Friday, Apr 2, 2021
The dashboard gives a high level view of the overall mail traffic, the viruses/spam/malware detected and attachments blocked etc.
In addition a world map is displayed showing the choropleth view of the Email senders.
In addition a table of top countries that mail you are shown as well.
What is a modern product without high end analytics? SpamCheetah is no different. Several types of graphs and visual representation are available like
The trends in traffic and mail/spam/virus growth over time can easily be detected with such visual displays.
Custom graphs are not supported.
You can say that SpamCheetah is pivoted as a greylisting only product. But nowadays it is much more. But with the advent of cloud enabled mail servers that do not play well with greylisting SpamCheetah gives lot more options.
Greylisting is the best way to fight spam today to arrest the botnet spew. However that said, there are many other methods available as well. But this is by far the most effective way to combat spam as mail is not even allowed to enter the network unless you play by the rules which makes it financially and technically unattractive to nasty spammers.
The tarpitting feature/blacklisting is interesting too since it hurts know spammers sucking their resources. SpamCheetah supports a blacklistig only mode which has none of the mail delays associated with greylisting.
Log files in SpamCheeath can be divided into these:
Each of these logs give you detailed information on the internals happening in the product.
You have some basic log animation that is not annoying.
The mail actions screen allows you to perform one of 3 actions.
You can also selectively enable or disable virus scanning.
You also have ability to clear the quarantine of a particular user without waiting for the cron job that occurs weekly or as configured by the admin.
The mail engine screen helps you setup certain things like
It is not very wise to disable the flags without solid reason since they definitely add to the effectiveness of the product.
You can also setup sender/recipient blocking using our Mailbot system
The licensing screen displays your usage metrics that show/confirm compliance.
You can also activate your license key here and view the days left for next renewal.
In addition you shall also get alerted on email when time is near for you to renew the subscription.
SpamCheetah supports pattern matching of mail traffic transiting through the appliance either in body, header fields or attachment.
You can specify certain cuss words or terms that you decide are offensive for your customers.
However please note that this uses POSIX regex and can slow down things a bit.
The reporting screen is self explanatory. It has the ability to show tables of mail and quarantine traffic.
You can export to PDF of XLS.
The mails that are shown here are stored in an internal postgresql database.
Specifically there are 3 tables in the database.
Please note most spam mails do not even enter your network if you are running in greylisting mode.
The maintenance screens help you take actions like:
This is similar to the home MODEM admin interfaces you must be familiar with.
SpamCheetah does not require reboots as the data not saved in database are lost. So avoid rebooting if you can.
This is the most important screen of SpamCheetah. So this section is going to be long to reflect that fact. These are the items configured in this page.
You are expected to upload files in correct format. Then only SpamCheetah will be able to forward mails correctly.
There is also a convenience function to test that your internal mail server is reachable from SpamCheetah.
This screen is very simple and straight forward.
The user changes his password here. Nothing more to it.
The quarantine configuration is very simple and easy. Just setup the quarantine cron job schedule and the mail IDs for which you do not wish
The SMTP tools page gives you some pretty amazing tools to act as a looking glass into the whole world of SMTP/E-mail.
The traffic that flows through must be looked into from licensing compliance angle and for other purposes. Hence this screen shows some of the information from that perspective.
Greylisting is a very detailed approach to the spam problem and there are several articles on that topic here and elsewhere. SpamCheetah does what it can to show/expose the innards to the users. These are the fields of interest:
To understand the whole topic you need to understand how SMTP works at the standards level. The temporary rejection of 40X code is to be retried by every standards compliant mail server.
The issue for us however is that there are increasing number of mail senders that do not play fair with greylisting. They retry from different IP address but use the same sending address, they belong to the SPF of that sending domain. So in order to accommodate that SpamCheetah has a system to capture the SPF and whitelist them all, which can prevent inordinate delays.
Whitelisted IP addresses do not undergo the greylisting process. Whitelisted IP addresses bypass the winnowing or filtering done by greylisting and straight away talk to the proxy running inside SpamCheetah which delivers the mail quickly to the INBOX.
The idea of inboxing an external mail is what is solved by Whitelisting but you must use it wisely since just because an IP address hosting a mail server is playing fair today does not mean it will all the time…
SpamCheetah recommends not using this feature much unless absolutely necessary because SpamCheetah automatically whitelists IP addresses that are RFC 5321 compliant.
The idea of blackisting comes from knowing that a particular IP address or mail sender is a spam source and that it must never be able to talk to the SpamCheetah proxy.
By blacklisting we ensure that it always hits the tarpitting and stuttering fake SMTP server that sends a reject every time it attempts a mail delivery to us.
SpamCheetah supports a blacklist only mode for cases where greylisting is not ideal.
The clustering sub system relies on a Cisco standard derived from VRRP known as CARP or Common Address Redundancy Protocol.
It is very easy/trivial to do simple failover/redundancy. However this feature is not fully tested. So we do not recommend you to be using it for now.
Once the feature is well tested , we shall update on this website. Thanks for the patience.
SpamCheetah implements automatic mail responses like the vacation program. Specifically these commands are recognized.
Over time this feature will grow. Now this is tested only with these commands.
A mail is sent to mailbot@spamcheetah.my in a specified format. If you make a mistake you will get a notification.
The mail client must be configured with SpamCheetah user authentication and submission port for this to work.
Details are here.
The SMTP configuration for outgoing mail server is as follows: