Cipafilter Support:
Support@Cipafilter.com
309 517 2022 option 2
Mon - Fri 7 AM - 6 PM CT
Cipafilter Documentation - E-mail Configuration
Posted by Jim Giseburt, Last modified by Jim Giseburt on 11 April 2017 03:19 PM

This feature is deprecated.

Cipafilter provides several e-mail security and content-filtering features, including a robust anti-spam system. The filter acts as a proxy and firewall to protect your mail server from the Internet; this allows you to take full advantage of your mail server's advanced features without the risk of having it accessible to hackers and worms. We recommend placing your existing server behind the Cipafilter and configuring it with only a private IP address; then, change your MX records to point to the Cipafilter, and configure the filter to route e-mail for your domains to the private IP of your actual mail server. This will cause all mail to be delievered to the Cipafilter, where it will be virus-scanned, spam-filtered, content-filtered, and then forwarded on to your actual mail server for processing.

Because of the problems with spam in recent years, many companies have become more cautious about the mail servers with which they communicate. Many unofficial rules have been adopted in a piecemeal fashion across the Internet. If your mail server is configured incorrectly, you may find that most people will receive your messages but for some they arrive marked as spam — and for some they don't arrive at all. Please allow us to help you through setting up your mail server to be compliant with all official and unofficial guidelines for message processing.

However, if you are an expert, and wish to configure the server yourself, please be certain to comply with the following guidelines. If you don't understand the reasoning behind any of the following, our tech support representatives will be happy to go over it with you.

  • Always make sure the IP address pointed to by your MX record reverses to the same name that is contained in the MX record.

  • If you are using Cipafilter for anti-spam, do not use secondary MXs.

  • Make sure that the Cipafilter host and domain name match the name from your MX record.

General Configuration

E-Mail Content Filtering

The E-Mail Content Filtering option applies the Web content filtering technology to incoming and outgoing mail messages. If a message is inappropriate, an e-mail is sent to the person in your organization who either was sending it or was the intended recipient, and the message is blocked. This is useful for filtering out pornographic spam.

E-mail Archive

The E-mail Archive option can be set to one of three settings:

  • Rcpt: cipafilter_email_archive — This setting is designed to work with e-mail journaling support in products like Microsoft Exchange. Many mail-server products support journaling, but some, like GroupWise, require third-party software. If your mail server supports journaling, set the journaling address to cipafilter_email_archive@x.x.x.x, where x.x.x.x represents the Cipafilter's internal IP address.

  • All Messages Passing Through — If your mail server does not support journaling, you can still archive all messages that pass through the Cipafilter using this setting.

  • None — This option disables the E-mail Archive functionality.

Archived messages can be browsed via the E-mail Archive page. If you are archiving mail for retention purposes, be sure to speak with tech support about creating a suitable backup and recovery plan.

E-mail Footers

The Cipafilter can automatically append a message footer to each e-mail passing through it. Simply compose your desired footer and upload it through the Web interface. Footers can be selected for plain-text messages as well as HTML-formatted mail.

Mail Routes

To configure the Cipafilter to proxy e-mail for an existing server, add a route for your domain pointing to your mail server's private IP address in the Mail Routes table.

Subnets Authorized for SMTP Relay

Only e-mail clients using IP addresses matching IPs or subnets listed here can use the Cipafilter as an outgoing mail server. Addresses may be entered as bare IPs, CIDR-style subnets, or sendmail-style ranges.

Anti-Spam Configuration

Anti-Spam Sensitivity

The Anti-Spam Sensitivity option controls how aggressively the filter's automated anti-spam system will score suspicious e-mail attributes. Different sensitivity levels may be added from time to time; higher sensitivity levels will block more spam, but they may also increase the risk of blocking legitimate mail.

Spam Forwarding

The Cipafilter can redirect all spam with a score above a certain threshold to a spam mailbox instead of delivering this mail to the intended recipient. To use this feature, select the desired Spam Forwarding Level and then enter the spam mailbox address as the Spam Forwarding Address.

Anti-Spam Whitelist

E-mail to and from servers on this list will not be intercepted by the anti-spam system. Enter the server IP, domain name, or subnet here if you have difficulty receiving e-mail from another party. Cipafilter's anti-spam system works with all standards-compliant mail servers; however, some older and custom systems may have problems.

Note: The Anti-Spam Whitelist does not bypass virus scanning for e-mail items.

Anti-Spam Blacklist

All e-mail from the specified domains, subnets, and e-mail addresses will be rejected with a 550 error.

Custom Anti-Spam Rules

While Cipafilter's anti-spam detection system is designed to function without manual user configuration, some organizations may find that their individual circumstances require a more active approach. For those customers, the Custom Anti-Spam Rules table can be used to define scoring rules for the anti-spam system.

Each custom rule will trigger a search of the message attribute selected under the Match Against column for the text or expression defined in the Match Expression column. If found, the anti-spam system will increase or decrease the overall score of the message as specified in the Score option.

Message attributes

The following message attributes are available from the Match Against drop-down:

  • Sender — Matches the expression against the message's sender (From) names/addresses.

  • Recipient(s) — Matches the expression against the message's recipient (To and Cc) names/address.

