SpamCheetah user manual

Dashboard

Dashboard screen with world map display

Graphs/charts

Dashboard screen with world map display

Configure Greylisting

Dashboard screen with world map display

Logging/backend monitoring

Logging/backend monitoring

Mail actions

Take specific actions

Mail engine

Mail engine configuration

Licensing

Licensing information page

Pattern matching

Matching on regular expressions

complete
  • Web interface video
  • Dashboard metrics and world map view

    dashboard

    The dashboard gives a high level view of the overall mail traffic, the viruses/spam/malware detected and attachments blocked etc.

    In addition a world map is displayed showing the choropleth view of the Email senders.

    In addition a table of top countries that mail you are shown as well.

    top menu Live statistics

    Back to contents

    Graphs charts and pictorial representation of data

    line chart Live display Mail traffic periodic All graphs

    What is a modern product without high end analytics? SpamCheetah is no different. Several types of graphs and visual representation are available like

    The trends in traffic and mail/spam/virus growth over time can easily be detected with such visual displays.

    Custom graphs are not supported.

    Back to contents

    Greylisting configuration

    Greylisting blacklist configure greylisting View greylisting Whitelisting

    You can say that SpamCheetah is pivoted as a greylisting only product. But nowadays it is much more. But with the advent of cloud enabled mail servers that do not play well with greylisting SpamCheetah gives lot more options.

    Greylisting is the best way to fight spam today to arrest the botnet spew. However that said, there are many other methods available as well. But this is by far the most effective way to combat spam as mail is not even allowed to enter the network unless you play by the rules which makes it financially and technically unattractive to nasty spammers.

    The tarpitting feature/blacklisting is interesting too since it hurts know spammers sucking their resources. SpamCheetah supports a blacklistig only mode which has none of the mail delays associated with greylisting.

    Back to contents

    Tools/logs/monitoring

    Log monitoring smtp tools Train spam mails

    Log files in SpamCheeath can be divided into these:

    Each of these logs give you detailed information on the internals happening in the product.

    You have some basic log animation that is not annoying.

    Back to contents

    Mail actions configuration screen

    Mail actions

    The mail actions screen allows you to perform one of 3 actions.

    You can also selectively enable or disable virus scanning.

    You also have ability to clear the quarantine of a particular user without waiting for the cron job that occurs weekly or as configured by the admin.

    Back to contents

    Mail engine configuration screen

    Mail engine

    The mail engine screen helps you setup certain things like

    It is not very wise to disable the flags without solid reason since they definitely add to the effectiveness of the product.

    You can also setup sender/recipient blocking using our mailbot system .

    Back to contents

    Licensing configuration screen

    Licensing of SpamCheetah

    The licensing screen displays your usage metrics that show/confirm compliance.

    You can also activate your license key here and view the days left for next renewal.

    In addition you shall also get alerted on email when time is near for you to renew the subscription.

    Back to contents

    Pattern matching configuration screen

    Pattern matching

    SpamCheetah supports pattern matching of mail traffic transiting through the appliance either in body, header fields or attachment.

    You can specify certain cuss words or terms that you decide are offensive for your customers.

    However please note that this uses POSIX regex and can slow down things a bit.

    Back to contents

    Reporting tools tables/export to PDF

    mails metadata db quarantine db entries Spamrejects db reporting of license traffic

    The reporting screen is self explanatory. It has the ability to show tables of mail and quarantine traffic.

    You can export to PDF of XLS.

    The mails that are shown here are stored in an internal postgresql database.

    Specifically there are 3 tables in the database.

    Please note most spam mails do not even enter your network if you are running in greylisting mode.

    Back to contents

    Maintenance and diagnostics reboot/shutdown

    maintenance reboot/shutdown

    The maintenance screens help you take actions like:

    This is similar to the home MODEM admin interfaces you must be familiar with.

    SpamCheetah does not require reboots as the data not saved in database are lost. So avoid rebooting if you can.

    Back to contents

    Network configuration

    Network heavyduty Network standard quarantine

    This is the most important screen of SpamCheetah. So this section is going to be long to reflect that fact. These are the items configured in this page.

    You are expected to upload files in correct format. Then only SpamCheetah will be able to forward mails correctly.

    There is also a convenience function to test that your internal mail server is reachable from SpamCheetah.

    Back to contents

    Change admin passsword

    Profile & mailbot setting

    This screen is very simple and straight forward.

    The user changes his password here. Nothing more to it.

    Back to contents

    Configure E-mail quarantine

    Quarantine mailer User quarantine

    The qurantine configuration is very simple and easy. Just setup the quarantine cron job schedule and the mail IDs for which you do not wish

    Quarantine reporting screen

    quarantine db entries

    Back to contents

    SMTP tools

    smtp tools

    The SMTP tools page gives you some pretty amazing tools to act as a looking glass into the whole world of SMTP/E-mail.

    The ability to diagnose Email problems is quite important for any system administrator. But this list is even more interesting when used on our website.

    The most interesting feature is the mail reports feature inspired from Mail Tester.

    Back to contents

    Traffic statistics

    Mail traffic periodic

    The traffic that flows through must be looked into from licensing compliance angle and for other purposes. Hence this screen shows some of the information from that perspective.

    Back to contents

    View greylisting details

    View greylisting

    Greylisting is a very detailed approach to the spam problem and there are several articles on that topic here and elsewhere. SpamCheetah does what it can to show/expose the innards to the users. These are the fields of interest:

    To understand the whole topic you need to understand how SMTP works at the standards level. The temporary rejection of 40X code is to be retried by every standards compliant mail server.

    The issue for us however is that there are increasing number of mail senders that do not play fair with greylisting. They retry from different IP address but use the same sending address, they belong to the SPF of that sending domain. So in order to accommodate that SpamCheetah has a system to capture the SPF and whitelist them all, which can prevent inordinate delays.

    Back to contents

    Whitelisting and greylisting

    Whitelisting

    Whitelisted IP addresses do not undergo the greylisting process. Whitelisted IP addresses bypass the winnowing or filtering done by greylisting and straight away talk to the proxy running inside SpamCheetah which delivers the mail quickly to the INBOX.

    The idea of inboxing an external mail is what is solved by Whitelisting but you must use it wisely since just because an IP address hosting a mail server is playing fair today does not mean it will all the time...

    SpamCheetah recommends not using this feature much unless absolutely necessary because SpamCheetah automatically whitelists IP addresses that are RFC 5321 compliant.

    Back to contents

    Blacklisting and greylisting

    Greylisting blacklist

    The idea of blackisting comes from knowing that a particular IP address or mail sender is a spam source and that it must never be able to talk to the SpamCheetah proxy.

    By blacklisting we ensure that it always hits the tarpitting and stuttering fake SMTP server that sends a reject every time it attempts a mail delivery to us.

    SpamCheetah supports a blacklist only mode for cases where greylisting is not ideal.

    Back to contents

    Clustering of nodes within a LAN

    Clustering

    The clustering sub system relies on a Cisco standard derived from VRRP known as CARP or Common Address Redundancy Protocol. It is very easy/trivial to do simple failover/redundancy. However this feature is not fully tested. So we do not recommend you to be using it for now.

    Once the feature is well tested , we shall update on this website. Thanks for the patience.

    Back to contents

    Mailbot instrumentation

    SpamCheetah implements automatic mail responses like the vacation program. Specifically these commands are recognized.

    Over time this feature will grow. Now this is tested only with these commands.

    A mail is sent to mailbot@spamcheetah.my in a specified format. If you make a mistake you will get a notification.

    The mail client must be configured with SpamCheetah user authentication and submission port for this to work. Details are here.

    The SMTP configuration for outgoing mail server is as follows:

    diag latency graphs Login screen

    Back to contents

    Live web interface of SpamCheetah