Hexamail Nexus Configuration Reference [SPAMBlocker]

[SPAMBlocker]

The following settings can be used in this section:

Enable
You can turn off SPAM blocking entirely using this switch
bool
On/Off, True/False, Yes/No, 1/0
on
Enable=on
LogLevel
this sets how detailed you wish the logging for this module to be
select
Off, Critical, General, Verbose, Full, Debug
Full
LogLevel=Full
Hide
You can hide the SPAM blocking interface entirely using this switch
bool
On/Off, True/False, Yes/No, 1/0
off
Hide=off
SPFLogLevel
this sets how detailed you wish the logging for spam list to be
select
Off, Critical, General, Verbose, Full, Debug
Debug
SPFLogLevel=Debug
SPFLogTypes
this sets which types of messages you wish to be logged
flags
Error+Warning+Message+Service+Config+Licence
SPFLogTypes=Error+Warning+Message+Service+Config+Licence
SPFLogMaxSize
this sets the maximum size to which the log file for this module will be allowed to grow, in kbytes
number
1 - 32000 kbytes
1024 kbytes
SPFLogMaxSize=1024
SPFLogHistory
this sets the number of archived log files you wish the module to maintain
number
1 - 32 files
3 files
SPFLogHistory=3
SPFLogFlushSize
this sets at what size the log file will be flushed to disk, in kbytes. If trouble-shooting set this to 0, set it higher for maximum performance
number
1 - 64 kbytes
2 kbytes
SPFLogFlushSize=2
SPFLogFlushPeriod
this sets when the log file will be flushed to disk, in seconds. If trouble-shooting set this to 0, set it higher for maximum performance
number
1 - 600 seconds
15 seconds
SPFLogFlushPeriod=15
Action
This setting allows an override to any individual settings for SPAM blocking rules. If you do not wish to block any SPAM you can turn off the Block checkbox, and any rules that attempt to block SPAM will then be downgraded to Marking SPAM. If neither Block nor Mark are set then SPAM email will mererly be stored, but also travel unhindered to your user email accounts: this can be useful when testing - you can see what would be blocked or marked as SPAM in the SPAM store but not actually block the email. Turning off Store means that SPAM will not be stored at all.

The settings perform the following actions:
List The details of email that were identified as SPAM will be listed in the file SPAMList.log in the logs subdirectory of your installed product directory
List The email that were identified as SPAM will be forwarded to the email address or mailbox specified in the Forward To setting below
Store All email identified as SPAM and blocked or marked (not deleted!) will be stored in the SPAM store. The SPAM page shows you the list and allows manipulation of stored SPAM email
Mark Email designated as SPAM (that match rules set to mark or exceed the marking threshold) will have their subject marked as configured: they will be stored in the SPAM store if store is checked. The SPAM page shows you the list and allows manipulation of stored SPAM email
Block Email designated as SPAM (that match rules set to block or exceed the blocking threshold) will be blocked and not reach the original intended recipient: they will be stored in the SPAM store if store is checked. The SPAM page shows you the list and allows manipulation of stored SPAM email
Delete Email designated as SPAM (that match rules set to delete or exceed the deleting threshold) will be deleted: they will not be stored in the SPAM store


flags
Store+Mark+Block+Delete
Action=Mark
ForwardTo
this sets the email address or mailbox to which to forward SPAM if the Forward action is checked
text
ForwardTo=detectedspam@example.com
ForwardTypes
You can optionally forward blocked and/or deleted spam to a designated address.
flags
Marked+Blocked+Deleted
ForwardTypes=Blocked
MarkStore
Storing marked email in the quarantine allows the administrator to better see where to set the Block thresholds, email are sent to the original recipient(s) and a copy is also stored in the quarantine. This can also be used to allow users to allowlist marked email, and there is an option under SPAM Blocker/Review to prevent marked email being resent.
bool
On/Off, True/False, Yes/No, 1/0
off
MarkStore=off
StoreExpiryLog
This can be useful for analysis of why a quarantine may be overflowing
bool
On/Off, True/False, Yes/No, 1/0
off
StoreExpiryLog=off
MarkPrefix
this sets the text used to prefix the subject line of the email if it is considered as SPAM. You can use the token <reason> to insert the reason the email was marked as SPAM into the subject at the location of the token
text
Potential spam:
MarkPrefix=Potential spam (<reason>):
Alert
Alert administrator via email if the store contains more than the configured number of SPAM email. It is recommended for performance reasons that the SPAM store is regularly reviewed and emptied in order that the number of email contained is less than 10,000. Use the Delete option of rules to immediately remove email that match rules that are totally reliable indicators of SPAM
bool
On/Off, True/False, Yes/No, 1/0
on
Alert=on
AlertAfter
Alert administrator via email if the store contains more than this number of SPAM email
number
1 - 5000 Email
10 Email
AlertAfter=50
ReapNum
This setting allows automatic deletion of spam when the maximum number to store is exceeded. V4.0: DEPRECATED, see StoreMax
number
1 - 60000
50000
ReapNum=50000
Reap
This setting allows automatic deletion of SPAM when it has been in the quarantine for longer than the specified number of days V4.0: DEPRECATED, see StoreReap
bool
On/Off, True/False, Yes/No, 1/0
off
Reap=off
ReapAgeDays
This setting allows automatic deletion of SPAM when it has been in the quarantine for longer than the specified number of days V4.0: DEPRECATED, see StoreReapAgeDays
number
1 - 365 Days
10 Days
ReapAgeDays=4
CheckNumericalAddresses
this rule identifies email where the sender email address contains lots of numbers, typical of SPAM
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckNumericalAddresses=Weight
CheckNumericalAddressCount
this rule identifies email where the sender email address contains lots of numbers, typical of SPAM
int
6 Numbers
CheckNumericalAddressCount=6
CheckSubjectWhitespace
This rule identifies email containing runs of spaces in the subject, typical of SPAM
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckSubjectWhitespace=Block
SubjectMaxWhitespace
SPAM email often have runs of more than 7 spaces in the subject, legitimate email do not
number
4 - 64 Spaces
8 Spaces
SubjectMaxWhitespace=8
CheckSubjectMissing
This rule identifies email with no subject header or a blank subject
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckSubjectMissing=Weight
CheckSubjectNonAlpha
This rule identifies email containing non alphanumerical characters in the subject, typical of SPAM
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckSubjectNonAlpha=Block
SubjectMaxNonAlpha
SPAM email often have more than 4 non alphanumericals in the subject, legitimate email do not
number
5 - 32 Characters
7 Characters
SubjectMaxNonAlpha=7
CheckSubjectPunct
This rule identifies email containing many punctuation characters in the subject, typical of SPAM
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckSubjectPunct=Block
CheckSenderAddressValid
This rule identifies email with an invalid sender address, often the sender address is invalid in SPAM email, almost never with legitimate email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckSenderAddressValid=Weight
CheckSenderAddressDisclosed
This rule identifies email with an undisclosed sender address, sometimes the sender address is undisclosed in SPAM email, almost never with legitimate email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckSenderAddressDisclosed=Weight
CheckSenderAddressPresent
Some mailservers send out of office replies and NDRs from a blank sender address. SMTP therefore has to accept this. Email with blank senders that are not from your network OR Out Of Office replies or NDRs can be blocked as spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckSenderAddressPresent=Weight
CheckSenderFromMatch
This rule checks the SMTP envelope Sender matches the MIME From field.
select

(More Info)Off, Weight, Mark, Block, Delete
Off
CheckSenderFromMatch=Off
CheckSenderFromMatchSkip
This allows the checks to be skipped for the listed address matches
select
*@amazonses.com,*@mailjet.com,*@mailjet.com,*@mandrillapp.com
CheckSenderFromMatchSkip=*@amazonses.com,*@mailjet.com,*@mailjet.com,*@mandrillapp.com
CheckSenderFromMatchDomain
This rule checks the SMTP envelope Sender domain matches the MIME From field domain
select

