Issue:
- Some email messages are incorrectly classified by the Email and Server Security Spam Scanner, how to configure the product correctly?
- Spam filter is not processing any emails
- All emails from a specific recipient are detected as spam
- Which logs to check for spam details
Resolution:
Spam control settings allow you to configure how the product scans incoming mail for spam. The threat detection engine can identify spam and virus patterns from the message envelope, headers and body during the first minutes of the new spam or virus outbreak.
Note: You can configure Spam Control settings for incoming messages only if you have F-Secure Spam Control installed.
More Information about Spam Control can be found here: https://help.f-secure.com/product.html#business/email-server-security/14.00/en/h2_90722-14.00-en
You can configure Spam Control settings using Policy Manager Console or Email and Server Security Web Console.
Using the web Console locally from the Email and Server Security Server:
1. Login to the Web Console and go to Spam Control
2. Specify the spam filtering level. Allmessageswith the spam filtering level lower than the specified value can pass through. For example, if the spam filtering level is set to 3, more spam is filtered, but also more regular mails may be falsely identified as spam. If the spam filtering level is set to 7,more spam may pass undetected, but a smaller number of regular mails will be falsely identified as spam
Note: You can check the transportAgent.0.log which shows a behaviour if the message could not be scanned due to the size.2020-05-05 20:53:53.643 [29a0.0239] .W: FSecure.AntiVirus.Exchange.Transport.FSMessageScanner: SpamFiltering turned OFF, size:563, max:200
3. Specify the maximum size (in kilobytes) of messages to be scanned for spam. If the size of the message exceeds the maximum size, the message is not filtered for spam. Note: Since all spam messages are relatively small in size, it is recommended to use the default value
4. Specify actions to take with messages considered as spam, based on the spam filtering level
Quarantine - Place the message into the quarantine folder
Forward - Forward the message to the email address specified in the Forward spam messages to email address setting
Delete - Delete the message
5. Specify safe recipients. Messages sent to the specified addresses are never treated as spam
Note: If your email messages are still classified incorrectly by our spam scanner, please refer to the article for more help.https://community.f-secure.com/en/discussion/119651/email-messages-are-incorrectly-classified-by-the-f-secure-spam-scanner
Additional information about Anti-Spam module
The anti-spam engine is cloud-based solution, so it will not work if it doesn't have a working connection to the detection center https://aspam.sp.f-secure.com/
If you require a proxy to connect to this site with your browser then the anti-spam engine needs to be configured to use the same proxy. This can be set via Policy Manager Console.
Test the connectivity to https://aspam.sp.f-secure.com/
If the connection works, it will show JSON: {"benchmarkInterval":3600,"benchmark":1,"servers":["
aspam.sp.f-secure.com"],"statsInterval":1800,"enforceSSL":true,"benchmarkThreshold":5,"disableThreshold":10}
If the connection fails, you need to allow *.f-secure.com and *.fsapi.com on your Firewall.
- Check that Anti-Spam update is downloaded. Updates are shown in local GUI.
- If spam messages are not quarantined please check max email size, it could be too low. This setting could be found here: WebUI > email traffic scanning > spam control
- Otherwise you can check quarantine rules. Let's suppose you have following setup:
Spam emails with detected level from 1 to 5 are only marked as spam.
From 6 to 8 should go to quarantine.
Level 9 is dropped.
And if we have:
10 emails with rank 4
10 emails with rank 6
10 emails with rank 9
This is a total of 30 emails, but only 10 will go to quarantine
For further troubleshooting, you can refer to the local logs: transportAgent.log, NIF\aspam.log and email-scan.log. These can be found locally under C:\Windows\ServiceProfiles\NetworkService\AppData\Local\F-Secure\Log\ess
Article no: 000022921