Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).
Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.
Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.
Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.
By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.
SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.
In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to email@example.com to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.
Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.
You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.
Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
Click Save and Close to save your changes.
End User Instructions
Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.
There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.
To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:
Log into SecurityGateway.
Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
You will receive confirmation that the message was marked as spam.
To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: firstname.lastname@example.org). Note: SMTP authentication must be used.
If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.
When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.
Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!
Unless you live in a cave, chances are you use email as a primary method of business communication. You’re also likely to receive tons of annoying, non-business related email, such as newsletters, press releases, mailing list messages, and follow-up messages that clutter up your Inbox. Without a clear strategy for dealing with all of this distracting junk, valuable time is wasted on unimportant tasks, and productivity suffers. In other words, you may be afflicted with “email overload.”
So how do we deal with the influx of email that grabs at our limited supply of attention? Merlin Mann invented the concept of Inbox Zero. From TechTarget, Inbox Zero is defined as “a rigorous approach to email management aimed at keeping the inbox empty — or almost empty — at all times.” According to Mann, zero does not refer to the number of messages in your Inbox. Instead, it refers to the amount of time one spends thinking about his Inbox. A key point that is made is that when one confuses his Inbox with a to-do list, productivity suffers. Mann states, “It’s about how to reclaim your email, your attention, and your life. That zero? It’s not how many messages are in your inbox–it’s how much of your own brain is in that inbox – especially when you don’t want it to be. That’s it.”
So with the daily influx of email, how can we achieve Inbox Zero? Mann says that for every email message, there are five possible actions to take:
Let’s take a closer look at these actions.
Delete: When a new message arrives, the first thing you should ask yourself is “Am I REALLY going to read or respond to this email?” If you’re not sure, then chances are you’re not going to make it a priority, and then it will sit there in your Inbox while other messages that should have been deleted come piling in after it. As Merlin Mann says in this article, “every email you read, re-read, and re-re-re-re-re-read as it sits in that big dumb pile is actually incurring mental debt on your behalf.” So if you’re not going to do anything with a message, simply delete it and move on.
Delegate: If there’s a message that can be best answered by someone else, then immediately forward it on. Don’t try to handle it if it will take you twice as long as someone else.
Respond: Immediately respond to any new messages that can be answered in two minutes or less.
Defer: If a message cannot be answered in two minutes or less, or if a message can be answered later, then move it to a separate “requires response” folder and reply later.
Do: Set aside time each day to respond to email in the “requires response” folder or respond to mail in this folder throughout the day when you have time.
Mann also recommends what he calls “Email dashes.” Here are his recommendations.
Check for new email & look for items that can be responded very quickly: Two minutes every 20 minutes.
Non-critical responses – Every 90 minutes, answer 5 emails or spend 10 minutes responding.
Processing “the pile” – Two minutes every hour, plus 15 minutes at the end of the day.
Metawork – 15 minutes twice a week.
Further culling, responding & cleaning out “the pile” – Throughout the day, when available, in 5-8 minute dashes. These email dashes help you prioritize, avoid constant email notifications, and manage your time and attention.
Other tips for achieving Inbox Zero:
Don’t leave your email client open. An open email client can be a persistent distraction. It could be too tempting to check email when you’re working on another project while your email client is running in the background.
Use templates: You can use templates for often repeated messages that may only require a short or generic response, such as “Thank you” responses or responses to common questions. If you’re using WorldClient, MDaemon’s webmail client, this article has instructions for creating email templates.
Use Filters: Filters are useful for dealing with frequent, non-urgent items that can be dealt with later. Some examples include:
Mailing lists and forum threads
Social media “Friend” requests from sites like Facebook and Google+
Newsletters and product updates
Twitter follower notifications
Be careful when creating filters to ensure that you are only filtering out content that isn’t important. It is possible to filter out too much – for example, important but non-urgent messages that would be better addressed by dealing with them according to a schedule.
Use labels or folders: This tip could perhaps be combined with the above tip on using filters. The idea is to automate the process of acting on message that meet certain criteria by applying certain labels or moving them to designated folders. For example, I get a lot of blog comments from spambots, so by creating a filter that filters on the subject of a comment notification message, I can send those messages directly to my “Blog Comments” folder. Sometimes, I’ll get up to 200 comments in a day, so this saves me lots of time and headache weeding through all of that stuff in my Inbox.
Unsubscribe from email lists: How many times have you been asked by a retailer for your email address, or left the box checked when making a purchase on a company’s website authorizing them to bombard you with sales pitches on their other products? Taking the time to unsubscribe from these mailing lists now can save you from having to deal with all that Inbox clutter later.
