| 1622 |
|
Implementation of a Spam Probes Managed List
We have identified a number of Spammers who as a means to clean their address lists, have been sending out large numbers of emails containing random dictionary words. This technote describes how to set up a text analyser scenario to detect them.
|
| 1620 |
|
Detection of PDF image spam
This technote describes a combination of two managed lists to detect PDF image spam and to release false positives.
|
| 1619 |
|
Why is the timestamp for Spamlogic signatures displaying an old date and time in the MIMEsweeper for SMTP V5.2 SP2 UI?
Customers have reported an issue with the timestamp for SpamLogic signatures in our V5.2 SP2 UI - which now no longer displays the latest timestamp and will display a timestamp similar too:
Last database update occurred 11/03/2007 00:19:47
|
| 1618 |
|
How does the Spamlogic Signature Service work?
This technote details the location of files and logs used and created by the Spamlogic Signature Service
|
| 1617 |
|
How can I troubleshoot updates for SpamLogic signatures and managed lists?
The MIMEsweeper for SMTP 5.2.7 and later has the ability to automatically update the SpamLogic signatures and Managed lists.
|
| 1616 |
|
How to use the Emergency_backup.zip for Disaster Recovery of a PCS ?
It is possible to use the emergencybackup.zip situated in C:\Program files\Clearswift\MIMEsweeper for SMTP\Data\configuration\server\Backup to restore a PCS server with a standard license.
|
| 1614 |
|
How can I use Banned Hosts to allow only specific hosts to connect?
Banned Hosts are SMTP host machines from which no email messages will be accepted. This option is typically used to block Spam mail from undesirable hosts.
Some customers use Banned Hosts to block all SMTP hosts, whilst allowing access from a particular subnet.
e.g.
!10.10.10.*
*.*.*.*
NOTE: You specify exceptions to a banned host entry by adding an entry for the allowed host(s) and preceding it with an exclamation mark (!). You should place the negated entry for the exception above the entry for the banned host.
When using this type of block-all-but-allow-some format it is possible for some valid machines to be blocked unexpectedly.
|
| 1613 |
|
How to install an additional PS not using the default Database instance name?
When installing an additional server, where the instance name in not the default the error occurs at point of installing:
Cannot start service PMIIS on Computer
“The dependency service does not exist or has been marked for deletion”
|
| 1611 |
|
How to detect references to PDF files used in Cross-site Scripting Attacks
PDF (Portable Document Format) files can be used in a new highly dangerous vector to launch Cross-site scripting attacks. The attacker does not need access to the PDF file, but merely provides a reference to a valid (and in itself perfectly innocent) file on any accessible website. If the reference to the file is crafted correctly potentially malicious Javascript appended to the reference can be executed if the PDF file is downloaded into the browser.
|
| 1601 |
|
Aggressive policy to detect image-based spam with a combination of Data Type Managers and Text Analysis.
Image-based 'Penny Stock' spam, and indeed image-based spam in general, has undergone rapid changes recently, and will continue to evolve rapidly. Use of Text analysis to detect characteristics of the SMTP header and the HTML has provided a degree of success, and is highly recommended. (See technote http://www.clearswift.com/support/technotes/item.aspx?ID=1574)
At times, however, the margins used to distinguish between image-based spam and legitimate business mail has narrowed to the point where the risk of false positives and the processing overhead can be problematic. This TechNote outlines an alternative, effective, and fast approach to blocking image based spam, using multiple scenarios.
PLEASE NOTE: The method will generate some degree of false positives, especially with newsletters, and other HTML based messages with embedded images. However, we outline a method of using text analysis to limit this (this will require customer-end management)
In addition, as this is a very aggressive policy, so it may be more appropriate to apply this policy to your "top spam recipients" rather than a blanket policy for all your users. If you have configured reporting, it should be relatively easy for you to run a report, for example for your top 250 spam recipients, and then use this address information to create a policy folder in "Incoming" in which to apply this policy.
|
| 1599 |
|
How to resolve the error "plugin 'Pretty Good Privacy' " stopping the SMTPSS ?
