Technical Tips

Product Distribution

Usage Questions

Product Distribution

How will product updates be made available?

Updates to the PreciseMail Anti-Spam Gateway software will be available for download from the PreciseMail Anti-Spam Gateway FTP server and web site. Patches will be distributed as Zipped VMSINSTAL kits for VMS and as Zip or tar files for UNIX.

How will PreciseMail Anti-Spam Gateway rule updates be distributed?

Customers have a choice of updating the filters manually or automatically:

Option 1 - Manual update
When the PreciseMail Anti-Spam Gateway rule files are updated, a .ZIP file containing the updated .CF files will be available from the PreciseMail Anti-Spam Gateway FTP server. A notice will be sent to all PreciseMail Anti-Spam Gateway subscribers via the PMAS-Announce mailing list. Only current subscribers will have access to PreciseMail Anti-Spam Gateway rule updates.

Option 2 - Automatic Filter Updates
Automatic Filter Updates were first made available to customers on December 7, 2004 in an eco. It is now included in PreciseMail Anti-Spam Gateway version 2.2. Process recommends you upgrade to this latest release. If you need assistance, please contact technical support at support@process.com.

Usage Questions

Can PreciseMail Anti-Spam Gateway be used to detect viruses?

Yes, we recommend you use the add-on Sophos Anti-Virus module. Without this module, PreciseMail Anti-Spam Gateway can detect some email-borne viruses, but it does not perform all the checks that an anti-virus program will perform.

Is it possible for users to allow or block messages based on an email's subject line?

Yes, it can be done, but only through the email interface. It cannot yet be done through the web GUI, but that's planned.

Users can send email to the PreciseMail@yourdomain with a line like the following:

allow_regex Subject: This is the subject

That's a case-sensitive regular expression that you're passing, so a more generic example would be something like:

allow_regex Subject: .*(?i-:pmas).*

which says to allow a subject containing the case-insensitive word PMAS. The ".*" says to match 0 or more characters, so it works for PMAS anywhere on the line. Also, the system administrator can edit the appropriate PMAS_USERS: file and add the entry, if desired.

What is the precedence of user-defined and system-wide allow and blocklists?

"allow" entries override "block" entries, but user lists override system lists, so a user "block" will override a system "allow" (and a user "allow" will override a system "block").

Should I still use Sieve in PMDF for Spam filtering if I am using PreciseMail Anti-Spam Gateway?

While Sieve doesn't provide the sophisticated regular-expression pattern matching that PreciseMail Anti-Spam Gateway provides, it can still be an effective tool in the battle against spam. The biggest advantage to using the Sieve files is performance. If there are certain types of messages that can be discarded via Sieve rules, those messages are discarded by PMDF instead of being handed to PreciseMail Anti-Spam Gateway, thereby saving the overhead of the PreciseMail Anti-Spam Gateway processing. However, because of the relatively limited matching capabilities of Sieve, care must be taken to ensure that the comparison strings are unique to the kinds of messages you wish to discard.

Is there an easy way to accurately whitelist specific destination addresses?

There are a few ways this can be accomplished, but the easiest is to create a user whitelist file for the desired addresses that contains this line: 

Whitelist_EnvFrom *

That will cause all mail to be whitelisted for that particular address. User whitelist files are stored in the directory PMAS_USERS: on VMS and in /pmas/users on UNIX.

Is there a way to disable return receipts only for messages that have been classified as spam?

The return receipt requests are ignored completely for messages that are discarded or quarantined. Those that are forwarded are still handled normally by the normal PMDF receipt handling.

Can messages that have been discarded by PreciseMail Anti-Spam Gateway be retrieved?

When PreciseMail Anti-Spam Gateway discards a message, it actually writes it to a discard directory, just in case a discarded message needs to be retrieved. However, the PreciseMail Processor can be used to retrieve quarantined messags, but not discarded messages. A system administrator can easily allow a user to retrieve a discarded message by moving the message file from the discard directory into the corresponding [QUARANTINE.x] directory. From there, the recipient can retrieve the discarded message via a MESSAGE: command to the PreciseMail Processor.

Is it possible to set up separate processing channels, each with its own pmas_root in order to customize each pmas_root to uniquely handle each client domain?

Yes, it's possible to do this. There are a few steps you need to do to make it happen.

1. Clone your PMAS tree, or, perhaps, just the [DATA] directory. Exactly what you
do here is up to you. We'll get back to this in Step 5.

