Spamfinder Settings

  • The Spamfinder settings define how long filtered mails are kept in the queues.
  • Any number of queue reports (quarantine reports) can be activated to inform users about quarantined mails.
  • These are to be specified line by line in the format hh:mm; if no times are specified, no quarantine report will be generated.
  • The display time of the e-mails in the queues can also be adjusted (the higher the value, the longer it takes to load the queue content).
  • Changed settings are saved via "Apply settings".
  • To apply the settings (especially the quarantine report) a restart of the REDDOXX Engine (Service) is necessary.
  • Individual filter types are described in the following document: Filter Types

  • General settings
    Notification in case of undeliverability (non-delivery reports) can be deactivated if no notification is to be sent to senders for whom a filter with reject has been applied.

  • BATV
    Activate the BATV if desired (a Spamfinder licence is required for this) and enter sender address exceptions for the filter if necessary.
    Explanation of the BATV:
    Another method of generating spam is that of bounce address spoofing.
    In this case, an e-mail with a faked sender (e.g. your address) is sent to a mail server with an unknown recipient.
    This mail server first accepts the e-mail and then checks whether it can be delivered.
    If it cannot be delivered, a bounce mail is sent back to the sender.
    However, since your address was entered as the sender, you receive the bounce mail, which contains an introductory error message as well as the actual spam.
    When a bounce e-mail is received, the BATV function checks whether an e-mail has been sent for this purpose at all.
    If not, the e-mail is rejected upon delivery. It is not placed in the spam queue.
    Important note about the BAT:
    The BATV filter no longer works in conjunction with MS Exchange from 2007 and out-of-office notifications,
    because the Exchange server no longer sends an out-of-office message to the envelope sender (Mail From),
    but to the return path from the mail header, which in turn does not contain a BATV signature.
    and is therefore intercepted by the BATV filter on the recipient side with a REDDOXX.
    For the function of the BATV filter, it is necessary that outgoing e-mails are sent via the REDDOXX Appliance.

  • Auto Whitelist Adjustment
    Auto whitelisting with validity period is activated if outgoing e-mails are sent via the appliance and the recipients are to be automatically placed on the address whitelist.
    Exceptions to this can be defined accordingly via a subject (e.g. Out of Office messages).

  • Virus Scanner
    The virus scanner can send notifications to senders, recipients and administrators, search for viruses in archives (if they are not password-protected), and block file extensions if this is desired for security reasons (e.g. files of the type .exe .bat .dll etc.).
    In companies, it is always advisable to search for viruses on several levels, e.g. additionally on the clients to ensure additional security.
    The virus scanner can detect a macro in documents directly and also in documents within an archive (even if check in archives is deactivated) and block it if desired.
    Mails with phishing urls (i.e. if a link name differs from the link target) can be diverted to the virus quarantine for security reasons, as can mails with encrypted attachments.
    In addition, the functioning of the virus scanner can be adjusted.
    Select one of the desired settings:

  • Scan all mails (incoming and outgoing): Scan all e-mails, both incoming and outgoing.

  • Scan incoming mails only: Only incoming e-mails are scanned, e-mails from the Trusted Networks are not scanned.

  • Disable virus scan: Disables the virus scanner so that neither incoming nor outgoing e-mails are scanned.

The notifications are sent according to the following matrix, even if the sender, recipient and administrator are selected:

Direction Notification Enabled
Incoming Admin
Incoming Sender x
Incoming Recipient
Outgoing Admin
Outgoing Sender
Outgoing Recipient x

With 2034 SP2, contrary to the above matrix, you can now decide for yourself in which cases the Spamfinder sends notifications,

it is therefore also possible to inform the sender of another company that an e-mail (e.g. with a macro attachment) has been
detected and was not delivered.

  • CISS Filter
    This sets the validity of the address whitelist entries based on the CISS filter, as well as the maximum number of CISS challenges sent to a sender for validation.
    For each CISS theme configured in the my.reddoxx.com portal, you can use the edit function to select for which domains the theme should be applied.
    A domain should only be assigned to one CISS theme.
    Please note that the CISS filter must still be activated in the corresponding filter profile.

  • Fuzzy Filter
    If mass e-mails (e.g. newsletters) are falsely recognised as spam and this behaviour is undesirable, the mass recognition can be deactivated here.
    If the fuzzy filter should not filter for dangerous attachments, this can also be deactivated.

  • Prevent archiving
    Mails that have been classified as spam by the existing filters can be excluded from archiving here.
    This setting refers to mails that have been moved to a quarantine queue and is not applied to mails marked as spam and thus delivered.
    This has the advantage that the archive also remains spam-free and space is not unnecessarily consumed with archived spam mails.
    If the spam e-mail is then delivered from quarantine (because it was wrongly identified as spam), archiving is carried out subsequently.

Changed settings are saved via "Apply settings".

  • Filter profiles are used to assign the appropriate profiles to the e-mail aliases of the users.
  • Filter profiles that are "Available to users" can be selected by the users themselves, if several profiles are available to the users for changing.
  • Filter profiles consist of positive and negative filters, the order of which can be adjusted using the up and down arrows.
  • Each positive filter can override other negative filters if desired.
  • Filter profiles can be copied if they are to be used with minimal changes for other users, so you do not have to create the filter profile from scratch.

Changed settings are saved in the respective filter profile via "Save".

  • With 2034 SP2, the logic of the filter profiles has been revised and simplified, so there will no longer be any overriding in future
    The system now first checks whether there is a whitelist match, then the email is delivered.
    If there is no whitelist match, the blacklist matches are checked; if there is no match here either, the e-mail is delivered.
    If there is a match for the blacklist hits, the email is transferred to the respective quarantine queue.

The following order and action for the filters is recommended:

Filter Action
Fuzzy Quarantine
SBL
ABL
DBL