The concept of Inbox Zero is not to have zero messages in your Inbox. It’s to set up processes that allow you to spend as little time as possible THINKING about your Inbox. Merlin Mann created the concept several years ago, when there was far less email and far fewer distractions than there are today, so his ideas are even more relevant today. I hope you find these tips useful & that you can use them to take back any control your Inbox may have over you.
Ever wonder why so much spam exists today? By some estimates, more than 100 billion spam messages are sent every day. This represents around 85 percent of global daily email traffic. Some of the most common types of spam messages include financial scams, phishing attempts, ransomware, and botnet malware. In this article, we focus primarily on botnets.
Spam is big business. The barriers to entry are low and the payoffs are high. If a spammer sends out 50,000 spam messages, but only a handful of users click on a link in one of these messages, the spammer’s efforts will likely have paid off.
A single spammer may not have the resources to send out a large-scale spam attack, however, a spammer’s job is made much easier by the use of botnets – networks of hundreds or even thousands of malware-infected computers (known as spambots) that can be remotely controlled over the internet. Similar to legitimate cloud services such as Amazon’s AWS, a botnet-for-hire provides individuals with ample cloud-based resources to carry out large-scale spam campaigns with very little effort.
According to Spamhaus, the top five countries with the most spambots are India, Vietnam, China, Iran, and Brazil. As of May 23, 2016, India had close to 2 million spambots!
The botnet-for-hire industry is a growing industry that makes it easy for anyone to send out thousands of spam messages using the botnet as the attack vector.
In addition to sending out spam, botnets can be used to launch DDoS attacks by flooding a company with thousands of connections over a short period of time – in an effort to try to shut down a company’s network or to damage its reputation.
User education is likely the most important factor in preventing a computer from becoming a spambot. The following are a few guidelines that every email user should know by now.
Never open an email from an unknown source.
Never open an attachment from an unknown source.
Even if the sender appears to be someone you know, always verify – because spammers often forge the sender’s address.
Use anti-virus software on your local computer.
Learn how to recognize phishing
Messages that contain threats to shut your account down
Requests for personal information such as passwords or Social Security numbers
Words like “Urgent” – portraying a false sense of urgency
Forged email addresses
Poor writing or bad grammar
Don’t give your email address to sites you don’t trust.
Don’t post your email address to public websites or forums.
Understand that reputable businesses will never ask for personal information via email.
The information provided above applies primarily to end users, but what actions can be taken by the mail server administrator to detect and prevent spambot activity? While MDaemon has many spam-fighting features, MDaemon 16 includes tools to detect spambot activity and block it from further communication with your server. This new feature is called Spambot Detection. Spambot Detection tracks the IP addresses that every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can be expected from users switching between their computers and mobile devices) in a given timeframe, then it’s possible that this activity is being generated by a spambot. Of course, it’s also possible that this activity is completely legitimate. However, in some cases, tests have shown that this can be an effective tool at detecting a distributed spambot network as long as the same return-path is used in the spam messages. If a spambot is detected the connection is dropped and the return-path value is optionally blacklisted for a designated period of time. You can also optionally blacklist all known spambot IPs for a designated period of time.
As with most MDaemon security features, various settings allow you to bypass Spambot Detection for mail from trusted sources. You can exempt specific IPs, senders, and recipients from Spambot Detection using the White list feature, and exempt connections from authenticated sessions or trusted IPs. Click on the Advanced buttons to view a list of return-paths or IPs that are currently blocked. If a return-path or IP is blocked by mistake, you can easily remove it from the list.
We demonstrate how to configure Spambot Detection in this tutorial video.
Spammers are always coming up with new ways to spam users. That’s why user education and a properly configured mail server are equally important in the war against spam.
If you haven’t seen our YouTube channel lately, you’re missing out on some valuable information that can be used to help you manage MDaemon and SecurityGateway. Recently, we’ve added several new MDaemon tutorial videos. Here are a few that might interest you.
MDaemon Graphical User Interface (GUI) Overview
In this video, we provide a tour of MDaemon’s graphical user interface. We show you where to find key security, administration, and account management settings, how to navigate your way through the mail queues, and how to find information in the mail routing, security and spam filter logs using the tabs across the bottom of the MDaemon interface.
MDaemon’s File Structure
One of the benefits of MDaemon that make it easy to troubleshoot and administer is its file structure. All key settings are stored in configuration files located in the MDaemon/App directory, and user email messages are stored in the Users directory. This flat-file structure makes MDaemon very easy to backup and restore using simple drag & drop.
How to Enable and Use Two-Factor Authentication in WorldClient
Two-factor authentication is a security feature found in WorldClient, MDaemon’s webmail client, which requires users to submit two forms of identifying data – a password, and a special code or token, before they are able to login. Two-factor authentication helps prevent accounts from being hijacked by someone who manages to guess the account’s password. A potential hacker would have to know the second authenticating factor in order to access the account.
