Spam / Phish Blocker FAQ
Table of Contents
Click an item to jump directly to that question.
- What's the difference between Spam Blocker & Spam Blocker Lite?
- Why doesn't Spam Blocker block all spam?
- What is tarpit?
- We receive tons of email. Can I adjust the maximum number of messages to be scanned at once?
- My CPU load is always above 7, but I still need to test for spam. What should I do?
- How can I exempt email addresses from Phish Blocker scanning?
- Where can I get more information on phish filtering for the Web?
- Why are users not receiving a Quarantine Daily Digest?
- What happens to email when the recipient is not on the Quarantinable Addresses list?
- What will happen if my rules are set to quarantine but the receiver's address cannot be quarantined?
- Can I have NG Firewall drop mail that is not to valid users?
1. What's the difference between Spam Blocker & Spam Blocker Lite?
Both Spam Blocker and Spam Blocker Lite are based on the SpamAssassin project, but Spam Blocker also integrates Mailshell Anti-Spam to improve detection rates.
2.Why doesn't Spam Blocker block all spam?
There are two main reasons why Spam Blocker might not block all your spam:
- Spam Blocker is a player in an "arms race" against spammers and new techniques are frequently found to get around filters; those filters are updated in turn to catch these new methods. No product can reliably block 100% of spam.
- Field testing indicates that our pre-configured Spam Blocker settings, which are conservative in email as spam, are good fit for most organizations. You can select a more aggressive scan strength setting from the drop-down menu in Spam Blocker, but remember you may get more false positives.
3. What is tarpit?
If tarpit is enabled, when an SMTP session is first caught Spam Blocker will check if the client IP is on a DNSBL. If it is, the session is rejected before the remote server can even send the email. This increases the capacity of a given server by quite a bit and can also save bandwidth, but it can increase false positives if the remote email server has mistakenly been put on a blacklist. This setting will not increase spam scanning accuracy, and it may actually decrease it as it will prevent valuable super-spam training data from reaching the spam engine.
4. We receive tons of email. Can I adjust the maximum number of messages to be scanned at once?
Yes, but this option is only available for SMTP. The default is 15; depending on the hardware you are using you may be able to adjust that number upwards, but raising it too high could affect overall performance. If you want to adjust the number, try doing it in small increments rather than multiples.
5. My CPU load is always above 7, but I still need to test for spam. What should I do?
Raising the number will allow you to test for spam, but will likely also increase the CPU load. If your CPU load is that high, that's an indication that your hardware may not be robust enough for your site. If your user count increased since you installed your server, or the volume of the internet traffic has increased substantially, this could be a cause. Regardless, you're probably also being impacted in other areas without realizing it. You should determine exactly what the hardware specs are on your server to determine whether you should supplement the existing hardware or replace it with something more robust.
6. How can I exempt email addresses from Phish Blocker scanning?
The From-Safe List at Config > Email > Safe List is respected by Phish Blocker; it will pass any emails entered there in either Global or User-based safe lists.
7. Where can I get more information on phish filtering for the Web?
Phish Blocker leverages Google's Safe Browsing API.
8. Why are users not receiving a Quarantine Daily Digest?
Verify your email configuration at Config > Email and make sure they receive the test email. If they do not, you can check for errors in the NG Firewall's mailer log: /var/log/exim4/mainlog.
9. What happens to email when the recipient is not on the Quarantinable Addresses list?
Emails are passed normally but are tagged with [Spam]. (This is only applicable if you've removed the wildcard asterisk (*) and configured individual addresses in the Quarantinable Addresses list.)
10. What will happen if my rules are set to quarantine but the receiver's address cannot be quarantined?
The Quarantinable Addresses rules take precedence over the actions for email rules. In this situation, the email would be marked as [Spam] rather than quarantined.
11. Can I have NG Firewall drop mail that is not to valid users?
No, as NG Firewall does not have a list of valid email addresses for your site. It is suggested that your configure your email server to reject mail for invalid users. This is the default for almost all mail servers except Microsoft Exchange. The links below are instructions on how to configure your email server.
Please sign in to leave a comment.