Difference between revisions of "SupraNet Mailguard"

From SupraWiki
Jump to: navigation, search
(Spam (Red))
 
(45 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
==Mailguard Information==
 +
SupraNet's Mailguard system offers users a way for email users to manage spam. Detailed information is shown below on how to navigate through the system. In most cases, you would log in to rescue something that was captured as spam but is actually non-spam (''ham'').
 +
 +
The simple steps for this are:
 +
 +
* Log in
 +
* Choose "'''Report/Rescue'''" from the welcome page
 +
* View the contents and rescue items as necessary.
 +
 +
 +
Full details are below!
 +
 
==Logging In==
 
==Logging In==
 
The login page can be found at
 
The login page can be found at
Line 6: Line 18:
 
[[Image:Mailguard-login1.png]]
 
[[Image:Mailguard-login1.png]]
  
==Quarantine==
+
 
 +
 
 +
 
 +
==Rescuing Mail==
 
The quarantine is where Spam is held.  
 
The quarantine is where Spam is held.  
  
 
* From the main page, choose the '''Report/Rescue''' link next to your '''spam cache'''.
 
* From the main page, choose the '''Report/Rescue''' link next to your '''spam cache'''.
 
[[Image:Mailguard-quarantine.png]]
 
[[Image:Mailguard-quarantine.png]]
 +
 +
 +
  
 
* You will be given a list of messages that were caught as spam. You can sort them by clicking on '''Score''', '''Received''', '''From''', '''Subject''' across the top of the screen. The example below is sorted by subject.
 
* You will be given a list of messages that were caught as spam. You can sort them by clicking on '''Score''', '''Received''', '''From''', '''Subject''' across the top of the screen. The example below is sorted by subject.
Line 16: Line 34:
 
[[Image:Mailguard-spam-quarantine.png]]
 
[[Image:Mailguard-spam-quarantine.png]]
  
 +
 +
 +
* You may set the radio buttons to Spam, Non-Spam, or Delete to manage several items at a time. Once you are sure, you may click "Confirm the status of these messages".
 
[[Image:Mailguard-confirm.png]]
 
[[Image:Mailguard-confirm.png]]
  
  
 +
 +
* If you need to see more details of a message, click on the subject line of the message to view the full message, and details as to why it was considered spam.
 
[[Image:Mailguard-spammessage.png]]
 
[[Image:Mailguard-spammessage.png]]
 +
 +
 +
 +
* Choose "Confirm this Non-Spam" to have the item immediately delivered to you. This will also whitelist the sending e-mail address!
 +
[[Image:Mailguard-spammessage-actions.png]]
 +
  
  
 
==Settings==
 
==Settings==
 +
 +
=== Profile Options ===
 +
[[Image:Mailguard-settings.png]]
 +
 +
 +
* ''Change Password'' - Change your password.
 +
 +
* ''Send Quarantine Reminder e-mail?'' - Send monthly reminder that you should look at your quarantine.
 +
 +
* ''Display graphical charts?'' - Display charts in the '''Statistics''' Area.
 +
 +
* ''Add senders of rescued mail to your whitelist?'' - If an email is rescued from the spam quarantine, should it be auto-whitelisted?
 +
 +
* ''Mail items to be displayed on each page'' - How many lines of spam to show when you're viewing the quarantine.
 +
 +
* ''Email Digest Interval?'' - Set to '''1440''' if you'd like to receive daily emails that show you what's in your quarantine. '''This is recommended! You will not have to manually log in to report and rescue spam!'''
 +
 +
 +
All other options should generally be left alone.
 +
 +
=== Spam Settings ===
 +
[[Image:Mailguard settings.png]]
 +
 +
* ''Virus Scanning'' - On or Off.
 +
 +
* ''Deteced Viruses should be..'' - Discarded is recommended. There are rarely/never false positives for Virus detection.
 +
 +
* ''Spam Filtering'' - On or Off.
 +
 +
* ''Detected spam should be..'' - '''Labeled''' is to label all spam and still deliver. '''Quarantined''' is to keep the message in the system, a user must log in to rescue/view.
 +
 +
* ''Add prefix to the subjects of spam?'' - Only used if '''Labeled''' is chosen above. This adds '''***SPAM***''' to the beginning of the subject line of Spam messages.
 +
 +
* ''Add X-Spam: Headers'' - Adds debugging information to the headers of email messages. The contents of the message are unchanged. This should be left as-is.
 +
 +
* ''Consider mail 'Spam' when score is'' - Threshold at which the system considers a message spam. The lower the number, the more the spam will be captured. The higher this number, more messages are let through.
 +
 +
* ''Quarantine Spam when score is'' - This is locked with the above setting.
 +
 +
* ''Attachment Type Filtering'' - Blindly filter based on unwanted attachment types, such as '''.exe''', '''.pif''', '''.com''', etc.
 +
 +
* ''Mail with dangerous attachments should be..'' - What to do if a bad attachment is found.
 +
 +
* ''Bad Header Filtering'' - Search messages for [http://tools.ietf.org/html/rfc2822 invalid headers].
 +
 +
* ''Mail with bad headers should be..'' - What to do if a bad header is found.
 +
 +
==Statistics==
 +
Choose '''Stats''' from the left navigation bar. You will be taken to your personal statistics first. To view system wide stats (shown below) choose '''View Systemwide Statistics''' at the bottom.
 +
 +
Much of this information is copied from the author's website: [http://www.maiamailguard.com/maia/wiki/StatsExplained http://www.maiamailguard.com/maia/wiki/StatsExplained].
 +
 +
 +
 +
[[Image:Mailguard-stats.png]]
 +
 +
 +
===Non-Spam (yellow)===
 +
Currently the Non-Spam area is '''disabled'''. This is used to train the system into learning what is spam and what is not. It is frequnetly mis-trained, so it is not enabled.
 +
 +
* ''Unconfirmed Non-spam'' - For users using the '''Ham-Cache''', how many items were left unconfirmed.
 +
 +
* ''Cofirmed Non-spam'' -  For users using the '''Ham-Cache''', how many items were confirmed.
 +
 +
* ''False Positives'' - For users using the '''Ham-Cache''', how many items the system did *NOT* catch as spam.
 +
 +
===Spam (Red)===
 +
* ''Suspected Spam'' - Email that the system considers to be spam.
 +
 +
* ''Confirmed Spam'' - Email that the system considers to be spam, and a user has manually '''confirmed''' it via the Quarantine.
 +
 +
* ''False Negatives'' - Email that the system considers to be spam, but a user has manually '''rescued''' it from the quarantine area.
 +
 +
===Other===
 +
 +
* ''Whitelisted Items'' - Email that hit users whitelists.
 +
 +
* ''BlacklistedItems'' - Email that hit users blacklists.
 +
 +
* ''Viruses/Malware'' - Email that had viruses in them.
 +
 +
* ''Banned Attachments'' - Email that had banned attachmeent types, such as '''.exe''', '''.com''', '''.pif''', etc.
 +
 +
* ''Invalid Mail Headers'' - Email that had headers that do not conform to [http://www.ietf.org/ RFC's].
 +
 +
* ''Oversized Items'' - Emails that are larger than the system limit to keep them in a cache (''10MB'').
 +
 +
=== Efficiency/Sensitivity ===