After upgrading to MSW for SMTP 5.2.7 (Service Pack 2) , the security service fails to start with error 3254911491:
SMTPSS - debug reveals the following:
- Service status Status = STOP PENDING
- ExitCode = 1066
- The system failed to configure the Data Management Engine.
- Order string '' for plugin 'Pretty Good Privacy' has not been configured.
- Service status
- Status = STOPPED
- ExitCode = 1066
|
| 1595 |
|
Spam: How to troubleshoot your False Negatives
This technote will explain the steps to take when users are receiving False Negatives Spam.
|
| 1592 |
|
What are the Anti-spam best practices for MIMEsweeper for SMTP 5.2 SP2 ?
MIMEsweeper for SMTP 5.2 Service Pack 2 brings new Anti-Spam features to the MIMEsweeper for SMTP 5.2 edition.
In order to maximise the effectiveness of your spam detection, it is important that you use all the available features, including the new features. This Technote will guide you through All the features.
|
| 1591 |
|
How do I view Active Directory LDAP Policy Settings ?
This Technote describes how to view Active Directory LDAP Policy Settings using the NTDSUTIL tool.
|
| 1590 |
|
How to implement the "Spam: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyser Scenario to use the "Spam: xxx" type of Managed Expression List
|
| 1589 |
|
How to implement the "Source: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyzer Scenario to use the "Source: xxx" type of Managed Expression List
|
| 1588 |
|
How to implement the "Swear Words: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyser Scenario to use the "Swear Words: xxx" type of Managed Expression List
|
| 1587 |
|
How to implement the "Unacceptable: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyzer Scenario to use the "Unacceptable: xxx" type of Managed Expression List
|
| 1586 |
|
How to implement the "Scams: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyzer Scenario to use the "Scams: xxx" type of Managed Expression List
|
| 1584 |
|
How to implement the "Scripts: xxx" Managed Script Lists
This technote describes how to set up a Text Analyzer Scenario to use the "Scripts: xxx" Managed Script Lists
|
| 1583 |
|
How to implement the "Japanese: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyzer Scenario to use the "Japanese: xxx" type of Managed Expression List
|
| 1580 |
|
How to implement the "Threat: xxx" type of Managed Expression List
This technote describes how to set up a Text Analyzer Scenario to use the "Threat: Bagle Generic" Managed Expression List
|
| 1578 |
|
How to use Symantec Scan Engine 5.1 with MIMEsweeper for SMTP 5.2.5
There have been recent enquiries regarding compatability of the Symantec Scan Engine (SSE) 5.1 and MIMEsweeper for SMTP 5.2.5.
|
| 1576 |
|
Should we generate Non-Delivery Reports (NDRs) or bounce spam messages that arrive at our domain?
A few years back, it made sense to respond when a message was sent to a non-existent address at your domain, or when viruses and other messages were blocked. This is no longer the case.
|
| 1575 |
|
How to use Symantec Scan Engine 5.0 with MIMEsweeper for SMTP 5.2x
There has been some recent questions about our support of the Symantec 5.0 scan engine
|
| 1574 |
|
How to implement the "Spam: Penny Stock Images" Managed Expression List
This technote describes how to set up a Text Analyser Scenario to use the "Spam: Penny Stock Images" Managed Expression Liss
|
| 1570 |
|
How to troubleshoot "The last message tracking disposal on server "mailswp" failed "
The System Health displaying errors in the Alert Tab stating that : "The last message tracking disposal on server "mailswp" failed "
|
| 1569 |
|
How to resolve "'UC_pmi_Policy_Policy'. Cannot insert duplicate key in object "
Several customer have reported inconsistencies when comparing Reports showing activity per machine and Reports showing Messages Activity.
