Box Lake Networks Barracuda SPAM Filter Guide
Contents:
Basics of the SPAM Filter
E-mail from the SPAM Filter
Your Quarantine Inbox
Preferences
Blacklist/Whitelist
Quarantine Settings
Quarantine Enable/Disable
Quarantine Notification
Default
Language
Spam Settings
Spam Filter Enable/Disable
Spam
Scoring
Changing the Scores
Barracuda
Bayesian Learning
Bayesian Database Backup
Password page
Login page
Outlook Plugin
Troubleshooting FAQ
1. I'm still getting too much spam!
2. I'm not getting any spam - but
all my valid e-mail is ending up in my Quarantine Inbox as well!
3. Why am I getting e-mail with
[BULK] in the subject line?
4. I'm trying to log in, but I keep
getting redirected to the Login page where it says that my "session has
expired."
5. I like the idea of filtering,
but
I don't want to keep going back to the Quarantine Inbox all the time to
review the messages there.
6. I feel like the Barracuda is
nagging me with it's daily Spam Quarantine Summary e-mails.
7. What happens if I don't go into
the Quarantine Inbox?
Feedback
Basics of
the SPAM Filter
The
Box Lake Networks SPAM Filter is a modern e-mail filtering device
built by Barracuda Networks.
It employs multiple methods of e-mail filtering in order to maximize
the possibility of stopping and Quarantining spam while allowing valid
e-mails to go through.
The
SPAM Filter uses two methods of anti-spam filtering
combined with two anti-virus programs. Unlike other solutions, the filter
blocks and rejects e-mails containing viruses. Virus-infected emails are not
delivered to your computer. It has the ability to scan within file attachments,
helping to ensure that viruses cannot get to your computer via e-mail. This does
not replace the need for a standalone anti-virus program on your computer
such as Norton
Antivirus
or McAfee
Antivirus.
E-Mail from
the SPAM Filter
All e-mails from the SPAM Filter will have a From: address of
spamquarantine@boxlake.com. The first e-mail you get will be the User
Quarantine Account Information message, seen below. It contains your
account name (your e-mail address), your password, and a link that will
always be able to get you into your account, even if you change your
password. Additionally, the password in this message is created
automatically and is unrelated to any other passwords that you might
have with Box Lake Networks.
The next e-mail you'll get is the Spam Quarantine Summary, which
shows you a list of e-mails currently held in your Quarantine Inbox. While
this email contains links to "Delete," "Whitelist," or
"Deliver" the quarantined message (and it only performs that action on
that message), we recommend avoiding that and instead clicking on the
"click here" link at the bottom.
Your
Quarantine Inbox
Clicking on that link will bring you to the "nerve center" of
your Barracuda Account - the Quarantine Inbox. Here is where you can
view e-mails that have been quarantined by the Barracuda.
There are several options available to help you classify quarantined email. After
each e-mail listed, there are selections for "Deliver," "Whitelist," and "Delete." We
actually recommend not using these links, but instead check the box in
front of each message and then use the "Classify as Spam" or "Classify as Not
Spam"
buttons as appropriate. This will help train the Bayesian Filter (see below)
to understand what e-mails you consider spam and which ones are actually valid
e-mails. The question mark (?) button next to the "Page: 1 of 5" text
is the help button. It brings up information about the different options
and functions on the page. You'll find the the (?) button in most sections
of the interface.
You can also preview messages in the Quarantine Inbox by clicking
on the message - either the Time Received, From or Subject lines
should work. It will be displayed in a separate window.
Additionally, there are a few other items on this page. At the top,
under the Quarantine Inbox title, you'll find some boxes starting with
one with a big "IS" in it. These are for when you have a lot of spam in
your Quarantine Inbox and you are trying to find a specific message -
you can filter either looking for something that matches (IS) or
doesn't match (NOT) whatever you are looking for. The fields (Filter:)
you can search include the From: address, the Subject: line, and the
contents of the Message: itself. With the "+" button at the end,
you can add additional search terms. So if you find
yourself in the unusual situation of having 50 messages from Becky quarantined
along with a couple hundred other random spams, you could use the filter
to specify the following:
... and if a message from Becky with the subject line containing the text
"Christmas Party " is in your Quarantine Inbox, it would be listed. You
probably won't need to use this feature, but it's there if you do. Just
click on
"Apply Filter" after specifying what you are looking for.
Also,
at the top right corner of the screen you'll see
a link to "Log
Off" with your account name. Please remember to always log off when finished
working with the filter, or the Barracuda may give you some problems the
next time you try to log in to your account.
Preferences
Along the top of all the screens in your Barracuda account are two
tabs: QUARANTINE INBOX and PREFERENCES.
Now that we know what the Quarantine Inbox contains, we'll take a look
at the various things you can change about your Barracuda account under
Preferences.
Blacklist/Whitelist
One of the useful features of the Barracuda is it's ability to
Blacklist or Whitelist e-mail addresses. When you add an e-mail
address to the Blacklist, this means that all e-mail from that e-mail
address will be blocked - you'll never see it. You want to use
this option carefully. From: addresses that appear on normal spam
e-mails should not be put here. The email address
that SPAM appears to come from is almost never the real email address
that sent it to you. This practice is known as "Spoofing" and
spammers use it to hide their identity and keep their email from
being blocked.
Good examples of email addresses to add to your
Blacklist are the From: address of that mailing list you've been
on for the last few years that you just can't seem to unsubscribe
from or the address of the distribution list from your last job that
you were never removed from. Use blacklisting in situations where
you know the addess is legitimate but you just don't want to receive
mail from it anymore.
Whitelisting
an address removes it from spam filtering
- it gets sent on to your inbox, regardless
of how "spammy" it
might be. The Whitelist is for e-mail addresses of people or groups
that send out e-mail that may have spam-like qualities. For instance,
e-mail from many mailing lists often contains advertising that links
to organisations that have used spam, as well as being victimized
by people reporting e-mail from their servers as being spam when
it really wasn't. So
whitelisting the From: address of any mailing lists you are on
might be a good idea. Generally, whitelist an address when email from it keeps getting caught in your quarantine box. Whitelisting does not exclude that e-mail
from being checked for viruses however.
Quarantine
Settings
The Quarantine Settings page is where you can make adjustments to
settings that effect the Barracuda's quarantine feature.
Quarantine
Enable/Disable
The first section of the page is pretty self explanatory - if
you do not wish to have the Barracuda quarantine any e-mail, simply
click
"No" and then click on "Save Changes." We don't recommend doing this,
as we feel that the quarantine is a useful feature. If
you do disable quarantine, e-mail that would otherwise be quarantined
is instead delivered to your inbox with [Quar] added to the subject line. If
you are able to set up rules in your e-mail client that will shunt e-mail
marked like this to a separate folder, this might be an option - but
most people would prefer not to download it in the first place.
Quarantine
Notification
The second section involves the email that the Barracuda sends
out notifying you that it has quarantined messages and they are waiting
to be reviewed. Which setting you choose is entirely a personal
prefrence, however it should be noted that e-mail that has been
quarantined will be deleted after 30 days, regardless of whether
it's been reviewed or not. We strongly recommend not choosing the "Never" option.
The Notification Address setting should be left blank,
unless you want the quarantine notifications to go to an address other
than the one that you are currently adjusting settings for.
Default
Language
This is a setting that is best left alone - it simply tells the
Barracuda what language to expect the majority of e-mail to be in.
Unless the majority of your e-mail is conducted in another language,
please leave this as English (iso-8859-1).
Spam
Settings
Spam settings is probably the most important page in the
Preferences section. It is also probably the most confusing.
Spam
Filter Enable/Disable
This section is pretty straightforward - you can select here
if you want your e-mail to be filtered for spam or not. Either
way, it will still go through the virus filters. If you decide to disable spam
filtering, just put a dot in the "No" circle and click on "Save
Changes."
Spam Scoring
This section controls one of the two spam filtering systems on the
Barracuda. Adapted from the open source program SpamAssassin,
this is a "rules based" spam filtering program. What that means is that
it passes the e-mail through a series of "if - then" statements - if
the answer is false, then no points are added to the "score" for the
e-mail. If the answer is yes, then whatever points value that statement
has is added to the score. The higher the score an e-mail receives, the
more likely that the e-mail is spam. We'll skip over "Use System
Defaults" for a second and instead go to "Tag Score."
The Tag Score setting dictates at what point total the Barracuda
marks the subject line of the e-mail as [Bulk] but still sends
it through. The idea is that the e-mail has accumulated enough
points to be suspicious, but not enough to quarantine it as
probable spam. The
default setting for this has been set to "3.5".
The Quarantine Score is the score at which an e-mail
will not be delivered, but instead will be quarantined in the Quarantine
Inbox. As a reminder, the lower the number that is set on any
of these entries, the more e-mail is likely to be affected.
Setting the Quarantine Score too low will result in not only
spam but valid e-mail being quarantined. However, this can
have a positive effect, as I'll get into in the Bayesian Learning
section. The default setting for this has been set to "5".
The Block Score can be a dangerous option. With this
setting, any e-mail that scores at or higher than the selected score
will not be delivered or quarantined - it will simply
be discarded without notification. The default setting for this is "9".
Changing
the scores
But what if you want to change the scores at which e-mail is
tagged, quarantined or blocked? Let's go back up to the top of
the Spam Scoring section and look at Use System Defaults. In
order to change any of the default settings, you first must click
on "No" in the Use System
Defaults, and then click on "Save Changes." This will result
in the page changing to what is seen below:
As has been noted previously, the lower you set the score, the
more e-mail that setting affects. In a bit of inverted
logic however, 10 disables that setting. So it's
a balancing act between setting the number low enough to
catch most, if not all, of the spam, and setting it high
enough that it doesn't quarantine too many valid e-mails
as well.
After you get to the above screen, you can set the numbers
directly by typing them in the box - it's also the only
easy way to get numbers like 2.5 in there - or you can
click on the space on the line that represents the number.
The "sliders" don't actually slide, they simply
mark the selected number.
Recommendations:
- We recommend not putting the Tag Score below 1 - at that point you
might as well just disable it since it will mark too much e-mail.
- Quarantine is the real balancing act - it's not recommended to set it
below 2 or you'll end up with half your e-mail in the Quarantine Inbox.
Ignore the recomendation to set it to 10 - for some reason the
Barracuda people would prefer to tag the e-mail or block it instead of
quarantining it. We prefer to give our customers the option of never
downloading it.
- We do not recommend setting the Block Score below 7. Anything
below that and there is too great a risk that a valid e-mail will
be blocked instead of delivered.
After each change is made, click on Save Changes. If the Barracuda
tries to change back to other numbers, reset them back to
your choices and click on Save Changes again.
Barracuda
Bayesian Learning
Perhaps one of the most confusing and at the same time most useful
features of the Barracuda Spam Firewall is it's Bayesian Filter system. Simply
put, Bayesian filtering applies a method of statistical
analysis to each e-mail to evaluate whether or not it is spam
or not.
But first, the Bayesian Filter must be "trained" to recognize what
you, the e-mail recipient, consider to be spam and - just as importantly
- what is not spam. Because of this, it is a good idea that when
you review the e-mail in your Quarantine Inbox that you mark each
e-mail and use the
"Classify as Spam" and "Classify as Not Spam" buttons there.
This is the only way that the Bayesian Filter is able to learn,
and thus become an effective anti-spam solution.
Bayesian
Database Backup
We recommend that every few weeks you save to your own
computer a backup version of the Bayesian Database. Simply click on the "Backup"
button and use the resulting dialog box to save the file to someplace
on your computer that you will remember. In case you ever need to
restore your backup database, simply click on the "Browse"
button, find and select the database file on your computer, and
click "Upload Now" to finish the job.
Password
page
When the SPAM Filter first set up an account
for you, it e-mailed you the User Quarantine Account Information
e-mail. This included an automatically generated password. While
you can always get to your account via the links at the bottom
of the Spam Quarantine Summary e-mails, you can also get to the
account by going directly to https://spam.boxlake.com and
logging in directly there with your e-mail address
and that password. Because the autogenerated
password may not be easy to remember, you can
use the password page to change it. Simply fill
in the "Old Password," "New Password" and "Re-Type New
Password fields (everything shows up as *****) and click on Save
Password. Since the SPAM Filter is
a self-contained device, this password affects
only it - it does not affect or change any of
your other Box Lake passwords.
Login
page
The SPAM Filter can be accessed
directly from the login screen at https://spam.boxlake.com .
