
MailScanner is a powerful tool for securing email management. It provides a robust defense against spam and viruses, ensuring your email system remains safe and reliable.
MailScanner can filter out spam messages with a high degree of accuracy, even when they use complex tactics to evade detection. This is made possible by its advanced algorithms and regular updates to its signature database.
With MailScanner, you can easily scan and filter email attachments, blocking malicious files that could harm your system. This is particularly useful for preventing the spread of viruses and other malware.
By implementing MailScanner, you can significantly reduce the risk of email-borne threats and keep your email system running smoothly.
For more insights, see: Spam Bully
Email Security
Email Security is a top priority for any organization, and MailScanner provides a robust solution to protect against spam, viruses, and other email-borne threats. By using MailScanner, you can rest assured that your email system is secure and reliable.
You might like: Email Filtering
MailScanner uses a combination of techniques, including blacklists, heuristic rules, and Bayesian statistics, to detect and filter out spam and viruses. This includes support for multiple whitelists, blacklists, and customized rules to manage email traffic.
To ensure that important emails from trusted senders are not mistakenly filtered as spam, you can add email addresses to the Spam Whitelist. This allows you to specify email addresses that should be treated as trusted, ensuring that their emails are delivered to your inbox.
Some key features of MailScanner's email security system include:
- Support for all major servers, including sendmail, postfix, qmail, and others.
- Protection against virus, trojan, and 'phishing' attacks from outside and inside the corporate network.
- Quarantine suspicious mail and screen out pornography and other malware attacks.
With MailScanner, you can trust that your email system is secure and reliable, and that you're protected against the most common known and future attacks exploiting vulnerabilities in users' email applications.
Assassin
As an email user, you might have heard of the term "Assassin" in the context of email security. An Assassin is a type of email filter that can block malicious emails.
Assassins are designed to catch and eliminate threats before they reach your inbox. They work by analyzing the content of incoming emails and flagging them as suspicious if they contain certain keywords or phrases.
Phishing emails often contain generic greetings and vague requests, making them easy to spot. For example, an Assassin might flag an email that starts with "Hello, dear customer" and asks you to verify your account details.
Malware emails can also be caught by Assassins, which can detect unusual attachments or links. These emails might claim to be from a legitimate source, but the Assassin will see through the disguise and block the email.
By using Assassins, you can significantly reduce the risk of falling victim to email scams.
Message Header Changes
The message header is a crucial part of an email, and it's been evolving over the years to improve security.
The first major change was the introduction of SPF (Sender Policy Framework) in 2004, which allowed domain owners to specify which IP addresses were authorized to send emails on their behalf.
This change significantly reduced spam and phishing attacks by making it harder for attackers to spoof sender domains.
DKIM (DomainKeys Identified Mail) was introduced in 2007, which added another layer of authentication by verifying the authenticity of the email sender.
The introduction of DMARC (Domain-based Message Authentication, Reporting, and Conformance) in 2012 further improved email security by specifying what to do with emails that fail SPF and DKIM checks.
Today, most major email providers have implemented DMARC, making it harder for attackers to get away with sending malicious emails.
If this caught your attention, see: DMARC
Email Security Design
Email security design is crucial in protecting against virus, trojan, and 'phishing' attacks. MailScanner is a highly effective email security system that can process over 1 billion emails every day.
MailScanner is designed to integrate seamlessly into your existing mail transport system, requiring no modification of existing sendmail configurations. This makes it an attractive solution for organizations of all sizes.
Some of the key features of MailScanner include support for all major servers, including sendmail, postfix, and qmail. It also protects against the most common known and future attacks exploiting vulnerabilities in users' email applications.
Take a look at this: Domain Name System Blocklist
MailScanner uses a wide range of techniques to eliminate spam, including blacklists, heuristic rules, Bayesian statistics, and global spam detectors such as DCC, Razor, and Pyzor. It also screens out pornography and other malware attacks.