(More Info)Off, Weight, Mark, Block, Delete
Off
CheckSenderFromMatchDomain=Off
CheckSenderFromMatchInternal
This rule checks the SMTP envelope Sender matches the MIME From field for all internal domains.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckSenderFromMatchInternal=Block
CheckSenderFromMatchDomainInternal
This rule checks the SMTP envelope Sender domain matches the MIME From field domain for internal domains
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckSenderFromMatchDomainInternal=Block
CheckSenderReplyToMatch
This rule identifies email where the sender and reply-to address differ, typical of SPAM and some types of mailing lists
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckSenderReplyToMatch=Weight
CheckFromMask
This rule identifies email where the displayed From name tries to hide the actual email address using a displayed name of an email address that differs from the actual email address such as "a@b.com" <x@y.com>
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckFromMask=Weight
FromReveal
In some mail clients only display name part of the From address or reply to field is displayed. This can lead to confusion for users if they think the displayed name is correct but in fact hiding a different email address. For example a spammer may sender an email from "Your CEO" . Use this setting to force the actual reply to and/or SMTP envelope sender address to be published in the displayed part of the from field of received email. So for example the above becomes "Your CEO " making it clear that the "Your CEO" was spoofed.
bool
On/Off, True/False, Yes/No, 1/0
Off
FromReveal=Off
FromRevealTemplate
Use this template to decide how to reconstruct the displayed From field of the email. Possible tokens include: - the original displayed name from the From MIME field - the hidden From MIME field email address - the SMTP envelope sender address - the hidden Reply-To MIME field email address - the hidden From email address if available, otheriwse the ReplyTo field otherwise the SMTP envelope sender
text
<disp> (<from>)
FromRevealTemplate=<disp> (<from>)
CheckSenderAddressInvalidChars
This rule identifies email where the sender address contains odd or invalid character sequences. Legitimate email addresses rarely contain such characters
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckSenderAddressInvalidChars=Weight
OnlyCheckRecipients
This is the list of recipient email addresses that will be checked for SPAM. Leave this list blank to default to checking all incoming email. If you add any entries to this list, ONLY email to users that match an entry on the list will be checked for SPAM. Email to multiple recipients will not be checked for SPAM unless all recipients match an entry on this list.
text
OnlyCheckRecipients=info@example.com, marketing@example.com
See Also:BlockedRecipients, AlwaysAllowSenders, BlockedSenders, AutoAllowOutBoundRecipients
IgnoreCheckRecipients
This is the list of recipient email addresses that will NOT be checked for SPAM. Leave this list blank to default to checking all incoming email. If you add any entries to this list, email to users that match an entry on the list will NOT be checked for SPAM.
text
IgnoreCheckRecipients=honeypot@example.com, marketing@example.com
See Also:BlockedRecipients, AlwaysAllowSenders, BlockedSenders, AutoAllowOutBoundRecipients
AlwaysAllowedIPs
This is the list of IP addresses that are always allowed and NOT checked for SPAM. You can use CIDR notation, wildcards and ranges (e.g. 192.168.0.0/16, 192.168.0.0/16, 192.*.*.*, 192.10-50.*.*) or leave blank to disable this option. WARNING: it is NOT recommended that you enter *.*.*.* in this list as the SPAM blocking will be turned off FOR ALL EMAIL. Very wide wildcard ranges can also effectively disable the SPAM blocking for most email and are not recommended.
text
AlwaysAllowedIPs=192.168.0.*
See Also:DisallowedIPList
RelayAllowIPs
Typically the relay IP list specified in the SMTP Server is a list of trusted IPs so you can skip spam checking for those IPs using this switch. There are some cases where you may want the IPs to relay, but still be scanned for spam, if so disable this option.
bool
On/Off, True/False, Yes/No, 1/0
on
RelayAllowIPs=on
See Also:AllowRelayIPList
CheckHeaders
This rule identifies email where the headers match those specified in the Disallowed headers list
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckHeaders=Weight
CheckHeaderSuspicious
This rule identifies email where the headers match those often found in SPAM, or rarely found in normal email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckHeaderSuspicious=Weight
CheckHeaderDates
This rule identifies email where the date header is invalid, a long time in the past or future, or missing or of an invalid format
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckHeaderDates=Weight
DisallowedHeaders
This is the list of email headers and their values that are matched. You can use wildcards (e.g. X-*Unsubscribe:)
text
X_Id,X-Batch-Number,X-Cid,X-CntID,X-Comment,X-Complaints-To,X-eid,X-Email,X-Id,X-Info,X-IONK,X-Less,X-Library,X-Mailid,X-MyID,X-NTCR,X-Roving,X-Save,X-UserID,X-Utu,X-Server,Message-ID: <?[??
DisallowedHeaders=X_Id,X-Batch-Number,X-Cid,X-CntID,X-Comment,X-Complaints-To,X-eid,X-Email,X-Id,X-Info,X-IONK,X-Less,X-Library,X-Mailid,X-MyID,X-NTCR,X-Roving,X-Save,X-UserID,X-Utu,X-Server,Message-ID: <?[??
CheckMailers
This rule identifies email where the 'mailer' application used to send the email matches those often found being used to send SPAM
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckMailers=Weight
DisallowedMailers
This is the list of email clients/mass-mailers that are SPAM blocked. You can use wildcards (e.g. *MIME::Lite*). The defaults have been generated from statistics calculated over large volumes of SPAM. It is recommended that these are retained, but specific mailers that may cause incorrect blocking be removed over time.
text
{%xmailer%},<smsmtp>,<SMTP32,Accucast,Chordiant Online Marketing Director,CyberCreek,eGroups Message,MailtrackPro,MIME::Lite,MIME-tools,MM Email,MMailer,Pineapplesoft,The Bat!,MassEasy Mailer,Dynamailer,Sylpheed,Incredimail,Gammadyne,FoxMail
DisallowedMailers=MIME::Lite
UserWhiteListingEnable
You can optionally disable user allow and blocklisting. This can be useful for diagnosing routing issues, debugging or if user allowlisting is not desireable
bool
On/Off, True/False, Yes/No, 1/0
on
UserWhiteListingEnable=on
See Also:AlwaysAllowSenders, BlockedSenders
AutoAllowOutBoundRecipients
DEPRECATED: Automatically add any recipients of email from users within your company to the a list of users whose email will never be checked for SPAM. This helps prevent false-positives (email being marked/ blocked as SPAM when they are in fact not)
bool
On/Off, True/False, Yes/No, 1/0
on
AutoAllowOutBoundRecipients=on
See Also:AlwaysAllowSenders, BlockedSenders
AlwaysAllowSenders
DEPRECATED: This is the list of email addresses that are never SPAM blocked. You can use wildcards (e.g. *@customername.com, myname@*.*). Remember that SPAM blocking is only performed on inbound or relayed mail, so there is no need to add your own domains to this list
text
AlwaysAllowSenders=*@acustomer.com
See Also:BlockedSenders
RemoveDomainsFromAllowedSenders
You should not list your own domains in allowed senders as spammers spoof email from internal domains using MIME From field spoofing. Use this setting if you wish to enable allowlisting of your own domains for a specific reason.
bool
On/Off, True/False, Yes/No, 1/0
TRUE
RemoveDomainsFromAllowedSenders=TRUE
CheckWebBugs
This rule identifies email where a small image used to track receipt of the email is found. These webbugs are often found in SPAM and very rarely in other mail shots and email marketing, but never in 'normal' email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckWebBugs=Weight
CheckWebPopups
This rule identifies email where a pop-up windows are opened by the email on receipt. This is often a trick by SPAMmers to force users to view webpages (even the preview pane of an email client will pop open the window). Usually confined to SPAM email, but annoying in every case - so well worth blocking!
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckWebPopups=Block
CheckImages
When a large image is detected forming the majority of the body of the email, the email will be designated as SPAM. This trick is often used by spam to avoid having any identifiable textual content in their email. Both single large images and multiple small images tiled to make up a large image are blocked. Almost certainly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckImages=Weight
CheckImageAttachments
When a large image is detected forming the majority of the body of the email, the email will be designated as spam. This trick is often used by spam to avoid having any identifiable textual content in their email. Both single large images and multiple small images tiled to make up a large image are blocked. Almost certainly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckImageAttachments=Block
CheckImageTypes
When an image is detected with the wrong type specified for its extenion or content type this rule is triggered. Almost certainly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckImageTypes=Block
CheckImagePngOnly
When a png attached image is detected and there is no content whatsoever this rule is triggered. Almost certainly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckImagePngOnly=Block
CheckImageGifOnly
When a gif attached image is detected and there is no content whatsoever this rule is triggered. Almost certainly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckImageGifOnly=Block
CheckImageJpgOnly
When a jpg attached image is detected and there is no content whatsoever this rule is triggered. Mostly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckImageJpgOnly=Weight
CheckRtfOnly
When an rtf file is attached and there is no content whatsoever this rule is triggered. Mostly a good indication of spam!
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckRtfOnly=Weight
CheckImageMaps
When an image map is detected forming the majority of the body of the email, the email will be designated as spam. This trick is often used by spam to avoid having any identifiable textual content in their email. Image maps are very very rarely used by legitimate email.
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckImageMaps=Weight
ImgExpAllow
Any email found to contain a hosted image url matching these expressions will be allowed
text
ImgExpAllow=*.myimagehostingsite.com*
ImgExpWeight
Any email found to contain a hosted image url matching these expressions will be weighted more strongly as spam
text
*.2send.us*,*.uploadyourimages.com*,*.yoxio.com*,*.picturehost.co.uk*,*.imagecave.com*,*.imagesocket.com*,*.free-image-hosting.com*,*.piclynk.com*,*.myimagehere.com*,*.imagecloset.com*,*.myonlineimages.com*,*.theimagehosting.com*,*.pictiger.com*,*.hotlinkfiles.com*,*.alkaspace.com.*,*.fileave.com*,*.yourpix.org*,*.inselpix.com*,*.uploadextra.com*,*.imagefuse.com*,*.mynetimages.com*,*.freeimagehost.eu*,*.imagebee.org*,*.host-a.net*,*.gigafiles.co.uk*,*.yourep.com*,*.freeshare.us*,*.filexoom.com*,*.fileden.com*,*.image-upload.net*,*.phosted.com*,*.imgfreehost.com*,*suprfile.com*,*.freefilehosting.org*,*.hostmypic.info*,*keepmyufile.com*,*picturehiosting.org*,*.photoamp.com*,*imagecraze.com*,*ephotohut.com*,*filehost.to*,*thefreeimagehosting.com*,*photoserver.us*,*simpload.com*,*myfilehut.com*,*freeimagehosting.net*,*.imageviper.com*,*picturerack.com*,*yesalbum.com*,*imagecave.com*,*thepixplace.com*,*imagevenue.com*,*filehigh.com*,*picsplace.to*,*photopeg.com*,*photojerk.com*,*xs.to*,*imageshack.com*,*photobucket.com*
ImgExpWeight=*.imageshack.com*
ImgExpMark
Any email found to contain a hosted image url matching these expressions will be marked
text
ImgExpMark=*.imageshack.com*
ImgExpBlock
Any email found to contain a hosted image url matching these expressions will be blocked
text
*.imgspot.com*,*.imagehost.ro*,*.imagethrust.com*,*.imagehosting.com*,*.tinypic.com*,*.bilder-hosting.de*
ImgExpBlock=*.imagethrust.com*
ImgExpDelete
Any email found to contain a hosted image url matching these expressions will be DELETED
text
ImgExpDelete=*.imagethrust.com*
GappyText
G-a-p-p-y text found in the email, this form of text is often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a highly reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
GappyText=Weight
TextHTMLMismatch
The Text and HTML parts do not match
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
TextHTMLMismatch=Weight
SubjectGappy
G-a-p-p-y text found in the subject, this form of text is often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a highly reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
SubjectGappy=Weight
ActiveX
ActiveX objects found in html email content
select

(More Info)Off, Weight, Mark, Block, Delete
Block
ActiveX=Block
TableText
Text hidden in rearranged HTML tables
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
TableText=Weight
HashBusters
Hash buster text found in the email subject, this form of text is often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a highly reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
HashBusters=Weight
NumberText
Numerical text (e.g Sc00l, 1esb1ans, y0ung, g1rls) found in the email, this form of text is often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a highly reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
NumberText=Weight
Comments
Suspicious comments found in the email, often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a highly reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
Comments=Weight
Fonts
Suspicious font coloring found in the email, often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
Fonts=Weight
FontSize
Suspicious font sizing found in the email, often used by spammers to foil spam blockers. As this practice is used to circumvent blocking: it is a highly reliable mechanism for detecting spam
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
FontSize=Weight
Base64Encoding
spam is often encoded into Base64 to hide readable content from filters. Content is always decoded before analysis but you can also use the fact it was encoded to block or weight the email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
Base64Encoding=Weight
SuspiciousURL
Suspicious URLs often indicate an email is spam. This may include very long numerical URLs, URLs containing an email address or URLs containing the word remove
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
SuspiciousURL=Weight
MismatchedURL
Mismatched or masked URLs often indicate an email is spam or a Phishing attack.
select

(More Info)Off, Weight, Mark, Block, Delete
Mark
MismatchedURL=Mark
CheckAttachments
Attachments included with email that match the extensions defined in AttachmentMatches
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckAttachments=Block
CheckAttachName
Attachments included with email that have no valid filename
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckAttachName=Block
AttachmentMatches
Email swith attachments that match the configured extensions will be marked, blocked or deleted according to the setting CheckAttachments
text
*.scr,*.ceo,*.bat,*.com,*.js,*.vbs,*.pif,*.cmd,*.jar,*.adp,*.app,*.asp,*.bas,*.bat,*.ce,*.cmd,*.chm,*.cnt,*.com,*.cpl,*.crt,*.csh,*.de,*.exe,*.fxp,*.gadget,*.hlp,*.hpj,*.hta,*.inf,*.ins,*.isp,*.its,*.js,*.jse,*.ksh,*.lnk,*.mad,*.maf,*.mag,*.mam,*.maq,*.ma,*.mas,*.mat,*.mau,*.mav,*.maw,*.mda,*.mdb,*.mde,*.mdt,*.mdw,*.mdz,*.msc,*.msh,*.msh1,*.msh2,*.mshxml,*.msh1xml,*.msh2xml,*.msi,*.msp,*.mst,*.ops,*.osd,*.pcd,*.pif,*.plg,*.prf,*.prg,*.pst,*.reg,*.scf,*.sc,*.sct,*.shb,*.shs,*.ps1,*.ps1xml,*.ps2,*.ps2xml,*.psc1,*.psc2,*.tmp,*.url,*.vb,*.vbe,*.vbp,*.vbs,*.vsmacros,*.vsw,*.ws,*.wsc,*.wsf,*.wsh,*.xnk,*.ade,*.cla,*.class,*.grp,*.ja,*.mcf,*.ocx,*.pl,*.xbap
AttachmentMatches=*.scr,*.ceo,*.bat,*.com,*.js,*.vbs,*.pif,*.cmd,*.jar,*.adp,*.app,*.asp,*.bas,*.bat,*.ce,*.cmd,*.chm,*.cnt,*.com,*.cpl,*.crt,*.csh,*.de,*.exe,*.fxp,*.gadget,*.hlp,*.hpj,*.hta,*.inf,*.ins,*.isp,*.its,*.js,*.jse,*.ksh,*.lnk,*.mad,*.maf,*.mag,*.mam,*.maq,*.ma,*.mas,*.mat,*.mau,*.mav,*.maw,*.mda,*.mdb,*.mde,*.mdt,*.mdw,*.mdz,*.msc,*.msh,*.msh1,*.msh2,*.mshxml,*.msh1xml,*.msh2xml,*.msi,*.msp,*.mst,*.ops,*.osd,*.pcd,*.pif,*.plg,*.prf,*.prg,*.pst,*.reg,*.scf,*.sc,*.sct,*.shb,*.shs,*.ps1,*.ps1xml,*.ps2,*.ps2xml,*.psc1,*.psc2,*.tmp,*.url,*.vb,*.vbe,*.vbp,*.vbs,*.vsmacros,*.vsw,*.ws,*.wsc,*.wsf,*.wsh,*.xnk,*.ade,*.cla,*.class,*.grp,*.ja,*.mcf,*.ocx,*.pl,*.xbap
CheckWebIFrames
This rule identifies email where a an embedded frameset is used to show HTML content in the email without the email containing the content itself. This is often used to allow spam to deliver is content undetected. It is almost never used today in legitimate email
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckWebIFrames=Block
CheckBadHTML
This rule identifies email containing suspicious HTML constructs
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckBadHTML=Weight
CheckMultipleSimilarRecipients
Often spammers send email to lists in alphabetical order. Thus the list of recipients on the spam email will contain a large number of recipients all beginning with the same letter of the alphabet. Use this switch to instruct blocking of email of this type
select

