Getting to know the Untangle NG Firewall Spam Blocker
The Untangle firewall comes with a spam blocker module that filters spam from inbound SMTP email. Older version of Untangle used to filter POP and IMAP mail, but the process proved to be inefficient and process intensive.
Untangle’s spam filter lite is built upon the open source spam assassin project, which is used by most every spam filter in the world. Spam assassin technology is proven in the field of fire effective against most spam in circulation and learns from the spam it filters. The longer the spam assassin engine is in use, the smarter it gets. Spam assassins one main weakness is that its less effective against zero day spam attacks than other premium solutions.
Untangle NG Firewall Complete adds to spam assassins effectiveness by including the Comm-Touch spam engine. Comm-Touch anti-spam technology is best in class and provides effective protection against zero day and more sophisticated spam attacks. Untangle Firewall Complete’s Comm-Touch engine runs in concert with the spam assassin engine thus making it more effective and efficient at blocking all types of spam.
The spam blocker is like most modules loaded into Untangle NG firewalls best in class user interface. Accessing the spam blockers settings are accessed via the settings button on the left side of the rack module.
The first available setting in the Untangle Spam Blocker is the email tab. The scan SMTP check box is enabled by default. If its unchecked, the spam blocker will not work.
Strength settings control how aggressive the spam filter behaves. Medium is the default and is a safe setting, high is very aggressive and has a good probability of blocking legitimate mail, while low will likely result in more spam being let through the filter.
The action setting controls how the spam filter handles spam messages. The default action is quarantine, which puts spam into a user quarantine that they can access to parse through messages. The other available actions are mark, which will mark messages as spam in the users outlook but will pass the messages through the filter, pass which will pass the spam through the filter unmolested, and drop which will drop the spam message outright.
Drop super spam will drop obvious spam mail regardless of the action setting. Checking the box activates the setting, which is turned on by default anyway.
Clicking the advanced SMTP configuration down arrow will expose the spam blockers advanced settings. Enable tarpitting turns on the tarpit, which helps fight spoofed spam.
Trapitting sends a message to the sending SMTP server to resend the message in a given number of seconds. If the spam is spoofed, the sending SMTP server never receive the retransmit and thus the spam will not get resent.
The next available setting is add email headers. This setting will add headers to the mail passed so human readable transit information will be added to the passed and flagged messages.
Next up is the close connection on scan failure setting. This setting will close the SMTP port if the scanner fails to scan the incoming message. This setting is enabled by default and its your call if you want to leave this setting enabled or not.
Next is the scan outbound (WAN) SMTP traffic. This setting will scan outbound traffic for spam and is useful for detecting computers which are infected with spam bots.
The last settings are the CPU limit, concurrent scan limit, and message size limit settings. The CPU limit sets limits on CPU load the spam blocker is allowed to use. The concurrent scan limit determines the maximum number of messages that can be scanned at the same time. The message size limit sets the maximum message size the system will attempt to scan.
The last two tabs are the event logs. These logs are great for troubleshooting mail flow problems and message tracking.
Thats all there is to the Untangle NG spam filter. I hope that this article helps you better understand the Untangle NG Firewall spam blocker.
By – Jim Martin