Here are some of the key benefits of using MailScanner:
- Protects the enterprise against virus, trojan, and 'phishing' attacks from outside and inside the corporate network.
- Manage using multiple whitelists, blacklists, and customized rules.
- Quarantine suspicious mail.
- Content and attachment filtering – highly configurable.
MailScanner is used by top organizations, including the US Navy, US Army, UCLA, Harvard, MIT, Siemens, HP, and many others. It's also highly scalable, with one corporate site filtering 11 million messages per day on one server.
System Configuration
You may need to adjust the system configuration to get MailScanner working smoothly. If you're using Postfix, you'll likely need to set the "home directory for the 'postfix' user" to a writable location.
You can do this by setting the "HOME" setting in MailScanner.conf to a directory that the "postfix" user can write to. In this case, you might want to set it to /var/spool/MailScanner/spamassassin. This will allow MailScanner to store its per-user files in this directory.
To create this directory, simply run the command "mkdir /var/spool/MailScanner/spamassassin" and then change the ownership to "postfix.postfix" with the command "chown postfix.postfix /var/spool/MailScanner/spamassassin".
SpamAssassin can also be installed in an unusual place, which may require you to set the "install prefix" in MailScanner.conf. This setting is used to find some fallback directories if the per-user files are not found in the usual locations.
The "install prefix" setting adds to the list of places that are searched for the per-user files. If you set this, MailScanner will look for the files in this location in addition to the usual places.
MailScanner will always look for the default rules in the following locations:
- prefix/share/spamassassin
- /usr/local/share/spamassassin
- /usr/share/spamassassin
- maybe others as well
You can add to this list by setting the "DEFAULT_RULES_DIR" setting in MailScanner.conf. This will tell MailScanner where to look for the default rules.
Mail Filtering
Mail filtering is a crucial aspect of email security, and MailScanner's Spam Filters with SpamAssassin are highly effective at identifying and blocking spam emails. They use a combination of filtering techniques, including blacklists, whitelists, Bayesian statistics, and content analysis.
Check this out: Sieve (mail Filtering Language)
MailScanner checks the sender's address against extensive lists of known spam senders (blacklists) and trusted senders (whitelists), allowing it to quickly identify and block spam emails. It also uses statistical analysis to identify patterns in emails and assign a probability score to each incoming email.
By customizing filter rules, adjusting sensitivity levels, and setting up specific actions for different types of spam, you can tailor MailScanner's Spam Filters to your needs and preferences. This ensures that your email security system aligns with your email usage and minimizes false positives and false negatives.
Here's a summary of MailScanner's filtering techniques:
- Blacklisting: checks the sender's address against lists of known spam senders
- Whitelisting: allows emails from trusted senders to pass through without further checks
- Bayesian statistics: uses statistical analysis to identify patterns in emails
- Content analysis: checks the content of emails for common spam indicators
- Attachment scanning: scans attachments for viruses and malware
Email Black/White List
The Email Black/White List is a crucial part of your email filtering system.
By adding email addresses to the Spam Whitelist, you're essentially telling your email provider to trust these senders and deliver their emails directly to your inbox.
This is especially useful for important emails from trusted senders that might otherwise be mistakenly flagged as spam.
Additional reading: Challenge–response Spam Filtering
To add an email address to the Spam Whitelist, you'll need to locate the respective section on the screen, enter the email address, and click the add button.
Remember to save your changes after adding or modifying email addresses in the Spam Whitelist.
You can also use the Spam Blacklist to specify email addresses that should be treated as spam.
Any emails originating from addresses in the Spam Blacklist will be flagged as spam and handled according to your configured MailScanner settings.
To add an email address to the Spam Blacklist, follow the same steps as adding to the Spam Whitelist.
Here's a quick rundown of the steps to add an email address to either the Spam Whitelist or Spam Blacklist:
- Locate the respective section on the screen.
