SpamSentinel 7.6
Leading the way to better spam management
Version 7.6 Components and Updated Functionality
SpamSentinel Version 7.6 is extremely stable with blocking rates in the 99.5% range!
We are very excited for the release of version 7.6. This version will be a major change for SpamSentinel. It is time that we rethink the way we manage Spam through the Daily Report. The volume of spam has increased so rapidly in the last few years that the Daily Report, which has been such an important part of SpamSentinel, has become oversized and hard to read.
So, we designed Version 7.6 to help the user focus on the smallest message set possible. We have added a 3rd check to our dual engine SpamSentinel. This means we now move more messages into the Spam-D (delete) category, leaving less for the user to have to examine. We are able to reduce the Daily Report by 75% with this version, which means instead of 120 items on each report, there will be 30! A user will see:
Version
7.5
7.6
Missed Spam
2
0
Spam-B
12
4
Spam-C
120
30
Spam-D
650
750
Figures based on a test of 784 pieces of spam in 24-hour period sent to one user.
What is Different in Version 7.6?
Version 7.5 used two spam checking engines. This sometimes caused a "tie" if the engines did not agree. We decided to check with RBLs to break the tie, with great success. We do not advocate using RBLs by themselves but, in combination with other checks, they do have a place. Everything else works as before. With this third check, Spam-B (which we refer to as
Undecided)
have also been reduced 75%. These
Undecided
messages should now be sent to the Notes
JunkMail
folder.
We don't even consider the Spam-D anymore. It is the worst of the worst and should be automatically deleted (AutoDelete setting). Our focus is on Spam-C and Spam-B. With this new approach, any spam that slips through will be in these two categories, and most likely in the Spam-B category. A Spam-B is triggered by one check only. We now refer to these messages as
Undecided
as they have some "spamminess" but we could not get two sources to agree.
Because we have reduced the numbers of Spam-C and Spam-B, two really good things happen:
1. The Daily Report is readable again with only 20 to 30 messages per day.
2. Using the Notes JunkMail folder for
Undecided
mail (Spam-B), will result in approximately 4 to 6 messages per day that need to be reviewed.
Our recommended Server Configuration settings are as follows:
Category B - Undecided should be set to "Send to Junk Mail folder"*
Category C - Confirmed Spam should be set to "Mail-In Quarantine for Reporting"
Category D - Deletion Recommended should be set to "AutoDelete"
*To learn how to send the Spam-B to the Notes JunkMail folder,
click here
.
Improvements to Non-Windows/Checking Machine Installations (AS400/Linux/Solaris)
For the first time in SpamSentinel history we are now able to auto-update non-windows installations of SpamSentinel starting with Version 7.6. We have merged our Windows and Non-Windows code into a single stream allowing us to optimize product improvement. Additionally, we will be able to monitor these installations remotely using our monitoring tools and respond to events that need attention. The SpamSentinel services are now able to login automatically when the checking machine is restarted. These improvements allow us to provide a better product faster to these customers.
SpamSentinel Version 7.6 Component Changes
SSInterceptor
Enabled "Skip Forms", "Skip Fields", and "Skip Relay Hosts"
Enabled "Selection Formula" to skip incoming messages.
Uses last IP address only for excluding messages from processing.
SSRouter
Additional database checks for common Lotus errors, such as database corruption to allow for real-time corrective action.
Mail boxes are opened and closed each cycle to detect corruption, and to allow database compact to run.
Is now a .NET 2.0 application.
Checks in to ssrouter.qos.maysoft.com
SSMonitor
Update to write XML configuration files when proxy server information has been changed to improve processing throughput.
Only allow Duo engine restarts every twenty minutes should communications errors be present to avoid continuously trying to restart them repeatedly.
Added code to hard-stop the Listeners if they become unresponsive.
Delay anti-virus file update for 15 minutes if previous update attempt failed to avoids pausing the SpamSentinel Scanner repeatedly.
Added operating system process preempt, and Domino Addin shut down request code to all lengthy functions to speed
Addin shutdown
.
Monitor will report processed and unprocessed mail counts in addition to SSRouter task to keep our staff notified of problems.
Connect to Duo engines periodically to verify they are accepting connection request and restart them as necessary to ensure maximum throughput.
Retrieves anti-virus updates from av.maysoft.com
Checks in to ssmonitor.qos.maysoft.com
SSDuoE1 and SSDuoE2
Check for datacenter access after creating the CommTouch engine to ensure connectivity.
Do not immediately request SSMonitor to restart engine in response to CommTouch 201 error to ensure there are no other unrelated communications problems present.
In response to a CommTouch 201 error, the Listener will set a six minute timer to allow the CommTouch engine to recover so as to avoid repeated restarting.
If during the six minute period a message is scanned successfully, the restart is canceled to avoid unnecessary restarts.
If the six minute period elapses, the Listener will request to be restarted by the Monitor.
Engines will also keep threads persistent to improve processing speed.
Checks in to engines.qos.maysoft.com.
SScanner
Avoid saving more than 32k in a text field. This can happen with multiple file name attachments, and SpamNet signature information. This has been known to cause processing errors.
If the SScanner is shut down by the Microsoft security library, it will not prompt to send a message to Microsoft. This will allow the SSMonitor to restart the SScanner without user intervention.
Fix for random CDATA error reported by SScanner.
Updates to core code that communicates with SSDuoE1 and SSDuoE2 to improve throughput.
Added White List fields when both Global and Personal white listing is enabled for Technical Support analysis.
Fixed delete bug in Personal Blacklisting.
Additional Realtime Blacklist (RBL) check is done on Good, Spam-B, and Spam-C messages only. RBL check is NOT performed on Spam-D messages.
Messages are promoted when RBL check is true. (Ex: Good message becomes Spam-B, Spam-B becomes Spam-C, Spam-C becomes Spam-D)
Aggression level of RBL settings are adjustable.
Checks in to scanner.qos.maysoft.com.
SSMgr
Points to new bank of servers for processing software updates.
Downloads updates from install.maysoft.com.
Checks in to manager.qos.maysoft.com.
Non-Windows/Checking Machine Installations (AS400/Linux/Solaris)
Checking machine (Non-Windows) processing code is identical to Windows-Domino server code.
All components now look to the file spamsentinel.xml instead of it's predecessor, spamsentinel.ini which is now obsolete.
Passwords are saved encrypted in this spamsentinel.xml file.
Advanced Settings - Checking Machine check-box must be set for Scanner engine to process mail on Domino server
SpamSentinel Monitor is SSMonitor.1.exe service
SpamSentinel Updater is SSManager.1.exe service.
SpamSentinel Router (SSRouter) does not exist in this version. Messages are processed in mail.box as opposed to scan.box in Windows-Domino servers.
Auto-Delete of Spam is allowed with Advanced Setting - Restart Router at 20,000.
Multiple servers can be checked with sscanner.2.exe but this second service is not monitored in 7.6.