(More Info)Off, Weight, Mark, Block, Delete
Block
CheckMultipleSimilarRecipients=Block
CheckValidRecipients
Sometimes spammers hide all recipients or specify garbage in the email To:/CC: fields use this rule to match such email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckValidRecipients=Weight
CheckUndisclosedRecipients
Sometimes spammers hide all recipients or specify them as 'Undisclosed' use this rule to match such email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
CheckUndisclosedRecipients=Weight
SPAMCheckMaxMessageSize
The spam blocker will only spam check email less than this size. The size includes any attachments. Typically spam email are relatively small due to the volume spammers must send. It is more efficient to avoid processing the larger email as they are often not spam and take longest to check.
number
2 - 256000 Kbytes
2096 Kbytes
SPAMCheckMaxMessageSize=2096
SPAMCheckMessageUpTo
The spam blocker will only check up this amount of an email to work out if it is spam or not. Often only the first few parts of the email (the text and html parts) need be checked, so this setting can save processing the rest of the message. Typically you will not want to set this much higher than the default of 64kbytes
number
1 - 256000 Kbytes
64 Kbytes
SPAMCheckMessageUpTo=64
SPAMMarkThreshold
The spam Blocker pattern matching scores each email from 0% (almost certainly legitimate) to 100% (almost certainly spam). You can use this threshold to set the level above which email are Marked
number
5 - 100
35
SPAMMarkThreshold=40
SPAMBlockThreshold
The spam Blocker pattern matching scores each email from 0% (almost certainly legitimate) to 100% (almost certainly spam). You can use this threshold to set the level above which email are Blocked and optionally stored in the spam store
number
5 - 100
37
SPAMBlockThreshold=55
SPAMDeleteThreshold
The spam Blocker pattern matching scores each email from 0% (almost certainly legitimate) to 100% (almost certainly spam). You can use this threshold to set the level above which email are Deleted without being stored
number
5 - 100
95
SPAMDeleteThreshold=80
PatternMatchingEnable
Built-in sophisticated statistical pattern matching algorithms can be used to match and block spam. This is a highly accurate mechanism for filtering junk email offering high rates of spam identification, typically around 95% and very low false positive rates (the number of email incorrectly blocked): typically less than 1 in 2,000 email.
bool
On/Off, True/False, Yes/No, 1/0
on
PatternMatchingEnable=on
PatternMatchWords
This is a highly technical setting and should be left on the default. Varying this setting will alter the optimal thresholds required
number
15 - 256 words
55 words
PatternMatchWords=55
PatternMatchSexuallyExplicit
Sexually explicit or pornographic spam emails. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchSexuallyExplicit=On
PatternMatchAsian
spam in Asian fonts or scripts. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchAsian=On
PatternMatchBeauty
spam concerning self-improvement and beauty treatments. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchBeauty=On
PatternMatchCompetitions
spam telling you you've won or can enter competitions. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchCompetitions=On
PatternMatchCreditFinanceLoans
spam concerning refinancing, credit cards, loans, mortgages, and investments. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchCreditFinanceLoans=On
PatternMatchFinancePhishing
select
Off, Mark, On
On
PatternMatchFinancePhishing=On
PatternMatchFinancePumpNDump
select
Off, Mark, On
On
PatternMatchFinancePumpNDump=On
PatternMatchFinanceScams
select
Off, Mark, On
On
PatternMatchFinanceScams=On
PatternMatchFinanceWorkFromHome
select
Off, Mark, On
On
PatternMatchFinanceWorkFromHome=On
PatternMatchFreeStuffOffers
spam offering free products or services, or special offers or gifts. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchFreeStuffOffers=On
PatternMatchMoneyMaking
Get rich quick schemes, money making ideas and offers, and investment or stock price information. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchMoneyMaking=On
PatternMatchHealth
Health and wellness spam email. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchHealth=On
PatternMatchBusinessMarketing
spam offering business cards, company or email address lists. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchBusinessMarketing=On
PatternMatchSinglesDating
spam promoting singles and dating websites. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchSinglesDating=On
PatternMatchPharmacological
spam offering pharmaceutical products such as Viagra and HGH. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchPharmacological=On
PatternMatchRecruitment
spam promoting job or recruitment websites, or recruitment agency services. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchRecruitment=On
PatternMatchPrivacy
spam promoting privacy tools for PCs and Windows, such as hard-disk image removal products. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchPrivacy=On
PatternMatchSalesSavings
spam offering price reductions, sales or savings on goods and products. These subcategories of spam can be optionally turned off - so that although the email was considered spam, those that match this specific category can be allowed to pass through. This is useful if your company is operating in a business domain similar to one of the categories. Turn off any categories that cause incorrect email to be blocked, or are very similar to your business.
select
Off, Mark, On
On
PatternMatchSalesSavings=On
AutoretrainNonSPAMPatternMatcher
The pattern matching engine can learn about your email traffic. Enable this control to allow the pattern matching engine to automatically learn about your email traffic from outbound messages and/or any emails you elect to send from the spam store. The engine is retrained every 250 email messages for efficiency, and is retrained up to a maximum of 50,000 emails, more than sufficient to learn about your email traffic.
bool
On/Off, True/False, Yes/No, 1/0
on
AutoretrainNonSPAMPatternMatcher=off
DisallowInternetExpressionsContentAction
The action to take if an Internet updated disallowed content phrase is found. The list of phrases is automatically maintained and downloaded from the Internet update site as required. These phrases and expressions very rarely give any false positives so blocking or deletion is recommended.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
DisallowInternetExpressionsContentAction=Block
ASCIIArtContentCheck
The action to take if ASCII art is found in the content.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
ASCIIArtContentCheck=Block
DisallowPhrasesContentAction
The action to take if a configured disallowed content phrase is found.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
DisallowPhrasesContentAction=Block
DisallowPhrasesContent
Any email found to contain any of these phrases will be marked as Potential spam or blocked completely. This allows you to block repetitive spam not blocked by any other options, based on phrases or wildcard matches, such as "v?agra". They are case insensitive.
text
get out of debt,not to receive e-mails,opted in * one of our partner sites,To opt out from future mailings,wish to be excluded,talking library out for the holidays,gayz,First t1me,Enter site here,Click here to be
DisallowPhrasesContent=Guaranteed to work!!!!
WeightPhrasesContent
Any email found to contain any of these phrases will be weigthed more heavily as spam. This allows you to weight phrases in spam. They are case insensitive.
text
reg(http://[0-9]+.[0-9]+.[0-9]+.[0-9]+./),million verified email addresses,to be removed from future mailings,To be removed from this list,government grants,guaranteed return,If you prefer not to receive e-mails,not to receive e-mails,opted in * one of our partner sites,penis,viagra,Vicodin,You are receiving this email because,ejacula,Create DVD,URGENT ASSISTANCE,CLEAR THIS MONEY,SUM OF * MILLION,Your funds are deposited,home based business,fCAN Spam Act,singles in your area,funds totalling,Order Online Now,Work from your ho,Work At Home Now,copy DVD,unsolicited commercial e-mail,100% risk free,special promotion,investment opportunity,Bank of Nigeria,CONFIDENTIAL*TOP SECRET,Government of Nigeria,F R E E,Bank Deposit paperwork,Nigerian Government,Multi-level marketing,TRANSFER OF *SUM OF,funds totalling US
WeightPhrasesContent=Guaranteed to work!!!!
NeuralContent
You can enable a neural content structure matching algorithm. The neural algorithm is highly effective at matching the content structrues typically used by spammers to send emails. The algorithm is designed to give almost no false positives, and a detection rate of around 40%, so combined with other techniques provides a great line of defence against spam that is difficult to block with other means. You can choose to mark, block, weight or delete emails matched by the Neural content matching.
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
NeuralContent=Weight
NeuralContentThreshold
Threshold to use for Neural content matching. 45% gives a good catch rate (>65%) but may throw up some false positives. 75% will eliminate most false positives but catch closer to 37%
number
25 - 99 %
75 %
NeuralContentThreshold=75
DisallowInternetExpressionsURLAction
The action to take if an Internet updated disallowed url expression is found.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
DisallowInternetExpressionsURLAction=Block
DisallowPhrasesURLAction
The action to take if a configured disallowed url expression is found.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
DisallowPhrasesURLAction=Block
DisallowPhrasesURL
Any email found to contain a url that matches any of these expressions will be marked, blocked, or deleted according to your chosen block level for this rule. This allows you to block repetitive spam not blocked by any other options, based on wildcard matches, such as *optinmarketing*. The matches are case insensitive. You can use the * character to mean any characters and the ? character to mean a single character.
text
*xxx*.co.uk/*,*xxx*.com/*
DisallowPhrasesURL=*.example.com*
AllowPhrasesContent
Any email found to contain any of these phrases will pass straight through the spam blocking module unhindered. The phrases are case INSENSITIVE and apply to both the subject and the content of the email.
text
AllowPhrasesContent=A Partner Newsletter Title
DisallowInternetExpressionsSubjcetAction
The action to take if an Internet updated disallowed subject phrase is found.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
DisallowInternetExpressionsSubjcetAction=Block
BlockSenders
This is the list of sender email addresses that will be blocked. You can use wildcards (e.g. *@spammer.com, *@mailinglist.*) or leave blank for no specific blocked senders.
text
*.top,*.download,*.stream
BlockSenders=*@spammer.com
See Also:SPFEnable, BlockedSenders, AlwaysAllowSenders, AutoAllowOutBoundRecipients, MarkSenders, WeightSenders, DeleteSenders
WeightSenders
This is the list of sender email addresses that will be weighted. You can use wildcards (e.g. *@spammer.com, *@mailinglist.*) or leave blank for no specific weighted senders.
text
*.gdn,*.biz,*.win,*.xyz,*.ru,*.link,*.party,*.date,*.cn
WeightSenders=*@spammer.com
See Also:SPFEnable, BlockedSenders, AlwaysAllowSenders, AutoAllowOutBoundRecipients, MarkSenders, DeleteSenders, BlockSenders
MarkSenders
This is the list of sender email addresses that will be marked. You can use wildcards (e.g. *@spammer.com, *@mailinglist.*) or leave blank for no specific marked senders.
DeleteSenders
This is the list of sender email addresses that will be deleted. You can use wildcards (e.g. *@spammer.com, *@mailinglist.*) or leave blank for no specific deleted senders.
AllowVerifiedSenders
This is the list of allowed email addresses that can email without spam blocking if their sender and IP address has been verified by SPF. Remember that if you allowlist major ISPs and hacked accounts are used to send spam or scam email then those email will get through unchecked. Only enable this for ISP domains where they take adequate precautions against scam and spam being sent from their accounts. You can use wildcards (e.g. *@microsoft.com, *@gmail.*) or leave blank for no specific allowed verified senders. You can also use <tld> to specify all top level domains,e.g *@amazon. = amazon.com amazon.net amazon.jp ... You can also use <tldco> to specify all commercial top and second level domains,e.g *@amazon.<tld> = amazon.com amazon.net amazon.co.uk amazon.co.jp ... You can also use <tldccco> to specify all commercial top and second level domains and country top level domains,e.g *@amazon. = amazon.com amazon.net amazon.jp amazon.co.uk amazon.co.jp ... You can also use <tldcc> to specify all top level country code domains,e.g *@amazon.<tldcc> = amazon.jp amazon.de ... You can also use <tldg> to specify all top level global base domains,e.g *@amazon.<tldg> = amazon.com amazon.org amazon.net ... You can also use <tldext> to specify all top level global extended domains,e.g *@amazon.<tldext> = amazon.mobi amazon.info ... You can also use <sldco> to specify all commercial second level domains,e.g *@amazon.<sldco> = amazon.co.uk amazon.co.jp ... You can also use <sldgov> to specify all government and military second level domains,e.g *@tax.<sldgov> = tax.gov.uk tax.gov.hk ... You can also use <sldorg> to specify all organizational second level domains,e.g *@antispam.<sldorg> = antispam.org.uk antispam.org.es ... You can also use <sldedu> to specify all educational second level domains,e.g *@school.<sldedu> = school.ac.uk school.edu.za ...
text
*@account.microsoft.com,*@bbc.co.uk,*@finn.no,*@booking.com,*@bounces.amazon.<tldccco>,*@*.amazon.<tldccco>,*@tripadvisor.com,*@homeaway.com,*@abritel.fr,*@*.gov.uk,*@adobe.com,*@amazon.com,*@rbs.co.uk,*@bbc.com,*@docusign.net,*@docusign.com,*@amazon.co.uk,*@cnet.com,*@spiceworks.com,*@sap.com,*@theregister.co.uk,*@aws.amazon.com,*@oracle.com,*@lifehacker.com,*@evernote.com,*@meteo.fr,*@nytimes.com,*@dropbox.com,*@slideshare.com,*@booking.com,*@yelp.com,*@weather.com,*@stumbleupon.com,*@mozilla.org,*@w3schools.com,*@4shared.com,*@salesforce.com,*@soundcloud.com,*@tripadvisor.com,*@photobucket.com,*@mashable.com,*@skype.com,*@tesco.com,*@walmart.com,*@bild.de,*@github.com,*@leboncoin.fr,*@wsj.com,*@telegraph.co.uk,*@usatoday.com,*@ikea.com,*@samsung.com,*@buzzfeed.com,*@spiegel.de,*@cnn.com,*@netflix.com,*@dailymotion.com,*@twitter.com,*@bounce.twitter.com,*@blogspot.<tldccco>,*@wordpress.com,*@apple.<tldccco>,*@instagram.com,*@flickr.com,*@huffingtonpost.com,*@stackoverflow.com,*@tumblr.com,*@pinterest.com,*@blogger.com,*@craigslist.org,*@ebay.<tldccco>,*@vodafone.<tldccco>,*@orange.<tldccco>,*@lemonde.fr,*@foursquare.com,*@lenovo.com,*@digg.com,*@expedia.com,*@pandora.com,*@target.com,*@bestbuy.com,*@linkedin.<tld>,*youtube.<tld>,*@hp.com,*@techcrunch.com,*@webmd.com,*@groupon.com,*@att.com,*@icloud.com,*@me.com,*@time.com,*@bloomberg.com,*@facebook.<tld>,*@facebookmail.<tld>,*@hexamail.com,*@hexamail.net,*@microsoft.<tldccco>,*@google.<tldccco>,*@bt.com,*@amazon.<tldccco>,*@paypal.<tldccco>,*@webpronews.com,*@accounts.google.com,*@googlemail.com,*@kitco.com,*@helpx.net,*@workaway.info,*@memotoo.com,*@avantgate.com
AllowVerifiedSenders=*@hexamail.com,*@hotmail.com,*@live.com,*@yahoo.com,*@aol.com
See Also:SPFEnable, AlwaysAllowSenders, AutoAllowOutBoundRecipients
DisallowInternetExpressionsFromAction
The action to take if an Internet updated disallowed MIME from phrase is found.
select

