Teach SecurityGateway to Recognize Spam

Recently, I wrote a post about teaching your MDaemon Inbox to recognize spam using the Bayesian learning feature. This feature helps to train the spam filter to be more accurate over time by feeding it samples of spam and non-spam messages. SecurityGateway also includes Bayesian learning features (in addition to many other security features designed to keep spam, viruses, malware and phishing attacks from hitting your mail server). Today, I’ll be explaining how to use these features to teach SecurityGateway how to get better at recognizing spam (false negatives – spam messages that were not filtered out) and non-spam (false positives – legitimate messages that were marked as spam).

Administrator Instructions

Administrators must first enable and configure Bayesian learning in SecurityGateway before users will be able to use it. Follow these steps to enable and configure Bayesian learning.

  1. Click on the Security tab, and then click on Heuristics & Bayesian under the Anti-Spam section.
  2. Make sure the first box, “Use heuristic rules and Bayesian classification to analyze messages” is checked. This setting basically turns the spam filter on and is enabled by default.
  3. Under “Location (all domains),” click on the link to configure SGSpamD. You can optionally select a domain in the drop-down menu at the top to configure these settings for a specific domain.

    Enable SGSpamD
    Enable SGSpamD
  4. Under the “Bayesian Classification” section, check the first box to enable Bayesian classification.

    Enable Bayesian Classification
    Enable Bayesian Classification
  5. By default, 200 samples of spam and 200 samples of non-spam are needed before Bayesian learning can take place. You can adjust this number in the blanks provided, but in most cases, this will not be necessary.
  6. By default, Bayesian learning takes place at midnight each night. You can select the second option under the “Bayesian Learning” section if you’d like to schedule Bayesian learning more frequently, at regular intervals. This is useful if you have a larger number of messages to learn from. You can also select the third option if you do not want Bayesian learning to run automatically based on a schedule. When this option is selected, you can use the link at the bottom of the Bayesian Learning section to perform Bayesian learning as needed.

    Bayes Schedule
    Bayes Schedule
  7. SecurityGateway needs to know where to find messages to be fed to the Bayesian learning engine. By default, messages are  placed inside the C:/Program Files/Alt-N technologies/SecurityGateway/BayesSpam and BayesHam directories. You can optionally use a different path mapped to a different drive to improve performance.

    Known Spam Directory
    Known Spam Directory
  8. In the following two blanks, enter the Spam and Non-Spam forwarding addresses. The default addresses are spamlearn and hamlearn, so if your domain is example.com, users can forward spam messages (as an attachment) to spamlearn@example.com to feed these messages to the Bayesian learning engine. This procedure is explained in greater detail later when we discuss how end users can submit spam and non-spam messages to the Bayesian learning engine.

    Spam Forwarding Addresses
    Spam Forwarding Addresses
  9. Most spam messages are relatively small, thus, you can place a size limit on messages to learn from by checking the box “Don’t learn from messages larger than” and entering a value (in bytes) in the blank blow. Placing a size limit on messages to learn from helps improve the performance of the Bayesian learning engine.

    Bayes Size Limit
    Bayes Size Limit
  10. You can automate the Bayesian learning process by enabling Automatic Bayesian Learning. By default, messages that score less than 0.1 are considered to be legitimate and only messages that score a 12.0 or above are considered to be spam for purposes of automatic Bayesian learning. Before enabling automatic Bayesian learning, I would recommend reviewing your message logs for false negatives and false positives and use their spam scores as guidelines for populating the spam and non-spam scoring thresholds. You can also optionally check the boxes to only learn non-spam messages from domain mail servers and authenticated sessions, and only learn spam from inbound messages.

    Bayes Automatic Learning
    Bayes Automatic Learning
  11. Before I explain the next setting, I want to explain the concept of “tokens.” When the Bayesian learning feature “learns” from a message, it takes snippets of information from the message, such as words or phrases, and uses this information to create tokens. These tokens are accumulated and when a new message is scanned by Bayesian learning, its contents are compared to these tokens to look for similarities. Under the Bayesian Database section, check the box to enable Bayesian automatic token expiration. This helps to limit the token database to a manageable size, expiring old tokens and replacing them with new ones when the maximum number of Bayesian database tokens (specified in the blank below) has been reached. When this number of tokens is reached, the Bayesian system removes the oldest, reducing the number to 75% of this value or 100,000 tokens, whichever is higher. 150,000 tokens make up about 8MB of data.
  12. Click Save and Close to save your changes.

End User Instructions

Now that SecurityGateway has been configured properly on the server, users can start feeding samples of spam and non-spam to the Bayesian learning engine.

