Follow

How to use the Advanced Anti-Spam/Anti-Virus Filtering options

zMailCloud uses an integrated, advanced anti-virus and anti-spam system called AS/AV ("asav") to control in-bound spam and virii. This system allows you the user to control settings for your mailbox through a web control panel, and allows you the domain admin to control settings for your entire domain.

Based on experience, typical anti-virus success is greater than 99.9%. For these results, please read on for best practices to configure your advanced anti-spam and anti-virus settings.

TECH NOTE: the load-balanced ASAV system uses Defender and Barricade MX software made by FSL.net to identify and block virii and spam using dynamic black and grey lists, among other methods.

TROUBLESHOOTING? See the very bottom of this article for quick-win suggestions.

Logging In

To personalize your anti-spam and anti-virus filter settings, login securely using your web browser: https://asav.zmailcloud.com

Enter your full e-mail address and password to enter the website and manage your preferences, as below, substituting "jay@01.com" with your email address and domain.

TECH NOTE: if you are an admin with domain aliases, at this time you will have to log in for each of them to control their settings.

 


 
Once logged in, click on the tab titled "Lists > White List":
 

 

White List

You can add email addresses or domains to this list that you never want marked as spam. Please note that emails sent to you from these email addresses or domains will still be scanned for viruses and dangerous file attachments but even if they contain them they will not be marked as spam (unless you check the headers, per tech note 2, below).

WARNING: Do not add your own domain to this list, as it will whitelist all emails sent TO your domain as well as FROM your domain. For example, you'll receive all spam in the common case in which a spammer forges your name as the sender.



In the add to whitelist field, add domains (such as customer.com) and e-mail addresses (vp@customers.com) to your white list to always receive mail from these senders. Click the 'Add' button to confirm your entry. The 'Delete Selected' button below allows you to remove entries.

A domain entered by itself acts as a wildcard for every related email address, host and subdomain. In other words, adding a domain name by itself will whitelist everything from that domain name.
For example, enter only "*@abc.com" to whitelist mail from charles@abc.com, shelley@abc.com and charlene@abc.com. Enter *@*.abc.com" to whitelist everything from the subdomains or hosts www.abc.com, ftp.abc.com, mail1.abc.com and mail.abc.com, as well as abc.com."

TECH NOTE 1: If you examine the header of a message you receive from a sender you've successfully whitelisted, you'll find the following line: "X-Fsl-Mailscanner-Spamcheck: not spam (whitelisted)". To examine the header of a message in Zimbra Desktop or web client, right-click (control-click on Mac) on the message, and select "Show Original". Copy/paste to send.

TECH NOTE 2:
for white and blacklisting, asav ignores the "From:" and the "Reply-to:" information, and instead examines the email header envelope and uses the value that will go into Return-Path, but before the Return-Path header is created. For instance, to whitelist email from the sender of the following message header, key.sale@myclient.com, and all other mail from myclient.com, you must whitelist "sender-mail.net", and not myclient.com:

From:key.sale@myclient.com

Subject: [myclientTID: 38787] Sales Update
Date: June 26, 2009 1:12:55 PM CDT
To:you @yourdomain.com
Return-Path: nobody@leda.sender-mail.net
Received: from smtp-2.01.com (LHLO smtp-2.01.com) (38.102.63.181) by mail-2.01.com with LMTP; Fri, 26 Jun 2009 13:19:12 -0500 (CDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp-2.01.com (Postfix) with ESMTP id 352CF1AD9F9 for ; Fri, 26 Jun 2009 13:19:12 -0500 (CDT)
Received: from smtp-2.01.com ([127.0.0.1]) by localhost (smtp-2.01.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3IkwtQOKt30s for ; Fri, 26 Jun 2009 13:19:12 -0500 (CDT)
Received: from smtp-out.01.com (asav-1 [10.25.1.11]) by smtp-2.01.com (Postfix) with ESMTP id DB3C41AD9D4 for ; Fri, 26 Jun 2009 13:19:11 -0500 (CDT)
Received: from asav-1.01.com (localhost.localdomain [127.0.0.1]) by asav-1.01.com (8.13.1/8.13.1) with SMTP id n5QIG9F8018738 for ; Fri, 26 Jun 2009 13:16:10 -0500
Received: from leda.sender-mail.net (leda.sender-mail.net [192.168.1.5]) by asav-1.01.com (asav-1.01.com [10.25.1.11]) envelope-from with SMTP id l5PDG92527503027Nv ret-id none; Fri, 26 Jun 2009 13:16:10 -0500
Received: from leda.sender-mail.net (mail.myclient.com [127.0.0.1]) by leda.sender-mail.net (8.13.8/8.13.8) with ESMTP id n5QICt4u026501 for ; Fri, 26 Jun 2009 12:12:55 -0600
Received: (from nobody@localhost) by leda.sender-mail.net (8.13.8/8.13.8/Submit) id n5QICt9v026500; Fri, 26 Jun 2009 12:12:55 -0600
Message-Id: <200906261812.n5QICt9v026500@leda.sender-mail.net>
X-Smtpf-Report: client=helo_host; mail=; rcpt=white
X-Fsl-Mailscanner-Information: Please contact postmaster@01.com for more information
X-Fsl-Mailscanner: Found to be clean
X-Fsl-Mailscanner-Spamcheck: not spam (whitelisted), SpamAssassin (score=-1.965, required 5, BAYES_00 -2.60, BMX_HELO_HOST -0.00, FORGED_RCVD_HELO 0.14, NO_REAL_NAME 0.50)
X-Fsl-Mailscanner-From: nobody@leda.sender-mail.net

Black List

Choose 'Lists' from the top menu, then select 'Black List' to specify domains and e-mail addresses to never receive mail from. Click 'Add' to confirm entries, 'Delete Selected' to remove domains and e-mail addresses from your black list:

 
 

TECH NOTE: in the headers, such as the example above in Whitelisting, notice the line "SpamAssassin (score=-1.965, required 5...". This indicates that email is rated based on assigned criteria (tests), and anything scoring a total of 5 or above is considered Spam. The criteria for the spam rating follow, with the scoring breakdown, for example: "BAYES_00 -2.60, BMX_HELO_HOST -0.00, FORGED_RCVD_HELO 0.14, NO_REAL_NAME 0.50".

General Spam Preferences

The 'Preferences' section allows you to set your general spam preferences:


 
Click 'Update' at the bottom of the screen when you are finished making changes:
 

 
Recent Messages
 
To view recent messages processed by the as/av system, click the 'Recent Messages' tab from the top menu bar:


To view the details of the message, click the message in the Recent Messages list:


 
The next screen will reveal a detailed analysis of the message:




Scroll to the bottom for quarantine details:



 
Identifying Junk Mail to ASAV

 

Login to your webmail account at: https://mail.01.com/

Locate a message to mark as Spam:



Select message and mark as 'Junk':



After clicking on Junk, the message will be moved to your Junk Mail folder and be identified as Junk by the ASAV system, improving future filtering.

Mark Ham in your Junk folder as 'Not Junk'. Note that "Ham" is mail incorrectly identified as spam, or possibly spam ("false positives").

WARNING! Moving the messages into/out of the Junk folder does not identify them to the ASAV filter. You must use the Junk/Not Junk buttons.



Troubleshooting

 

  1. Your own domain name. Unless otherwise instructed, do not white list your own domain name. This will cause the system to accept anything from your own domain, and spammers may send from you to you, or from an invented name in your domain to you.
  2. Alias domain names. You must set preferences and white/black lists for your alias domains, too, if you're using them. Login to asav using your mailbox name and the alias domain, and set your preferences, too.
  3. Identifying the right domain. Sometimes your sender is using an email server at a different domain. For example: you. The domain of your mail server is 01.com, even though that's not your domain name. Your sender may be in the same situation, so even though the sender's domain is yourclient.com, you may have to whitelist yourclientsemailhostingprovider.com to whitelist email from your client's domain. You can verify you've whitelisted a domain or email address successfully by examining the email header information of an email from that sender, and look for the line: "X-Fsl-Mailscanner-Spamcheck: not spam (whitelisted)"

Reference

 

  1. Mailwatch: reading envelope information in mail headers. Determine which domain to whitelist or blacklist.
    http://lists.mailscanner.info/pipermail/mailscanner/2002-December/008542.html

0 Comments

Please sign in to leave a comment.
Powered by Zendesk