(More Info)Off, Weight, Mark, Block, Delete
Block
DisallowInternetExpressionsFromAction=Block
DisallowPhrasesSubjectAction
DEPRECATED: The action to take if a configured disallowed subject phrase is found.
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
DisallowPhrasesSubjectAction=Weight
DisallowPhrasesSubject
DEPRECATED: Any email found to contain any of these phrases will be marked as Potential spam or blocked completely. This allows you to block repetitive spam not blocked by any other options, based on phrases or wildcard matches, such as "v?agra". They are case insensitive.
text
adv ,adv_,advadlt,big5,"Friend,",Lose up to,MILLION EMAIL ADDRESSES,Mortgage Approved,PENIS,VIAGRA
DisallowPhrasesSubject=Get rich today!!!!
DisallowPhrasesSender
Any email found to contain any of these phrases in the sender/ from address displayed will be marked as Potential spam or blocked completely.This allows you to block repetitive spam not blocked by any other options, based on phrases or wildcard matches, such as "specialoffers". They are case insensitive.
text
$,@adult,@bulkmail,@crosskirk,@e-mailpromo,@xxx,4free.,bizsupport,bounce,bwerbung@,ConsumerDirect,Great Deals,great*offers.com,himailer.com,internetads@,optin@,optout@,porn,remove@,sexcams,someonelikesyou,Tremendous Buys,unsub@,unsubscribe@,werbung@,SUB(C1alis),SUB(Levitra),SUB(R0lex),SUB(Genuine Pfizer),SUB(Casino King),SUB(Casino Golden Mummy),SUB(Royale-Casino),SUB(Royale Casino),SUB(RubyRoyal),SUB(Ruby Royal),SUB(shopMED),SUB(Viagra),SUB(DrugStore)
DisallowPhrasesSender=ConsumerDirect
See Also:DomainRestrictSend
NeuralSender
You can enable a neural sender address matching algorithm. The neural algorithm is highly effective at matching the email addresses typically used by spammers to send emails, and can operate even if the sender address changes for every email, a technique often used by spammers to foil spam blockers. The algorithm is designed to give almost no false positives, and a detection rate of around 80%, so combined with other techniques provides a great line of defence against spam that is difficult to block with other means. You can choose to mark, block, weight or delete emails matched by the Neural sender matching.
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
NeuralSender=Weight
NeuralSenderThreshold
Threshold to use for Neural sender matching. 45% gives a good catch rate (>85%) but may throw up some false positives. 75% will eliminate most false positives but catch closer to 60%
number
25 - 99 %
80 %
NeuralSenderThreshold=80
Updates
Whether any update checks should be made for the spam patternmatchers and engine
bool
On/Off, True/False, Yes/No, 1/0
on
Updates=on
UpdateInterval
How often automatic update cehcks should be made for the spam patternmatchers and engine
number
1 - 168 hours
4 hours
UpdateInterval=4
UpdateHost
The HTTP server to use for updates: only change in consultation with Hexamail
text
updates.hexamail.com
UpdateHost=updates.hexamail.com
UpdatePort
The HTTP port to use for updates: only change in consultation with Hexamail
number
80
UpdatePort=80
WebUIEnable
You can optionally enable a web interface for users to review their spam themselves and either Accept or Delete it.
bool
On/Off, True/False, Yes/No, 1/0
On
WebUIEnable=On
WebUIResendMarked
Marked email is sent to the recipients AND optionally stored in the quarantine. You can disable resending of marked email to allow users to allowlist marked email in the quarantine, but not have it resent as a duplicate. Alternatively you can turn off storing of marked email under SPAM Blocker/Action
bool
On/Off, True/False, Yes/No, 1/0
On
WebUIResendMarked=On
WebUIFormat
text
text
WebUIFormat=text
WebUILog
You can optionally enable verbose logging of user quarantine actions, for example which email they choose to Accept or Delete.
bool
On/Off, True/False, Yes/No, 1/0
On
WebUILog=On
WebUIAlertUsers
You can optionally have emails automatically sent to users when they have more than a configurable amount of spam, or spam older than a specified number of hours, in their spam quarantine that requires review.
bool
On/Off, True/False, Yes/No, 1/0
Off
WebUIAlertUsers=Off
WebUIAlertUsersCount
Use this setting to configure the number of new spam emails that you wish trigger alerts to your users
number
1 - 1000 spam
5 spam
WebUIAlertUsersCount=5
WebUIAlertUsersIfOlder
Use this setting to configure the maximum age of spam emails in the quarantine used to trigger alerts to your users
number
1 - 240 Hours
24 Hours
WebUIAlertUsersIfOlder=24
WebUIAlertIOn
Use this setting to send immediate alerts to users when a spam is blocked with a reason matching an expression in the list. This overrides any count or interval for spam alerts and issues a full spam alert when the email matching is blocked.
text
WebUIAlertIOn=*attachment*
WebUIAlertInterval
Users are only alerted again once they have checked their quarantine. However if they check their quarantine and do not clear it this setting allows the number of hours between successive alerts to be set. Use 0 to indicate that you wish them to receive alerts as per the age and count settings.
number
0 - 240 Hours
0 Hours
WebUIAlertInterval=0
WebUIAlertTime1
Users will be alerted at this time
select
Off, 01:00, 02:00, 03:00, 04:00, 05:00, 06:00, 07:00, 08:00, 09:00, 10:00, 11:00, 12:00, 13:00, 14:00, 15:00, 16:00, 17:00, 18:00, 19:00, 20:00, 21:00, 22:00, 23:00, 24:00
WebUIAlertTime2
Users will be alerted at this time
select
Off, 01:00, 02:00, 03:00, 04:00, 05:00, 06:00, 07:00, 08:00, 09:00, 10:00, 11:00, 12:00, 13:00, 14:00, 15:00, 16:00, 17:00, 18:00, 19:00, 20:00, 21:00, 22:00, 23:00, 24:00
WebUIHost
The web interface is generated and served by Hexamail Nexus to save you needing another webserver or installation of web server scripts. The web interface can be explicitly bound to a NIC on your machine. Specify the network address or hostname of the network card you wish the web user interface to bind to. Typically you will want to leave this blank to ensure binding to the default network device. Setting this to 127.0.0.1 can render it impossible for users not on the machine to conncet to the machine. If you have two network cards in the machine, you may wish to set this to the IP of the network card you wish user to connect via (e.g. one card may be an external card and one may be connected to the internal network. If all your users are on the internal network you can use the internal network IP as this setting to prevent external access to the web interface)
text
WebUIPort
the port you wish the web user interface to bind to. If you are running on the same machine as a web server use a port other than port 80, if you are on a machine with no webserver, port 80 is the most convenient for users as it is the default used by browsers.
text
8080
WebUIPort=80
WebUIURL
The URL you wish to send to users for them to access the web interface. The URL sent to users should correspond to the host and port setup for the web interface. If for example you have set the Port to 8080 and the host is left blank (to bind to all/default NICs), then the URL should be http://hostmachinename:8080/ Remember that if external users are to manage their own spam then the URL specified must be accessible from outside your local network, and your firewall must be configured to allow incoming TCP (HTTP) connections to this machine on the chosen port. If you leave this setting blank, a URL will be automatically constructed from the machine's hostname and configured port. In some cases this will not be accessible by users outside of your local network, so you will need to specify this if sending alert emails to users external to your network.
text
WebUIURL=http://mail.mydomain.com:8080
URLDatabaseCheck
DEPRECATED: See combined DNS URL editor
select

