ESET MAIL SECURITY 4 User Manual page 10

make sure the Common message quarantine
field on the right pane in the advanced settings
menu (under Mail server protection > Message
quarantine) is left blank. Also make sure that the
Quarantine message to the mail server system
quarantine option is selected from the drop-
down menu at the bottom.
B. Custom quarantine mailbox:
- If you type the desired mailbox in the Common
message quarantine field ESET Mail Security will
move all new spam messages into your custom
mailbox.
Spam will be forwarded along to its recipient.
However, ESET Mail Security will fill in the relevant
MIME header with the SCL value into each message.
Based on the SCL value the relevant action will be
executed by the Exchange server IMF (Intelligent
Message Filtering).
the section Antispam protection > Mail server
protection.
protection field.
Blocked IP addresses lists.
The Blocked IP addresses tab contains the list of
restricted IP addresses, i.e., if any non-ignored IP
in Received headers matches the address on this list,
the message scores 100 and no other checks are
made.
The Allowed IP addresses tab lists all IP addresses
that are approved, i.e., if the first non-ignored IP in
Received headers matches any address on this list,
the message scores 0 and no other checks are
made.
The Ignored IP addresses tab lists addresses that
should be ignored during Real-time Blackhole List
(RBL) checks. The list should include all internal IP
addresses in the firewall not directly accessible from
the Internet. Doing so prevents unnecessary
checks and helps to differentiate the external
connecting IP addresses from the internal IP
addresses.
Greylisting
Greylisting is a method protecting users from spam using
the following technique: Transport agent sends a
"temporarily reject" SMTP return value (default is 451/4.7.1)
for any email from a sender it does not recognize. A
legitimate server will attempt to redeliver the message.
Spammers typically do not attempt to redeliver
messages, because they go through thousands of email
addresses at a time and typically cannot spend extra time
on resending.
When evaluating the message source, the method takes
into account the configurations of the Approved IP
addresses list, the Ignored IP addresses list, the Safe
Senders and Allow IP lists on the Exchange server and
the AntispamBypass settings for the recipient mailbox.
Greylisting must be thoroughly configured, or else
unwanted operational flaws (e.g. delays in legitimate
message deliveries etc.) may occur. These negative effects
recede continuously as this method fills the internal
whitelist with trusted connections. If you are not familiar
with this method, or if you consider its negative side-
effect unacceptable, we recommend that you disable the
method in the Advanced settings menu under Antispam
protection > Mail server protection > Microsoft
Exchange Server > Transport agent > Enable
Greylisting.
We recommend disabling greylisting if you intend to test
the product's basic functionalities and do not want to
configure the advanced features of the program.
NOTE: Greylisting is an additional layer of antispam
protection and does not have any effect on the spam
evaluation capabilities of the antispam module.
Antivirus protection setup
Quarantine
Depending on the type of cleaning mode you are using
we recommend that you configure an action to be
performed on infected (not cleaned) messages. This
option can be set in the Advanced settings window >
Antivirus and antispyware > Mail server protection >
Microsoft Exchange Server > Transport agent.
If the option to move messages into email quarantine is
enabled, you need to configure the quarantine under the
section Message quarantine in the Advanced settings
window.
Performance
If there are no other restrictions, our recommendation is
to increase the number of ThreatSense scan engines
according to this formula: number of scan engines = number
of scan threads and increase the number of VSAPI
scanning threads based on this formula: number of scan
threads = (number of physical CPUs * 2) + 1 in the Advanced