SpamCheetah secure email gateway user guide
Friday, Apr 2, 2021
Table of contents
SpamCheetah user manual
Dashboard metrics and world map view
The dashboard gives a high level view of the overall mail traffic, the viruses/spam/malware detected and attachments blocked etc.
In addition a world map is displayed showing the choropleth view of the Email senders.
In addition a table of top countries that mail you are shown as well.
Graphs charts and pictorial representation of data
What is a modern product without high end analytics? SpamCheetah is no different. Several types of graphs and visual representation are available like
- Pie charts
- Bar charts
- Scatter charts
- Real time graphs
- Query time range
The trends in traffic and mail/spam/virus growth over time can easily be detected with such visual displays.
Custom graphs are not supported.
Greylisting configuration
You can say that SpamCheetah is pivoted as a greylisting only product. But nowadays it is much more. But with the advent of cloud enabled mail servers that do not play well with greylisting SpamCheetah gives lot more options.
Greylisting is the best way to fight spam today to arrest the botnet spew. However that said, there are many other methods available as well. But this is by far the most effective way to combat spam as mail is not even allowed to enter the network unless you play by the rules which makes it financially and technically unattractive to nasty spammers.
The tarpitting feature/blacklisting is interesting too since it hurts know spammers sucking their resources. SpamCheetah supports a blacklistig only mode which has none of the mail delays associated with greylisting.
Tools/logs/monitoring
Log files in SpamCheeath can be divided into these:
- Broker logs
- SMTP handshake logs
- Edit logs
- Syslog[/var/log/messages] logs
Each of these logs give you detailed information on the internals happening in the product.
You have some basic log animation that is not annoying.
Mail actions configuration screen
The mail actions screen allows you to perform one of 3 actions.
- Pass with subject tagging
- Drop
- Quarantine
You can also selectively enable or disable virus scanning.
You also have ability to clear the quarantine of a particular user without waiting for the cron job that occurs weekly or as configured by the admin.
Mail engine configuration screen
The mail engine screen helps you setup certain things like
- Sender blocking
- Recipient blocking
- MIME type/attachment blocking
- Disclaimer text
- Disclaimer exception MailIDs
- SPF check flag
- DKIM check flag
- RBL check flag
It is not very wise to disable the flags without solid reason since they definitely add to the effectiveness of the product.
You can also setup sender/recipient blocking using our Mailbot system
Licensing configuration screen
The licensing screen displays your usage metrics that show/confirm compliance.
You can also activate your license key here and view the days left for next renewal.
In addition you shall also get alerted on email when time is near for you to renew the subscription.
Pattern matching configuration screen
SpamCheetah supports pattern matching of mail traffic transiting through the appliance either in body, header fields or attachment.
You can specify certain cuss words or terms that you decide are offensive for your customers.
However please note that this uses POSIX regex and can slow down things a bit.
Reporting tools tables/export to PDF
The reporting screen is self explanatory. It has the ability to show tables of mail and quarantine traffic.
You can export to PDF of XLS.
The mails that are shown here are stored in an internal postgresql database.
Specifically there are 3 tables in the database.
- Mails
- Quarantined mails
- Rejected mails
Please note most spam mails do not even enter your network if you are running in greylisting mode.
Maintenance and diagnostics reboot/shutdown
The maintenance screens help you take actions like:
- Backup config
- Restore config
- Apply defaults
- Shutdown
- Reboot
This is similar to the home MODEM admin interfaces you must be familiar with.
SpamCheetah does not require reboots as the data not saved in database are lost. So avoid rebooting if you can.
Network configuration
This is the most important screen of SpamCheetah. So this section is going to be long to reflect that fact. These are the items configured in this page.
- Your full name
- Your e-mail address
- Hostname
- IP address of appliance
- Network mask
- Default gateway
- IP address of Internal mail server
- Submission port(587) enabled flag on mail server
- Timezone
- Static network routes
- IP address aliases
- Domains served by standard edition
- Mapping of domains/IP address of MTA for heavyduty edition
You are expected to upload files in correct format. Then only SpamCheetah will be able to forward mails correctly.
There is also a convenience function to test that your internal mail server is reachable from SpamCheetah.
Change admin passsword
This screen is very simple and straight forward.
The user changes his password here. Nothing more to it.
Configure E-mail quarantine
The quarantine configuration is very simple and easy. Just setup the quarantine cron job schedule and the mail IDs for which you do not wish
Quarantine reporting screen
SMTP tools
The SMTP tools page gives you some pretty amazing tools to act as a looking glass into the whole world of SMTP/E-mail.
- SMTP connect check
- Ping
- Swaks(Swiss army knife) test
- SMTP load test
- SPF walk
- MX lookup
- Send E-mail to test reputation
Traffic statistics
The traffic that flows through must be looked into from licensing compliance angle and for other purposes. Hence this screen shows some of the information from that perspective.
View greylisting details
Greylisting is a very detailed approach to the spam problem and there are several articles on that topic here and elsewhere. SpamCheetah does what it can to show/expose the innards to the users. These are the fields of interest:
- HELO string
- Remote IP address
- Mail sender
- Mail recipient
- Time first seen
- Number of retries
- Time of expiry
To understand the whole topic you need to understand how SMTP works at the standards level. The temporary rejection of 40X code is to be retried by every standards compliant mail server.
The issue for us however is that there are increasing number of mail senders that do not play fair with greylisting. They retry from different IP address but use the same sending address, they belong to the SPF of that sending domain. So in order to accommodate that SpamCheetah has a system to capture the SPF and whitelist them all, which can prevent inordinate delays.
Whitelisting and greylisting
Whitelisted IP addresses do not undergo the greylisting process. Whitelisted IP addresses bypass the winnowing or filtering done by greylisting and straight away talk to the proxy running inside SpamCheetah which delivers the mail quickly to the INBOX.
The idea of inboxing an external mail is what is solved by Whitelisting but you must use it wisely since just because an IP address hosting a mail server is playing fair today does not mean it will all the time…
SpamCheetah recommends not using this feature much unless absolutely necessary because SpamCheetah automatically whitelists IP addresses that are RFC 5321 compliant.
Blacklisting and greylisting
The idea of blackisting comes from knowing that a particular IP address or mail sender is a spam source and that it must never be able to talk to the SpamCheetah proxy.
By blacklisting we ensure that it always hits the tarpitting and stuttering fake SMTP server that sends a reject every time it attempts a mail delivery to us.
SpamCheetah supports a blacklist only mode for cases where greylisting is not ideal.
Clustering of nodes within a LAN
The clustering sub system relies on a Cisco standard derived from VRRP known as CARP or Common Address Redundancy Protocol.
It is very easy/trivial to do simple failover/redundancy. However this feature is not fully tested. So we do not recommend you to be using it for now.
Once the feature is well tested , we shall update on this website. Thanks for the patience.
Mailbot instrumentation
SpamCheetah implements automatic mail responses like the vacation program. Specifically these commands are recognized.
- Sender blocking Add
- Recipient blocking Add
- Sender blocking Remove
- Recipient blocking Remove
- Report spam text in email
Over time this feature will grow. Now this is tested only with these commands.
A mail is sent to mailbot@spamcheetah.my in a specified format. If you make a mistake you will get a notification.
The mail client must be configured with SpamCheetah user authentication and submission port for this to work.
Details are here.
The SMTP configuration for outgoing mail server is as follows:
- SMTP server (IP address of SpamCheetah)
- SMTP auth username: bot
- SMTP auth password: (password set in web interface)