- Enter the email address you wish to add.
- Click on the appropriate button to add the address to the whitelist or blacklist.
Don't forget to save your changes after adding or modifying email addresses in the Spam Whitelist or Spam Blacklist.
Virus Scan and Vulnerability Check
MailScanner uses a choice of 17 commercial virus scanning engines to do the actual virus scanning. This ensures that your emails are thoroughly protected against a wide range of viruses.
MailScanner can also decode and scan attachments intended solely for Microsoft Outlook users (MS-TNEF). If possible, it will disinfect infected documents and deliver them automatically.
MailScanner protects against the most common known and future attacks exploiting vulnerabilities in users' email applications. This includes viruses, trojans, and 'phishing' attacks from outside and inside the corporate network.
MailScanner is highly configurable using a very easy-to-use system of rulesets. Virtually every configuration option can, for example, be controlled on a per-user, per-domain or per-IP basis.
Here are some of the spam detection techniques used by MailScanner:
- Blacklists
- Heuristic rules
- Bayesian statistics
- SpamAssassin
- Global spam detectors such as DCC, Razor and Pyzor
MailScanner can also quarantine suspicious mail and screen out pornography and other malware attacks.
The Solution: Filters
MailScanner's filters are a robust solution to email security. They use a combination of techniques, including blacklists, whitelists, and Bayesian statistics, to identify and block spam emails.
MailScanner's filters are highly customizable, allowing you to tailor them to your specific needs and email usage. You can adjust sensitivity levels, set up specific actions for different types of spam, and even create custom rules to block specific senders or keywords.
One of the strengths of MailScanner's filters is their flexibility. You can use rulesets to define specific actions for different types of emails, and even create rules based on the sender's address, recipient's address, or IP address.
MailScanner's filters use a variety of techniques to identify spam emails, including:
- Blacklists and whitelists to identify known spam senders and trusted senders
- Bayesian statistics to identify patterns in emails
- Content analysis to identify common spam indicators, such as suspicious links and keywords
- RBLs (Real-time Black Lists) to identify emails from known spam-prone servers
By using a combination of these techniques, MailScanner's filters can identify and block a wide range of spam emails, minimizing the time and effort required to manage unwanted emails.
DNS Blocklists Detection
DNS blocklists are a crucial tool in mail filtering. They help identify and block malicious senders by checking their IP addresses against a list of known spammers.
By using DNS blocklists, you can significantly reduce the amount of spam that reaches your inbox. In fact, some studies have shown that DNS blocklists can block up to 90% of spam emails.
To use DNS blocklists effectively, you need to understand how they work. DNS blocklists check the IP address of an incoming email against a database of known spammers. If the IP address is found on the list, the email is blocked.
A fresh viewpoint: The Abusive Hosts Blocking List
The most well-known DNS blocklist is the Spamhaus Block List. It's a comprehensive list of IP addresses known to be used by spammers. If an email is sent from one of these IP addresses, it's likely to be blocked by your mail filter.
Some DNS blocklists are more effective than others. For example, the SORBS DNS blocklist is known for its high accuracy and low false positives. This means that it's less likely to block legitimate emails.
By combining DNS blocklists with other mail filtering techniques, such as content filtering and sender authentication, you can create a robust and effective mail filtering system.
Mail Management
Mail Management is a crucial aspect of using MailScanner. MailScanner can automatically scan and filter out spam emails, reducing the amount of unwanted mail that reaches your inbox.
By default, MailScanner uses a combination of Bayesian filtering and keyword filtering to identify spam emails. This means that it looks at the content of the email and the sender's reputation to determine whether it's likely to be spam.
MailScanner can also be configured to automatically delete spam emails, which can help keep your inbox organized and clutter-free. For example, if you set it to delete emails that have a spam score above a certain threshold, you'll never have to see those annoying spam messages again.
MailScanner's mail management features can also help you stay on top of your email workflow. For instance, it can automatically forward emails from specific senders or with specific keywords to a designated folder, making it easier to stay organized and focused.
System Administration
System administrators play a crucial role in MailScanner, and there are several settings that can be configured to suit their needs.
You can choose to notify system administrators of every infection found by setting the "Default: yes" option for "Should system administrators listed in the 'Notices To' option be notified of every infection found?" This setting will include the full headers of every infected message in the notices.
Take a look at this: Mail Abuse Prevention System
The "Hide Incoming Work Dir in Notices" option is set to "no" by default, which means the full directory in which the virus was found will be included in report messages sent to administrators. This can make infection reports a bit harder to understand, but it's useful if you need to know the exact location of the virus.
Here's a summary of the notification options:
You can also customize the "From:" line of the notices by setting the "Visible part of the email address" option to a specific value, such as "MailScanner". This will help identify the source of the notices.
The Problem
Spam emails can overwhelm your inbox and make it challenging to find legitimate emails.
Spam emails are unsolicited and often irrelevant messages sent in bulk to many recipients.
These emails can vary from annoying advertisements to dangerous phishing attempts, malware distribution, and scams.
Notices to Admins
Notices to Admins are a crucial part of system administration. They help keep administrators informed about potential issues on the system.

By default, system administrators will be notified of every infection found, but this can be changed to only receive a restricted set of headers. This is a useful feature for administrators who don't need to see every detail of the infection.
The "Hide Incoming Work Dir in Notices" option can be set to remove the full directory path from report messages, making them easier to understand. This is especially useful for administrators who receive notices from multiple customer sites.
The "MailScanner signature" can be customized with a string that will be added to the bottom of all system administrator notices. This can include the system's name, version, and contact information.
The "From:" line of the notices can be customized to show a visible email address, which is set to the "Local Postmaster" setting by default.
The "Local Postmaster" setting provides a list of addresses to which virus notices should be sent. This can be a simple email address or a complex ruleset.
The "Postmaster" email address is used as the "From:" header in virus warning messages sent to users. This can be customized to show a different address if needed.
A spam whitelist can be created by setting the "spam.whitelist.rules" option to a ruleset that will never mark certain messages as spam. This is a useful feature for administrators who want to exclude certain addresses or domains from spam filtering.
System Logging
System logging is an essential aspect of system administration, and MailScanner offers several options to help you tailor your logging needs. The Syslog Facility option allows you to specify the name of the facility used by syslogd to log MailScanner's messages.
You can leave the Syslog Facility option as is, or read the syslogd man page to learn more about it. The default value is "mail", which is the name of the facility used by syslogd to log MailScanner's messages.
If you want to log the processing speed for each section of the code for a batch, you can enable the Log Speed option. This can be very useful for diagnosing speed problems, particularly in spam checking. By default, this option is set to "no", so you'll need to change it to "yes" if you want to enable it.
Logging spam messages can be helpful when troubleshooting spam detection issues. If you enable the Log Spam option, every spam message will be logged to syslog. This can generate a lot of log traffic, so you may want to disable it if you get a lot of spam or your server load is high.

MailScanner also offers options to log non-spam messages and attachment filenames. The Log Non-Spam option allows you to log all non-spam messages, which can be useful if you want to see all the SpamAssassin reports of mail that was marked as non-spam. However, this will generate a lot of log traffic, so use it sparingly.
Here's a summary of the logging options available in MailScanner:
The Log Permitted Filenames option allows you to log attachment filenames that pass the filename rules checks. By default, this option is set to "no", so you'll need to change it to "yes" if you want to enable it. This can be useful if you're having trouble getting your filename rules correct.
Finally, the Log Dangerous HTML Tags option allows you to log all occurrences of HTML tags found in messages that can be blocked. This can help you build up your whitelist of message sources for which particular HTML tags should be allowed.
What to Do

If you're new to system administration, it's essential to start by learning the basics of Linux and Windows operating systems.
