Untangle Spam Blocker

Untangle Spam Blocker Overview:

Spam Blocker enables administrators to block spam at the gateway before it ever reaches the users. Zero client installations and an intuitive GUI make it easy for administrators to:

• Leverage the best spam filtering techniques including Bayesian Filters, Razor, realtime block lists (RBLs), OCR for image spam and tarpitting
• Provide individual quarantines for each mailbox
• Filter SMTP, POP & IMAP

Spam is the bane of small businesses’ existence. It can not only bring viruses onto your network, but it can take over your computers and send spam to other computers.

And it impacts you in other ways. According to a recent study, the cost of spam messages to U.S. companies—in terms of productivity and the equipment, software and manpower to combat it—was upwards of $10 billion in 2004.

So the key is to stop spam before it stops you.

Our powerful Spam Blocker protects you with top-notch spam scanning and blocking at the edge of your network—before it can do damage or slow you down. Using the latest technologies, Spam Blocker transparently scans for spam, marks messages and intercepts emails. It requires no alteration of your network’s mail configuration and is constantly updated to guard against any refinements in trickery or techniques that senders create to get around other solutions.

Key Features:

• Open Source & Free Under the GNU General Public License (GPL)
• Quarantine Digest — our Spam Blocker is optimized to make sure “good” mail is never mistaken for spam. However, if a “good” mail is ever identified as spam, Untangle Spam Blocker gives each team member in your company their own personal “quarantine” list. They can find that email without having to track down an administrator
• Personal Passlist — users can designate certain email addresses as “good” without having to bother your IT person
• Image based filtering — scans images within emails to stop this new type of spam
• POP, IMAP & SMTP support

• Reports give a comprehensive view of the spam environment on your network, including the source of the spam and how much spam is received in aggregate and by user

Technical Specifications:

Spam Blocker is an intelligent email filter that identifies Spam—unsolicited bulk email. Spam Blocker can scan any email that is transported by the following protocols:

• SMTP
• POP
• IMAP

Each protocol has a set of controls to customize how Spam Blocker:

• Scans for spam
• Notifies users of spam
• Manages spam

Through the user interface, you can define the threshold that instructs Spam Blocker to be strict, lenient, or somewhere in between. To handle the spam, simply use the properties that Untangle Server provides to instruct Spam Blocker to take any of the following actions:

• In the subject of the email, insert the phrase [Spam], and allow users to filter spam to a special folder.
• Send the message to the recipient without labeling the email as spam
• Block the message without notifying the recipient that the message was blocked, and record this action in the Event Log
• Quarantine the message so that you or your users can investigate spam and take further action
• Notify the sender that the email was blocked
• Withhold notifications

Under the Hood
Spam Blocker implements a rule-based architecture that leverages the open-source project SpamAssasin. No one rule can flag email as spam. It's the collection of rules that identifies email as spam. Each rule outputs a confidence level. The combination of each rule's confidence level produces a spam score. This score identifies the likelihood that the email is spam. The user-defined threshold you use to customize Spam Blocker's scanning sensitivity is based on this score.

What It Does

Transparently scans SMTP, POP and IMAP traffic and blocks, quarantines or marks spam

How It Does It

Uses SpamAssassin, Razor, Bayesian filters, DNSBL/RBLs, optical character recognition (OCR), tar pitting, custom tuning and updates

Controls

• SMTP: Can quarantine, mark, pass or block incoming and outgoing with or without sender notification
• POP and IMAP: mark or pass incoming and outgoing (the nature of POP and IMAP protocols prevents messages from being blocked or quarantined, but they can be scanned and marked)
• Global and per-user safe lists and quarantines
• Browser-based user tools for managing individual quarantines and safe-lists
• Scan strength adjustable per protocol per direction

Screenshots:

Filter SMTP, POP, & IMAP (Enlarge Image)	Filter Inbound & Outbound Messages (Enlarge Image)
Spam Logging (Enlarge Image)	Individual Spam Quarantines for each Mailbox (Enlarge Image)
Safelist Messages from the Spam Quarantine (Enlarge Image)	HTML Reporting: Network Level Overview (Enlarge Image)
PDF Reporting: Spam Incidents (Enlarge Image)

Spam Blocker FAQs:

If an unwanted email (spam, phishing, etc) is received for an email address that cannot be quarantined, but my rules are set to quarantine, What happens?

The Quarantinable Addresses rules take precedence over the actions for email rules. In this situation, the email would be marked rather than quarantined.

POP and IMAP work differently than SMTP. When POP and IMAP are used, the client requests the mail when the user clicks on the email. At that point the message is downloaded from the server and scanned. Even if the application determines the message should not be passed it still must be delivered to the client because the client is waiting and will not be able to read mail unless something is delivered. As a result, only MARK is an option.

For the same reason that you can't quarantine POP/IMAP spam. The message is not scanned until it is requested by the mail client. At that point, the message (even if it is spam) must be delivered to the client to complete the transaction.

One of the characteristics of phishing emails is that they use deception to change the apparent sender of an email. Although Untangle Server can detect the email as a phishing attempt, there is no way to determine the true sender.

Not all emails (especially spam emails) have subjects. Some spammers also use tricks to cause there to be no detectable sender.

The Untangle Server forces Extended SMTP (ESMTP) to fall back to SMTP so that the transmitting emails may be scanned. When two Exchange servers are setup such that they require ESMTP communication, all communications will fail. This is enforced by transparent rewriting of the "EHLO" command to "HELO" and appropriate keywords are also stripped.

This can be avoided by adding a special policy for communication for these two servers. To do so, enter the Policy Manager, Custom Policies and add two policies to be processed by "No Rack", one from server A to server B port 25, and one from server B to server A port 25. The net effect is that any communications between these two servers will be ignored.

No. Untangle is a network gateway and is meant to be installed "in-line" with the traffic. Untangle does not store-and-forward mail. Untangle will transparently scan mail as it passes through it.

No. Untangle does not have a list of valid emails for your site. It is suggested that your configure your email server to not accept mail for invalid users. This is the default for almost all mail servers except Microsoft Exchange. The links below are instructions on how to configure your email server.

Hardware Requirements:

• The Untangle Server requires a dedicated PC installed at the gateway to your network.
• Your hardware does not need an operating system - the Untangle Server installs its own operating system.
• The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.