Table of Contents
Click an item to jump directly to that question.
- What's The Difference Between Spam Blocker And Spam Blocker Lite?
- Why Doesn't Spam Blocker Block All Spam?
- What Is Tarpit?
- We Receive Tons Of Email. Can I Adjust The Maximum Number Of Messages To Be Scanned At Once?
- My CPU Load Is Always Above 7. I Still Need To Test For Spam. What Do I Do?
- How Can I Exempt Email Addresses From Phish Blocker Scanning?
- Where Can I Get More Information On Phish Filtering For The Web?
- Why Are Users Not Receiving A Quarantine Daily Digest?
- What Happens To Email When The Recipient Is Not On The Quarantinable Address List?
- What Will Happen If My Rules Are Set To Quarantine But The Receiver's Address Cannot Be Quarantined?
- Can I Have NG Firewall Drop Mail That Is Not To Valid Users?
There are two main reasons why Spam Blocker might not block all your spam:
- Spam Blocker is a player in an "arms race" against spammers - new techniques are found to get around filters, which are then updated to catch these new methods. No product can reliably block 100% of spam.
- Field testing indicates that our pre-configured Spam Blocker settings, which are conservative in email as spam, are good fit for most organizations. Selecting a more aggressive scan strength setting from the drop-down menu in Spam Blocker is very easy if you'd like, just remember you may get more false positives.
If tarpit is enabled, when an SMTP session is first caught Spam Blocker will check if the client IP is on a DNSBL. If it is, the session is rejected before the remote server can even send the email. This increases the capacity of a given server by quite a bit and can also save bandwidth, but it can increase false positives if the remote email server has mistakenly been put on a blacklist. This setting will not increase spam scanning accuracy, and it may actually decrease it as it will prevent valuable super-spam training data from reaching the spam engine.
Yes, but this option is only available for SMTP. The default is 15; depending on the hardware you are using you may be able to adjust that number upwards, but raising it too high could affect overall performance. If you want to adjust the number, try doing it in small increments rather than multiples.
Raising the number will allow you to test for spam, but will likely also increase the CPU load. If your CPU load is that high, that's an indication that your hardware may not be robust enough for your site. If your user count increased since you installed your server, or the volume of the internet traffic has increased substantially, this could be a cause. You may also have been spending as little for hardware as you could get away with. Regardless, you probably also are being impacted in other areas without realizing it. You should determine exactly what the hardware specs are on your server to determine whether you should supplement the existing hardware or replace it with something more robust.
The From-Safe List at Config > Email > Safe List is respected by Phish Blocker; it will pass any emails entered there in either Global or User-based safelists.
Phish Blocker leverages Google's Phishing Protection protocol, more information on it is available here.
Verify your email configuration at Config > Email - make sure they receive the test email. If they do not, you can check the mailer log on the NG Firewall to see if there was an error, the file is /var/log/exim4/mainlog.
If you removed the wildcard and manually created a quarantinable address list, the Spam Blocker passes but marks the email as [Spam] for those that are not on the list.
10. What Will Happen If My Rules Are Set To Quarantine But The Receiver's Address Cannot Be Quarantined?
The Quarantinable Addresses rules take precedence over the actions for email rules. In this situation, the email would be marked rather than quarantined.
No, as NG Firewall does not have a list of valid emails for your site. It is suggested that your configure your email server to not accept mail for invalid users. This is the default for almost all mail servers except Microsoft Exchange - the links below are instructions on how to configure your email server.