Kaspersky Anti-Spam Plugin for CommuniGate Pro |
|
|
|
The KAS Plugin runs as an External Filter and calculates a spam "score" for each message being processed. Unlike tools with statically defined patterns for spam messages, the KAS Plugin dynamically retrieves new patterns from KasperskyLabs Network thus roviding greater accuracy for new spam messages.
The score ranges from 0 to 100; the higher the message score the more likely the message is spam. The score info is added to message headers so it can be processed by Server-Wide, Domain-Wide and Account Rules.
By default the added header lines look like this:
X-Junk-Score: 92 [XXXX] X-KAS-Score: 92 [XXXX] X-Alert: possible spam! X-Color: redBesides the digital score value, the header field contains a "bar score" to simplify automated message processing: the more 'X' characters the higher the score. The following ratios between the digital and bar scores are used by default:
| Digital score range | Bar score |
| 0 | [] |
| 1-39 | [X] |
| 40-80 | [XX] |
| 81-90 | [XXX] |
| 91-95 | [XXXX] |
| 96-99 | [XXXXX] |
| 100 | [XXXXXX] |
Every day at midnight the Plugin generates a report message about the number of mails processed and their spam scores. By default the report message is mailed to postmaster address from the CommuniGate main domain.
Note: The Kaspersky Anti-Spam Plugin is available only for some platforms supported with the CommuniGate Pro server software. Before you order the Kaspersky Anti-Spam Plugin License, make sure the plugin is available for your CommuniGate Pro Server platform.
Note: The Kaspersky Anti-Spam Plugin requires CommuniGatePro version 6.2.4 or later.
Kaspersky Anti-Spam plugins are available for certain platforms only..
| Operating System | CPU | Download | |
|---|---|---|---|
| via HTTP |
via FTP |
||
| Linux (RedHat, SuSE, Debian) |
x86_64 |  |
|
| x86 | |
|
|
| FreeBSD 10.x | x86_64 | |
|
| x86 | |
|
|
| Microsoft Windows 7/8/10 |
x86_64 | |
|
The current version of the Plugin is 1.1
Note:The plugin contains an internal Kaspersky license key file in licenses subdirectory, that key is required for the Kaspersky Engine to work. The key has limited validity period. The new keys are given by us for free of charge, please subscribe to the CommuniGate Updates List to be notified about new keys.
On a Unix System:
On a MS Windows System:
Open the General page in the Settings section of the WebAdmin Interface and click the Helpers link. Create a Helper for the KAS Plugin:
| ||||||||||||
Note: For Windows the Program Path must be full, i.e. "C:\CommuniGate Files\CGPKAS\CGPKAS.exe"
To invoke the KAS Helper you should create a Server-Wide
Rule
with "ExternalFilter KAS" action. The Scanning Rule will apply KAS to the
message and the spam score will be added to the message header.
Note: It must be a Server-Wide Rule, not Domain-Wide or Account-level.
The recommended Scanning Rule is as follows:
| Data | Operation | Parameter |
|---|---|---|
| Action | Parameter | |
This rule skips messages from the MAILER-DAEMON address (such as non-delivery reports, return-receipts, etc.), skips messages from Client IP Addresses and from authenticated senders, and includes only messages for local accounts and mailing lists.
Note: The unlicensed installation of Kaspersky Anti-Spam Plugin is limited to 5 messages per hour. If the E-mail traffic exceeds the limit, the Plugin will let the messages go through unrated.
The plugin by itself doesn't block spam, it only assigns a spam score to the messages. To actually block spam you need to create yet another Rule which blocks messages according to their spam score. There are many scenarios possible:
Scenario #1: suitable for small companies where you can assign one person (e.g. postmaster) to look through the spam messages daily to check for false positives, and if any false positives found - redirect them to the appropriate persons.
Create a Server-Wide Rule with the following contents:
| Data | Operation | Parameter |
|---|---|---|
| Action | Parameter | |
This Rule moves the incoming messages with score 96 and greater to the "spam_box" mailbox
of the postmaster@domain.com account.
The "Discard" action is required to prevent the message from going to the
initially intended destination (INBOX mailbox).
Note in the example above, the "*" in [XXXXX* is necessary to filter all messages
scored above 5 X's. Without it, the rule will only filter out messages with 5 X's.
Note: The priority of this Server-Wide Rule must be lower than the priority of the Scanning Rule.
Scenario #2: suitable for large companies and ISPs. Let users to deal with spam on their own.
Create one Domain-Wide rule or many Account-level rules for each account with the following contents:
| Data | Operation | Parameter |
|---|---|---|
| Action | Parameter | |
This Rule moves the incoming messages with score 96 and greater to the "Junk" mailbox of the original recipeint account. The users should regularly check their "Junk" mailboxes and purge them. The "Discard" action is required to prevent the message from going to the initially intended destination (INBOX mailbox). Note in the example above, the "*" in [XXXXX* is necessary to filter all messages scored above 5 X's. Without it, the rule will only filter out messages with 5 X's.
The "Junk" mailbox from the above example must exist in every account in the domain. Otherwise the Rule will fail and the message will be delivered into the user's INBOX.
Alternatively, you can use "Junk Mail Control" simplified Rule on domain or account level:
| High probability: | Medium probability: | Low probability: |
Scenario #3: suitable for large companies and ISPs for users who don't have access to mailboxes other than INBOX, e.g. POP3 users.
Create one Domain-Wide rule or many Account-level rules for each account with the following contents:
| Data | Operation | Parameter |
|---|---|---|
| Action | Parameter | |
This Rule marks subjects of spam messages with [SPAM] prefix.
Scenario #4:suitable for companies with relatively small input traffic, available from CommuniGate Pro version 5.1 and greater.
In CommuniGate Pro version 5.1 and greater you can enqueue messages synchronously. Use the WebAdmin Interface to configure the Enqueuer component. Open the Queue page in the Settings->Mail realm. Clear off the checkbox of the "Enqueue Asynchronously" option:
| Log Level: | Processors: | ||
| Hop Counter Limit: | Enqueue Asynchronously |
Please see the details in CommuniGate Manual.
Create a Server-Wide Rule with the following contents:
| Data | Operation | Parameter |
|---|---|---|
| Action | Parameter | |
When enqueueing synchronously, when a message is rejected with a Server-Wide Rule it is rejected on SMTP level with 5xx error code, rather than accepted and bounced.
In any scenario it's not recommend to discard spam messages blindly without saving them because of the possible false positives. It's either highly not recommended to automatically reject spam (unless you're in synchronous mode using scenario#4) because usually the return addresses are forged and the rejection notice message will go to an innocent person or a spamtrap, which may result in your server to become blacklisted. When rejecting in syncronous mode, the sending host will get an error during SMTP transaction and there will be no bounce message generated by your server.
The recommended threshold (the score you start treating messages as spam) is 96. If not enough spam is caught then lower the threshold to 90; if there too many false positives, raise the threshold to 100.
On startup the KAS Plugin reads the contents of the CGPKAS.cfg file from the current directory. The format of the file data elements is described in http://www.communigate.com/CommuniGatePro/Data.html. The description of the data elements you may find in the CGPKAS.cfg file. The default CGPKAS.cfg is available here.
The feedback messages should be mailed to one of the following addresses: