Follow

Spam / Phish Blocker FAQ

1. What's The Difference Between Spam Blocker And Spam Blocker Lite?

Both Spam Blocker and Spam Blocker Lite are based on the SpamAssassin project, however Spam Blocker also integrates Mailshell Anti-Spam to improve detection rates.

 

2. Why Doesn't Spam Blocker Block All Spam?

There are two main reasons why Spam Blocker might not block all your spam:

  • Spam Blocker is a player in an "arms race" against spammers - new techniques are found to get around filters, which are then updated to catch these new methods. No product can reliably block 100% of spam.

  • Field testing indicates that our pre-configured Spam Blocker settings, which are conservative in email as spam, are good fit for most organizations. Selecting a more aggressive scan strength setting from the drop-down menu in Spam Blocker is very easy if you'd like, just remember you may get more false positives.

 

3. What Is Tarpit?

If tarpit is enabled, when an SMTP session is first caught Spam Blocker will check if the client IP is on a DNSBL. If it is, the session is rejected before the remote server can even send the email. This increases the capacity of a given server by quite a bit and can also save bandwidth, but it can increase false positives if the remote email server has mistakenly been put on a blacklist. This setting will not increase spam scanning accuracy, and it may actually decrease it as it will prevent valuable super-spam training data from reaching the spam engine.

 

4. We Receive Tons Of Email. Can I Adjust The Maximum Number Of Messages To Be Scanned At Once?

Yes, but this option is only available for SMTP. The default is 15; depending on the hardware you are using you may be able to adjust that number upwards, but raising it too high could affect overall performance. If you want to adjust the number, try doing it in small increments rather than multiples.

 

5. My CPU Load Is Always Above 7. I Still Need To Test For Spam. What Do I Do?

Raising the number will allow you to test for spam, but will likely also increase the CPU load. If your CPU load is that high, that's an indication that your hardware may not be robust enough for your site. If your user count increased since you installed your server, or the volume of the internet traffic has increased substantially, this could be a cause. You may also have been spending as little for hardware as you could get away with. Regardless, you probably also are being impacted in other areas without realizing it. You should determine exactly what the hardware specs are on your server to determine whether you should supplement the existing hardware or replace it with something more robust.

 

6. How Can I Exempt Email Addresses From Phish Blocker Scanning?

The From-Safe List at Config > Email > Safe List is respected by Phish Blocker; it will pass any emails entered there in either Global or User-based safelists.

 

7. Where Can I Get More Information On Phish Filtering For The Web?

Phish Blocker leverages Google's Phishing Protection protocol, more information on it is available here.

 

8. Why Are Users Not Receiving A Quarantine Daily Digest?

Verify your email configuration at Config > Email - make sure they receive the test email. If they do not, you can check the mailer log on the NG Firewall to see if there was an error, the file is /var/log/exim4/mainlog.

 

9. What Happens To Email When The Recipient Is Not On The Quarantinable Address List?

If you removed the wildcard and manually created a quarantinable address list, the Spam Blocker passes but marks the email as [Spam] for those that are not on the list.

 

10. What Will Happen If My Rules Are Set To Quarantine But The Receiver's Address Cannot Be Quarantined?

The Quarantinable Addresses rules take precedence over the actions for email rules. In this situation, the email would be marked rather than quarantined.

 

11. Can I Have NG Firewall Drop Mail That Is Not To Valid Users?

No, as NG Firewall does not have a list of valid emails for your site. It is suggested that your configure your email server to not accept mail for invalid users. This is the default for almost all mail servers except Microsoft Exchange - the links below are instructions on how to configure your email server.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk