How To Configure Spam Submit

The Bayesian filter included in our antispam engines can be trained in two ways: a) by running bdsafe on a set of known spam/ham e-mails, b) via the Spam Submit feature. In this article, we will focus on Spam Submit and the steps that need to be taken in order to set it up.

First, you need to add two accounts to your mail server, the spam user account and the ham user account. The spam account is used to feed the BitDefender Bayes filter with spam messages and the ham account with legitimate messages. Second, you need to configure BitDefender Security for Mail Servers to fetch the emails from those two accounts via a POP3 server, by using either bdsafe or the BitDefender Remote Administration interface.

Let us assume user spam@mydomain.com with password spampassword and user ham@mydomain.com with hampassword were added to the mail server’s list of accounts. The first thing to do is to enable Spam Submit. In /opt/BitDefender/bin run:

# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/Enable" "Y"

You can check and see if the key is set by using:

# ./bdsafe registry getkey \
    "/BDUX/MailDaemon/SpamSubmit/Enable"

Next, set the POP3 server:

# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/Host" "127.0.0.1:110"

If the POP3 server and BitDefender are not on the same host, then you probably want to enable SSL:

# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/UseSSL" "Y"

This way the communication with the POP3 server will be secured. Now add the spam user:

# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/SpamUser" "spam@mydomain.com"

and set the password:

# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/SpamPass" \
    `./bdsafe reg encode spampassword`

Same thing for the ham user:

# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/HamUser" "ham@mydomain.com"
# ./bdsafe registry setkey \
    "/BDUX/MailDaemon/SpamSubmit/HamPass" \
    `./bdsafe reg encode hampassword

If your server receives lots of emails, then you might want to set the interval at which BitDefender checks the two accounts to a smaller value, like 60 seconds:

# ./bdsafe registry setkey \
    "BDUX/MailDaemon/SpamSubmit/Timeout" "60"

All that’s left to do now, is to restart the product:

# ./bd restart

As said before, you can also use the BitDefender Remote Administration interface. Just open a browser, go to https://yourserverip:8139, log in with the administrator account and go to Components -> Mail -> Spam Submit. Enable it by checking the Enabled box, set the check interval in the Interval box, fill the necessary informations about the spam and ham users, and then click Apply.

Now, send an email to all your users and tell them to forward (as attachments) false negatives to spam@mydomain.com and false positives to ham@mydomain.com. Just to be sure: false positives are e-mails which have been found by BitDefender as legitimate when in fact they are not. False negatives are exactly the opposite.

Note: the emails retrieved from the spam and ham accounts will be deleted! That’s because BitDefender does not store the mail IDs provided by the POP3 server.

This is it. Enjoy! :)

Comments

  1. Francisco
    December 19th, 2012 | 02:05

    Hi, I have so many questions about the Bayesian filter. First I would like to know if there’s a way to know if it actually works, some kind of log or statistics, I have enabled the spam submit feature.
    Another question is if it is possible for me as a sysadmin to forward the messages that the my users report to me as spam. I’m no sure if the Bayesian filter is understanding these mails correctly , I’m afraid it will believe that my users are the spammers. How can I tell if it understands correctly the spam mails I’m sending. My last question is regarding the format, I use postfix and dovecot and the mails are in text format, is this a supported format for the filter??
    Thanks in advance

Leave a reply