(More Info)Off, Mark, Block, Delete
Block
URLDatabaseCheck=Block
URLDatabaseServers
You can use URL lookup DNS database servers to block spam containing hypertext links. This helps to block very short emails only containing links or emails with large amounts of text used to prevent content blocking. For more information please refer to http://www.surbl.org/ and http://www.spamhaus.org/ DEPRECATED: See combined DNS URL editor
text
8
dnsbl.hexamail.com,surbl.dnsbl.hexamail.com,black.uribl.com,uribl.swinog.ch,multi.surbl.org
URLDatabaseServers=sbl.spamhaus.org (http://www.spamhaus.org/organization/dnsblusage.html),multi.surbl.org,black.uribl.com
DNSURLWeight
the dns based url lists that are to be used to weight email as spam
text
OFF(multi.uribl.com)
DNSURLWeight=OFF(multi.uribl.com)
DNSURLAllow
the dns based url lists that are to be used to allow email
text
OFF(dnswl.hexamail.com)
DNSURLAllow=OFF(dnswl.hexamail.com)
DNSURLMark
the dns based url lists that are to be used to mark email
text
DNSURLBlock
the dns based url lists that are to be used to block email
text
dnsbl.hexamail.com,OFF(black.uribl.com),OFF(uribl.swinog.ch),OFF(multi.surbl.org),OFF(dbl.spamhaus.org)
DNSURLBlock=dnsbl.hexamail.com,OFF(black.uribl.com),OFF(uribl.swinog.ch),OFF(multi.surbl.org),OFF(dbl.spamhaus.org)
DNSURLDelete
the dns based url lists that are to be used to reject email
text
LinkReplace
This setting allows you to redirect links in incoming email to go via your Hexamail Web interface. The interface can then track link clicks, warn users before redirecting or block links and inform users that the link is blocked and they should consult the system administrator to access the link.
bool
On/Off, True/False, Yes/No, 1/0
off
LinkReplace=on
LinkReplaceWhite
This setting allows you to redirect links in incoming allowlisted email.
bool
On/Off, True/False, Yes/No, 1/0
on
LinkReplaceWhite=on
LinkExpire
You can expire links from the link database after a specified number of days to prevent excessive growth of the database. After this time users can no longer click on links and be redirected to the destination website.
number
1 - 9999
730
LinkExpire=999
LinkExpSkip
the list of link match expressions that will not be replaced or redirected
text
LinkExpSkip=https://*.bbc.co.uk/*
LinkExpTrack
the list of link match expressions that will track and redirect link clicks
text
LinkExpTrack=https://*.bbc.co.uk/*
LinkExpWarn
the list of link match expressions that will warn users when they click links
text
*
LinkExpWarn=*
LinkExpBlock
the list of link match expressions that will block link and users wont be able to click them
text
*.exe,*.js,*.xls,*.ppt,*.img
LinkExpBlock=*.exe,*.js,*.xls,*.ppt,*.img
ChallengeEnable
If this setting is enabled an email is sent to the sender of any email blocked. The sender must then enter a code into the web interface to allow their email to be unblocked. Their email address is then added to the recipient's allowlist. Note that emails are still also shown in the quarantine for the recipient, and users can also unblock from their quarantine interface. Challenge / Response systems are good at preventing spam from automatic mailers, while allowing legitimate human senders to unblock their own emails, reducing the burden on your users. However, users must still check their quarantine from time to time in case legitimate email from automatic mailers is blocked. We recommend using Challenge / Response in conjunction with the other anti-spam detection methods, and thus only sending challenges for emails that look like spam, rather than to all emails. If however you wish to send challenges for all incoming emails from new senders, i.e a full Challenge / Response system, you can simply reduce the match thresholds to low values: in this way most/all email will be blocked and challenges sent.
bool
On/Off, True/False, Yes/No, 1/0
Off
ChallengeEnable=Off
ChallengeSubject
This is the subject line of the email that will be sent to verify the sender. You can configure the contents of the email by editing the file webui/userspamchallengeemail.tmpl
text
Sender verification required
ChallengeSubject=Sender verification required
ChallengeSender
This is the sender email address used to send challenge emails. Use an address that is not used by any user, and is not an alias or other address at your company. You can optionally delete all emails sent to this address, allowing you to effectively get rid of non delivery reports etc when challenges are sent to addresses that are inactive or faked by the spammer. Use the token <domain> to automatically insert your configured primary email domain.
text
senderchallenge@<domain>
ChallengeSender=senderchallenge@<domain>
ChallengeSenderDelete
Challenges are sent for all blocked emails, and therefore some may end up being sent to email addresses that are inactive or do not allow replies. In this case a non delivery report will be sent back. Use this option to DELETE ALL EMAILS sent to the challenge sender address.
bool
On/Off, True/False, Yes/No, 1/0
on
ChallengeSenderDelete=on
ChallengeWhitelist
Senders who verify themselves after a challenge can be added to aa allowlist. Select which allowlist to add the sender to using this setting. You can select the global allowlist that applies to all emails, the user's allowlist that adds the sender only to the original recipients of the email allowlists, or you can not add senders to any allowlist. If you select None the sender will have to verify themself until they receive an outbound email from a user in your domain.
select
None, Global, User
Global
ChallengeWhitelist=Global
ChallengeServer
You can use this setting to have all challenge email sent via a different server. You may wish to do this to deal with large volumes of challenge emails and or to prevent your server being blacklisted for sending to non existent addresses, which may have been used by spammers and hence have challenges sent back to.
bool
On/Off, True/False, Yes/No, 1/0
false
ChallengeServer=false
ChallengeHost
The ip address or host name of the server used to send challenge email. Leave blank to use standard servers as configured in the SMTP relay
server_notconfigured
ChallengeHost=server_notconfigured
ChallengePort
The SMTP port of your the server used to send challenge email
25
ChallengePort=25
SndrExpWeight
Any email found to contain any of these phrases in the mailer field will be weighted higher as spam
text
word(XXX),word(adult),word(porn),sub(Cialis),sub(Levitra),sub(Pfizer),sub(Casino),sub(Levitra),sub(Rolex),sub(Breitling),word(Cheap),WORD(Meds),word(Refinance),*.gdn,*.top
SndrExpWeight=word(XXX),word(adult),word(porn),sub(Cialis),sub(Levitra),sub(Pfizer),sub(Casino),sub(Levitra),sub(Rolex),sub(Breitling),word(Cheap),WORD(Meds),word(Refinance),*.gdn,*.top
SndrExpAllow
Any email found to contain any of these phrases in the mailer field will not be marked, blocked or deleted regardless of other tests and measures.
text
SndrExpMark
Any email found to contain any of these phrases in the mailer field will be marked as spam
text
SndrExpBlock
Any email found to contain any of these phrases in the mailer field will be blocked as spam
text
$,@adult,@bulkmail,SexBoosters,Viagra,@crosskirk,@e-mailpromo,sub(Cas1no),@xxx,4free.,bizsupport,bounce,bwerbung@,ConsumerDirect,Great Deals,great*offers.com,himailer.com,internetads@,optin@,optout@,porn,remove@,sexcams,someonelikesyou,Tremendous Buys,unsub@,unsubscribe@,werbung@,sub(C1alis),sub(R0lex),sub(Genuine Pfizer),sub(Casino King),sub(Casino Golden Mummy),sub(Royale-Casino),sub(Royale Casino),sub(RubyRoyal),sub(Ruby Royal),sub(shopMED),sub(Viagra),sub(DrugStore)
SndrExpBlock=$,@adult,@bulkmail,SexBoosters,Viagra,@crosskirk,@e-mailpromo,sub(Cas1no),@xxx,4free.,bizsupport,bounce,bwerbung@,ConsumerDirect,Great Deals,great*offers.com,himailer.com,internetads@,optin@,optout@,porn,remove@,sexcams,someonelikesyou,Tremendous Buys,unsub@,unsubscribe@,werbung@,sub(C1alis),sub(R0lex),sub(Genuine Pfizer),sub(Casino King),sub(Casino Golden Mummy),sub(Royale-Casino),sub(Royale Casino),sub(RubyRoyal),sub(Ruby Royal),sub(shopMED),sub(Viagra),sub(DrugStore)
SndrExpDelete
Any email found to contain any of these phrases in the mailer field will be deleted
text
MlrExpWeight
Any email found to contain any of these phrases in the mailer field will be weighted higher as spam
text
{%xmailer%},<smsmtp>,<SMTP32,Accucast,Chordiant Online Marketing Director,CyberCreek,eGroups Message,MailtrackPro,MIME::Lite,MIME-tools,MM Email,MMailer,Pineapplesoft,The Bat!,MassEasy Mailer,Dynamailer,Sylpheed,Incredimail,Gammadyne,FoxMail
MlrExpWeight={%xmailer%},<smsmtp>,<SMTP32,Accucast,Chordiant Online Marketing Director,CyberCreek,eGroups Message,MailtrackPro,MIME::Lite,MIME-tools,MM Email,MMailer,Pineapplesoft,The Bat!,MassEasy Mailer,Dynamailer,Sylpheed,Incredimail,Gammadyne,FoxMail
MlrExpAllow
Any email found to contain any of these phrases in the mailer field will not be marked, blocked or deleted regardless of other tests and measures.
text
MlrExpMark
Any email found to contain any of these phrases in the mailer field will be marked as spam
text
MlrExpBlock
Any email found to contain any of these phrases in the mailer field will be blocked as spam
text
MlrExpDelete
Any email found to contain any of these phrases in the mailer field will be deleted
text
HdrExpWeight
Any email found to contain any of these phrases in a header will be weighted higher as spam
text
X_Id,X-Batch-Number,X-Cid,X-CntID,X-Comment,X-Complaints-To,X-eid,X-Email,X-Id,X-Info,X-IONK,X-Less,X-Library,X-Mailid,X-MyID,X-NTCR,X-Roving,X-Save,X-UserID,X-Utu,X-Server,Message-ID: <?[??
HdrExpWeight=X_Id,X-Batch-Number,X-Cid,X-CntID,X-Comment,X-Complaints-To,X-eid,X-Email,X-Id,X-Info,X-IONK,X-Less,X-Library,X-Mailid,X-MyID,X-NTCR,X-Roving,X-Save,X-UserID,X-Utu,X-Server,Message-ID: <?[??
HdrExpAllow
Any email found to contain any of these phrases in a header will not be marked, blocked or deleted regardless of other tests and measures.
text
HdrExpMark
Any email found to contain any of these phrases in a header will be marked as spam
text
HdrExpBlock
Any email found to contain any of these phrases in a header will be blocked as spam
text
HdrExpDelete
Any email found to contain any of these phrases in a header will be deleted
text
SbjExpWeight
Any email found to contain any of these phrases in the subject will be weighted higher as spam
text
Online Banking,Smallcap*outperform,Microcap,This Stock*,It is*,word(rally),word(gainer),Today*trade*,Top Stock*,This play*,This Company*,Sub*Penny*,Pre-market action*,Our New*pick*,Our New*play*,Our New*alert*,Our New Monster*,It could*,Momentum *,Hot stock*,Huge *,Top stock*,Top alert*,New Trade *,Do you *,Don't miss*,Check out*,word(broker),word(desire),*New Pick*,*stock pick*,This Stock *,Sex *,The best*
SbjExpWeight=Online Banking,Smallcap*outperform,Microcap,This Stock*,It is*,word(rally),word(gainer),Today*trade*,Top Stock*,This play*,This Company*,Sub*Penny*,Pre-market action*,Our New*pick*,Our New*play*,Our New*alert*,Our New Monster*,It could*,Momentum *,Hot stock*,Huge *,Top stock*,Top alert*,New Trade *,Do you *,Don't miss*,Check out*,word(broker),word(desire),*New Pick*,*stock pick*,This Stock *,Sex *,The best*
SbjExpAllow
Any email found to contain any of these phrases will not be marked, blocked or deleted regardless of other tests and measures.
text
SbjExpMark
Any email found to contain any of these phrases will be marked as spam
text
Online Banking,Verify Your Account
SbjExpMark=Online Banking,Verify Your Account
SbjExpBlock
Any email found to contain any of these phrases will be blocked as spam
text
Best Home Insurance,DebtFree,Male meds,SexPharm,BestViagra,sex meds,sex pills,ero-boosters,Medstore,Medicine shop,How to lose *lbs,How to get skinny,Losing*pounds,How to get thin,erection pills,erection cures,med-payments,ViagraCheapest,SAALE,International Casino,boost female drive,reg(v[!1ijlIJL|\\]+[a4oAO]gra),reg(tee+n+),wild(Valium Online*),Vicodin,reg(^Re: new [0-9][0-9]+$),reg(^Re: my [0-9][0-9]+$),Don`t miss*,*ukrain*ladies*,*ukrain*girl*,*ukrain*whor*,New * social network*,Sexy *,Today`s*,Tomorrow`s*
SbjExpBlock=Best Home Insurance,DebtFree,Male meds,SexPharm,BestViagra,sex meds,sex pills,ero-boosters,Medstore,Medicine shop,How to lose *lbs,How to get skinny,Losing*pounds,How to get thin,erection pills,erection cures,med-payments,ViagraCheapest,SAALE,International Casino,boost female drive,reg(v[!1ijlIJL|\\]+[a4oAO]gra),reg(tee+n+),wild(Valium Online*),Vicodin,reg(^Re: new [0-9][0-9]+$),reg(^Re: my [0-9][0-9]+$),Don`t miss*,*ukrain*ladies*,*ukrain*girl*,*ukrain*whor*,New * social network*,Sexy *,Today`s*,Tomorrow`s*
SbjExpDelete
Any email found to contain any of these phrases will be deleted
text
word(vigara),Hot med products,*sex*viag*,PENIS ENLARGEMENT,ENLARGEMENT PILLS,PENIS*PILLS,belly-fat,ED Pills,Stomachfat,Pure Pharmacy,C I A L I S,L E V I T R A,V I A G R A,BEST MEDS,Cilais,Ciilais,Viigara,Levtiira,Puurchaase,Buuy,Cheeap,cheap medications
SbjExpDelete=word(vigara),Hot med products,*sex*viag*,PENIS ENLARGEMENT,ENLARGEMENT PILLS,PENIS*PILLS,belly-fat,ED Pills,Stomachfat,Pure Pharmacy,C I A L I S,L E V I T R A,V I A G R A,BEST MEDS,Cilais,Ciilais,Viigara,Levtiira,Puurchaase,Buuy,Cheeap,cheap medications
URLExpWeight
Any email found to contain any of these phrases in a url will be weighted higher as spam
text
WILD(*optin*),*teen*.co*,*.cn/*,*.blogspot.com/*,*/main.html,*.biz/*,*.info/*,*.hk/*,*/index1.php,*/about.html,*/news.html,*/index1.php,*/whatsup.html,*.de/top.html*,*.ar/top.html*,*.ru/top.html*,*/whatsup.html*,*/tophot.html*,*/first.html*,*/index1.html*,*www.cnn.com/video/partners/email/*,*.brmz.com*,*.bravepages.com*,*.freespaceusa.com*,*.freewebpages.org*,*.freewaywebhost.com*,*.bigheadhosting.net*,*.angelcities.com*,*xurl.es*,*tinyurl.com*,*bit.ly*,*ow.ly*,*is.gd*,*bit.do*,*ulinks.net*,*cutt.us*,*bitly.com*
URLExpWeight= WILD(*optin*),*teen*.co*,*.cn/*,*.blogspot.com/*,*/main.html,*.biz/*,*.info/*,*.hk/*,*/index1.php,*/about.html,*/news.html,*/index1.php,*/whatsup.html,*.de/top.html*,*.ar/top.html*,*.ru/top.html*,*/whatsup.html*,*/tophot.html*,*/first.html*,*/index1.html*,*www.cnn.com/video/partners/email/*,*.brmz.com*,*.bravepages.com*,*.freespaceusa.com*,*.freewebpages.org*,*.freewaywebhost.com*,*.bigheadhosting.net*,*.angelcities.com*,*xurl.es*,*tinyurl.com*,*bit.ly*,*ow.ly*,*is.gd*,*bit.do*,*ulinks.net*,*cutt.us*,*bitly.com*
URLExpAllow
Any email found to contain any of these phrases in a url will not be marked, blocked or deleted regardless of other tests and measures.
text
URLExpMark
Any email found to contain any of these phrases in a url will be marked as spam
text
URLExpBlock
Any email found to contain any of these phrases in a url will be blocked as spam
text
*xxx*.co*,*.chat.ru*,*.narod.ru/*
URLExpBlock=*xxx*.co*,*.chat.ru*,*.narod.ru/*
URLExpDelete
Any email found to contain any of these phrases in a url will be deleted
text
*livefilestore.com*,*/flash.exe*,*amipalasalle.com/index1.php*,*/showvideo.html*,*/gowatch.html*,*/bst/rel.php*,*/livestreaming.html*,*/newss/news.php*,*/lol.html*,*/viewr.html*,*/modred/mod.php*,*/fitsi.html*,*www.funnyordie.com/videos/*,*loanfinanc.com/*,*/folderz/ready.php*,*cafepaths077.com*,*496dots.com*,*ourmark75.com*,*joogle2.com*,*cafemarker52.com*,*tao767.com*,*open6098.com*,*yooia97.com*,*facecurve.com*,*front7589.com*,*stikimixer.com*,*squinento96.com*,*my3598.com*,*styledesk86.com*,*upgle12.com*,*frontsend09.com*,*true479.com*
URLExpDelete=*livefilestore.com*,*/flash.exe*,*amipalasalle.com/index1.php*,*/showvideo.html*,*/gowatch.html*,*/bst/rel.php*,*/livestreaming.html*,*/newss/news.php*,*/lol.html*,*/viewr.html*,*/modred/mod.php*,*/fitsi.html*,*www.funnyordie.com/videos/*,*loanfinanc.com/*,*/folderz/ready.php*,*cafepaths077.com*,*496dots.com*,*ourmark75.com*,*joogle2.com*,*cafemarker52.com*,*tao767.com*,*open6098.com*,*yooia97.com*,*facecurve.com*,*front7589.com*,*stikimixer.com*,*squinento96.com*,*my3598.com*,*styledesk86.com*,*upgle12.com*,*frontsend09.com*,*true479.com*
AtchExpWeight
Any email found to contain any of these attachment names will be weighted higher as spam
text
*.gif,*.png,*.zip,*.rar,*.z7,*.pps,*.pps,*.ht?,*.html,*.url,*.rar,*.ini,*.mdb,*.pdf,*.iso,*.img
AtchExpWeight=*.gif,*.png,*.zip,*.rar,*.z7,*.pps,*.pps,*.ht?,*.html,*.url,*.rar,*.ini,*.mdb,*.pdf,*.iso,*.img
AtchExpAllow
Any email found to contain any of these attachment names will not be marked, blocked or deleted regardless of other tests and measures.
text
AtchExpMark
Any email found to contain any of these attachment names will be marked as spam
text
AtchExpBlock
Any email found to contain any of these attachment names will be blocked as spam
text
*.7z,*.7zip,*.??_,*.SLDM,*.ace,*.add,*.ade,*.adp,*.adt,*.alz,*.apk,*.app,*.application,*.arc,*.arj,*.asp,*.aspx,*.bas,*.bat,*.bin,*.bz2,*.cab,*.cbt,*.cdr,*.ce,*.ceo,*.cgi,*.chm,*.cla,*.class,*.cmd,*.cnt,*.com,*.cpl,*.crt,*.csc,*.csh,*.de,*.dif,*.dl?,*.dll,*.dmd,*.doc,*.docm,*.dot,*.dotm,*.dotx,*.drv,*.exe,*.fdf,*.flt,*.fon,*.fot,*.fxp,*.gadget,*.gms,*.grp,*.gz,*.gz?,*.hlp,*.hpj,*.ht,*.hta,*.htm,*.html,*.htt,*.i13,*.ifs,*.im?,*.inf,*.ini,*.ins,*.iso,*.img,*.isp,*.its,*.ja,*.jar,*.java,*.js,*.js?,*.jse,*.ksh,*.lnk,*.lzma,*.ma,*.mad,*.maf,*.mag,*.mam,*.maq,*.mar,*.mas,*.mat,*.mau,*.mav,*.maw,*.mcf,*.md?,*.mda,*.mdb,*.mde,*.mdt,*.mdw,*.mdz,*.mhtm,*.mod,*.mpd,*.mpp,*.mpt,*.msc,*.msh,*.msh1,*.msh1xml,*.msh2,*.msh2xml,*.mshxml,*.msi,*.mso,*.msp,*.mst,*.ocx,*.ods,*.odt,*.ole,*.ops,*.osd,*.ost,*.ov?,*.pcd,*.pdr,*.php,*.pif,*.pim,*.pl,*.plg,*.pot,*.potm,*.ppam,*.pps,*.ppsm,*.pptm,*.prc,*.prf,*.prg,*.ps1,*.ps1xml,*.ps2,*.ps2xml,*.psc1,*.psc2,*.pst,*.r00,*.rar,*.reg,*.rtf,*.s7z,*.sc,*.scf,*.scr,*.sct,*.shb,*.shs,*.shtm,*.shtml,*.slk,*.smm,*.src,*.swf,*.sys,*.tar,*.tmp,*.tzb2,*.vb,*.vb?,*.vbe,*.vbp,*.vbs,*.vs?,*.vsmacros,*.vsw,*.vxd,*.wav,*.wbk,*.wpd,*.ws,*.wsc,*.wsf,*.wsh,*.xbap,*.xlam,*.xlm,*.xlsb,*.xlsm,*.xlt,*.xltm,*.xltx,*.xlv,*.xnk,*.z,*.zip,*.zipx,*.zoo,*.zpaq,*.zz,*.{*},
AtchExpBlock=*.7z,*.7zip,*.??_,*.SLDM,*.ace,*.add,*.ade,*.adp,*.adt,*.alz,*.apk,*.app,*.application,*.arc,*.arj,*.asp,*.aspx,*.bas,*.bat,*.bin,*.bz2,*.cab,*.cbt,*.cdr,*.ce,*.ceo,*.cgi,*.chm,*.cla,*.class,*.cmd,*.cnt,*.com,*.cpl,*.crt,*.csc,*.csh,*.de,*.dif,*.dl?,*.dll,*.dmd,*.doc,*.docm,*.dot,*.dotm,*.dotx,*.drv,*.exe,*.fdf,*.flt,*.fon,*.fot,*.fxp,*.gadget,*.gms,*.grp,*.gz,*.gz?,*.hlp,*.hpj,*.ht,*.hta,*.htm,*.html,*.htt,*.i13,*.ifs,*.im?,*.inf,*.ini,*.ins,*.iso,*.img,*.isp,*.its,*.ja,*.jar,*.java,*.js,*.js?,*.jse,*.ksh,*.lnk,*.lzma,*.ma,*.mad,*.maf,*.mag,*.mam,*.maq,*.mar,*.mas,*.mat,*.mau,*.mav,*.maw,*.mcf,*.md?,*.mda,*.mdb,*.mde,*.mdt,*.mdw,*.mdz,*.mhtm,*.mod,*.mpd,*.mpp,*.mpt,*.msc,*.msh,*.msh1,*.msh1xml,*.msh2,*.msh2xml,*.mshxml,*.msi,*.mso,*.msp,*.mst,*.ocx,*.ods,*.odt,*.ole,*.ops,*.osd,*.ost,*.ov?,*.pcd,*.pdr,*.php,*.pif,*.pim,*.pl,*.plg,*.pot,*.potm,*.ppam,*.pps,*.ppsm,*.pptm,*.prc,*.prf,*.prg,*.ps1,*.ps1xml,*.ps2,*.ps2xml,*.psc1,*.psc2,*.pst,*.r00,*.rar,*.reg,*.rtf,*.s7z,*.sc,*.scf,*.scr,*.sct,*.shb,*.shs,*.shtm,*.shtml,*.slk,*.smm,*.src,*.swf,*.sys,*.tar,*.tmp,*.tzb2,*.vb,*.vb?,*.vbe,*.vbp,*.vbs,*.vs?,*.vsmacros,*.vsw,*.vxd,*.wav,*.wbk,*.wpd,*.ws,*.wsc,*.wsf,*.wsh,*.xbap,*.xlam,*.xlm,*.xlsb,*.xlsm,*.xlt,*.xltm,*.xltx,*.xlv,*.xnk,*.z,*.zip,*.zipx,*.zoo,*.zpaq,*.zz,*.{*},
AtchExpDelete
Any email found to contain any of these attachment names will be deleted
text
*.$IMAGE_EXTENSION$,*.386,*.3gr
AtchExpDelete=*.$IMAGE_EXTENSION$,*.386,*.3gr
CntExpWeight
Any email found to contain any of these phrases will be weighted higher as spam
text
reg(http://[0-9]+.[0-9]+.[0-9]+.[0-9]+/),reg(8[0O][0O][ \-_][o0-9][O0-9]+[ \-_]),reg(8[0O][0O][ \-_][O0-9][O0-9]+[ \-_][O0-9]),SUB(ProGuard),million verified email addresses,to be removed from future mailings,government grants,guaranteed return,To be removed from this list,Enter site here,Click here to be,To opt out from future mailings,wish to be excluded,If you prefer not to receive e-mails,not to receive e-mails,opted in * one of our partner sites,penis,viagra,Vicodin,You are receiving this email because,ejacula,Create DVD,URGENT ASSISTANCE,CLEAR THIS MONEY,SUM OF * MILLION,Your funds are deposited,home based business,fCAN Spam Act,singles in your area,funds totalling,Order Online Now,Work from your ho,Work At Home Now,copy DVD,unsolicited commercial e-mail,100% risk free,special promotion,investment opportunity,Bank of Nigeria,CONFIDENTIAL*TOP SECRET,Government of Nigeria,F R E E,Bank Deposit paperwork,Nigerian Government,Multi-level marketing,TRANSFER OF *SUM OF,funds totalling US,reg(Nasdaq:[A-Z][ _][A-Z][ _][A-Z])
CntExpWeight=Guaranteed to work!!!!
CntExpAllow
Any email found to contain any of these phrases will not be marked, blocked or deleted regardless of other tests and measures.
text
CntExpMark
Any email found to contain any of these phrases will be marked as spam
text
CntExpBlock
Any email found to contain any of these phrases will be blocked as spam
text
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X,18003206070,Anti-Aging magnetic water,Debt Free,pen1s,a costly Watch,farm_seex,Hoodia,add COM after dot at the end,enlarge your penis,Prest1ge Repl1cas,R0lex,New pharmacy shop:,reg(v[jl1]agra),DebtFree,reg(Symb[o0O]l[ :]+[ ]+[A-Z ][A-Z ][A-Z ][A-Z ]),reg(T[il1]cker[ :]+[ ]+[A-Z ][A-Z ][A-Z ][A-Z ]),reg(St[0o]ck[ :]+[ ]+[A-Z ][A-Z ][A-Z ][A-Z ]),reg(Price Today: [$0-9][0-9\.][0-9]),reg(Sym[: ]+[ A-Z][ A-Z][ A-Z][ A-Z]),get out of debt,not to receive e-mails,opted in * one of our partner sites,talking library out for the holidays,gayz,First t1me,reg(Symbol: [A-Z][A-Z][A-Z][A-Z])
CntExpBlock=XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X,18003206070,Anti-Aging magnetic water,Debt Free,pen1s,a costly Watch,farm_seex,Hoodia,add COM after dot at the end,enlarge your penis,Prest1ge Repl1cas,R0lex,New pharmacy shop:,reg(v[jl1]agra),DebtFree,reg(Symb[o0O]l[ :]+[ ]+[A-Z ][A-Z ][A-Z ][A-Z ]),reg(T[il1]cker[ :]+[ ]+[A-Z ][A-Z ][A-Z ][A-Z ]),reg(St[0o]ck[ :]+[ ]+[A-Z ][A-Z ][A-Z ][A-Z ]),reg(Price Today: [$0-9][0-9\.][0-9]),reg(Sym[: ]+[ A-Z][ A-Z][ A-Z][ A-Z]),get out of debt,not to receive e-mails,opted in * one of our partner sites,talking library out for the holidays,gayz,First t1me,reg(Symbol: [A-Z][A-Z][A-Z][A-Z])
CntExpDelete
Any email found to contain any of these phrases will be deleted
text
Lang
Block email by language
text
On
Lang=On
LangEn
English
text
Off
LangEn=Off
LangCn
Chinese (Mandarin)
text
Weight
LangCn=Weight
LangCz
Czech
text
Off
LangCz=Off
LangDe
German
text
Off
LangDe=Off
LangDk
Danish
text
Off
LangDk=Off
LangEs
Spanish
text
Off
LangEs=Off
LangFi
Finnish
text
Off
LangFi=Off
LangFr
French
text
Off
LangFr=Off
LangHu
Hungarian
text
Off
LangHu=Off
LangPr
Portugese
text
Off
LangPr=Off
LangRu
Russian
text
Weight
LangRu=Weight
LangPl
Polish
text
Off
LangPl=Off
LangNo
Norwegian
text
Off
LangNo=Off
LangNl
Dutch
text
Off
LangNl=Off
LangIt
Italian
text
Off
LangIt=Off
LangZa
Afrikaans
text
Off
LangZa=Off
LangTr
Turkish
text
Off
LangTr=Off
CheckSpamEngine
This rule identifies email using cloud matching
select