 +
 +
* ''[False Positive Rate = FP / (ham + spam + FP + FN)]'' - A False Positive in our case is a non-spam item that was mistakenly classified by SpamAssassin as spam. SpamAssassin's tests told us the item was spam, when in fact it was non-spam. With a spam filter, this is generally considered to be the worst kind of failure, since it can result in legitimate mail being quarantined, delaying its delivery.
 +
 +
* ''[False Negative Rate = FN / (ham + spam + FP + FN)]'' - A False Negative is the reverse--a spam item that was classified mistakenly as non-spam, and allowed to slip through the filter. SpamAssassin's tests suggested the item was non-spam, but it turned out to be spam. The practical impact of a false negative error is more spam in your mailbox.
 +
 +
* ''[Sensitivity = spam / (spam + FN)]'' - Sensitivity is the "true positive" rate. If it's actually spam, how likely is SpamAssassin to say it's spam? How much of the spam gets correctly identified as such? This is a measure of how accurately SpamAssassin identifies spam, but ignores its performance with regard to non-spam.
 +
 +
* ''[Specificity = ham / (ham + FP)]'' - Specificity is the "true negative" rate. If it's actually non-spam, how likely is SpamAssassin to say it's non-spam? How much of the non-spam gets correctly identified as such? This measures how well SpamAssassin identifies non-spam, ignoring its performance with regard to spam.
 +
 +
* ''[PPV = spam / (spam + FP)]'' - PPV is the Positive Predictive Value. If SpamAssassin says it's spam, how likely is it to actually be spam? If we only look at cases where SpamAssassin predicted spam, how often was it right? The more specific the test, the higher the PPV.
 +
 +
* ''[NPV = ham / (ham + FN)]'' - NPV is the Negative Predictive Value. If SpamAssassin says it's non-spam, how likely is it to actually be non-spam? If we only look at cases where SpamAssassin predicted non-spam, how often was it right? The more sensitive the test, the higher the NPV.
 +
 +
* ''[Efficiency = (spam + ham) / (spam + ham + FP + FN)]'' - Efficiency is the ratio of true positives and true negatives to total mail items processed--that is, the percentage of mail that was correctly classified. This is the best "overall" measure of a spam filter's performance, and it's what most people expect a vendor's claim to represent.
 +
 +
==Administrator Account==
 +
If you are logging in as an administrator, or any username that is '''not in the form of an email address''', there are a few extra steps you need to take to use the system. You must become the user you wish to view spam for. This may be an actual email address, or the catch-all account, such as '''@example.com'''.
 +
 +
* Choose '''Admin''' on the left:
 +
 +
[[Image:Mailguard-admin-button.png]]
 +
 +
 +
 +
* Simply click the '''Find Users''' button. This will show you any email accounts and domains that are associated with your account. If you have a lot of users, you may type in something more specific than the default asterisk symbol:
 +
 +
[[Image:Mailguard-admin-users.png]]
 +
 +
 +
 +
* The resulting page will look similar to below. If you have no user accounts, you will only see the domain account, which is '''@example.com''' below:
 +
 +
[[Image:Mailguard-admin-users-results.png]]
 +
 +
 +
 +
* When you choose the default domain account, you will see that on the left hand side, it now says '''Default User for Domain @example.com''':
 +
 +
[[Image:Mailguard-admin-defaultdomain.png]]
 +
 +
 +
You have now become the user. You may navigate the system like a normal user, editing white/blacklists, and rescuing spam. You may reset back to the administrator by clicking on '''Admin''' again.
 +
 +
==Mailguard Technology==
 +
SupraNet's Mailguard is a powerful spam fighting system. It uses the following [http://en.wikipedia.org/wiki/Open_source open source] technology to fight spam:
 +
 +
* [http://www.maiamailguard.com/ Maia Mailguard]
 +
* [http://www.postfix.org/ Postfix]
 +
* [http://www.mysql.com/ MySQL]
 +
* [http://www.ijs.si/software/amavisd/ Amavisd-new]
 +
* [http://spamassassin.apache.org/ SpamAssassin]
 +
* [http://www.clamav.net/ Clam Anti-Virus]
 +
* [http://en.wikipedia.org/wiki/DNSBL DNS Blacklists (RBL's)]
 +
* [http://www.greylisting.org/ Greylisting]
 +
* [http://www.surbl.org/ Spam URI Realtime Blocklists]

Latest revision as of 10:02, 10 January 2011

Mailguard Information

SupraNet's Mailguard system offers users a way for email users to manage spam. Detailed information is shown below on how to navigate through the system. In most cases, you would log in to rescue something that was captured as spam but is actually non-spam (ham).

The simple steps for this are:

  • Log in
  • Choose "Report/Rescue" from the welcome page
  • View the contents and rescue items as necessary.


Full details are below!

Logging In

The login page can be found at

Mailguard-login1.png



Rescuing Mail

The quarantine is where Spam is held.

  • From the main page, choose the Report/Rescue link next to your spam cache.

Mailguard-quarantine.png



  • You will be given a list of messages that were caught as spam. You can sort them by clicking on Score, Received, From, Subject across the top of the screen. The example below is sorted by subject.

Mailguard-spam-quarantine.png


  • You may set the radio buttons to Spam, Non-Spam, or Delete to manage several items at a time. Once you are sure, you may click "Confirm the status of these messages".

Mailguard-confirm.png


  • If you need to see more details of a message, click on the subject line of the message to view the full message, and details as to why it was considered spam.

Mailguard-spammessage.png


  • Choose "Confirm this Non-Spam" to have the item immediately delivered to you. This will also whitelist the sending e-mail address!

Mailguard-spammessage-actions.png


Settings

Profile Options

Mailguard-settings.png


  • Change Password - Change your password.
  • Send Quarantine Reminder e-mail? - Send monthly reminder that you should look at your quarantine.
  • Display graphical charts? - Display charts in the Statistics Area.
  • Add senders of rescued mail to your whitelist? - If an email is rescued from the spam quarantine, should it be auto-whitelisted?
  • Mail items to be displayed on each page - How many lines of spam to show when you're viewing the quarantine.
  • Email Digest Interval? - Set to 1440 if you'd like to receive daily emails that show you what's in your quarantine. This is recommended! You will not have to manually log in to report and rescue spam!


All other options should generally be left alone.

Spam Settings

Mailguard settings.png

  • Virus Scanning - On or Off.
  • Deteced Viruses should be.. - Discarded is recommended. There are rarely/never false positives for Virus detection.
  • Spam Filtering - On or Off.
  • Detected spam should be.. - Labeled is to label all spam and still deliver. Quarantined is to keep the message in the system, a user must log in to rescue/view.
  • Add prefix to the subjects of spam? - Only used if Labeled is chosen above. This adds ***SPAM*** to the beginning of the subject line of Spam messages.
  • Add X-Spam: Headers - Adds debugging information to the headers of email messages. The contents of the message are unchanged. This should be left as-is.
  • Consider mail 'Spam' when score is - Threshold at which the system considers a message spam. The lower the number, the more the spam will be captured. The higher this number, more messages are let through.
  • Quarantine Spam when score is - This is locked with the above setting.
  • Attachment Type Filtering - Blindly filter based on unwanted attachment types, such as .exe, .pif, .com, etc.
  • Mail with dangerous attachments should be.. - What to do if a bad attachment is found.
  • Mail with bad headers should be.. - What to do if a bad header is found.

Statistics

Choose Stats from the left navigation bar. You will be taken to your personal statistics first. To view system wide stats (shown below) choose View Systemwide Statistics at the bottom.

Much of this information is copied from the author's website: http://www.maiamailguard.com/maia/wiki/StatsExplained.


Mailguard-stats.png


Non-Spam (yellow)

Currently the Non-Spam area is disabled. This is used to train the system into learning what is spam and what is not. It is frequnetly mis-trained, so it is not enabled.

  • Unconfirmed Non-spam - For users using the Ham-Cache, how many items were left unconfirmed.
  • Cofirmed Non-spam - For users using the Ham-Cache, how many items were confirmed.
  • False Positives - For users using the Ham-Cache, how many items the system did *NOT* catch as spam.

