Back to Community Threads
1
Message Sniffer threshold setting
Question asked by E. Keith Dodd - 8/12/2015 at 12:36 PM
Answered
I just started trial of Message Sniffer in SM 14. I see the default setting is either 0 or 30. How should this number be set in conjunction with other spam settings? For example, if I have low spam set at 2, medium at 5, and high at 8 (with a delete); how does that affect Message Sniffer -- or how does Message Sniffer affect my overall spam settings? If MS is 30, what does that mean?
 
Appreciate any insight.
Thanks!

4 Replies

Reply to Thread
0
Linda Pagillo Replied
8/13/2015 at 7:03 AM
Marked As Answer
Hi Keith. If Message Sniffer is set to 30, that means it will add 30 points to the overall score of the message if it is triggered. So basically, if you have your delete weight set to 8, messages that trigger Sniffer for 30 points will be deleted because it breaks the threshold of 8. Since Message Sniffer has very few if no false-positives, it would be fine to leave it at a high weight such as 20 or 30. Just a comment... Your spam setting seem extremely strict in my opinion. In my experience (and I look at about 20 servers per week), most folks have the following settings:
 
Spam Low: 10 - Take No Action
Spam Medium - 14 - Move to Junk
Spam High - 20 or 30 - Delete
 
Any reason why your settings are so strict? If it's because you are getting a large amount of spam, I will be happy to offer suggestions and share configurations that work for me and our customers. Again, in my experience, having very strict antispam settings can cause a lot of false-positives which can be just as bad as too much spam. I hope some of this info helps. Thanks!
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
1
Bruce Barnes Replied
8/13/2015 at 7:39 AM
There is no problem using strict antispam settings, you just have to make certain that you have everything properly locked down.  
 
My document, at: 

https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx  

will show you how to maintain very strict control over SmarterMail and eliminate almost all spam, without seeing any false positives.

The settings outlined in the most recent document will block even very new domains which are setup solely for the purpose of sending out spam.
 
We started developing this document back in the days of SmarterMail 6.X, and it has become the defacto standard for thousands of SmarterMail users throughout the world.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
E. Keith Dodd Replied
8/13/2015 at 7:53 AM
Thanks Linda!
After a while, I went into my mail logs and after looking at items caught by Sniffer, I guessed that it was just as you explained; that Sniffer just adds to the total of any other regular SmarterMail checks.
Just in case of possible false-positives with Sniffer, I set its value at one less than my delete threshold. That way if another test also catches it, the total will cause deletion; but just one less will through it into a spam folder so user can check.
 
Good to hear you say that MS has very few false-positives or none. After a bit of hearing from my users, I may go back and set it higher.
 
I realize my settings are much higher than is usual or recommended. Probably something faulty in my overall set of settings, but I found I had to be that strict or spam was abundant. Using the setting often recommended, did not seem to help. Actually, even a lot with the settings I show until I tried SM, folks still getting a lot of spam. It seems great!
 
Thanks!
 
Keith
 
0
Linda Pagillo Replied
8/13/2015 at 9:48 AM
I'm glad things are looking good in the ways of spam filtering for you. If you need any advice or questions answered please feel free to contact me. Thanks.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting
Message Archiving in SmarterMailSmarterMail > Installation and Configuration
Cannot Send Email MessagesSmarterMail > Troubleshooting
500 Error After Upgrading to the Latest BuildSmarterMail > Troubleshooting