Recommended SPAM Settings

This article applies to recent versions of SmarterMail. View articles for SmarterMail 16.x and earlier.

SmarterMail comes equipped with several industry-standard antispam options that can block up to 97% of all spam from entering or leaving the server and help keep mail systems running smoothly, including SPF, reverse DNS, greylisting and more. However, when considering your spam configuration, it’s important to remember that spam administration is not a "fire and forget" task. Using these built-in options requires constant tweaking to keep that level of effectiveness, and mail administrators will need to monitor incoming and outgoing spam as spammers frequently change their tactics. (Learn more about configuring the built-in antispam options below.)

This is where the Message Sniffer add-on comes in handy. This third-party service acts as an additional spam check and may be a worthwhile investment as a multi-tiered solution is the best course of action when it comes to dealing with spam. Often times, users are not satisfied 97% spam protection -- keeping in mind that, at this level of protection, for every 100 messages a user receives per day, at least 3 of these could be spam. Adding Message Sniffer will catch a higher percentage of spam than the default options, and better yet, it doesn't require consistent updating by the SmarterMail administrator. Using an additional antispam service is easily the most effective option in battling spam.

Below are some recommendations for the various spam settings SmarterMail has to offer. Please keep in mind that these are only suggestions. Administrators can, and should, keep an eye on these settings and adjust them as necessary to concoct a viable antispam solution for their end users.

Follow these steps to review your spam settings:

  1. Log into SmarterMail as a System Administrator.
  2. Click on the Settings area.
  3. In the navigation pane, click on Antispam.
 

SPAM CHECKS

Message Sniffer

(Leave disabled if you do not have the Message Sniffer add-on)

  • Confirmed Weight = 20
  • None Weight = 0

DKIM

(DKIM is the primary mechanism for signing messages which proves to the receiving user that the message was not altered during transit and was sent from the signing domain. Not all valid messages are signed however so no spam weight should be given for no signature.)

  • Pass Weight = 0
  • Fail Weight = 10
  • None Weight = 5
  • Max message size to sign (MB) = 100
  • Max message size to verify (MB) = 100

Null Sender

A common spam technique is to send messages with missing, or "Null" sender values. That means that the message appears to come from no one as the sender details are blank.

  • Weight = 20

Reverse DNS

Reverse DNS checks to make sure that the IP address used to send the email has a friendly name associated with it.

  • Fail Weight = 15
  • Forward Confirm Fail Weight = 10
  • Forward Confirm Mismatch Weight = 5

SpamAssassin

SpamAssassin itself is a powerful, third party open source mail filter used to identify spam that can be easily used alongside, or in place of, SmarterMail’s spam settings. It utilizes a wide array of tools to identify and report spam.

SPF

SPF is a method of verifying that the sender of an email message went through the appropriate email server when sending. Therefore, as it's verifying the sending server, SPF is set up by the sending server's system administrator or the domain owner as a DNS record.

  • Pass weight = 0 (Sender’s IP is valid for sender’s domain)
  • Fail weight = 30 (Sender’s IP is not valid for sender’s domain)
  • Soft Fail weight = 10 (Sender’s IP is questionable for sender’s domain)
  • Neutral weight = 5 (No strong statement can be made for or against sender’s IP)
  • PermError weight = 10 (The SPF record could not be processed.)
  • None weight = 15 (No SPF record has been configured.)

RBLs

Backscatter

  • Weight = 5

Barracuda

  • Weight = 5

HostKarma (various lookup values)

  • Weight = 0 to 10

SEM - Black

  • Weight = 10

SORBS

  • Weight = 5

SORBS - No Mail

  • Weight = 5

SORBS - Recent

  • Weight = 5

SpamCop

  • Weight = 10

Spamhaus (various lookup values

  • Weight = 0 to 15

Surriel

  • Weight = 10

Truncate

  • Weight = 5

UCEProtect Level 1

  • Weight = 5

UCEProtect Level 2

  • Weight = 10

URIBLs (Max / Min)

SEM-URI

  • Weight = 5
  • Max Weight = 15

SURBL (various lookup values)

  • Weight = 5
  • Max Weight = 15

URIBL Black (various lookup values

  • Weight = 5
  • Max Weight = 15

FILTERING

On the Filtering card within the Options tab, you can adjust the global actions taken on emails that are considered to be spam, based on one of three probabilities determined by their spam weights: Low Probability, Medium Probability and High Probability. If a weight is equal to or higher than a certain category, then it is assigned that probability of being spam and the corresponding action is taken. The defaults for Filtering are as follows:

Low Probability of Spam weight = 10

  • Default Action: None

Medium Probability of Spam weight = 20

  • Default Action: Move to Junk Email folder

High Probability of Spam weight = 30

  • Default Action: Move to Junk Email folder

Once you are comfortable with your antispam settings and have a better understanding of the spam messages that impact your domain, you may wish to adjust these settings. For example, you may consider changing the default action on the Low Probability to Move to Junk Email folder or the High Probability to Delete Message. (IMPORTANT NOTE: Email that is deleted via spam filtering CANNOT be recovered.)