Enabling Do Not Disturb to Establish Work/Life Balance for Employees
MDaemon’s Do-Not-Disturb feature allows administrators to set a time during which certain users are not allowed to check for or send new email messages. In an age where we’re all constantly connected via mobile devices, this helps foster better work-life balance for your users.
Companies around the world are faced with the need to manage email access after hours to reduce overtime pay and promote a stronger work/life balance for their employees. MDaemon makes this goal attainable using its Do Not Disturb feature. Do Not Disturb allows administrators to designate a time during which selected users are not allowed to check their email. During the Do Not Disturb period, accounts can still receive email on the mail server, but users cannot send or check for mail using SMTP, IMAP, POP, WorldClient or ActiveSync.
In MDaemon, you can access the Do Not Disturb feature via the Group Manager screen under the Accounts menu. Follow these steps to configure Do Not Disturb.
Select Groups & Templates.
Select Group Manager.
Select New Group or click on an existing group to select it. Enter a Group Name and Description for your new group.
Click on Add or remove accounts from the selected group.
Check the box for each account you wish to add to this group, and then click OK.
Select the group name under the Group Manager list.
Check Enable Do Not Disturb.
Click on Define Do Not Disturb Schedule to configure when you would like this feature to take effect.
Select your desired Do-Not-Disturb schedule, including dates, times, and days of the week, and then click OK.
Click OK to close the Groups & Templates window.
Once these settings are enabled, users who try to access or send email during Do Not Disturb hours will be denied access.
The following video demonstrates how to configure Do Not Disturb.
Do Not Disturb gives administrators and management teams greater control over who has after-hours access to the email system. This feature was added in MDaemon 15.5. If you’re using an older version of MDaemon and would like to upgrade, then visit our Downloads page to download the latest version of MDaemon.
If you’ve used Microsoft Outlook for an extended period of time, you may have noticed that it doesn’t run quite as smoothly as it used to. Outlook’s performance is affected by many things, including the amount of data it has to keep track of, any add-ons that are installed, how often it checks for new mail (checking more frequently can improve performance), and various other factors. Whether you use POP, IMAP, ActiveSync or Outlook Connector, you can perform various tasks to improve Outlook’s performance. Follow the steps outlined below to keep Outlook running like a well-oiled machine.
Outlook Connector Users
Compact the Outlook Connector Local Cache File
Unlike POP, which stores data in a PST file, Outlook Connector stores a local copy of account data in a local cache file. If you are using Outlook Connector, you can compact the local cache file to improve performance. Follow these steps to compact the local cache file:
Make sure Outlook is shut down, and navigate to the Windows control panel.
Click on the Mail control panel.
Click on Email Accounts.
Double-click on your Outlook Connector account.
Click on the Database Management tab.
Locate the Purge Database section and click on the Purge button.
Locate the Compact Database section, and click on the Compact button. You can also check “Compact database on Outlook shutdown” to compact the database each time Outlook is shut down.
NOTE: Outlook Connector includes the option “Download Headers Only” under the Send/Receive tab of the Outlook Connector Client configuration screen. When this option is enabled, Outlook only downloads the information needed to show messages in the message list, and not the full content of each message. When you click on a message, the rest of the message is downloaded for viewing. Users may experience a slight delay in viewing messages in the preview pane when “Download Headers Only” is enabled because Outlook has to download the rest of the message when it is selected. If messages are show to appear in the preview pane or when viewing, try disabling “Download headers only.”
Performing the following housekeeping tasks regularly will help minimize the amount of data that Outlook must process, and will reduce the amount of memory used by the program.
We recommend performing these housekeeping tasks regularly:
Delete any email messages, calendar items, and contacts that are no longer needed.
Empty the Deleted Items folder by right-clicking it and selecting Empty Folder.
Delete unwanted items from the Sent Items folder.
Move items out of the Inbox to other mail folders.
Archive old messages. Mail server administrators can implement a server-wide archiving solution such as MailStore to help cut down on the amount of data stored in user mailboxes.
Having too many Outlook add-ins can bog down Outlook’s performance. When Outlook is installed for the first time, it comes with its own set of add-ins. Not all of these add-ins will be activated, and there may be add-ins enabled that you don’t need. Here is a list of default Outlook add-ins:
Business Connectivity Services Add-in
Microsoft Exchange Add-in
Microsoft Outlook Social Connector / Outlook Social Connector 2013
Microsoft SharePoint Server Colleague Import Add-In
Microsoft Exchange Unified Messaging
OneNote Notes about Outlook Items
Microsoft Access Outlook Add-In for Data Collection and Publishing
Microsoft VBA for Outlook Add-in
Windows Search Email Indexer
This page contains a List of all default Outlook Add-ins, plus other add-ins you might encounter.