2. Edit PMDF_TABLE:PMDF.CNF and add new pmas channel definitions. You
currently should have something like:

pmas master_debug slave_debug
PMAS-DAEMON

You need to add more that start with "pmas_":

pmas_group1 master_debug slave_debug
PMAS-GROUP1-DAEMON

pmas_group2 master_debug slave_debug
PMAS-GROUP2-DAEMON

and so on.

3. While in PMDF_TABLE:PMDF.CNF, you should add rewrite rules for
those channels:

pmas1.example.com $U@example.com$Mpmas_group1
pmas1.example.com $U%pmas1.example.com@PMAS GROUP1-DAEMON
pmas2.example.com $U@example.com$Mpmas_group2
pmas2.example.com $U%pmas2.example.com@PMAS-GROUP2-DAEMON

Or something similar. The key is to have some unique name on the
left side that represents the channel for group 1, and another
for group 2, etc.

4. Copy PMDF_COM:PMAS_CUSTOM_MASTER.COM to
PMDF_COM:channel_CUSTOM_MASTER.COM for each channel, where
"channel" is the channel name (like "pmas_group1"):

$ set default pmdf_com:
$ copy pmas_custom_master.com pmas_group1_custom_master.com
$ copy pmas_custom_master.com pmas_group2_custom_master.com

5. Depending on how you want "Step 1" accomplished, you need to edit
each of those newly-created PMAS_*_CUSTOM_MASTER.COM files to
define PMAS_ROOT or PMAS_DATA and friends before running
PMAS_MASTER.EXE. If you cloned the whole PMAS tree, you would use:

$ define/trans=concealed PMAS_ROOT disk:[PMAS_COPY1.]

Or if you just wanted separate [DATA], [USERS], and [LOG]
directories, you might use something like:

$ define pmas_data pmas_root:[data.group1]
$ define pmas_users pmas_root:[users.group1]
$ define pmas_log pmas_root:[log.group1]

in PMAS_GROUP1_CUSTOM_MASTER.COM.

6. Redirect user mail to @pmas.domain, @pmas1.domain, @pmas2.domain
(or whatever you specified in the rewrite rules added in Step 3).

7. Recompile your PMDF configuration file, restart the dispatcher, and you
should be good to go. You can test it by sending mail to
user@pmas1.domain, etc.

Is the PreciseMail Command Processor able to differentiate between the different directories? And will the Quarantine Notify Job pick up all quarantined messages?

By default, no, they won't, as only one PMDF_ROOT: will be defined
when they run. However, you could remedy this by making still more
customizations: copies of PMAS_COM:RUN_NOTIFY.COM that defines
PMAS_ROOT for each copy, copies of PMAS_COM:SPAM_PROCESS.COM that do the same, more aliases for PreciseMail to implement more processors
(and changing each PMAS_CONFIG.DAT to specify that PreciseMail user
for the processor).

Why do I need PreciseMail Anti-Spam Gateway, if I use a blacklist to eliminate spam?

PMDF and many other mail servers support the use of third party blacklists, such as RBL (Real Time Blackhole List) which is part of the Mail Abuse Prevention System (MAPS) (http://mail-abuse.org/rbl/). These blacklists are commonly used to block spam because they verify the DNS address of a sender using a reverse DNS lookup. If the DNS address cannot be verified, the e-mail is presumed to be spam and will not be delivered.

There are three problems with using blacklists to eliminate spam:

  • Spammers are clever and they can easily circumvent blacklists if they are not used in conjuncture with other spam- fighting techniques. Spammers can circumvent reverse DNS lookup by using forged e-mail addresses from non-existent domains or the domains of legitimate senders.
  • Reverse DNS that is not properly configured may result in the rejection of some valid messages. For instance, this could include mail from legitimate sites that simply have not yet registered their domain name, or during periods of bad information in DNS.
  • If DNS or connections to the sites being used for DNS verification become unavailable then mail delivery will be impacted. Use of these spam blocking techniques can impact performance as well as result in unreliable mail reception due to the dependency on multiple DNS lookups for every incoming SMTP connection.

PreciseMail Anti-Spam Gateway is more effective at eliminating spam than blacklists because it uses a unique combination of heuristic and artificial intelligence technologies. Go to http://www.process.com/precisemail/antispamds.htm to learn more on PreciseMail Anti-Spam Gateway’s features and benefits.

Writing Regular Expressions

When writing regular expressions, try to avoid using wildcards like "*" when searching the body. It's much better to use a range like {0,50} to limit the search to, in this example, 0 to 50 characters.

When "*" is used in certain cases, it can result in lots of single-character stepping and searching, and for large messages, this process can be very time-consuming.

Resolving SMTP proxy crash with PreciseMail Anti-Spam Gateway V2.2 on Linux

Set the 'MALLOC_CHECK_' environment variable by editing the /etc/init.d/pmas initialization file. Near the bottom of the file, find this line:
[ -f /pmas/bin/ptsmtp ] && /pmas/bin/ptsmtp -D
On the line immediately before this one, add this command: 

export MALLOC_CHECK_=0

This change can made to any Linux system running V2.2 of the proxy server. Just stop the PMAS proxy, make the change, and then start the proxy again.

Please note that this is a workaround for a glibc issue - not a problem with PreciseMail. ECO-01 for PMAS V2.2 includes this workaround.

Info on "VMF" (Verify MAIL FROM:)

PreciseMail Anti-Spam Gateway V2.2-1, released on June 8, includes a new feature called "VMF" (Verify MAIL FROM:) that checks for valid return addresses for email messages. It works by sending the envelope MAIL FROM: address for each message to a Process Software server, which attempts to verify the validity of the address by initiating (but not completing) an SMTP session to the mail server for the given domain.

The effectiveness of VMF is hampered somewhat because many sites will accept any address for their domains. A site accepting an address during an SMTP session is not necessarily indicative of the validity of the address.

Because of the network connections that are involved, deploying VMF will introduce a delay for each message processed. By default, that delay can be as long as 35 seconds; the actual time depends on many factors, but a default timeout value has been implemented to avoid excessive delays. If your site handles many thousands of messages a day, implementing VMF will not be practical for your site, as it will slow down mail delivery too much. This point is covered further in the PreciseMail Anti-Spam Gateway Manager's Guide for V2.2-1.

The Process Software server that performs the checks maintains a cache of addresses and their verification results, allowing multiple lookups (from potentially multiple PMAS sites) to avoid unnecessary SMTP lookups, thereby also reducing the amount of time it takes to complete the transaction.

What ports need to be open for PreciseMail Anti-Spam Gateway to work?

Open TCP ports between 8050 and 8100 for outgoing access to updates.pmas.process.com.

Is it possible for an administrator to set a specific domain as opt-in rather than setting it up by specific users?

Yes, using the administrator's GUI, log in as "$default$@whatever.com", click "Opt-in", and save. That will create a "$default$" user database entry that will get loaded for everyone in that domain that doesn't have a user database record already.

23-AUG-2006 08:49:30.67: Looking up user database info for goaok@bogus.com

23-AUG-2006 08:49:30.68: User database info lookup status for goaok@bogus.com: 1

23-AUG-2006 08:49:30.68: From db: email: $default$@bogus.com, quar_thres = 0.000

23-AUG-2006 08:49:30.68: Address goaok@bogus.com has opted out of PMAS testing

In this example, $default$ was opted out, but you can see that it looks for the $default$ record when there isn't one for the user.

Can I use full email address for authentication?

Yes, but usage of full email addresses for authentication is not-quite-standard. It's not part of the POP3 and IMAP4 RFCs, though several newer packages are using it to provide support for virtual domains.

When authenticating against POP3 and IMAP4 servers, "/virtual" can be specified after the server host name to indicate that the server provides virtual domain support and that the entire email address should be used for authentication instead of just the username portion of the address.

Here are two examples of the configuration variables in

/pmas/data/pmas_config.dat:

auth_pop3_hosts pop3.example.com/virtual,backup.example.com

auth_pop3_hosts other.example.com/virtual

Is there a way to limit the authentication tests so that, for example bob@pop.example.com is authenticated only against pop.example.com and bobexample@aol.com is authenticated only against imap.aol.com?

You can use the fourth parameter in the alias file to specify the authorization method for a particular address. The system checked is determined by the domain name of the authorization alias (the 3rd parameter), so if you specify these lines (or something like them), you should get what you want.

bob@pop.example.com bob@example.com bob@pop.example.com pop3 bobexample@aol.com bobexample@aol.com bobexample@imap.aol.com imap4

 

 

Search: