September 30, 2010
The Bayesian filter included in our antispam engines can be trained in two ways: a) by running bdsafe on a set of known spam/ham e-mails, b) via the Spam Submit feature. In this article, we will focus on Spam Submit and the steps that need to be taken in order to set it up.
First, you need to add two accounts to your mail server, the spam user account and the ham user account. The spam account is used to feed the BitDefender Bayes filter with spam messages and the ham account with legitimate messages. Second, you need to configure BitDefender Security for Mail Servers to fetch the emails from those two accounts via a POP3 server, by using either bdsafe or the BitDefender Remote Administration interface.
Let us assume user email@example.com with password spampassword and user firstname.lastname@example.org with hampassword were added to the mail server’s list of accounts. The first thing to do is to enable Spam Submit. In /opt/BitDefender/bin run:
# ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/Enable" "Y"
You can check and see if the key is set by using:
# ./bdsafe registry getkey \ "/BDUX/MailDaemon/SpamSubmit/Enable"
Next, set the POP3 server:
# ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/Host" "127.0.0.1:110"
If the POP3 server and BitDefender are not on the same host, then you probably want to enable SSL:
# ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/UseSSL" "Y"
This way the communication with the POP3 server will be secured. Now add the spam user:
# ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/SpamUser" "email@example.com"
and set the password:
# ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/SpamPass" \ `./bdsafe reg encode spampassword`
Same thing for the ham user:
# ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/HamUser" "firstname.lastname@example.org" # ./bdsafe registry setkey \ "/BDUX/MailDaemon/SpamSubmit/HamPass" \ `./bdsafe reg encode hampassword
If your server receives lots of emails, then you might want to set the interval at which BitDefender checks the two accounts to a smaller value, like 60 seconds:
# ./bdsafe registry setkey \ "BDUX/MailDaemon/SpamSubmit/Timeout" "60"
All that’s left to do now, is to restart the product:
# ./bd restart
As said before, you can also use the BitDefender Remote Administration interface. Just open a browser, go to https://yourserverip:8139, log in with the administrator account and go to Components -> Mail -> Spam Submit. Enable it by checking the Enabled box, set the check interval in the Interval box, fill the necessary informations about the spam and ham users, and then click Apply.
Now, send an email to all your users and tell them to forward (as attachments) false negatives to email@example.com and false positives to firstname.lastname@example.org. Just to be sure: false positives are e-mails which have been found by BitDefender as legitimate when in fact they are not. False negatives are exactly the opposite.
Note: the emails retrieved from the spam and ham accounts will be deleted! That’s because BitDefender does not store the mail IDs provided by the POP3 server.
This is it. Enjoy!