  • Subject — Matches the expression against the message's subject line.

  • Message Body — Matches the expression against the full contents of the message body.

  • URL in Body — Matches the expression against any URLs detected in the message body. Although the normal message body option can be used for matching URLs, this option is simpler and more accurate.

Match expressions

Three Match Expression syntaxes are supported:

  • Literal string — Literal string expressions are, as the name suggests, interpreted literally — that is, whatever text is written in the field is the text that is searched for in the message attribute. Literal string expressions are treated as whole words and are matched case-insensitively. For example, the literal expression spam will match SPAM, Anti-Spam, and spam@spam.com, but will not match spammer, antispam, or spam1@spam2.com.

  • Glob (wildcard) — A glob (aka wildcard) expression is a simple pattern-matching expression that uses asterisks (*) to substitute for zero or more characters that may appear in the search subject. For example, the glob expression foo*bar will match both foobar and foo baz bar.

    Custom spam rules support a limited globbing syntax wherein all asterisks in an otherwise literal string are converted to the regular-expression pattern .*?. As with literal strings, globs are treated as whole words and matched case-insensitively (so foo*bar will also match FOOBAR).

  • Perl Compatible Regular Expression (PCRE) — Cipafilter's underlying anti-spam system uses Perl regular expressions for rule matching; the PCRE entry syntax provides direct user access to these powerful expressions. Cipafilter's PCRE: entry syntax for anti-spam rules uses a combination of features from Perl and the PCRE library; the syntax is very similar to those used for blacklist entries (just without the host component).

    All PCRE expressions must be prefixed with the string PCRE:. Expressions that do not begin with this prefix will be treated as literal strings or globs. After the prefix, a Perl-style delimited match pattern must be supplied. PCRE:/foo/ is an example that uses the most common pattern syntax (with forward slashes as delimiters). This example would match the lowercase text foo anywhere in the search subject. To match case-insensitively, the i modifier may be used, as inPCRE:/foo/i.

    Please note that, for usability reasons, custom anti-spam rules support only the sub-set of Perl's syntax features that are supported by the PCRE library (which, despite the name, is not fully compatible with Perl). This means that Perl-specific features such as \L are unsupported and may behave strangely. The exception to this limitation is that Cipafilter's implementation supports only those modifiers allowed by Perl, not any PCRE-specific ones (such as U). These implementation differences will affect only the very most advanced users, however.

    For more information about Perl regular-expression syntax, please see the Perl Programming Documentation or (more generally) the Cipafilter documentation on list entry syntax.

Scoring

Cipafilter's anti-spam detection system uses a scoring mechanism whereby higher scores indicate more suspicious e-mail. For example, the score 10.0 is very suspicious, while the score -10.0 is very trustworthy. Messages with a final score of 5.0 or greater are classified as spam. By default, scores are assigned according to rules developed by the greater anti-spam community (with some proprietary additions/modifications); these rules are updated frequently and all Cipafilter units receive the latest changes daily.

Custom spam rules, upon match, add or subtract from a message's final score, potentially causing or preventing a spam classification. For simplicity, Cipafilter provides score modifiers of +/- 0.250, 1.000, 3.000, and 999.0. Because a score of only 5.0 is required to classify a message as spam, it does not take very much to affect the final classification; it is preferable, therefore, to use the minimum score modifier (+/-0.250) whenever feasible. Greater score modifiers should be used only when lower ones have been tested and found not to provide the desired effect.

The +/-999.0 scores are so high/low that usually nothing but another +/-999.0 score can counter it. This means that (e.g.) giving a custom rule a +999.0 score will result in a near 100% spam classification (block) rate for any message matching the rule. This score modifier should be used extremely sparingly.

Notes about anti-spam

Cipafilter provides a very "hands-off" anti-spam solution which does not rely on intervention from end users or administrators. This differs from many other vendors, whose solutions involve users/administrators manually classifying mail as spam or not spam.

The manual classification approach does have merit; it often results in exceptionally high accuracy, for example, especially in environments with a very large number of users participating in classification. This is the way most Web-mail providers' spam filters work, for instance — the Web interface allows users to easily mark their messages as spam or not spam, and, after this happens to a certain type of message a certain number of times, that information is used to block those messages for all other users of the service.

The primary advantage of the Cipafilter approach — and the Cipafilter product in general — is ease of configuration and use. Administrators do not need to provide a large body of mail to train the filter during set-up, nor must they become mail experts in order to configure policies and rules, nor must they or end users continuously monitor their mail for spam. The disadvantage is that, although the Cipafilter solution does have a very high rate of success, it may never be quite as accurate as a major Web-mail provider or an enterprise product that requires manual user intervention.

Please also be aware that, by design, the Cipafilter product does not consider newsletters, social-networking notifications, legitimate advertising, and other forms of user-solicited bulk mail to be spam. The Cipafilter anti-spam system does not and will not ever (intentionally) block these legitimate mailings, however irritating some users may find them. It is recommended that users simply unsubscribe from legitimate bulk mailings they do not wish to receive.

(0 vote(s))
Helpful
Not helpful

Comments (0)
©Cipafilter 2017. All Rights Reserved.