(More Info)Off, Weight, Mark, Block, Delete
Off
CheckSpamEngine=Off
CheckSpamEngineAllow
Email detected as nonspam by the cloud processing will not be blocked by any other rules. This can reduce false positives but may also lower your overall spam catch rate
bool
On/Off, True/False, Yes/No, 1/0
off
CheckSpamEngineAllow=off
HoneyPotEnable
Enable the honey pot matching features. Note that the honey pot comes pretrained with some common matching agents, or bees. These can be disabled if they incorrectly macth email by accepting (releasing) matched email from the quarantine.
bool
On/Off, True/False, Yes/No, 1/0
On
HoneyPotEnable=On
HoneyPotAddDeleted
This switch allows email deleted from the quarantine by users or the admin to be used to create and reinforce bees
bool
On/Off, True/False, Yes/No, 1/0
On
HoneyPotAddDeleted=On
HoneyPotRemoveSent
This switch allows email released from the quarantine by users or the admin to be used to disable bees
bool
On/Off, True/False, Yes/No, 1/0
On
HoneyPotRemoveSent=On
HoneyPotSubject
This setting determines the action taken on a spam email when a bee matches on a subject characteristic. Remember that your global settings for enabling mark, block, and deletion actions in the SPAM Blocker/Action will affect what action actually takes place. For example if you set this to delete but have unchecked delete on the SPAM Blocker/Action page then the bee will be demoted to block, if block is unchecked it will be demoted to marking email.
select

