|
1. What file extensions
do we filter?
2. What message do we send when we reject?
3. What headers are added to the message?
4. What is sender address verification?
5. What is 'Invalid MTA Hostname verification'?
6. What if message sent to multiple
recipients but only one recipient is in the unfilter
list?
7. What addresses do the approve/block
lists check?
8. How do I change the timeouts?
9. How do I train the Mailshell spam
engine?
10. How do I report a bug?
11. How do I get help?
12. How do I quarantine spam?
13. How do I bounce spam?
14. How do I archive spam?
15. How do I setup group or individual
options?
16. How do I create a custom list of
file extensions to block?
17. How do I run the plugin on Solaris-Intel,
AIX, and Mac OS X?
18. Why do I see the following in the
logs?
19. Why do I see "socket unsafe" errors
in the logs?
20. Why rule files don't get updated?
21. Why my messages are not filtered
while plugin and Sendmail are up and running?
22. Why do I see "Milter (spamfilter):
to error state" in the logs?
23. Why do I see following messages
in the logs?
24. Why do I see "Sendmail milter macros
are not defined in sendmail.cf" error in the logs?
25. Why do I see mi_stop=1 in the logs
and spamfilter stops working?
26. What timeout values should I use
for netchecks?
27. How do I create and manage per user
Spam folders?
1. What file extensions
do we filter?
"1" enables rejection of emails that
have attachments where the extension name is; .vbs,
.shs, .pif, .scr, .cpl, .bat, .com, .reg, .bas, .inf,
.vb, .vbe.
"2" enables rejection of emails that
have attachments where the extension name is; .ade,
.adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb,
.mde, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr,
.sct, .shs, .shb, .url, .vb, .vbe, .vbs, .wsc, .wsf,
.wsh.
2. What message
do we send when we reject?
Following messages are sent when messages
are rejected:
(reason: 550 5.7.1 Message is detected
as spam)
(reason: 550 5.7.1 Too many recipients)
(reason: 550 5.7.1 Bad attachment file name)
(reason: 550 5.7.1 Invalid MTA hostname)
(reason: 550 5.7.1 Sender address cannot be verified)
3. What headers
are added to the message?
If the plugin times out, no headers
are added.
If score is at or above SpamThreshold:
X-SendmailPlugin-Score: 99 [XXXXX]
X-SpamCatcher-Flag: Yes
X-SpamCatcher-Score: 99
Otherwise:
X-SendmailPlugin-Score: 19 []
X-SpamCatcher-Score: 19
4. What is sender
address verification?
It is "Can I successfully reply" to
the incoming message. Suppose "bill.clinton@whitehouse.gov"
sends you a message. In response, Mailshell Anti-Spam
will:
1. Lookup mx hosts for whitehouse.gov
2. Establish a connection to one of the mx hosts
listed
3. Simulate a NULL return path message to "bill.clinton@whitehouse.gov"
without a body. ie.;
> 220 wh2.eop.gov -- Server ESMTP
(PMDF V5.2-33 #41062)
< helo my.smtp.host
> 250 wh2.eop.gov OK, [0.0.0.0].
< mail from: <>
> 250 2.1.0 <>... Sender ok
< rcpt to: <bill.clinton@whitehouse.gov>
> 250 2.1.5 bill.clinton@whitehouse.gov... Recipient
ok
< quit
4. If a non-"250" result code is returned
for the "rcpt to:" statement, then if the result
code is a 4XX series code, the the incoming email
will be SMFI_TEMPFAIL'd (which returns a 471 error
code to the sender), else the incoming email will
be SMFI_REJECT'd (which returns a 550 error code
to the sender).
5. If a 250 result code is returned, then the email
will be processed normally by Spamfilter/Sendmail.
6. If no connection to a valid mx host is established,
then the incoming email will be SMFI_TEMPFAIL'd.
5. What is 'Invalid
MTA Hostname verification'?
The host name sent during the HELO phase
of the MTA negotiation is verified to be resolvable
to an ip address.
6. What if message
sent to multiple recipients but only one recipient
is in the unfilter list?
Message is unfiltered for all recipients.
This is a known issue and no workaround is currently
available. We chose to be conservative and let more
spam in rather than block spam to users in the unfiltered
list.
7. What addresses
do the approve/block lists check?
"MAIL FROM:" addresses in the SMTP
Envelope.
Reply-To:
From:
X-Apparently-From:
Sender:
8. How do I change
the timeouts?
Mail filters have three equates: The
required S= equate specifies the socket where sendmail
should look for the filter; The optional F= and T=
equates specify flags and timeouts, respectively.
All equates names, equate field names, and flag values
are case sensitive.
m4 configuration:
INPUT_MAIL_FILTER(`foo', `S=unix:/var/run/foo.sock,
F=R')
INPUT_MAIL_FILTER(`bar', `S=inet6:999@localhost,
F=T, T=S:1s;R:1s;E:5m')
equivalent to:
define(`confINPUT_MAIL_FILTERS', `foo,
bar')
MAIL_FILTER(`foo', `S=unix:/var/run/foo.sock, F=R')
MAIL_FILTER(`bar', `S=inet6:999@localhost, F=T,
T=S:1s;R:1s;E:5m')
in sendmail.cf configuration file:
O InputMailFilters=foo, bar
Xfoo, S=unix:/var/run/f1.sock, F=R
Xbar, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
Analysis:
InputMailFilters (confINPUT_MAIL_FILTERS)
determines the order filters will be called.
Filter name
A unique label
Connection method (S=protocol:location)
protocol is one of inet, inet6, unix, or local (same
as unix)
location is port@host for inet and inet6 and a path
name for unix and local
Flags (F=)
If no flags specified and filter not available,
run as if filter wasn't configured
|
Flag
|
Description |
|
R
|
Reject connection if filter unavailable
|
|
T
|
Temporary fail connection if
filter unavailable |
Timeouts (T=)
Individual timeouts separated by semicolons
Only need to specify those that are different than
default
|
Letter
|
Meaning |
Default
|
|
C
|
Timeout for connecting to a filter.
If set to 0, the system's connect() timeout
will be used. |
5m
|
|
S
|
Timeout for sending information
from the MTA to a filter |
10s
|
|
R
|
Timeout for reading reply from
the filter |
10s
|
|
E
|
Overall timeout between sending
end-of-message to filter and waiting for the
final acknowledgment |
5m
|
The value of each field is a decimal
number followed by a single letter designating the
units ("s" for seconds, "m" for minutes).
If a filter is unavailable or unresponsive
and no flags have been specified, the MTA will continue
normal handling of the current connection. The MTA
will try to contact the filter again on each new connection.
The filters would be run in the order declared.
9. How do I train
the Mailshell spam engine?
Download the sctrain program (sctrain
executable comes with the download package for Sendmail
Plugin), collect a known set of legit messages and
a known set of spam messages, and process those messages
with the sctrain program.
Syntax:
sctrain -D <configdir> [OPTION] <directory>
Train the Mailshell SDK with ham and spam messages.
Arguments:
|
configdir -
|
Required. Directory containing
rules and spamcatcher.conf Database will be
stored in this directory. |
|
directory -
|
Required. Directory containing
mail messages |
Options:
|
-forget
|
Optional. Specify this if
you wish to remove the scoring offset set
previously. By default, sctrain will add the
messages to its database.
|
|
-o <offset>
|
Optional. If you are adding
messages, specify the scoring offset as this
parameter. The value should be between -200
and 200. -200 will cause the message to be
treated as approved while 200 will cause it
to be treated as blocked.
|
|
-score
|
Optional. Compute scores of
messages and factor them into future scoring
of messages from the senders.
|
|
-v
|
Optional. Flag to output status
of add and delete operations.
|
|
-spam
|
Optional. Indicates message
is spam. Equivalent to specifying -o 200
|
|
-ham
|
Optional. Indicates message
is not spam. Equivalent to specifying -o -200
|
|
-clear
|
Optional. Remove all entries.
Files will be deleted from the configuration
directory.
|
|
-help
|
Show syntax.
|
Examples:
Example 1: sctrain -D conf -ham messagedir
This approves all messages in the directory named
messagedir.
Example 2: sctrain -D conf -score
dir2
This computes scores of messages in directory dir2.
If the messages were sent by the recipients of approved
messages (as set by Example 1) then these scores
will be used in the analysis of future messages
from those senders. This can help reduce false positives.
Example 4: sctrain -D conf -clear
Clear the database. All data set by previous calls
to addMessage and addAddress along with scoring
history will be deleted.
10. How do I report
a bug?
Send bug reports to sendmail@mailshell.com.
11. How do I get
help?
Send comments and questions to sendmail@mailshell.com.
12. How do I quarantine
spam?
You can use a server-side program (e.g.
Procmail) to post-process the spam as you see fit.
You can use rules in the email client to post-process
the spam as you see fit. Or you can download
the source, modify as you see fit and recompile.
13. How do I bounce
spam?
You can use a server-side program (e.g.
Procmail) to post-process the spam as you see fit.
You can use rules in the email client to post-process
the spam as you see fit. Or you can download
the source, modify as you see fit and recompile.
14. How do I archive
spam?
You can use a server-side program (e.g.
Procmail) to post-process the spam as you see fit.
You can use rules in the email client to post-process
the spam as you see fit. Or you can download
the source, modify as you see fit and recompile.
15. How do I setup
group or individual options?
You can use a server-side program (e.g.
Procmail) to post-process the spam as you see fit.
You can use rules in the email client to post-process
the spam as you see fit. Or you can download
the source, modify as you see fit and recompile.
16. How do I create
a custom list of file extensions to block?
You can use a server-side program (e.g.
Procmail) to post-process the spam as you see fit.
You can use rules in the email client to post-process
the spam as you see fit. Or you can download
the source, modify as you see fit and recompile.
17. How do I run
the plugin on Solaris-Intel, AIX, and Mac OS X?
Either:
a) Run the Mailshell Sendmail plugin
on a separate server running Linux, FreeBSD, or Solaris
and connect via TCP/IP sockets or.
b) Download
the source and the Mailshell anti-spam SDK library
for your OS platform, and re-compile.
Please let us know if you want us to
build a pre-compiled version for you.
18. Why do I see
the following in the logs?
Unable to bind to port local:/etc/spamfilter/spamfilter.sock:
Address already in use.
Unable to create listening socket on
conn local:/etc/spamfilter/spamfilter.sock.
smfi_main fails to establish a connection.
Invalid address: local:/etc/spamfilter/spamfilter.sock.
You have to stop the plugin. If you
still see these errors while trying to start again,
remove /etc/spamfilter/spamfilter.sock and start the
the plugin.
19. Why do I see
"socket unsafe" errors in the logs?
You didn't start the plugin neither
as spamfilter nor as root. You have to be root or
spamfilter to run the plugin.
20. Why rule files
don't get updated?
Change ownership for the configuration
directory.
$ chown -R spamfilter:spamfilter /etc/spamfilter.
21. Why my messages
are not filtered while plugin and Sendmail are up
and running?
Plugin is listening on a connection
that Sendmail doesn't know about, make sure connection
specified in /etc/mail/sendmail.cf is exactly the
same as the one specified in /etc/spamfilter/spamcatcher.conf.
If you are using the default connection, make sure
it is in sendmail.cf.
22. Why do I see
"Milter (spamfilter): to error state" in the logs?
Again, connection specified in the configuration
file doesn't match the one in sendmail.cf. You must
be also seeing "Milter (spamfilter): local socket
name /etc/spamfilter/spamfilter.sock unsafe". Change
the connection specified in /etc/spamfilter/spamcatcher.conf.
23. Why do I see
following messages in the logs?
sendmail[18302]: hAI08EP0018302: Milter (spamfilter): timeout before
data read
sendmail[18302]: hAI08EP0018302: Milter (spamfilter): to error state
You are not using the recommended timeout
values specified in the README file or you need to
increase the Sendmail timeout for reading reply from
the filter (i.e., R value) in the /etc/mail/sendmail.cf
file.
24. Why do I see
"Sendmail milter macros are not defined in sendmail.cf"
error in the logs?
You probably edited sendmail.cf by hand
instead of using m4. Add the following milter options
in your /etc/mail/sendmail.cf under where you defined
spamfilter as an InputMailFilter.
# Milter options
#O Milter.LogLevel
O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits},
{cert_subject}, {cert_issuer}
O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf},
{auth_author}, {mail_mailer}, {mail_host}, {mail_addr}, {client_addr}
O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
25. Why do I see
mi_stop=1 in the logs and spamfilter stops working?
Under heavy load, too many instances
of Sendmail gets created and this consumes system
resources causing the filter to receive a stop signal.
To avoid this problem, you need to tune Sendmail.
Change MaxDaemonChildren option value to 40. This
puts a limit on the instances of Sendmail to be created.
26. What timeout
values should I use for netchecks?
If you get network timeouts in the logs,
try increasing sntimeout option to 20.
27. How do I create
and manage per user Spam folders?
To create and manage per user Spam folders,
Mailshell currently offers plugins for the following mail
servers:
|
