SpamCheetah user manual

SpamCheetah web interface

Dashboard metrics and world map view

Dashboard display

The dashboard gives a high level view of the overall mail traffic, the viruses/spam/malware detected and attachments blocked etc.

In addition a world map is displayed showing the choropleth view of the Email senders.

In addition a table of top countries that mail you are shown as well.

Top menu Live statistics

Back to contents

Graphs charts and pictorial representation of data

Line chart Live display Mail traffic periodic All graphs

What is a modern product without high end analytics? SpamCheetah is no different. Several types of graphs and visual representation are available like

  • Pie charts
  • Bar charts
  • Scatter charts
  • Real time graphs
  • Query time range

The trends in traffic and mail/spam/virus growth over time can easily be detected with such visual displays.

Custom graphs are not supported.

Back to contents

Greylisting configuration

Greylisting blacklist Configure greylisting View greylisting Whitelisting

You can say that SpamCheetah is pivoted as a greylisting only product. But nowadays it is much more. But with the advent of cloud enabled mail servers that do not play well with greylisting SpamCheetah gives lot more options.

Greylisting is the best way to fight spam today to arrest the botnet spew. However that said, there are many other methods available as well. But this is by far the most effective way to combat spam as mail is not even allowed to enter the network unless you play by the rules which makes it financially and technically unattractive to nasty spammers.

The tarpitting feature/blacklisting is interesting too since it hurts know spammers sucking their resources. SpamCheetah supports a blacklistig only mode which has none of the mail delays associated with greylisting.

Back to contents


Log monitoring SMTP tools Train spam mails

Log files in SpamCheeath can be divided into these:

  • Broker logs
  • SMTP handshake logs
  • Edit logs
  • Syslog[/var/log/messages] logs

Each of these logs give you detailed information on the internals happening in the product.

You have some basic log animation that is not annoying.

Back to contents

Mail actions configuration screen

Mail actions

The mail actions screen allows you to perform one of 3 actions.

  • Pass with subject tagging
  • Drop
  • Quarantine

You can also selectively enable or disable virus scanning.

You also have ability to clear the quarantine of a particular user without waiting for the cron job that occurs weekly or as configured by the admin.

Back to contents

Mail engine configuration screen

Mail engine

The mail engine screen helps you setup certain things like

  • Sender blocking
  • Recipient blocking
  • MIME type/attachment blocking
  • Disclaimer text
  • Disclaimer exception MailIDs
  • SPF check flag
  • DKIM check flag
  • RBL check flag

It is not very wise to disable the flags without solid reason since they definitely add to the effectiveness of the product.

You can also setup sender/recipient blocking using our Mailbot system

Back to contents

Licensing configuration screen

Licensing of SpamCheetah

The licensing screen displays your usage metrics that show/confirm compliance.

You can also activate your license key here and view the days left for next renewal.

In addition you shall also get alerted on email when time is near for you to renew the subscription.

Back to contents

Pattern matching configuration screen

Pattern matching

SpamCheetah supports pattern matching of mail traffic transiting through the appliance either in body, header fields or attachment.

You can specify certain cuss words or terms that you decide are offensive for your customers.

However please note that this uses POSIX regex and can slow down things a bit.

Back to contents

Reporting tools tables/export to PDF

Mails metadata db Quarantine db entries Spamrejects DB Reporting of license traffic

The reporting screen is self explanatory. It has the ability to show tables of mail and quarantine traffic.

You can export to PDF of XLS.

The mails that are shown here are stored in an internal postgresql database.

Specifically there are 3 tables in the database.

  • Mails
  • Quarantined mails
  • Rejected mails

Please note most spam mails do not even enter your network if you are running in greylisting mode.

Back to contents

Maintenance and diagnostics reboot/shutdown

Maintenance reboot/shutdown

The maintenance screens help you take actions like:

  • Backup config
  • Restore config
  • Apply defaults
  • Shutdown
  • Reboot

This is similar to the home MODEM admin interfaces you must be familiar with.

SpamCheetah does not require reboots as the data not saved in database are lost. So avoid rebooting if you can.

Back to contents

Network configuration

Network heavyduty Network standard Quarantine

This is the most important screen of SpamCheetah. So this section is going to be long to reflect that fact. These are the items configured in this page.

  • Your full name
  • Your e-mail address
  • Hostname
  • IP address of appliance
  • Network mask
  • Default gateway
  • IP address of Internal mail server
  • Submission port(587) enabled flag on mail server
  • Timezone
  • Static network routes
  • IP address aliases
  • Domains served by standard edition
  • Mapping of domains/IP address of MTA for heavyduty edition

You are expected to upload files in correct format. Then only SpamCheetah will be able to forward mails correctly.

There is also a convenience function to test that your internal mail server is reachable from SpamCheetah.

Back to contents

Change admin passsword

Profile & mailbot setting

This screen is very simple and straight forward.

The user changes his password here. Nothing more to it.

Back to contents

Configure E-mail quarantine

Quarantine mailer User quarantine

The quarantine configuration is very simple and easy. Just setup the quarantine cron job schedule and the mail IDs for which you do not wish

Quarantine reporting screen

Quarantine db entries

Back to contents

SMTP tools

SMTP tools

The SMTP tools page gives you some pretty amazing tools to act as a looking glass into the whole world of SMTP/E-mail.

  • SMTP connect check
  • Ping
  • Swaks(Swiss army knife) test
  • SMTP load test
  • SPF walk
  • MX lookup
  • Send E-mail to test reputation

Back to contents

Traffic statistics

Mail traffic periodic

The traffic that flows through must be looked into from licensing compliance angle and for other purposes. Hence this screen shows some of the information from that perspective.

Back to contents

View greylisting details

View greylisting

Greylisting is a very detailed approach to the spam problem and there are several articles on that topic here and elsewhere. SpamCheetah does what it can to show/expose the innards to the users. These are the fields of interest:

  • HELO string
  • Remote IP address
  • Mail sender
  • Mail recipient
  • Time first seen
  • Number of retries
  • Time of expiry

To understand the whole topic you need to understand how SMTP works at the standards level. The temporary rejection of 40X code is to be retried by every standards compliant mail server.

The issue for us however is that there are increasing number of mail senders that do not play fair with greylisting. They retry from different IP address but use the same sending address, they belong to the SPF of that sending domain. So in order to accommodate that SpamCheetah has a system to capture the SPF and whitelist them all, which can prevent inordinate delays.

Back to contents

Whitelisting and greylisting

Whitelisting IP addresses

Whitelisted IP addresses do not undergo the greylisting process. Whitelisted IP addresses bypass the winnowing or filtering done by greylisting and straight away talk to the proxy running inside SpamCheetah which delivers the mail quickly to the INBOX.

The idea of inboxing an external mail is what is solved by Whitelisting but you must use it wisely since just because an IP address hosting a mail server is playing fair today does not mean it will all the time…

SpamCheetah recommends not using this feature much unless absolutely necessary because SpamCheetah automatically whitelists IP addresses that are RFC 5321 compliant.

Back to contents

Blacklisting and greylisting

Greylisting blacklist

The idea of blackisting comes from knowing that a particular IP address or mail sender is a spam source and that it must never be able to talk to the SpamCheetah proxy.

By blacklisting we ensure that it always hits the tarpitting and stuttering fake SMTP server that sends a reject every time it attempts a mail delivery to us.

SpamCheetah supports a blacklist only mode for cases where greylisting is not ideal.

Back to contents

Clustering of nodes within a LAN


The clustering sub system relies on a Cisco standard derived from VRRP known as CARP or Common Address Redundancy Protocol.

It is very easy/trivial to do simple failover/redundancy. However this feature is not fully tested. So we do not recommend you to be using it for now.

Once the feature is well tested , we shall update on this website. Thanks for the patience.

Back to contents

Mailbot instrumentation

SpamCheetah implements automatic mail responses like the vacation program. Specifically these commands are recognized.

  • Sender blocking Add
  • Recipient blocking Add
  • Sender blocking Remove
  • Recipient blocking Remove
  • Report spam text in email

Over time this feature will grow. Now this is tested only with these commands.

A mail is sent to in a specified format. If you make a mistake you will get a notification.

The mail client must be configured with SpamCheetah user authentication and submission port for this to work.

Details are here.

The SMTP configuration for outgoing mail server is as follows:

  • SMTP server (IP address of SpamCheetah)
  • SMTP auth username: bot
  • SMTP auth password: (password set in web interface)

Diagnostic latency graphs Login screen

Back to contents

Live web interface of SpamCheetah