There are two methods users can use to submit samples of spam and non-spam to the Bayesian learning engine in SecurityGateway. The first (and easier) way is to use the thumbs-up and thumbs-down icons in the SecurityGateway interface. The second way is by forwarding spam and non-spam messages (as attachments) to designated email addresses.

To mark messages as spam or non-spam using the SecurityGateway interface, follow these steps:

  1. Log into SecurityGateway.
  2. Click on My Message Log. This brings up a list of all of your inbound and outbound messages.
  3. Click on the message you wish to mark as spam or non-spam, and then click on the Thumbs-up button to mark the message as non-spam, or the thumbs-down button to mark the message as spam.
    Mark Message as Spam
    Mark Message as Spam

    You will receive confirmation that the message was marked as spam.

    Marked as Spam Confirmation
    Marked as Spam Confirmation

To feed messages to the Bayesian learning engine by forwarding them as attachments, simply attach the message to an email addressed to the designated hamlearn@ or spamlearn@ address for your domain (example: spamlearn@example.com). Note: SMTP authentication must be used.

If you are using WorldClient, you can right-click on the message and select “Forward as Attachment.” Then, populate the To: field with the spamlearn@ or hamlearn@ address and simply send the message.

Forward as Attachment
Forward as Attachment

When used properly, Bayesian Learning is a powerful tool for reducing spam and ensuring legitimate messages are not blocked by the spam filter. More information can be found in this knowledge base article.

Don’t let spam ruin your day. These tips can help you keep the bad stuff out of your Inbox so you can focus on your business!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Stop Spam & Malware with SecurityGateway – New SlideShare Presentation

Can you imagine what life would be like if we didn’t have anti-spam and anti-virus protection on our email servers and gateways? Users would be so flooded with spam, phishing attempts and malware that they’d have to scroll through many pages of email messages before finding a message that’s legitimate. A good anti-spam/anti-virus mail server or gateway will filter out the vast majority of this nonsense so that the end user can focus on his job.

Most mail servers have some form of built-in spam protection, however, administrators are often faced with these challenges

  • Not enough security features on the mail server to catch many of today’s evolving threats
  • The need for an extra layer of defense between the mail server and the internet
  • Lack of reporting features, which can be used to assess the effectiveness of your email security solution
  • Cumbersome configuration & confusing settings

SecurityGateway was created to address these issues. Many small-to-medium businesses trust  SecurityGateway to protect their inbound and outbound email from spam, phishing attempts, and malware.

The following is a brief presentation that describes SecurityGateway’s features.

 

Would you like to learn more about SecurityGateway? Click here to visit the SecurityGateway overview page, or click here to download your free trial.

 

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

A Fresh New Look & New Features for SecurityGateway 4.0!

SecurityGateway_logo_transparentA company’s greatest asset is its customers, and here at Alt-N, we strive to listen to our customers’ needs. A direct result of that effort was the creation of the Alt-N Idea Engine, which allows customers to submit feature requests and other ideas to improve our products. Many of these ideas have made their way into our products, and many more are being considered for future versions.

Recently, we introduced some exciting new features to MDaemon, including a flexible Remote Administration interface and enhanced security via DMARC (Domain-Based Message Authentication, Reporting, and Conformance). I’m pleased to announce that these and other great new features have now been added to SecurityGateway!

A brief overview of key new features is outlined below. For a complete overview of all new features and enhancements, click here to view the SecurityGateway Release Notes.

Flexible, Mobile-Optimized Web Interface

With the proliferation of handheld devices and an increasingly mobile workforce, users will benefit from an updated, responsive web interface that is optimized for mobile devices. The format of the information displayed is dependent on the size of the browser window, so whether you’re on a desktop PC, a tablet, or a mobile phone, the interface adjusts for a more user-friendly experience regardless of what type of device is used.

Enhanced Anti-Spoofing Support with DMARC

DMARC (Domain-Based Message Authentication, Reporting and Conformance), enables domain owners to direct the actions to take when handling messages purporting to be from their domain(s) but were not actually sent by them.

Bind Domain to Its Own IP address

For servers that have multiple IP addresses and multiple domains, each domain in SecurityGateway can now be bound to its own IP address. This allows messages from a specific domain to be sent only from its assigned IP address.

For more information on pricing for new purchases, upgrades or renewals, please visit the Purchase, Renew or Upgrade page!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Quarantine Management with WorldClient Private Email

WorldClient Private Email makes spam management easy by providing users with the email and collaboration features found in WorldClient, MDaemon’s webmail client, and the security and spam filtering features found in SecurityGateway. This tutorial video covers the following topics:

  • How to allow users to manage their own quarantines in SecurityGateway
  • Quarantine management via the Quarantine Summary Email, and how often this email is sent to users
  • When to whitelist or blacklist the sender, and when & how to release a message from quarantine
  • Quarantine management via the SecurityGateway interface
  • Feeding the Bayesian spam and non-spam database – to improve the spam filter’s accuracy

Spam doesn’t have to be an overwhelming nuisance. When these practices are followed, spam is kept under control so you can spend less time dealing with spam and more time focusing on your business.

If you are interested in our WorldClient Private Email hosted email service, click here for pricing and features, or click here to sign up!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

How to Deal with Spam in SecurityGateway

SecurityGateway is a powerful email spam & malware filter & gateway that can be used to protect any type of mail server. It offers a layered approach to security, with protection features including data leak prevention, attachment filtering, heuristic and Bayesian analysis, zero-hour Outbreak Protection, and much more.

In today’s video tutorial, we demonstrate best practices for handling spam in SecurityGateway. Topics covered include:

  • How to mark a message as spam to teach the Bayesian learning process how to identify junk email messages, which helps to make the spam filter more accurate over time.
  • How to use whitelists and blacklists.
  • How to manage messages in your quarantine.
  • How to find specific messages in the Message Log.

If you’d like to learn more about SecurityGateway, then visit our SecurityGateway product page.

Or download your free trial to see how easy it is to use, and let us know if you have questions!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SecurityGateway 3.0.3 Has Been Released

Today, we released SecurityGateway 3.0.3. Here are some highlights on what’s new for this latest release.

  • Compressed archive files, such as .zip and .rar, can now be scanned for restricted attachments.
  • An option has been added which allows a global administrator to export all whitelists and blacklists to a CSV file.
  • Adobe Flash is no longer required to display traffic and mailbox charts.
  • Global administrators can now be automatically alerted when a new user is created.

There are many more new features and enhancements. For a complete list, click here to read the SecurityGateway release notes.

Want to learn more? Check out our recorded webinar for an overview of SecurityGateway.

Click here to download your free trial of SecurityGateway.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Blocking Incoming Email by Country

Are you receiving a lot of inbound email to MDaemon or SecurityGateway from a particular country?

Does your company do business with this country?

Do your email users only need to send and receive email within your own country?

If you run a small business and all of your clients and suppliers are local, then chances are you’re not going to be sending email to certain countries across the globe. Depending on the type of business, companies may want to block all incoming connections from these countries. This is especially useful because a lot of international email traffic contains spam, malware, phishing attempts, and viruses. Taking the time to deal with these types of messages can lead to lost productivity.

There’s an easy way to block these connections. In this video, I show you how to block mail by originating country using the DNS-BL features in MDaemon and SecurityGateway.

If you’d like more information on MDaemon’s security features, then visit the Email Security link under our MDaemon product page.

Click here to learn more about SecurityGateway’s security features.

Visit the Downloads page on our website to download a free trial, and please leave us a comment below if you have questions or would like more information.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Blocking Messages based on Keywords in SecurityGateway

If you work in real estate, you are not likely to receive email with pharmaceutical-related content, and if you work in the medical field, you’re not likely to receive email about stock tips or account-related notifications from PayPal. With SecurityGateway, you can create content filter rules to filter out messages that contain words that are not relevant to your business. You can filter based on the sender, recipient, IP address, message subject, message body, or any header found within the message. I’ll show you how in the following brief tutorial video.

SecurityGateway is a software-based email gateway/firewall that can be installed in front of any Exchange or other SMTP mail server, allowing you to block malicious content, such as spam, viruses, malware, and phishing attempts, before it reaches your mail server. You can learn more about SecurityGateway here.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Rebuilding the Bayesian Learning Process in SecurityGateway

SecurityGateway and MDaemon both feature Bayesian learning, which allows administrators (or users, when authorized) to feed samples of spam and non-spam email messages to designated public folders. By default, when 200 samples of spam and 200 samples of non-spam have been placed in these folders, the Bayesian learning process will process these folders and feed their contents to a database of what are known as tokens – snippets of spam-like and ham-like (non-spam) content, basically. We all know that we humans are not infallible – people make mistakes, so it’s possible for messages to be fed to the wrong folders. When this happens, users may begin to receive more false-negatives (spam that was not caught by the spam filter) or you may accumulate a number of false positives (legitimate email messages that were flagged as spam by the spam filter). When this happens, it may be necessary to rebuild the Bayesian database. You may recall that I posted  a blog entry awhile back on how to rebuild the Bayesian database for MDaemon. You can read that post here. For SecurityGateway, the concepts are the same, but the navigation and file locations are different. The following tutorial video explains how to rebuild the Bayesian database in SecurityGateway.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •