Configuring Spam Detection

Anti-spam configuration options determine the general functioning of spam detection within PureMessage. In most cases, PureMessage will provide good catch rates without any customization. However, you can maximize the effectiveness of PureMessage by ensuring that DNS settings are configured correctly, that trusted IP relays are specified, and that some form of IP blocking is enabled. It is also recommended that you specify "safe" character sets.

Optimizing DNS Checks

PureMessage performs a variety of DNS checks, including reverse DNS look-ups and queries that are handled via the Sophos SXL architecture. PureMessage performance is strongly affected by the connection speed between PureMessage and the DNS server. For optimal performance, install a local caching DNS server. Although it is possible to disable network checks completely by setting the local_tests_only option in /opt/pmx6/etc/spam.conf to "on", this is not recommended because it will negatively affect catch rates. You can specify the server(s) used for DNS based checks in /opt/pmx6/etc/spam.d/net.conf. The net.conf configuration file also allows you set values such as "retry" and "timeout".

Specifying Trusted Relays

Trusted relays are internal and external mail-filtering hosts that are known to be safe. Before an email message reaches its envelope recipient, it travels through a number of message-handling hosts that receive the message, and passes it to the next message-handling host on the internet. The message is relayed along this chain of hosts until it reaches its final destination, the envelope recipient.

DNS checks work in conjunction with the "trusted-relays" list, located in opt/pmx/etc/. This list should include all internal mail-filtering servers, and known, trusted external servers (for example, internet service provider (ISP) mail exchange servers). Configuring the "trusted-relays" list ensures that these IP addresses are exempt from the DNS checks. Only IP addresses (not domain names) can be entered in the "trusted-relays" list.

Relays with IP addresses within the 127.*.*.*, 192.168.*.* and 10.*.*.* blocks are always treated as internal relays. By default, the IP address of the first "external" relay is tested. All IP addresses of relays that are known to be safe, but are not included in the IP address blocks described above, should be added to the Trusted Relay IPs list. For example, if an ISP provides message-relay services for your company, the IP address of the ISP's mail server should be included in the Trusted Relay IPs list.

Populate the Trusted Relay IPs list via the Manager or at the command line. For more about configuring trusted relays, see "Configuring Anti-Spam Options" and "Editing Lists" in the Manager Reference. At the command line, edit the trusted-relays file, located by default in opt/pmx/etc.

Once the Trusted Relay IPs list is populated, configure the Disable non-relay checks? option on the Policy > Anti-Spam Options page in the PureMessage Manager. When the Disable non-relay checks is set to "Yes", only the first external relay is tested; checks of other relays in the receiving chain of relays are disabled, which can improve performance and reduce false positives.

Configuring IP Blocking

Policy-level IP blocking is configured by default in PureMessage. If you are able to position PureMessage at the outer edge of your network, it is recommended that you enable MTA-level IP blocking instead of policy-level blocking for improved performance. For instructions on enabling the IP Blocker Service, see "Enabling or Disabling MTA IP Blocking" in the Local Services Tab section of the Manager Reference.

If your network has trusted local SMTP relays that pass inbound messages to the PureMessage, use policy-level blocking instead of MTA-level blocking, and add the local inbound SMTP relays to the Trusted Relays list. MTA-level blocking will only work correctly if PureMessage receives messages directly from the internet.

Configuring Safe Character Sets

It is recommended that you specify "safe" character sets. Several anti-spam rules analyze the character set of the message because foreign characters frequently indicate spam. Messages containing text in character sets that are identified as "safe" are exempted from these anti-spam rules. The default "safe" character set is read from the system's LANG environment variable.