SMTP BLOCKING

On the SMTP Blocking card within the Options tab, you can access the configuration options for SMTP Blocking. The idea behind SMTP blocking of incoming and outgoing email is to filter out spam messages before they are delivered. For example, imagine you have six spam checks enabled for Incoming SMTP Blocking and each of those spam checks have a weight of 10. If the Incoming Weight Threshold is set to 50, that means messages being received via SMTP will be rejected if they fail five or all six of the spam checks. (Because SMTP blocks are done at the IP level and not based on message content, some spam checks do not offer incoming or outgoing SMTP blocking.)

Choosing which spam checks are used for Incoming/Outgoing SMTP Blocking is done on the Spam Checks, RBLs and URIBLs tabs. In order to actually enable the blocking feature, enable the corresponding weight threshold on the SMTP Blocking card. When an email arrives or is attempted to be sent that exceeds the threshold value, the email will be blocked and never delivered. Note: By default, the Incoming Weight Threshold is enabled and set to 50. This means that messages that have a spam weight of 50 will be blocked and deleted before they reach the spool. You can decrease that weight threshold once you have a better understanding of the spam that impacts your domain.

In addition to SMTP Blocking, this section also contains settings for the Outgoing Quarantine and Greylisting. If Outgoing Quarantine is enabled, SmarterMail will quarantine any outbound blocked messages for the specified time period. (If set to ‘None,’ messages are immediately deleted from the spool.) The Greylisting Threshold allows you to add extra options for what items get greylisted. If you prefer that messages with a high potential of spam are delayed, you can set the greylist weight threshold on the SMTP Blocking card. We recommend starting the threshold at 30 and decreasing to 20 if you’re confident in your spam checks.

GREYLISTING

On the Greylisting Options card within the Options tab, you can enable greylisting. Greylisting is a popular method of fighting spam as it temporarily rejects unrecognized incoming emails that are not sent by whitelisted or authenticated users, effectively saying, “Try again later.” Valid servers will retry the email a short time later, which would be permitted and delivered. Spammers, on the other hand, rarely retry on temporary failures, therefore reducing the amount of spam that customers receive. Find our recommended values below:

  • Block Period = 3 minutes
  • Pass Period = 360 minutes (6 hours)
  • Record Expiration = 36 days

As part of the greylisting configuration, you can choose to greylist messages from everyone, greylist messages from the specified countries / IP addresses, or greylist messages from everyone except the specified countries / IP addresses. If the greylisting 'Applies To' is set to 'Only specified countries / IP addresses' or 'Everyone except specified countries / IP addresses', you use the Greylist Filters tab to add those exceptions / limitations.

Summary

When it comes to antispam administration, it’s important to keep in mind that spammers change their tactics often and each installation/setup is unique. What one person may consider the ideal spam configuration, others may find too restrictive. What works for one mail server, may not work for all. Discussing your configuration with other server administrators is a great way to get ideas flowing on what will work best for you. If you’ve still got more questions or want additional ideas on how to configure SmarterMail’s antispam, please consider posting in the Community or reviewing one of the many threads discussing antispam topics.

 
Learn more about using SmarterMail for your email accounts and company-wide instant messenger.

Feedback

What is the difference between the outgoing smtp and incoming smtp.

Does outgoing mean emails sent from the smartermail users and incoming means emails sent from outside the server?

Alaa Majzoub (9/17/2014 at 8:27 AM)
Yes, that's correct. Outgoing SMTP is for the emails sent out from your SmarterMail server and incoming is for emails coming in being received by the SmarterMail server.
Andrea Free (9/25/2014 at 8:25 AM)
We have legitimate messages being marked as spam by bayesian filtering. How can we reset/clear that analysis so the analysis will be cleared and start afresh to re-learn the spam traits? Thanks!
troy (3/6/2015 at 3:33 PM)
If you want to start over with Bayesian filtering you can delete the database by going to C:\Program Files (x86)\SmarterTools\SmarterMail\Service (default location) and deleting the bayes.dat and bayes_default.dat files and restart SmarterMail. Then the next time you mark an email as spam the files will be created by SmarterMail.
Brian Ward (3/9/2015 at 12:27 PM)
Thanks! I've deleted the files and will keep an eye on it over the next few days. I appreciate the help!
troy (3/10/2015 at 8:44 PM)
I've changed serverwide spam settings and am having trouble verifying that the settings have propagated to the domains using the default settings... is there a way to either verify or force propagation to the domains?
Northern Pacific Digital (5/27/2016 at 12:43 PM)
Hey NPD! This depends on which settings you changed... Anything adjusted at Security > Antispam Administration will automatically be applied to each domain on your installation.

Check out the options found at Settings > Defaults > Domain Defaults. If you've changed any of the settings found here, you can propagate these to every domain by clicking on Domain Propagation in the navigation pane. Check the fields that should be propagated and select Propagate Now in the toolbar. I hope this helps!