All you need to do is put in your e-mail address
and the password for your Barracuda account and
click the "Login" button. A useful feature
of this page is that if you have forgotten your password, or
do not have access to the direct link (or it's stopped working)
you can go here and put in your e-mail address in the "Username:" field
and click on the "Create New Password" button and a new
User Quarantine Account Information message will
be e-mailed to you with this information. The other nice feature
on this page is the link at the bottom that allows you to download
a Bayesian training/spam marking plugin for Microsoft Outlook.
Outlook Plugin
Included with the Barracuda is a plug-in program that you can download and install. This program only works in Microsoft Outlook (not Outlook Express) and it allows you to mark and delete email from directly within Outlook itself.
Simply click the link "Get Mail Client Plugins Here", and a new window will open that gives a brief description of the plugin and a "Download Now" button.
Click the download button, save the file to your computer, run
it and follow the instructions to install the program. The next
time you open Outlook, you will notice two new buttons among the
other buttons at the top.
*Note: This is how the buttons appear in Microsoft Outlook 2003. They may look different in other versions.
To use the spam marking buttons, simply select a message currently
in your inbox and click the appropriate button. The green button
marks the email as not
spam. This adds the sender of the email to your whitelist
and sends information to the Bayesian filter to train it to recognize
similar messages as good email.
Of course, the red button marks the
selected email as spam. This also sends information
to the Bayesian filter to train it to recognize similar messages
as spam. In addition, the email is moved to the deleted folder in
Outlook. However, the sender of the message
is not added to your blacklist. If you want to blacklist
the sender, you must login and add them as detailed in the Blacklist/Whitelist section of this document.
Troubleshooting
FAQ
1. I'm still getting too much spam!
Answer: Go into the Spam Settings page of
the Preferences section and
follow the instructions to adjust the Quarantine
numbers downward, preferably in .5 increments, until
the amount of spam drops to an
acceptable level.
2. I'm not getting any spam - but all my valid
e-mail is ending up in my Quarantine Inbox as well!
Answer: Go into the Spam Settings page of the
Preferences section and follow the instructions
to adjust the Quarantine numbers upward, preferrably in .5 increments until
your valid e-mails resume being delivered to your inbox.
3. Why am I getting e-mail with [BULK] in the
subject line?
Answer: This is a function of the "Tag" setting on
the Spam Settings of
the Preferences section page.
It means that the e-mail had some "spammy" characteristics, but not
enough of them to positively declare the e-mail as spam and quarantine
it. To disable tagging, go to the Spam Settings page and set the "Tag
Score" to 10. Remember to click "Save Changes" before
logging out.
4. I'm trying to log in,
but I keep getting redirected to the Login
page where it says that my "session has expired."
Answer: Exit completely out of your web browser and
try again. If this still fails, follow the instructions to "Create New
Password" and use the link on the new User Quarantine Account
Information message you receive. Making
sure you log out each time you go into your
Barracuda account instead of just closing the
browser will also help you avoid this message.
5. I like the idea of filtering, but I don't want to
keep going back to the Quarantine Inbox all the time to review the
messages there.
Answer: You can disable the Quarantine Inbox by
going to the Quarantine Settings page of
the Preferences section and
clicking "No" in the "Enable Quarantine" section. Click on "Save
Changes." E-mail that previously would
have ended up in your Quarantine Inbox
will now be delivered, but with the tag
[QUAR] prepended to the subject line. Check
the instructions for your e-mail program
(usually found in the Help menu) for information
on how to set up Message Rules or Filters
in order to direct all this e-mail to a
separate folder in your e-mail program.
6. I feel like the Barracuda is nagging me with it's
daily Spam Quarantine Summary e-mails.
Answer: You can change the frequency of these
e-mails to weekly (or never) by going into
the Quarantine Notifications on the Quarantine Settings page
of the Preferences section and
selecting the proper bubble, then clicking "Save
Changes."
7. What happens if I don't go into the Quarantine
Inbox?
Answer: After 30 days, messages in the Quarantine
Inbox are automatically deleted.
Feedback
Do you have a suggestion for this page? Perhaps a question that
you think should be added to the Troubleshooting
FAQ? Send us your comments: E-mail
support@boxlake.com
|