You should familiarize yourself with the command line interface, including commands like cd, mkdir, and rm.
To manage user accounts, you can use the useradd command on Linux systems.
Make sure to set strong passwords and use password policies to enforce security best practices.
Regularly back up your data using tools like rsync and tar, and consider using a backup solution like Acronis.
Keep your systems up-to-date with the latest security patches and updates.
Use a configuration management tool like Puppet or Ansible to automate tasks and ensure consistency across your systems.
Develop a disaster recovery plan to ensure business continuity in case of a system failure.
Use monitoring tools like Nagios or Prometheus to keep track of system performance and detect potential issues early.
Attachment and Content
MailScanner's attachment and content checking features are quite robust.
The attachment filename checking feature can be configured to store rulesets in a specific file, such as %etc−dir%/filename.rules.conf. This file can contain rules that apply to different users or domains.
By default, MailScanner saves quarantined messages as raw data files, which can be processed with the df2mbox script. This makes it easier to send the original message to its recipients.
MailScanner also allows you to set the location of translation strings, which can be found in the %reports−dir%/languages.conf file by default. This file can also be used to produce different languages for different messages.
If you choose to save quarantined infections as raw data files, MailScanner will also save entire messages saved in the quarantine as raw data files.
Email Design and Security
MailScanner's email security system design is robust and highly configurable. It uses a choice of 17 commercial virus scanning engines to do the actual virus scanning.
MailScanner can decode and scan attachments intended solely for Microsoft Outlook users (MS-TNEF), and if possible, it will disinfect infected documents and deliver them automatically.
MailScanner protects the enterprise against virus, trojan and 'phishing' attacks from outside and inside the corporate network. It's a game-changer for email security.
Here are some key features of MailScanner's email security system design:
- Supports all major servers including sendmail, postfix, qmail and others.
- No rework of your mail system configuration required to use or remove MailScanner.
- Protects against the most common known and future attacks exploiting vulnerabilities in users' email applications.
MailScanner is used by top organizations like the US Navy, US Army, UCLA, Harvard, MIT, Siemens, HP and tens of thousands of other sites.
Message Body Changes
Message Body Changes can significantly impact how your recipients interact with your emails. The default setting for replacing infected or dangerous attachments is to include them inline in the main text of the message.
You have the option to include the infection report as an attachment or inline in the message body. The default setting is to include it inline. This can be a good option if you want to keep the message concise and avoid clutter.
The filename of the attachment that appears in the message is determined by a specific setting. The default filename is %org−name%−Attachment−Warning.txt.
This setting can be customized to fit your organization's branding and style.
Check this out: MH Message Handling System
Subject Line Updates
By default, the subject line of a message won't have any modifications unless specified otherwise.
The "Scanned Subject Text" can be inserted at the start or end of the subject line if the "Scanned Modify Subject" option is set to "start" or "end". This only happens if the subject line hasn't been modified for any other reason.
The "Virus Subject Text" is inserted at the start of the subject line if the "Virus Modify Subject" option is set, and the default text is "{Virus?}".
Similarly, the "Filename Subject Text" is also inserted at the start of the subject line if the "Filename Modify Subject" option is set, and the default text is "{Virus?}".
You can customize the subject line modifications by changing the default text for each option. For example, you can change the "Virus Subject Text" to "{Infected}".
Here's a summary of the default subject line modifications:
Conclusion and Next Steps
MailScanner's Spam Filters are a formidable line of defence against spam emails, thanks to the precision of SpamAssassin.
With its combination of blacklisting, Bayesian filtering, content analysis, and more, MailScanner keeps your inbox clean and secure.
Its adaptability and customisability make it an excellent choice for individuals and organisations looking to effectively combat spam and maintain the integrity of their email communications.
By employing these techniques, MailScanner provides a reliable solution for protecting your email communications from spam and unwanted emails.
Featured Images: pexels.com
