etc.) may occur. These negative effects
recede continuously as this method fills the internal
whitelist with trusted connections. If you are not familiar
with this method, or if you consider its negative side-
effect unacceptable, we recommend that you disable the
method in the Advanced settings menu under Antispam
protection > Mail server protection > Microsoft
Exchange Server > Transport agent > Enable
Greylisting.
We recommend disabling greylisting if you intend to test
the product's basic functionalities and do not want to
configure the advanced features of the program.
NOTE: Greylisting is an additional layer of antispam
protection and does not have any effect on the spam
evaluation capabilities of the antispam module.
Antivirus protection setup
Quarantine
Depending on the type of cleaning mode you are using
we recommend that you configure an action to be
performed on infected (not cleaned) messages. This
option can be set in the Advanced settings window >
Antivirus and antispyware > Mail server protection >
Microsoft Exchange Server > Transport agent.