Your folder <INSTALLPATH>\ Data\Operations\Disposer\MGmailtransactions\failed is filled with MSGID.REC and MSGID.DAT file pairs. The .REC files shows error message of type:
** The stored procedure usp_pmi_AddPolicy (@RETURN_VALUE(ID),@policyGUID(ID), @policy(SCENARIO ROUTE)); caused a violation of a primary key or unique constraint. ---> System.Data.SqlClient.SqlException: Violation of UNIQUE KEY constraint 'UC_pmi_Policy_Policy'. Cannot insert duplicate key in object 'pmi_Policy'.
The statement has been terminated. **
|
| 1568 |
|
After upgrading to MIMEsweeper for SMTP 5.2, I cannot open my Reclassifier Scenario(s). How can I solve this ?
After upgrading to MIMEsweeper for SMTP 5.2, the Reclassifier Scenario cannot be opened, and you cannot view/modify the contents of it.
|
| 1567 |
|
LDAP Servers Supported in MIMEsweeper for SMTP 5.0_x, 5.1_x and 5.2_x
Two features within the MIMEsweeper for SMTP 5 range can use LDAP servers:
In versions 5.0_x, 5.1_x and 5.2_x : LDAP Address List, and from version 5.2_x : PCS LDAP Address List
|
| 1563 |
|
How to Create an Undetermined Bypass (5.x)
If email from a particular sender or domain continues to be trapped in undetermined you can create a bypass that will allow this senders email to still be delivered without manual intervention.
|
| 1561 |
|
What is spam, and how do I tell whether a message is spam or not?
Some spam is very obviously spam to the recipient, though there is sometimes confusion with end-users about what is, and is not spam.
This technote attempts to bring some clarity to "what is", and "what is not" spam, and also describes the most common types of spam (making up around 99% of spam)
|
| 1560 |
|
Identify Policy using PCS LDAP Address List does not return correct results
When using a PCS LDAP Address list and testing policy with the Identify Policy feature the results may not be accurate.
|
| 1559 |
|
French & German Microsoft Windows 2003 requires .NET Framework
Customers installing MIMEsweeper for SMTP 5.2 on a Microsoft French Windows 2003 or Microsoft German Windows 2003 Operating system, are required to install Microsoft .NET Framework as a pre-requisite.
|
| 1558 |
|
PCS Ldap Address List "Search For User" button fails to display results
After creating a PCS LDAP Address list, you can test the results of the query by using the test window.
If you want to search for a user using the "Search For User" button, the result displayed maybe seen
"The current configuration does not include the specified e-mail address."
whether the address exists or not.
|
| 1556 |
|
Troubleshooting service hangs/crashes using ADPlus debugging tool
Under certain circumstances a MIMEsweeper service may hang or crash without providing useful information in the event viewer logs. In these cases it may be necessary to generate a dump file using the ADPlus debugging utility. Once the log file has been generated please contact your regional support services.
|
| 1555 |
|
How do I reset the SpamLogic Database in 4.3, 5.0, 5.1 or 5.2?
SpamLogic “learns” from the email traffic it analyses. This knowledge is stored in the SpamLogic database.
In some circumstances, environmental factors could potentially cause a decrease in performance of the detection or false-positive rate of SpamLogic. In this case it is possible to reset the SpamLogic database to the default, so that SpamLogic can recover and learn normally.
|
| 1551 |
|
The system center reports the infrastructure service is unavailable
The MIMEsweeper for SMTP system center indicates that the infrastructure service on one of the servers in the deployment is unavailable.
|
| 1550 |
|
How do spam senders find users email addresses, and why do some recipients get much more spam than others?
Some users get no spam; some users get a little, and some users get loads. Why is this, and how to spam-senders get users email addresses in the first place?
|
| 1549 |
|
How do I measure my Anti-spam detection and false positive rates for my production environment?