In addition, other third-party applications can add their own Outlook add-ins. Fortunately, it’s easy to disable unwanted add-ins.
In Outlook 2007: Go to Tools | Trust Center | Add-ins. In the Manage drop-down list, select which add-ins you’d like to disable. Press Go, and make your changes.
In Outlook 2010, 2013 and 2016: Go to File | Options | Add-ins. Locate the Manage drop-down menu at the bottom, and select Com Add-ins, then click on Go. To disable specific add-ins, simply un-check the items you don’t need, and click on OK. You can also use the Remove button to remove selected items completely. For some add-ins, you may need to restart Outlook for your changes to take effect.
Disable RSS Feeds
If you have a lot of RSS feeds that are synchronized with Outlook, these syncing tasks could bring Outlook to a crawl. If you aren’t using Outlook as an RSS reader, you can disable this feature from Outlook by following these steps:
In Outlook 2007: Go to Tools | Options. Select the Other tab, and then click on Advanced Options. Then, uncheck both options under RSS Feeds.
In Outlook 2010 / 2013 / 2016: Go to File | Options. Click on the Advanced button in the left-hand navigation menu. Under the RSS Feeds section, uncheck both options.
Adjusting the Send/Receive Frequency
Adjusting Outlook’s Send/Receive schedule can often improve performance. If email messages are slow showing up in your Inbox, you can configure Outlook to send/receive messages more frequently so that it doesn’t have to download as much data each time it checks for new messages. If your send/receive schedule is set to check less-frequently, say, every 30 minutes, try changing it to send/receive every 3 minutes.
Outlook 2010, 2013 and 2016 users can find this setting via File | Options | Advanced. Locate the Send/Receive section and click on the Send/Receive button. Then, under Send/Receive Groups | All Accounts, adjust the timing for “Schedule an automatic send/receive every…” as shown here:
POP, IMAP & ActiveSync Users
Compact or Repair PST Files
PST files can be another source of Outlook sluggishness. You can help improve Outlook’s performance by:
Using multiple PST files.
Keeping attachments out of PST files.
Compacting PST files.
To compact a PST file in Outlook 2010, 2013 and 2016:
Delete any items you no longer need, and then empty the Deleted Items folder.
Click on the File tab on the ribbon, and then select the Info tab.
Click on Account Settings, and then click on Account Settings again.
Click on the Data Files tab.
Select your PST file in the list, and then click on Settings.
On the General tab, click on Compact Now.
Click on OK and Close.
To compact a PST file in Outlook 2007:
Delete any items you no longer need, and then empty the Deleted Items folder.
Navigate to Tools | Account Settings.
Select your desired account, and then click on Change.
Click on More Settings.
On the Advanced tab, click on Offline Folder File Settings.
Click on Compact Now.
Sometimes, your PST files can develop errors or data inconsistencies, resulting in unexpected behavior in Outlook. When you suspect that there’s an issue with the integrity of your PST file, you can run Scanpst.exe to repair your PST files.
Scanpst can be tricky to locate. By default, you should be able to find it in the Program Files | Microsoft Office | Office14 folder, but you may need to perform a search if you can’t find it in its default location. This location may vary depending on which version of Outlook you are using. You may also want to create a shortcut to this file on your desktop for easier access.
Before using this tool, we recommend making a backup copy of your PST file in case any errors or file corruptions occur to the original file. This shouldn’t be an issue, however, because if Scanpst finds any errors, it will prompt you to make a backup before attempting to repair the file.
Keep Windows Up-to-Date
Microsoft periodically releases Windows updates and service packs. Having the latest updates and service packs can help improve your computer’s overall performance as well as Outlook’s performance.
Nobody should have to put up with sluggish Outlook performance. Following the above suggestions will help ensure that you spend less time waiting for things to happen, and more time making things happen!
If you’re moving to MDaemon from another email platform, or if you want to consolidate your local address books into one centrally-located database for easy access from anywhere, then you’ll want to import your contacts using WorldClient.
When contacts are imported into WorldClient, they are stored in a folder on the MDaemon server and accessible from your ActiveSync-connected mobile device (or Outlook 2013 & up connected via ActiveSync), Outlook via Outlook Connector, and WorldClient – MDaemon’s webmail client.
In a previous video and blog post, I demonstrated how to maintain data privacy by encrypting email messages in WorldClient (MDaemon’s webmail client) using Virtru. However, this easy-to-use client-side email encryption feature does more than just email encryption. When you use Virtru Pro, you can set a message expiration period, revoke sent messages, or disable forwarding. In today’s video tutorial, I show you how to set a message expiration using WorldClient and Virtru.