Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).
Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.
Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.
Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.
By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.
SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.
In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to email@example.com to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.
Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.
You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.
Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
Click Save and Close to save your changes.
End User Instructions
Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.
There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.
To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:
Log into SecurityGateway.
Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
You will receive confirmation that the message was marked as spam.
To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: firstname.lastname@example.org). Note: SMTP authentication must be used.
If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.
When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.
Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!
Can you imagine what life would be like if we didn’t have anti-spam and anti-virus protection on our email servers and gateways? Users would be so flooded with spam, phishing attempts and malware that they’d have to scroll through many pages of email messages before finding a message that’s legitimate. A good anti-spam/anti-virus mail server or gateway will filter out the vast majority of this nonsense so that the end user can focus on his job.
Most mail servers have some form of built-in spam protection, however, administrators are often faced with these challenges
Not enough security features on the mail server to catch many of today’s evolving threats
The need for an extra layer of defense between the mail server and the internet
Lack of reporting features, which can be used to assess the effectiveness of your email security solution
Cumbersome configuration & confusing settings
SecurityGateway was created to address these issues. Many small-to-medium businesses trust SecurityGateway to protect their inbound and outbound email from spam, phishing attempts, and malware.
The following is a brief presentation that describes SecurityGateway’s features.
A company’s greatest asset is its customers, and here at Alt-N, we strive to listen to our customers’ needs. A direct result of that effort was the creation of the Alt-N Idea Engine, which allows customers to submit feature requests and other ideas to improve our products. Many of these ideas have made their way into our products, and many more are being considered for future versions.
Recently, we introduced some exciting new features to MDaemon, including a flexible Remote Administration interface and enhanced security via DMARC (Domain-Based Message Authentication, Reporting, and Conformance). I’m pleased to announce that these and other great new features have now been added to SecurityGateway!
With the proliferation of handheld devices and an increasingly mobile workforce, users will benefit from an updated, responsive web interface that is optimized for mobile devices. The format of the information displayed is dependent on the size of the browser window, so whether you’re on a desktop PC, a tablet, or a mobile phone, the interface adjusts for a more user-friendly experience regardless of what type of device is used.
Enhanced Anti-Spoofing Support with DMARC
DMARC (Domain-Based Message Authentication, Reporting and Conformance), enables domain owners to direct the actions to take when handling messages purporting to be from their domain(s) but were not actually sent by them.
Bind Domain to Its Own IP address
For servers that have multiple IP addresses and multiple domains, each domain in SecurityGateway can now be bound to its own IP address. This allows messages from a specific domain to be sent only from its assigned IP address.
SecurityGateway is a powerful email spam & malware filter & gateway that can be used to protect any type of mail server. It offers a layered approach to security, with protection features including data leak prevention, attachment filtering, heuristic and Bayesian analysis, zero-hour Outbreak Protection, and much more.
In today’s video tutorial, we demonstrate best practices for handling spam in SecurityGateway. Topics covered include:
How to mark a message as spam to teach the Bayesian learning process how to identify junk email messages, which helps to make the spam filter more accurate over time.
Are you receiving a lot of inbound email to MDaemon or SecurityGateway from a particular country?
Does your company do business with this country?
Do your email users only need to send and receive email within your own country?
If you run a small business and all of your clients and suppliers are local, then chances are you’re not going to be sending email to certain countries across the globe. Depending on the type of business, companies may want to block all incoming connections from these countries. This is especially useful because a lot of international email traffic contains spam, malware, phishing attempts, and viruses. Taking the time to deal with these types of messages can lead to lost productivity.
There’s an easy way to block these connections. In this video, I show you how to block mail by originating country using the DNS-BL features in MDaemon and SecurityGateway.
If you work in real estate, you are not likely to receive email with pharmaceutical-related content, and if you work in the medical field, you’re not likely to receive email about stock tips or account-related notifications from PayPal. With SecurityGateway, you can create content filter rules to filter out messages that contain words that are not relevant to your business. You can filter based on the sender, recipient, IP address, message subject, message body, or any header found within the message. I’ll show you how in the following brief tutorial video.
SecurityGateway is a software-based email gateway/firewall that can be installed in front of any Exchange or other SMTP mail server, allowing you to block malicious content, such as spam, viruses, malware, and phishing attempts, before it reaches your mail server. You can learn more about SecurityGateway here.
SecurityGateway and MDaemon both feature Bayesian learning, which allows administrators (or users, when authorized) to feed samples of spam and non-spam email messages to designated public folders. By default, when 200 samples of spam and 200 samples of non-spam have been placed in these folders, the Bayesian learning process will process these folders and feed their contents to a database of what are known as tokens – snippets of spam-like and ham-like (non-spam) content, basically. We all know that we humans are not infallible – people make mistakes, so it’s possible for messages to be fed to the wrong folders. When this happens, users may begin to receive more false-negatives (spam that was not caught by the spam filter) or you may accumulate a number of false positives (legitimate email messages that were flagged as spam by the spam filter). When this happens, it may be necessary to rebuild the Bayesian database. You may recall that I posted a blog entry awhile back on how to rebuild the Bayesian database for MDaemon. You can read that post here. For SecurityGateway, the concepts are the same, but the navigation and file locations are different. The following tutorial video explains how to rebuild the Bayesian database in SecurityGateway.