MailEssentials is an industry-leading anti-spam and email security solution with multiple filters that can be configured independently to safeguard email users from SPAM and MALWARE.
This article provides the recommended "best practice" Filter Priority configuration for the various spam filters to maximize scanning efficiency and mitigate spam emails finding their way through to the user's mailboxes. Follow the given recommendations if still receiving spam emails despite having MailEssentials installed.
While every organization is different and may require some additional custom configuration of the filters depending on the type of spam emails received, as a general rule, the below prioritization is recommended, making sure all the filters are enabled. The order can be changed from the MailEssentials Configuration > Anti-Spam > Filter Priority.
- Directory Harvesting, IP DNS Blocklist, and IP Blocklist are each listed twice depending on if you are running in SMTP mode or in Full email mode.
- SMTP level filters can only be re-ordered with other SMTP filters but will remain on the top of the priority.
You can toggle the filtering mode for the SMTP-level filters from Full email to SMTP and back from GFI MailEssentials > Anti-Spam > Filter Priority then opening the SMTP Transmission Filtering tab. Use the Switch button to toggle the required setting.
SMTP level filtering terminates the email’s connection and therefore stops the download of the full email, economizing on bandwidth and processing resources. In this case, the connection is terminated immediately and emails are not required to go through any other anti-spam filters.
To make the best of SMTP Transmission filtering, use it when GFI MailEssentials is installed on an Internet gateway or when it is the first server to receive emails from the Internet.
Next, customize the default Filter Priority by clicking on to assign a higher priority or to assign a lower priority as described in Sorting Anti-Spam Filters by Priority progressively until the below prioritization is achieved:
- Directory Harvesting (SMTP mode) - Recommended mode for Directory Harvesting, use Full email mode only if necessary.
- Greylist (SMTP mode)
- IP Blocklist (SMTP mode)
- IP DNS Blocklist (SMTP mode) - If you have false positives, please change this to full email mode as it does not utilize the whitelist when in SMTP mode.
- IP Blocklist (Full Email mode)
- IP Whitelist
- Directory Harvesting (Full Email mode) - If unable to run in SMTP mode, only configure the Action for Delete, Send to an email address, or Move to a folder on disk.
- Anti Spoofing
- Sender Policy Framework
- Personal Email Blocklist
- Personal Email Whitelist
- Email Blocklist
- Keyword Whitelist
- Anti Phishing
- URI DNS Blocklist
- Bayesian Analysis
- Header Checking
- Spam Keyword Checking
- Language Detection
This prioritization provides the best chance to remove known bad emails from processing first (the SMTP level filters), then allows any explicitly defined IP addresses into the network. These IPs would be defined by your MailEssentials administrator.
Next, a check is done to make sure the email has not been spoofed with your domain, and a check against the SPF record to cut down on emails spoofed for other domains. Once finished, any email that has been blocked by a user is blocked (for only that user) then allowed.
This should prevent the issue as the Personal Blocklist prevents a single user from getting the email, then the personal whitelist allows a single user to get an email, followed by the domain-wide blocklist, then whitelist.
This ordering allows individual users to have some control over what they receive while still filtering the majority of spam as they are required to opt-in addresses to personally block or receive.
- Greylisting is a very effective filter for stopping zero-day spam and is the only filter capable of blocking the zero-day spam messages until the other filters are able to start blocking them. We have found that several major webmail providers and federal agencies are not compliant with the checks Greylisting does or take an unusually long time to reply to the Greylist check so several exclusions need to be added.
- In the MailEssentials Configuration > Anti Spam > Anti Spam Filters > Greylist > Email Exclusions, add the following as From addresses. *@gmail.com, *@yahoo.com, *@hotmail.com, *@msn.com, *@outlook.com. You will also want to make sure that under Options: Exclude email addresses and domains specified in Whitelist and Personal Whitelist is enabled. These changes will minimize the email delay when using the Greylist.
- Once you have the priority set, you will want to make sure the IP DNS Blocklist is set correctly. This can be set from the MailEssentials Configuration > Anti Spam > Anti Spam Filters > IP DNS Blocklist. bl.spamcop.net and dul.dnsbl.sorbs.net should be enabled by default. You will also want to add zen.spamhaus.org and b.barracudacentral.org if necessary. Note that you need to sign up for the barracuda blocklist at barracudacentral.org and click Request access. The IP address it is requesting is the external IP used by your MailEssentials server.
- The Bayesian Analysis filter can also block a large number of these spam messages as they tend to be the same "type" of spam messages. Please check the link for information on training the database.