Search This Blog

18 October 2009

Log Spam Filtering using Security Gateway for Exchange/SMTP Srever

Using Security Gateway for Exchange/SMTP Server give administrator easy of monitoring and blocking spam email from internet. This is example of spam filtering process:

Sun 2009-10-18 06:07:58: ========== Processing DATA scripts for recipient: user@domainname.com
Sun 2009-10-18 06:07:58: -- Executing: Blacklist --
Sun 2009-10-18 06:07:58: -- End: Blacklist (0.000020 seconds) --
Sun 2009-10-18 06:07:58: -- Executing: Anti-Virus --
Sun 2009-10-18 06:07:58: Passing message through anti-virus (Size: 2311)...
Sun 2009-10-18 06:07:58: * Scanning message using: ClamAV for SecurityGateway
Sun 2009-10-18 06:07:58: * Message is clean (no viruses found)
Sun 2009-10-18 06:07:58: -- End: Anti-Virus (0.054851 seconds) --
Sun 2009-10-18 06:07:58: -- Executing: Sender ID --
Sun 2009-10-18 06:07:58: Performing Sender ID lookup (kpchr.org / 192.168.0.27)
Sun 2009-10-18 06:07:58: * Result: none; no SPF record in DNS
Sun 2009-10-18 06:07:58: -- End: Sender ID (0.089971 seconds) --
Sun 2009-10-18 06:07:58: -- Executing: DomainKeys and DKIM --
Sun 2009-10-18 06:07:58: Performing DomainKeys lookup (Sender: handbags@kpchr.org)
Sun 2009-10-18 06:07:58: * Message does not contain a valid DomainKeys signature
Sun 2009-10-18 06:07:58: * Querying for policy: kpchr.org
Sun 2009-10-18 06:07:59: * DomainKeys policy record not found (_domainkey.kpchr.org)
Sun 2009-10-18 06:07:59: * Result: neutral
Sun 2009-10-18 06:07:59: Performing DKIM lookup
Sun 2009-10-18 06:07:59: * Message does not contain a valid DKIM signature
Sun 2009-10-18 06:07:59: * DKIM ADSP record not found (_adsp._domainkey.kpchr.org)
Sun 2009-10-18 06:07:59: * Result: neutral
Sun 2009-10-18 06:07:59: -- End: DomainKeys and DKIM (0.827972 seconds) --
Sun 2009-10-18 06:07:59: -- Executing: URI Blacklists (URIBL) --
Sun 2009-10-18 06:07:59: Cannot perform VBR certification as message does not contain certification data
Sun 2009-10-18 06:08:00: Contains URI listed at SURBL WS [URIs: glasskask.com]
Sun 2009-10-18 06:08:00: Contains URI listed at SURBL AB [URIs: glasskask.com]
Sun 2009-10-18 06:08:00: Contains URI listed at SURBL JP [URIs: glasskask.com]
Sun 2009-10-18 06:08:00: Contains URI listed at URIBL Black [URIs: glasskask.com]
Sun 2009-10-18 06:08:00: ** Adding 28.00 to message score
Sun 2009-10-18 06:08:00: -- End: URI Blacklists (URIBL) (1.004360 seconds) --
Sun 2009-10-18 06:08:00: -- Executing: SpamAssassin --
Sun 2009-10-18 06:08:00: Passing message through SpamAssassin...
Sun 2009-10-18 06:08:04: * 2.9 REPLICA_WATCH BODY: Message talks about a replica watch
Sun 2009-10-18 06:08:04: * 2.6 BAYES_60 BODY: Bayesian spam probability is 60 to 80%
Sun 2009-10-18 06:08:04: * [score: 0.7091]
Sun 2009-10-18 06:08:04: * 0.0 HTML_MESSAGE BODY: HTML included in message
Sun 2009-10-18 06:08:04: * 4.0 URIBL_SBL Contains an URL listed in the SBL blocklist
Sun 2009-10-18 06:08:04: * [URIs: glasskask.com]
Sun 2009-10-18 06:08:04: * 8.0 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
Sun 2009-10-18 06:08:04: * [URIs: glasskask.com]
Sun 2009-10-18 06:08:04: * 8.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
Sun 2009-10-18 06:08:04: * [URIs: glasskask.com]
Sun 2009-10-18 06:08:04: * 3.0 URIBL_BLACK Contains a URL listed in the URIBL.com blacklist
Sun 2009-10-18 06:08:04: * [URIs: glasskask.com]
Sun 2009-10-18 06:08:04: * 9.0 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
Sun 2009-10-18 06:08:04: * [URIs: glasskask.com]
Sun 2009-10-18 06:08:04: ** Adding 37.50 to message score
Sun 2009-10-18 06:08:04: -- End: SpamAssassin (4.058667 seconds) --
Sun 2009-10-18 06:08:04: -- Executing: Attachment Filtering --
Sun 2009-10-18 06:08:04: -- End: Attachment Filtering (0.000075 seconds) --
Sun 2009-10-18 06:08:04: -- Executing: Message Score --
Sun 2009-10-18 06:08:04: ** Reject 550
Sun 2009-10-18 06:08:04: -- End: Message Score (0.000057 seconds) --
Sun 2009-10-18 06:08:04: * Final Score: 65.50
Sun 2009-10-18 06:08:04: ========== End DATA scripts
Sun 2009-10-18 06:08:04: --> 550 Sorry, this message looks like spam
Sun 2009-10-18 06:08:04: SMTP session terminated (Bytes in/out: 2412/373)
Sun 2009-10-18 06:08:04: ----------

If email message body contain blacklist URI, then Security Gateway for Exchange/SMTP Server will add spam score to the message. If spam score more than 5 then this email will be quanrantined or rejected by Security Gateway for Exchange/SMTP Server automatically.

Posted by pasirjati at 10/18/2009 0 comments
Labels:
Subscribe to: Posts (Atom)