Andrea Free (5/27/2016 at 1:01 PM)
There are no spam filtering options in the propagation fields.
Northern Pacific Digital (12/23/2016 at 12:56 PM)
What can be the reasons why nothing is ever written to the \Service\Spam\Type2 folder?
Roy Scarisbrick (1/3/2017 at 9:22 PM)
Hi Roy. Off the top of my head, I'm not sure of common causes for that. If nothing is being written to your Type2 folder, I would encourage you to submit a ticket to our Support Department. They would be able to review the installation directly and provide a better idea of the cause.
Andrea Free (1/18/2017 at 3:44 PM)
Hi There, I have enabled DKIM filter. But i see this error message in the logs.

"DKIM TempFail: An error of type occured during lookup of the domains DKIM public key. DKIM verification for this message will be skipped."

What action am i supposed to take against this message, can anyone suggest me please ?

Thanks,
Raja

Mathew Akoto (11/13/2017 at 5:18 AM)
There's not much you can do, as far as I know, as the error is thrown when there is an error retrieving the DKIM data. This could be due to a number of things...as it's a "TempFail" it should, hopefully, clear up after a time.
Derek Curtis (11/14/2017 at 10:22 AM)
Hi Brian,

One of the client having trouble when they send/receive emails and SM support suggested add their IP in the white list. We are adding their IPs frequently and it is fine. However, is there any alternative instead we add their IP each time they have internet disruption. Your prompt answer will be highly appreciated.

T & R

IKAN (3/28/2018 at 5:15 AM)
I'm in Brazil, we speak Brazilian Portuguese. I have SmarterMail's SPAM configuration applied to my entire domain, and it's very rare I see an english SPAM message. However, I keep getting a lot of Brazilian Portuguese SPAM. Is SmarterMail's SPAM filtering limited somehow to english messages only? Is there anything I can do so Brazilian SPAM is detected and filtered as well?
paulo.santana (5/14/2018 at 4:05 PM)
Paulo: The spam checks internal to SmarterMail are based off RBLs and URIBLs, which are blacklists managed externally that generally pertain to domains and/or IP addresses. Of course, there's DKIM and other things which are also domain based. These should be international, and generally are, international. As such, language doesn't really come into play with these types of settings.
Derek Curtis (5/14/2018 at 4:24 PM)
Hi Derek, thanks for the answer. So, I really don't know what to do. I receive tons of Brazilian Portuguese SPAM everyday, and no English SPAM. It's very frustrating... :(
paulo.santana (5/14/2018 at 4:50 PM)
Paulo, do the recommended settings here https://github.com/SteveUnderScoreN/SMSpamConfig help block your Brazilian Portuguese Spam?
Steve Norton (1/14/2019 at 7:27 AM)
hello, since the last update a day ago (from 16.0.x to 16.3.6795) i am missing the bayesian options - have they moved? are they obsolet?
- i tried to disable the bayesian filter for outgoing smtp check a week before the update and wanted to revert as of no luck because...
- we also have problem with outgoing smtp spam blocks through bayesian filter since 16.0 and i have no clue to train it?! any advice appreciated

update: i just found out that bayesian has been killed - which kills smartermail for me - but i still have the problem that outgoing smtp gets marked as spam and gets blocked until manual release, without the possibility to train the system?!

Severin Kreuzmayr (8/14/2018 at 4:46 AM)
Hello Severin. Have you enabled Outgoing SMTP Blocking? In the Antispam settings, on the tab, you'll find a card for SMTP Blocking. Is the Outgoing Weight Threshold enabled? If it is, any spam check or RBL/URIBL that is enabled for Outgoing SMTP Blocking will be counted toward the Outgoing Weight Threshold. When an email is attempted to be sent that exceeds the threshold value, the email will be blocked and never delivered.
Andrea Free (8/21/2018 at 9:35 AM)
Hello,
I reconfigure to move the high spam email to Spam folder, but I can't
see the quarantine folder from spool under system administrator page.
I can only see virus quarantine folder.
I need to login to Windows Server, and under spool folder, I can see spam
subfolder. That means I need to login to Windows to check misjudgment mail.
Where I can find spam quarantine folder?
By the way, I can see both spam and quarantine folders on SM 17, but not
SM15.
rds
Juan Lai

Juan Lai (11/7/2018 at 12:19 AM)
Hello Juan. The Spam Quarantine is only used if Outgoing SMTP Blocking is enabled and set to quarantine messages. Please note that only outgoing messages that exceed the Outgoing Weight Threshold will be moved to the Spam Quarantine.

To enable Spam Quarantine in SmarterMail 15.x, log in as the admin and click on the Security icon. In the Antispam Administration settings, click on the SMTP Blocking tab. Ensure the Outgoing Weight Threshold is enabled, then change Outgoing Quarantine to 15 or 30 days. When you save your changes and head to the Manage icon, you'll find Spam Quarantine in the navigation pane.

Andrea Free (11/8/2018 at 8:55 AM)