Spam (Red)

  • Suspected Spam - Email that the system considers to be spam.
  • Confirmed Spam - Email that the system considers to be spam, and a user has manually confirmed it via the Quarantine.
  • False Negatives - Email that the system considers to be spam, but a user has manually rescued it from the quarantine area.

Other

  • Whitelisted Items - Email that hit users whitelists.
  • BlacklistedItems - Email that hit users blacklists.
  • Viruses/Malware - Email that had viruses in them.
  • Banned Attachments - Email that had banned attachmeent types, such as .exe, .com, .pif, etc.
  • Invalid Mail Headers - Email that had headers that do not conform to RFC's.
  • Oversized Items - Emails that are larger than the system limit to keep them in a cache (10MB).

Efficiency/Sensitivity

  • [False Positive Rate = FP / (ham + spam + FP + FN)] - A False Positive in our case is a non-spam item that was mistakenly classified by SpamAssassin as spam. SpamAssassin's tests told us the item was spam, when in fact it was non-spam. With a spam filter, this is generally considered to be the worst kind of failure, since it can result in legitimate mail being quarantined, delaying its delivery.
  • [False Negative Rate = FN / (ham + spam + FP + FN)] - A False Negative is the reverse--a spam item that was classified mistakenly as non-spam, and allowed to slip through the filter. SpamAssassin's tests suggested the item was non-spam, but it turned out to be spam. The practical impact of a false negative error is more spam in your mailbox.
  • [Sensitivity = spam / (spam + FN)] - Sensitivity is the "true positive" rate. If it's actually spam, how likely is SpamAssassin to say it's spam? How much of the spam gets correctly identified as such? This is a measure of how accurately SpamAssassin identifies spam, but ignores its performance with regard to non-spam.
  • [Specificity = ham / (ham + FP)] - Specificity is the "true negative" rate. If it's actually non-spam, how likely is SpamAssassin to say it's non-spam? How much of the non-spam gets correctly identified as such? This measures how well SpamAssassin identifies non-spam, ignoring its performance with regard to spam.
  • [PPV = spam / (spam + FP)] - PPV is the Positive Predictive Value. If SpamAssassin says it's spam, how likely is it to actually be spam? If we only look at cases where SpamAssassin predicted spam, how often was it right? The more specific the test, the higher the PPV.
  • [NPV = ham / (ham + FN)] - NPV is the Negative Predictive Value. If SpamAssassin says it's non-spam, how likely is it to actually be non-spam? If we only look at cases where SpamAssassin predicted non-spam, how often was it right? The more sensitive the test, the higher the NPV.
  • [Efficiency = (spam + ham) / (spam + ham + FP + FN)] - Efficiency is the ratio of true positives and true negatives to total mail items processed--that is, the percentage of mail that was correctly classified. This is the best "overall" measure of a spam filter's performance, and it's what most people expect a vendor's claim to represent.

Administrator Account

If you are logging in as an administrator, or any username that is not in the form of an email address, there are a few extra steps you need to take to use the system. You must become the user you wish to view spam for. This may be an actual email address, or the catch-all account, such as @example.com.

  • Choose Admin on the left:

Mailguard-admin-button.png


  • Simply click the Find Users button. This will show you any email accounts and domains that are associated with your account. If you have a lot of users, you may type in something more specific than the default asterisk symbol:

Mailguard-admin-users.png


  • The resulting page will look similar to below. If you have no user accounts, you will only see the domain account, which is @example.com below:

Mailguard-admin-users-results.png


  • When you choose the default domain account, you will see that on the left hand side, it now says Default User for Domain @example.com:

Mailguard-admin-defaultdomain.png


You have now become the user. You may navigate the system like a normal user, editing white/blacklists, and rescuing spam. You may reset back to the administrator by clicking on Admin again.

Mailguard Technology

SupraNet's Mailguard is a powerful spam fighting system. It uses the following open source technology to fight spam: