Teach SecurityGateway to Recognize Spam

Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).

Administrator Instructions

Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.

  1. Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
  2. Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
  3. Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.

    Enable SGSpamD
    Enable SGSpamD
  4. Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.

    Enable Bayesian Classification
    Enable Bayesian Classification
  5. By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
  6. By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.

    Bayes Schedule
    Bayes Schedule
  7. SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are  placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.

    Known Spam Directory
    Known Spam Directory
  8. In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to spamlearn@example.com to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.

    Spam Forwarding Addresses
    Spam Forwarding Addresses
  9. Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.

    Bayes Size Limit
    Bayes Size Limit
  10. You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.

    Bayes Automatic Learning
    Bayes Automatic Learning
  11. Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
  12. Click Save and Close to save your changes.

End User Instructions

Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.

There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.

To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:

  1. Log into SecurityGateway.
  2. Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
  3. Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
    Mark Message as Spam
    Mark Message as Spam

    You will receive confirmation that the message was marked as spam.

    Marked as Spam Confirmation
    Marked as Spam Confirmation

To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: spamlearn@example.com). Note: SMTP authentication must be used.

If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.

Forward as Attachment
Forward as Attachment

When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.

Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New MDaemon Tutorials Added to YouTube

If you haven’t seen our YouTube channel lately, you’re missing out on some valuable information that can be used to help you manage MDaemon and SecurityGateway. Recently, we’ve added several new MDaemon tutorial videos. Here are a few that might interest you.

MDaemon Graphical User Interface (GUI) Overview

In this video, we provide a tour of MDaemon’s graphical user interface. We show you where to find key security, administration, and account management settings, how to navigate your way through the mail queues, and how to find information in the mail routing, security and spam filter logs using the tabs across the bottom of the MDaemon interface.

MDaemon’s File Structure

One of the benefits of MDaemon that make it easy to troubleshoot and administer is its file structure. All key settings are stored in configuration files located in the MDaemon/App directory, and user email messages are stored in the Users directory. This flat-file structure makes MDaemon very easy to backup and restore using simple drag & drop.

How to Enable and Use Two-Factor Authentication in WorldClient

Two-factor authentication is a security feature found in WorldClient, MDaemon’s webmail client, which requires users to submit two forms of identifying data – a password, and a special code or token, before they are able to login. Two-factor authentication helps prevent accounts from being hijacked by someone who manages to guess the account’s password. A potential hacker would have to know the second authenticating factor in order to access the account.

Enabling Do Not Disturb to Establish Work/Life Balance for Employees

MDaemon’s Do-Not-Disturb feature allows administrators to set a time during which certain users are not allowed to check for or send new email messages. In an age where we’re all constantly connected via mobile devices, this helps foster better work-life balance for your users.

These are just a few of the tutorial videos on our YouTube channel. Visit our YouTube channel for other tutorials, product overview videos, webinars, and more. If you haven’t tried MDaemon yet, click here to download your free trial and see how easy MDaemon is to use!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Manage Employee Overtime with New Email Feature

Companies around the world are faced with the need to manage email access after hours to reduce overtime pay and promote a stronger work/life balance for their employees. MDaemon makes this goal attainable using its Do Not Disturb feature. Do Not Disturb allows administrators to designate a time during which selected users are not allowed to check their email. During the Do Not Disturb period, accounts can still receive email on the mail server, but users cannot send or check for mail using SMTP, IMAP, POP, WorldClient or ActiveSync.

In MDaemon, you can access the Do Not Disturb feature via the Group Manager screen under the Accounts menu. Follow these steps to configure Do Not Disturb.

  1. Select Accounts.
  2. Select Groups & Templates.
  3. Select Group Manager.
  4. Select New Group or click on an existing group to select it.
    Click on New Group to create a user group in MDaemonEnter a Group Name and Description for your new group.Group name and description - MDaemon user group
  5. Click on Add or remove accounts from the selected group.
    Adding Accounts to a Group in MDaemon Messaging Server
  6. Check the box for each account you wish to add to this group, and then click OK.
    Adding Accounts to a Group in MDaemon Email Server
  7. Select the group name under the Group Manager list.
    Select the Group in the Group Manager List
  8. Check Enable Do Not Disturb.
    Do Not Disturb Checkbox - MDaemon Groups & Templates
  9. Click on Define Do Not Disturb Schedule to configure when you would like this feature to take effect.
    Defining a do-not-disturb schedule for selected accounts in MDaemon
  10. Select your desired Do-Not-Disturb schedule, including dates, times, and days of the week, and then click OK.
    Do not Disturb schedule
  11. Click OK to close the Groups & Templates window.

Once these settings are enabled, users who try to access or send email during Do Not Disturb hours will be denied access.

The following video demonstrates how to configure Do Not Disturb.

Do Not Disturb gives administrators and management teams greater control over who has after-hours access to the email system. This feature was added in MDaemon 15.5. If you’re using an older version of MDaemon and would like to upgrade, then visit our Downloads page to download the latest version of MDaemon.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Is Slow Outlook Performance Making you Pull Your Hair Out?

If you’ve used Microsoft Outlook for an extended period of time, you may have noticed that it doesn’t run quite as smoothly as it used to. Outlook’s performance is affected by many things, including the amount of data it has to keep track of, any add-ons that are installed, how often it checks for new mail (checking more frequently can improve performance), and various other factors. Whether you use POP, IMAP, ActiveSync or Outlook Connector, you can perform various tasks to improve Outlook’s performance. Follow the steps outlined below to keep Outlook running like a well-oiled machine.

Outlook Connector Users

Compact the Outlook Connector Local Cache File

Unlike POP, which stores data in a PST file, Outlook Connector stores a local copy of account data in a local cache file. If you are using Outlook Connector, you can compact the local cache file to improve performance. Follow these steps to compact the local cache file:

  1. Make sure Outlook is shut down, and navigate to the Windows control panel.
  2. Click on the Mail control panel.
  3. Click on Email Accounts.
  4. Double-click on your Outlook Connector account.
  5. Click on the Database Management tab.
  6. Locate the Purge Database section and click on the Purge button.
  7. Locate the Compact Database section, and click on the Compact button. You can also check “Compact database on Outlook shutdown” to compact the database each time Outlook is shut down.
Outlook Connector Options
Outlook Connector Options

NOTE: Outlook Connector includes the option “Download Headers Only” under the Send/Receive tab of the Outlook Connector Client configuration screen. When this option is enabled, Outlook only downloads the information needed to show messages in the message list, and not the full content of each message. When you click on a message, the rest of the message is downloaded for viewing. Users may experience a slight delay in viewing messages in the preview pane when “Download Headers Only” is enabled because Outlook has to download the rest of the message when it is selected. If messages are show to appear in the preview pane or when viewing, try disabling “Download headers only.”

Please see the Outlook Connector for MDaemon – Guidelines page at www.altn.com for more information on getting the best performance out of Outlook Connector.

POP, IMAP, ActiveSync or Outlook Connector Users

Perform Regular Housekeeping

Performing the following housekeeping tasks regularly will help minimize the amount of data that Outlook must process, and will reduce the amount of memory used by the program.

We recommend performing these housekeeping tasks regularly:

  • Delete any email messages, calendar items, and contacts that are no longer needed.
  • Empty the Deleted Items folder by right-clicking it and selecting Empty Folder.
  • Delete unwanted items from the Sent Items folder.
  • Move items out of the Inbox to other mail folders.
  • Archive old messages. Mail server administrators can implement a server-wide archiving solution such as MailStore to help cut down on the amount of data stored in user mailboxes.

Disable Add-Ins

Having too many Outlook add-ins can bog down Outlook’s performance. When Outlook is installed for the first time, it comes with its own set of add-ins. Not all of these add-ins will be activated, and there may be add-ins enabled that you don’t need. Here is a list of default Outlook add-ins:

  • Business Connectivity Services Add-in
  • Microsoft Exchange Add-in
  • Microsoft Outlook Social Connector / Outlook Social Connector 2013
  • Microsoft SharePoint Server Colleague Import Add-In
  • Microsoft Exchange Unified Messaging
  • OneNote Notes about Outlook Items
  • Microsoft Access Outlook Add-In for Data Collection and Publishing
  • Microsoft VBA for Outlook Add-in
  • Windows Search Email Indexer

This page contains a List of all default Outlook Add-ins, plus other add-ins you might encounter.

In addition, other third-party applications can add their own Outlook add-ins. Fortunately, it’s easy to disable unwanted add-ins.

In Outlook 2007: Go to Tools | Trust Center | Add-ins. In the Manage drop-down list, select which add-ins you’d like to disable. Press Go, and make your changes.

In Outlook 2010, 2013 and 2016: Go to File | Options | Add-ins. Locate the Manage drop-down menu at the bottom, and select Com Add-ins, then click on Go. To disable specific add-ins, simply un-check the items you don’t need, and click on OK. You can also use the Remove button to remove selected items completely. For some add-ins, you may need to restart Outlook for your changes to take effect.

Disable Outlook Add-Ins
Disable Outlook Add-Ins

Disable RSS Feeds

If you have a lot of RSS feeds that are synchronized with Outlook, these syncing tasks could bring Outlook to a crawl. If you aren’t using Outlook as an RSS reader, you can disable this feature from Outlook by following these steps:

In Outlook 2007: Go to Tools | Options. Select the Other tab, and then click on Advanced Options. Then, uncheck both options under RSS Feeds.

In Outlook 2010 / 2013 / 2016: Go to File | Options. Click on the Advanced button in the left-hand navigation menu. Under the RSS Feeds section, uncheck both options.

Disable RSS in Outlook
Disabling RSS in Outlook

Adjusting the Send/Receive Frequency

Adjusting Outlook’s Send/Receive schedule can often improve performance. If email messages are slow showing up in your Inbox, you can configure Outlook to send/receive messages more frequently so that it doesn’t have to download as much data each time it checks for new messages. If your send/receive schedule is set to check less-frequently, say, every 30 minutes, try changing it to send/receive every 3 minutes.

Outlook 2010, 2013 and 2016 users can find this setting via File | Options | Advanced. Locate the Send/Receive section and click on the Send/Receive button. Then, under Send/Receive Groups |  All Accounts, adjust the timing for “Schedule an automatic send/receive every…” as shown here:

Outlook Send Receive Schedule
Outlook Send Receive Schedule

POP, IMAP & ActiveSync Users

Compact or Repair PST Files

PST files can be another source of Outlook sluggishness. You can help improve Outlook’s performance by:

  • Using multiple PST files.
  • Keeping attachments out of PST files.
  • Compacting PST files.

To compact a PST file in Outlook 2010, 2013 and 2016:

  • Delete any items you no longer need, and then empty the Deleted Items folder.
  • Click on the File tab on the ribbon, and then select the Info tab.
  • Click on Account Settings, and then click on Account Settings again.
  • Click on the Data Files tab.
  • Select your PST file in the list, and then click on Settings.
  • On the General tab, click on Compact Now.
  • Click on OK and Close.

    Compacting a PST in Outlook
    Compacting a PST in Outlook

To compact a PST file in Outlook 2007:

  • Delete any items you no longer need, and then empty the Deleted Items folder.
  • Navigate to Tools | Account Settings.
  • Select your desired account, and then click on Change.
  • Click on More Settings.
  • On the Advanced tab, click on Offline Folder File Settings.
  • Click on Compact Now.

Sometimes, your PST files can develop errors or data inconsistencies, resulting in unexpected behavior in Outlook. When you suspect that there’s an issue with the integrity of your PST file, you can run Scanpst.exe to repair your PST files.

Scanpst can be tricky to locate. By default, you should be able to find it in the Program Files | Microsoft Office | Office14 folder, but you may need to perform a search if you can’t find it in its default location. This location may vary depending on which version of Outlook you are using. You may also want to create a shortcut to this file on your desktop for easier access.

Before using this tool, we recommend making a backup copy of your PST file in case any errors or file corruptions occur to the original file. This shouldn’t be an issue, however, because if Scanpst finds any errors, it will prompt you to make a backup before attempting to repair the file.

Keep Windows Up-to-Date

Microsoft periodically releases Windows updates and service packs. Having the latest updates and service packs can help improve your computer’s overall performance as well as Outlook’s performance.

Conclusion

Nobody should have to put up with sluggish Outlook performance. Following the above suggestions will help ensure that you spend less time waiting for things to happen, and more time making things happen!

UPDATE: This information can now be found in our new how-to guide on improving Outlook Performance, located on our Literature page. Click here to download the PDF.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Protect Email Privacy with Message Expiration using Virtru

In a previous video and blog post, I demonstrated how to maintain data privacy by encrypting email messages in WorldClient (MDaemon’s webmail client) using Virtru. However, this easy-to-use client-side email encryption feature does more than just email encryption. When you use Virtru Pro, you can set a message expiration  period, revoke sent messages, or disable forwarding. In today’s video tutorial, I show you how to set a message expiration using WorldClient and Virtru.

 

If you’d like to see for yourself how easy Virtru is to use, then download  your free trial of MDaemon!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Training the Bayesian Spam Learning Engine in WorldClient

MDaemon’s built-in spam filter includes a feature known as Bayesian Learning. Bayesian Learning allows MDaemon to “learn” what types of messages are spam and what types are not spam. This allows the spam filter to become more accurate over time.

It is important for users to properly train the Bayes system so that messages are correctly flagged as spam or non-spam. We do not recommend blacklisting the sender of spam messages because this does not help the Bayes engine learn from the message, and thus, has no effect on reducing spam. The easiest way to train the Bayes engine is for users to use the thumbs-up and thumbs-down icons in WorldClient (MDaemon’s webmail client) to feed the Bayes engine samples of spam and non-spam. The more spam and non-spam samples you feed to the Bayes engine, the more accurate the spam filter will become over time, thus, it is very important for users to use the thumbs-down icon on every spam message – whether it arrives in your Inbox or in your Junk Email folder. Likewise, for every false-positive (legitimate, non-spam message that is flagged as spam), you can use the thumbs-up icon to flag the message as non-spam.

This knowledge base article provides a more thorough explanation of Bayesian Learning and how to train the Bayesian Learning engine.

This video explains further.

If you are an end user and you do not see the thumbs-up and thumbs-down icons in WorldClient, the MDaemon administrator can take steps outlined in this video and blog post to make those icons appear.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Are You Receiving Replies to Messages you Never Sent?

Image "Return to Sender"

Have you ever logged into your email to find tons of bounce-back messages (out-of-office replies, NDR messages, invalid recipient messages) in response to messages you never sent? For many users, their first thought is that they need to change their email password. However, changing your email password will not prevent this. Why? Because what you are receiving is known as backscatter, and has nothing to do with your email account being hacked.

Spammers often forge the return-path in their outbound messages to cover up their true identity. If the forged address in these spam messages was your address, then you are likely to receive the bounce-back messages and auto-responders in response to these messages.

So how do you prevent this? MDaemon includes Backscatter Protection. Backscatter Protection works by adding a special key to the return-path of all outbound mail. When MDaemon receives an out-of-office reply or non-delivery message, it looks for that special key. If the key is missing, then we know the bounce-back message is not legitimate and can be discarded.

When Backscatter Protection is disabled, the return-path of a message looks like this:
X-Return-Path: frank.thomas@example.com

When Backscatter Protection is enabled, an extra series of characters beginning with prvs= is added to the return path – like this:
X-Return-Path: prvs=163898ff65=frank.thomas@example.com

It is this extra series of characters that the Backscatter Protection feature looks for in bounce-back messages.

Check out the following video to learn more about Backscatter Protection and how to enable it in MDaemon. If you have questions, please feel free to leave us a comment & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

MDaemon Spam Filter Deep-Dive Webinar

In addition to its built-in spam filter, MDaemon includes many other security features that can be used to fight spam. In this webinar, we take you through an in-depth explanation of MDaemon’s spam-fighting features, and discuss recommended settings for best results.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

How to Notify a Designated User when a New User is Created in MDaemon

As I mentioned in a previous post, you can do some creative things with MDaemon’s content filter. Recently, one of our users had asked in our community forums if there was a way to send a notification message to a designated user or email address whenever a new account is created in MDaemon. I’ll walk you through the steps to achieve this in this tutorial video.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

User Accidentally Erased All Contacts?

Has this happened to you? You're the MDaemon administrator, and one of your users has contacted you in a panic because he accidentally deleted all of his contacts from his ActiveSync connected device. The device then re-synced with the server, at which point all contacts were deleted from the server. This is a good case in support of backup & archiving. You just never know when you'll need a backup copy of your data, and most businesses these days can't afford to NOT have a backup solution in place.

To restore the user's contacts, you would simply need to restore the backup copy of the user's addrbook.mrk file, which you can find in the Contacts.IMAP folder of the user's mailbox (example - C:\MDaemon\Users\example.com\frank.thomas\contacts.IMAP). You may also see a series of .MSG files in the same directory within your backup. These .MSG files are created from the contents of the addrbook.mrk file by Outlook Connector. You will not need to restore these .MSG files since they will be recreated automatically. This same concept also applies to your calendar entries (Calendar.mrk&#41, tasks (TaskList.mrk&#41 and notes (Notes.mrk&#41.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •