Views:

Anti-Spam Module uses detection technology based on sophisticated content processing and statistical analysis. Unlike other approaches to identifying spam, content analysis provides high performance, real-time detection that is highly adaptable, even as spammers change their techniques.

To enable Anti-Spam:

  1. From the left menu, click Configuration > Policies.
  2. Double-click a policy for the target server and choose Edit.
    1. Click on Mail scan tab and select Enable Anti-spam.
    2. Click Configure.
    3. Select Spam filter level:
      • High: the most rigorous level of spam detection; greater chance of false positives
      • Medium: the default setting ScanMail monitors at a high level of spam detection with a moderate chance of filtering false positives
      • Low: the most lenient level of spam detection filtering only the most obvious and common spam messages
  3. Select the Action you want to apply for messages detected as Spam: Quarantine, Pass or Block.
  4. Select Insert the stamp as a subject prefix and type the stamp if you want to add any keyword in the subject.
  5. Enable Approved Senders if you need to add email addresses to be trusted by SMID.
  6. Enable Blocked Senders if you need to add email addresses to be blocked as spam by SMID.
  7. Click Ok on Anti-Spam configuration window.
  8. Click Save.

Trend Micro's Web Reputation technology helps break the infection chain by assigning websites a “reputation” based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain. Web reputation protects against web-based threats including zero-day attacks, before they reach the network. Web Reputation technology tracks the lifecycle of hundreds of millions of web domains, extending proven Trend Micro anti-spam protection to the Internet.

To enable Web Reputation:

  1. From the left menu, click Configuration > Policies.
  2. Double-click a policy for the target server and choose Edit.
  3. Click on Mail scan tab and select Enable Web Reputation.
  4. Click Configure.
  5. Select the Scan Service to use:
    • Trend Micro Smart Protection Network: Requests are sent to the Trend Micro Smart Protection Network to examine the reputation of URLs
    • Local Smart Protection Server: The Local Smart Protection Server sends requests to your local smart protection server. It will provide more privacy and improve the processing speed. Configure this under Server Settings > Local Smart Scan Sources tab.
  6. Select Security Level: SMID will block a site if its score is equal or less than the threshold values (High, Medium, Low). URLs with a score of 80 or above are considered safe sites. URLs with a score of 50-79 are either unrated and/or suspicious. URLs with a score of 49 or below are known malicious sites.
  7. Select type of messages that will be scanned from two possible options: SMTP mails only or SMTP and IBM Notes mails
  8. Select the message parts that will be scanned: Mail Body and/or Mail Attachment.
  9. Select Action to apply: Pass, Quarantine or Block.
     
    If you have selected Mail Attachment in the Select the message part(s) that will be scanned section, and Block in the Action section, then you can also select Delete the attachment if only the attachment contains unwanted URLs to delete only the attachment with the unwanted URL, and pass the email to the recipient. However, if you have selected Mail Body in the Select the message part(s) that will be scanned section, and Block in the Action section, then it will block the whole message if the mail body contains an unwanted URL.
  10. Select Stamp subject prefix and type the keywords to show in the subject header.
  11. Under Notification section, select notifications option to apply when a URL is identified by Web Reputation Filter.
  12. Click Approved URL List tab. Select Enable approved URL List and Add, Import, Export or Remove URLs.
  13. Click Notification Template tab. Configure notification template.
  14. Click OK on Web Reputation Configuration Windows.
  15. Click Save.

You can optimize the performance of Web Reputation scanning by configuring your settings accordingly. Consider implementing the following to optimize your version of Web Reputation:

  • Add your company’s internal URL to the Approved URL List. This allows ScanMail to bypass messages containing internal URLs, which will reduce network bandwidth usage and improve performance.
  • Use a Smart Protection Server to reduce network bandwidth usage. Web reputation services send URL queries to the external Smart Protection Network or to the local Smart Protection Server. Networks can suffer a performance impact with a slow Internet connection when querying the Smart Protection Network. Configure Smart Protection Server using the management console and change the Web Reputation source by clicking Server Settings > Local Smart Scan Source.
  • To optimize Smart Protection Server performance, consider a dedicated Smart Protection Server for ScanMail. If your Smart Protection Server is providing services to both ScanMail and OfficeScan, for example, server performance could suffer.

Graymail detection is available from SMID 5.6 Patch 1. Graymail refers to solicited bulk email messages that are not spam. SMID detects marketing messages and newsletters and social network notifications as graymail. It is detected separately from common spam to allow administrators to identify graymail messages easily.

To enable Graymail detection:

  1. From the left menu, click Configuration > policies.
  2. Double-click a policy for the target server and choose Edit.
  3. Click the Mail scan tab.
  4. Double-click the rule to be edited from the rule list.
  5. Click Scan Option.
  6. Select the Graymail Filter tab.
  7. Select Enable graymail detection checkbox.
  8. Under Action section, select the action to take for each type of Graymail: Pass, Quarantine or Block.
  9. Select the Insert the stamp as a subject prefix check box and type the content to add to the beginning of each message’s subject detected.
  10. Click Save and Close.

It is necessary to configure all the inbound gateway IP addresses of the organization in ScanMail. The graymail filter must have this information to correctly analyze the incoming email messages. To configure Inbound Gateway IP addresses:

  1. From the left menu, click Configuration > Server Settings.
  2. Double-click the settings of the target server and choose Edit.
  3. Click the Inbound Gateway IP Addresses tab.
  4. Add all the inbound gateway IP addresses of your organization.

If a gateway IP address is not added to the list, ScanMail may consider inbound email messages form that IP address as spam. Select Notify the administrator of unknown gateway IP addresses and configure Subject, Content and Interval field; the save the settings.

 

Notification will be sent if the following conditions are met:

  • Graymail detection is enabled in at least one rule of the active policy.
  • The Notify the administrator of unknown gateway IP addresses checkbox is selected in target server settings.
  • Any unknown gateway IP address is found during the specified internal.