1
Spamfiltering changes with update from 13.x to 15.x
Question asked by Richard Arnold - 1/11/2017 at 6:17 AM
Answered
We updated our Smartermail software from 13.x to 15.x on a server with approx. 12000 users. After making plenty users happy with some new features we started receiving complaints about spam, which we haven't had in 2 years.
 
It appeared during the update process the greylisting became disabled. After rerunning the standard Wizard, settings medium, activating Greylisting, it became slightly better but still we received far more complaints then we were used to. After tweaking too many legitimate e-mails got marked as spam and ended up in junk or even got deleted.
 
So, now we disabled all Smartermail spamfiltering options and activated the Message Sniffer trial. Last couple of days we received complaints anymore.
 
I have two questions I hope someone can answer:
- do any more changes to spam-related settings occur during the update process to a newer version of the Smartermail software?
- is the message sniffer option considered to be a good solution if used as the only active filter in a smartermail installation?

5 Replies

Reply to Thread
1
Linda Pagillo Replied
Marked As Answer
Hi Richard. I'm not sure of the answer to your first question. As for your 2nd question, I'm a Message Sniffer expert. My company resells the Message Sniffer built into SM as well as the external version of Message Sniffer so we had to become experts in order to support it. I use the external Sniffer along with Declude on all of our in-house mail servers and most of our customer's servers. We only use the SM anti-spam settings for SMTP incoming connection checking and we only use certain, very reliable RBLs for that. With that being said, I would say that Message Sniffer is an excellent choice as an active filter for SM. It's rate for false-positives is almost zero. However, as you probably know, it's not best practices to filter spam (especially if you're deleting it) based on one, single test. I'm not sure of what weights and actions you currently have set up so it's a bit difficult to give you suggestions of which tests, weights and actions you should use. I can only give you a list of what we use and how we use it. If you need an opinion on what some of the most reliable tests are, we found that the following are great to use for filtering and SMTP incoming connection checking...
 
Barracuda
GBUDB
Hostkarma-Black
McAfee
Mailspike
Spamcop
Surriel
SpamHaus (they have several good RBLs you can use)
 
Please know that there are going to be people on this list that strongly disagree with me and that is alright. I have been an email admin for over 15 years and the advice that I'm giving you comes directly from what I have experienced over the years. Our customers are extremely happy with the way we sent up anti-spam filtering on their servers and we have minimal people reporting false-positives with the settings we use. We agree that everyone's environment is different and we do adjust accordingly when we need to. If you have any questions, please let me know. I'm happy to help.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Richard Arnold Replied
I now use:
- Message Sniffer with a weight of 30
- greylisting
- several RBL's, incoming SMTP blocking weighing 30.
 
With a score of 30 mails are now moved to Junk. If score is below 30 no actions are taken. I intend to analyze a couple of Junk folders within a couple of days and if I feel confident enough I'll delete messages if scored 30.
 
So far so good, no false positives. I disabled all built-in filters step by step, with no noticable negative effect.
 
If you have any thoughts about this configuration, I'd be happy to hear it. Anyhow, thanks for your advice!
 
0
Linda Pagillo Replied
I think deleting at 30 is a good idea, but again, you're deleting based on one test which can cause some false-positives at time. Are you using any RBLs at the SM filtering level? If yes, which ones?
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Richard Arnold Replied
Last couple of days seemed to have been very stable in terms of filtering. So far very happy with Message Sniffer. I now activated all SORBS, Spamhaus, UCEProtect, and Hostkarma RBL's for filtering as well. I did not change any of their out of the box weights.
0
Linda Pagillo Replied
I'm glad things are looking good for you. I feel those are good RBLs to start with. Please let us know how that works for you.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller

Reply to Thread