User manual AIRLIVE ES-6000

[. . . ] ES-6000 Email Server Appliance User's Manual Copyright & Disclaimer No part of this publication may be reproduced in any form or by any means, whether electronic, mechanical, photocopying, or recording without the written consent of OvisLink Corp. OvisLink Corp. has made the best effort to ensure the accuracy of the information in this user's guide. However, we are not liable for the inaccuracies or errors in this guide. All information is subject to change without notice All Trademarks are properties of their respective holders. 1 Table of Contents Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] (Figure 6-17) Figure 6-17 An E-Mail Marked as "---spam---" in the Subject 98 The figure below shows a normal e-mail merely has a score tag (optional) in the subject. (Figure 6-18) Figure 6-18 Normal E-Mail with a Score Tag in the Subject 99 6. 2. 2 Personal Rule The Mail server administrator can help user to search the target mail, and verify if the target mail was delivered successfully or not. For the further feature of personal rule, administrator can manage user's personal whitelist or blacklist as well. (Figure 6-19) Figure 6-19 Personal Rule Definition: Search Used for searching for individual e-mails Used for retrieving quarantined e-mails Whitelist Specifies permitted e-mail addresses Blacklist Specifies prohibited e-mail addresses 100 6. 2. 3 Global Rule Global rule works to identify mail rule to filter all incoming or outgoing mails, once the mail matches the rule, it will be processed based on configuration. (Figure 6-20) Figure 6-20 Global Rule Definition: Rule Name The name of the custom spam mail determination rule Comment To explain the meaning of the custom rule Combination Add: It must be fit in with all of the custom rule mails that would be considered as spam mail or ham mail. Or: Only be fit in with one of the custom rule mails that would be considered as spam mail or ham mail. Classification When setting as Spam, it will classify the mails that correspond to the rule as spam mail. When setting as Ham (Non-Spam), it will classify the mails that correspond to the rule as ham mail. Action Only when Classification is set as Spam that will enable this function. Because only spam mail needs to be handled. 101 You can choose Store in quarantine, Delete spam mail, Deliver to the recipient, or Same as Spam Setting to process the spam mail. Item To judge if it is spam mail according to the Header, Body, Size or else content of the mail. The item includes Received, Envelope-To, From, To, Cc, Bcc, Subject, Sender, Reply-To, Errors-To, Message-ID, Date, Header, Body, Attach File Name, Size (Kbytes), mailcommand-From, and Pattern settings. Each item also has its own Condition and Condition When Item is selected except Size item, the available conditions are: Contains, Does Not Contain, Is Equal To, Is Not Equal To, Starts With, Ends With, Exists and Does Not Exists. When Item is selected as Size, the available conditions are: More Than, Is Equal To, Is Not Equal To and Less Than. Pattern Enter the relevant value in Item and Condition field. For example: From Item and use Contains Condition, and enter josh as a characteristics. Afterward when the sender and receiver's mail account has josh inside and then it will be considered as spam mail or ham mail. 102 6. 2. 4 Whitelist When the mail matches ES-6000 Whitelist, it will forward to recipient directly without passing the examination of Anti-Spam. (Figure 6-21) Figure 6-21 Whitelist Definition: Mail Account Used as a reference for inspecting ham e-mails. Direction From: Inspects e-mails sent from a specific sender address To: Inspects e-mails sent to a specific recipient address 103 6. 2. 5 Blacklist When the mail matches ES-6000 Blacklist, it will be defined as spam mail and be arranged based on Spam Setting. (Figure 6-22) Figure 6-22 Blacklist Definition: Mail Account Used as a reference for inspecting ham e-mails. Direction From: Inspects e-mails sent from a specific sender address To: Inspects e-mails sent to a specific recipient address 104 6. 2. 6 Auto-Whitelist Definition: Auto-Whitelist Factor Obtained by dividing the Total Score (the amount of spam emails sent) by Count (the amount of emails sent). It directly affects the Mean Score and also is the major factor that decides whether an email is to be identified as spam. Source IP The subnet belonging to the sender(s) of email Count The total amount of emails sent from a specific subnet. Total Score The total amount of spam emails sent from a specific subnet Mean Score The value derived from the division of Total Score by Count Details Displays all the email senders and their related statistics. 1. The Auto-Whitelist mechanism can evaluate whether an email is spam by assigning each email a score based upon the current email's spam score and the mean score history of the sender's subnet. Considering a sender may have sent an email from a different IP within the same subnet, thus they are identified using both their address and the most significant two octets of their IP address by which effectively helps avoid IP or email forgery. The mean score of a sender is calculated by the sender's subnet's total score divided by the total number of emails previously sent from the subnet. It is in direct ratio to Auto-Whitelist Factor, that is to say, provided the factor is set with a high value then the mean score will be increased proportionately as well. [. . . ] MTA (Mail Transfer Agent): Outgoing and incoming mails are all done by MTA. As long as user has a account under MTA, then the user will be able to receive mail. On condition that the user has the authority, he will be able to send out mails. User can retrieve and view mails that saved on the mail server. Usually, MTA refers to a mail server. [. . . ]