In order to evaluate or troubleshoot the effectiveness of your Anti-spam solution, it is important to be able to make measurements of its effectiveness and compare that to what is normally expected.
This can help identify if your solution is working effectively.
|
| 1547 |
|
When adding Banned Addresses to the SMTP Relay / Receiver / Anti-Spam properties, the Policy Editor crashes
When adding Banned Addresses to the SMTP Relay / Receiver / Anti-Spam properties, the Policy Editor crashes, the added Banned Addresses are lost as the configuration is not saved upon crashing.
|
| 1545 |
|
How do resolve "Maximum request length exceeded" in the System Maintenance Utility / Antispam trainer wizard ?
After running the System Maintenance Utlity component "anti-spam filter training wizard", the following error may appear :
Operations Database Failed to upload FILENAME.EXTENSION to Operations Database: There was an exception running the extensions specified in the config file. --> Maximum request length exceeded.
|
| 1544 |
|
How do I increase the amount of information displayed in my log files to Verbose ?
As default, the log level of MIMEsweeper for SMTP 5.x /MIMEsweeper for WEB is '3' (INFO), which gives basic information on the state of the services. This log level can be increased.
|
| 1543 |
|
How do I update the asfwhite for the AntiSpam Filter Scenario ?
Part of the AntiSpam Filter scenario is a file called asfwhite18.txt. This file is used to remove certain entries from the asf18.txt (AntiSpam update). Although called ASF white, it isn't a WhiteList in the terms of 'If this is found, then email is not Spam'.
|
| 1538 |
|
Why can't I open my Policy Editor following an upgrade?
This Technote is only applicable if you are able to open the MIMEsweeper Manager, but not the Policy Editor or the System Maintenance Utility.
|
| 1537 |
|
Guidance Notes for Implementing Managed Lists
Clearswift Managed Lists are predefined expression lists that can be imported from the web into the Policy Editor.
|
| 1536 |
|
How can I quarantine messages from senders that appear in the spamhaus RBL?
It is possible to mark RBL detected messages with an X-header (with spamhaus for example) and then use text analysis in the Security Service to detect this and apply policy (Quarantine etc)
This could also give you the option to disable this policy for mail from specific email address domains (by adding a folder with a bypass)
|
| 1534 |
|
Using a Proxy Server for the Antispam Download and Managed Lists
If it is necessary to enter proxy settings for the Anti-spam download and the Managed Lists , they are in different locations.
|
| 1533 |
|
Why is my Audit Database name incorrect when upgrading to MIMEsweeper for SMTP 5.1 from a 5.0x ?
When upgrading from 5.0 to 5.1, the Audit Database upgrade fails. An incorrectly formatted Database name is used, thus causing the upgrade to fail.
|
| 1532 |
|
How do I get more information as to why a message was blocked by the AntiSpam Filter scenario?
By default when you access a message quarantined as by the Antispam Filter, it displays very little information on why it has been quarantined.
|
| 1530 |
|
How to stop Report Center from incorrectly displaying the count of messages from Clean and Cleaned classification ?
If using a Clean and Cleaned classification, the message count displayed in the Report Center is incorrect.
|
| 1529 |
|
Tips and Techniques to Defeat Spambots
Spammers use automated intelligent agents or 'bots' to trawl web sites and harvest email adresses. This is a major source of email addresses for the spammer. There is a correlation between the presence of plain text email addresses on web sites and the amount of spam those sites receive.
|
| 1528 |
|
Why is mail building up in Normal?
Why is mail building up in Normal, nothing is being processed?
|
| 1527 |
|
Why do I get so many DNS Errors in the Event Log?
Systems that are running MAILsweeper for SMTP version 4.3 or higher, may find large numbers of DNS failures recorded in the Windows Application Event Log.
|
| 1516 |
|
How to install MIMEsweeper for SMTP V5 on a domain controller
MIMEsweeper install fails because the ASP.NET account is missing. When the account is created Mimesweeper will install but will generate errors accessing the Policy Editor, Manager, or Maintenance Utility.
|
| 1515 |
|
How to merge a / many False Positive(s) to the AntiSpamFilter 1.6 in MIMEsweeper for SMTP v5 ?
The merge option in the System Maintenance Utility currently requires a minimum of 5000 False Positives, which is not easy to get.
|
| 1484 |
|
How do I block executables with MAILsweeper for SMTP?
Executable code of unknown origin can be a security risk to organisations. Executable code can contain Spyware, Trojans, Malicious damaging code and viruses. MAILsweeper for SMTP can block these by data type or file extension. This technote explains how to block them by data type.
|
| 1469 |
|
Installation of the PS (Policy Server) fails
In a configuration where the PCS (Primary Configuration Server) is installed on the clean side of the network and the PS (Policy Server) is installed in the DMZ the installation of the PS can fail. The PS installation will fail if the correct ports are not open as well as having ICMP not enabled.
|
| 1466 |
|
How do I get a licence key for MIMEsweeper for SMTP 5.0
You need a valid licence key in order to install and run MIMEsweeper for SMTP. This technote describes the process for getting one for evaluation/upgrade purposes.
|
| 1436 |
|
Why do I get the error "configuration is locked for editing by 'Administrator'" when trying to save my Policies?
You can't make any changes to the policy and are getting the following error message:
"configuration is locked for editing by 'xxxx'".
|
| 1420 |
|
How do I set SQL compatability mode for MIMEsweeper for SMTP V5?
It is possible to set the MSDE compatibility level through the use of the SQL 2000 Enterprise Manager, just install the Client tools from SQL 2000.
|
| 1392 |
|
What are the limitations when deploying MSDE on the PCS?
When using MSDE to host the MIMEsweeper for SMTP Operations database on the PCS, a number of limitations need to be considered.
|
| 1382 |
|
How do I block malicious scripts with MIMEsweeper for SMTP?
MIMEsweeper for SMTP can be used to detect and block specific or generic phrases in Email, in the subject, body and attachments
|
| 1381 |
|
How do I block Virus Hoaxes?
MIMEsweeper for SMTP can be used to detect and block specific or generic phrases in Email, in the subject, body and attachments.
|
| 1380 |
|
How do I configure MIMEsweeper for SMTP 5 to block large images?
Large image files can be an unnecessary burden on Email system resources. MIMEsweeper for SMTP can identify and block messages containing these files.
|
| 1379 |
|
How do I block Microsoft Class 1 files with MIMEsweeper for SMTP?
Executable code of unknown origin can be a security risk to organisations. Executable code can contain Spyware, Trojans, Malicious damaging code and viruses. MIMEsweeper for SMTP can block these by data type or file extension. This technote explains how to block them by file extension.
|
| 1377 |
|
How do I block MPEG and MP3 files using MIMEsweeper for SMTP 5?
MP3 and movie files are typically large and can be a huge and unnecessary burden on Email system resources
|
| 1376 |
|
How do I block multimedia files using MIMEsweeper for SMTP 5?
Multimedia files such as MP3s and movie files are typically large and can be a huge and unnecessary burden on Email system resources
|
| 1375 |
|
How do I block executables with MIMEsweeper for SMTP?
Executable code of unknown origin can be a security risk to organisations. Executable code can contain Spyware, Trojans, Malicious damaging code and viruses. MIMEsweeper for SMTP can block these by data type or file extension. This technote explains how to block them by data type.
|
| 1373 |
|
Configuring Message Queuing
One of the prerequisites for Mimesweeper for SMTP V5 is Message Queuing. Follow the steps below to configure message queueing on a Windows 2000 machine.
|
| 1370 |
|
How do I block profanity? (swearing) using MIMEsweeper for SMTP?
MIMEsweeper for SMTP can be used to detect and block offensive words in Email, not only in the subject and body, but also in attachments.
|
|