(More Info)Off, Mark, Block, Delete
Block
HoneyPotSubject=Block
HoneyPotImage
This setting determines the action taken on a spam email when a bee matches on an image characteristic. Remember that your global settings for enabling mark, block, and deletion actions in the SPAM Blocker/Action will affect what action actually takes place. For example if you set this to delete but have unchecked delete on the SPAM Blocker/Action page then the bee will be demoted to block, if block is unchecked it will be demoted to marking email.
select

(More Info)Off, Mark, Block, Delete
Block
HoneyPotImage=Block
HoneyPotIP
This setting determines the action taken on a spam email when a bee matches on an IP address. Remember that your global settings for enabling mark, block, and deletion actions in the SPAM Blocker/Action will affect what action actually takes place. For example if you set this to delete but have unchecked delete on the SPAM Blocker/Action page then the bee will be demoted to block, if block is unchecked it will be demoted to marking email.
select

(More Info)Off, Mark, Block, Delete
Block
HoneyPotIP=Block
HoneyPotCnt
This setting determines the action taken on a spam email when a bee matches on content. Remember that your global settings for enabling mark, block, and deletion actions in the SPAM Blocker/Action will affect what action actually takes place. For example if you set this to delete but have unchecked delete on the SPAM Blocker/Action page then the bee will be demoted to block, if block is unchecked it will be demoted to marking email.
select

(More Info)Off, Mark, Block, Delete
Block
HoneyPotCnt=Block
HoneyPotEmail
Email to the configured honey pot addresses can either be deleted or blocked and stored in the quarantine. Remember that your global settings for enabling mark, block, and deletion actions in the SPAM Blocker/Action will affect what action actually takes place. For example if you set this to delete but have unchecked delete on the SPAM Blocker/Action page then the bee will be demoted to block, if block is unchecked it will be demoted to marking email.
select

(More Info)Block, Delete
Block
HoneyPotEmail=Block
HoneyPotAddresses
A honeypot is a trap for spammers. Email to any of these addresses will be analyzed and potentially DELETED (depending on your chosen setting for email to the honey pot addresses). Ensure that these addresses do not include any valid addresses of users, groups or automated services in your mailserver! Email to these addresses will be used to deduce information about spammers and spam you are receiving, which in turn can be used to block email to other recipients that is similar or from similar sources. These addresses should be email addresses spammers are already attacking, but are invalid at your email server, or new email addresses you choose. If you choose a new email address make it easy for a spammer to guess like john@yourdomain.com or alan@yourdomain.com so they quickly discover it and use it to send spam to(!)
text
honeypot@*
HoneyPotAddresses=honeypot@yourdomain.com,jondoe@yourdomain.com
HoneyPotExcludeIPs
Some IPs relay on information to your installation. These need to be excluded from honey pot analysis and automatic blocking. If you see email from specific IPs repeatedly incorrectly matched by honey pot bees you can simply add the ip here to prevent future matching.
text
127.0.0.1
HoneyPotExcludeIPs=IPs of relay servers or MTAs you never want blocked
Greylist
Enable greylisting of new triplets (IP, sender, recipient sets)
bool
On/Off, True/False, Yes/No, 1/0
on
Greylist=on
GreyTempBlock
The length of time to fail a new 'triplet' (IP sender and recipient combination) with a temporary failure error (a 4.x.x SMTP error). This is the MINIMUM delay you will experience in receiving email from a new source triplet. Delays may be longer if the sending server retry schedule is longer than the time specified here. Well behaved clients and MTAs should retry multiple times for a period of time. Spam software and bots often do not bother retrying and so will effectively be blocked. Lowering this setting allows faster receipt of email from new triplets, but may expose you to spam tools that do retry.
number
2 - 360 Minutes
15 Minutes
GreyTempBlock=60
GreyExpireBad
The length of time to keep records about triplets that have not retried after a temporary fail, often these are the records of spammers and not generally worth keeping for too long. You do need to keep these records for long enough for legitimate senders to retry though, otherwise you will repeatedly block legitimate triplets. Busy servers should set this setting low (2-4 hours) to avoid wasting resources. Less busy servers can extend this period to ensure more reliable delivery. If you receive 1,500,000 email per day and it is mainly spam, you will require 25MBytes of RAM and disk space to store 4 hours of records.
number
2 - 12 Hours
5 Hours
GreyExpireBad=4
GreyExpireGood
The length of time to keep records about triplets that have succesfully sent email and are therefore no longer temporarily blocked. Its worth keeping these for some time to allow legitimate clients and servers to send to your domain unhindered. Some expiry is necessary to prevent a build up of no longer used records which waste resources. Hexamail updates these records on every email that is passed, so the most common senders will never be delayed again.
number
1 - 365 Days
36 Days
GreyExpireGood=60
GreyWhiteIPList
You may not wish to delay the email from some servers using greylisting. This may be because they are known reputable servers, or incapable of correct SMTP retry behaviour. If you find you can't receive email from a specific server, even after the block delay, you may wish to allowlist the IP here. This IP list is in addition to your Always Allowed IPs and the list of Relay IP servers specified in SMTP Server. This list specifically allows IPs to bypass greylisting and nothing more. The default list includes local network addresses, reputable servers and some servers known to have trouble sending thru greylisting servers. If you set your SMTP Server log to DEBUG mode you will see allowlisted servers being skipped for greylisting, allowing you to identify servers you may wish to remove.
text
10.*.*.*, 104.47.0.0/17, 104.47.0.0/19, 104.47.32.0/19, 104.47.64.0/18, 108.177.96.0/19, 12.107.209.244, 12.5.136.141, 12.5.136.142, 12.5.136.143, 12.5.136.144, 127.*.*.*, 134.170.132.0/24, 134.170.140.0/24, 143.166.224.132, 152.163.225.*, 157.55.133.0/25, 157.55.234.0/24, 157.56.110.0/23, 157.56.112.0/24, 172.16-31.*.*, 172.217.0.0/19 , 173.194.0.0/16, 192.168.*.*, 193.129.24.11, 194.70.94.141, 194.8.211.5, 195.238.2.*, 195.238.3.*, 204.107.120.10, 204.60.8.162, 205.188.139.136, 205.188.139.137, 205.188.144.207, 205.188.144.208, 205.188.156.66, 205.188.157.*, 205.188.157.40, 205.188.159.7, 205.206.231.*, 205.211.164.50, 206.190.53.32, 207.115.63.*, 207.126.144.0/20 , 207.171.168.*, 207.171.180.*, 207.171.187.*, 207.171.188.*, 207.171.190.*, 207.218.206.108, 207.46.100.0/24, 207.46.163.0/24, 207.46.248.41, 207.46.248.43, 207.46.51.64/26, 209.104.63.*, 209.132.176.174, 209.85.128.0/17 , 211.29.132.*, 212.114.215.6, 212.58.226.18, 212.58.232.2, 212.58.232.3, 212.58.232.4, 213.121.128.45, 213.136.52.31, 213.199.154.0/24, 213.199.180.128/26, 213.20.85.240, 216.239.209.138, 216.239.32.0/19, 216.32.180.0/23, 216.32.180.0/24, 216.58.192.0/19 , 216.73.95.137, 217.146.176.72, 217.146.176.77, 217.146.176.79, 217.146.176.81, 217.146.176.82, 217.146.176.83, 217.146.176.86, 217.146.177.69, 217.146.177.73, 217.146.177.74, 217.146.177.75, 217.146.177.76, 217.146.177.77, 217.146.188.61, 23.103.132.0/22, 23.103.136.0/21, 23.103.144.0/20, 23.103.144.0/22, 23.103.148.0/22, 23.103.152.0/22, 23.103.156.0/22, 23.103.198.0/23, 23.103.198.0/24, 23.103.200.0/21, 23.103.200.0/22, 23.103.212.0/22, 40.107.0.0/16, 40.107.0.0/17, 40.107.0.0/18, 40.107.128.0/18, 40.107.64.0/18, 40.92.0.0/14, 40.92.0.0/18, 40.92.128.0/17, 40.92.64.0/18, 40.93.0.0/18, 40.93.128.0/17, 40.93.64.0/18, 40.94.0.0/18, 40.94.128.0/17, 40.94.64.0/18, 40.95.0.0/18, 40.95.128.0/17, 40.95.64.0/18, 52.100.0.0/14, 52.100.0.0/15, 52.100.0.0/16, 52.100.0.0/18, 52.100.128.0/17, 52.100.64.0/18, 52.101.0.0/18, 52.101.128.0/17, 52.101.64.0/18, 52.102.0.0/18, 52.102.128.0/17, 52.102.64.0/18, 52.103.0.0/18, 52.103.128.0/17, 52.103.64.0/18, 62.24.128.121, 63.169.44.143, 63.169.44.144, 63.82.37.110, 64.12.137.*, 64.12.138.*, 64.124.204.39, 64.125.132.254, 64.18.0.0/20 , 64.233.160.0/19 , 64.233.162.*, 64.233.170.*, 64.233.182.*, 64.233.182.185, 64.233.182.188, 64.233.182.189, 64.233.182.191, 64.233.184.*, 64.7.153.18, 65.54.246.*, 65.55.169.0/24, 65.55.88.0/24, 66.100.210.82, 66.102.0.0/20 66.24, 66.135.197.*, 66.135.209.*, 66.162.216.166, 66.206.22.82, 66.206.22.83, 66.206.22.84, 66.206.22.85, 66.218.66.*, 66.218.67.*, 66.218.69.*, 66.249.82.*, 66.27.51.218, 66.89.73.101, 66.94.237.*, 66.94.237.30, 66.94.237.48, 66.94.237.49, 66.94.237.56, 68.15.115.88, 69.147.64.128, 69.147.64.131, 69.147.64.169, 69.147.64.186, 69.147.64.213, 72.14.204.*, 74.125.0.0/16 108.177.8.0/21 , 80.4.121.33, 82.117.36.*, 83.100.223.171, 85.158.137.83, 85.189.39.71, 9.80.0/20 72.14.192.0/18 , 94.245.120.64/26, 94.245.120.64/27
GreyWhiteIPList= 10.*.*.*, 104.47.0.0/17, 104.47.0.0/19, 104.47.32.0/19, 104.47.64.0/18, 108.177.96.0/19, 12.107.209.244, 12.5.136.141, 12.5.136.142, 12.5.136.143, 12.5.136.144, 127.*.*.*, 134.170.132.0/24, 134.170.140.0/24, 143.166.224.132, 152.163.225.*, 157.55.133.0/25, 157.55.234.0/24, 157.56.110.0/23, 157.56.112.0/24, 172.16-31.*.*, 172.217.0.0/19 , 173.194.0.0/16, 192.168.*.*, 193.129.24.11, 194.70.94.141, 194.8.211.5, 195.238.2.*, 195.238.3.*, 204.107.120.10, 204.60.8.162, 205.188.139.136, 205.188.139.137, 205.188.144.207, 205.188.144.208, 205.188.156.66, 205.188.157.*, 205.188.157.40, 205.188.159.7, 205.206.231.*, 205.211.164.50, 206.190.53.32, 207.115.63.*, 207.126.144.0/20 , 207.171.168.*, 207.171.180.*, 207.171.187.*, 207.171.188.*, 207.171.190.*, 207.218.206.108, 207.46.100.0/24, 207.46.163.0/24, 207.46.248.41, 207.46.248.43, 207.46.51.64/26, 209.104.63.*, 209.132.176.174, 209.85.128.0/17 , 211.29.132.*, 212.114.215.6, 212.58.226.18, 212.58.232.2, 212.58.232.3, 212.58.232.4, 213.121.128.45, 213.136.52.31, 213.199.154.0/24, 213.199.180.128/26, 213.20.85.240, 216.239.209.138, 216.239.32.0/19, 216.32.180.0/23, 216.32.180.0/24, 216.58.192.0/19 , 216.73.95.137, 217.146.176.72, 217.146.176.77, 217.146.176.79, 217.146.176.81, 217.146.176.82, 217.146.176.83, 217.146.176.86, 217.146.177.69, 217.146.177.73, 217.146.177.74, 217.146.177.75, 217.146.177.76, 217.146.177.77, 217.146.188.61, 23.103.132.0/22, 23.103.136.0/21, 23.103.144.0/20, 23.103.144.0/22, 23.103.148.0/22, 23.103.152.0/22, 23.103.156.0/22, 23.103.198.0/23, 23.103.198.0/24, 23.103.200.0/21, 23.103.200.0/22, 23.103.212.0/22, 40.107.0.0/16, 40.107.0.0/17, 40.107.0.0/18, 40.107.128.0/18, 40.107.64.0/18, 40.92.0.0/14, 40.92.0.0/18, 40.92.128.0/17, 40.92.64.0/18, 40.93.0.0/18, 40.93.128.0/17, 40.93.64.0/18, 40.94.0.0/18, 40.94.128.0/17, 40.94.64.0/18, 40.95.0.0/18, 40.95.128.0/17, 40.95.64.0/18, 52.100.0.0/14, 52.100.0.0/15, 52.100.0.0/16, 52.100.0.0/18, 52.100.128.0/17, 52.100.64.0/18, 52.101.0.0/18, 52.101.128.0/17, 52.101.64.0/18, 52.102.0.0/18, 52.102.128.0/17, 52.102.64.0/18, 52.103.0.0/18, 52.103.128.0/17, 52.103.64.0/18, 62.24.128.121, 63.169.44.143, 63.169.44.144, 63.82.37.110, 64.12.137.*, 64.12.138.*, 64.124.204.39, 64.125.132.254, 64.18.0.0/20 , 64.233.160.0/19 , 64.233.162.*, 64.233.170.*, 64.233.182.*, 64.233.182.185, 64.233.182.188, 64.233.182.189, 64.233.182.191, 64.233.184.*, 64.7.153.18, 65.54.246.*, 65.55.169.0/24, 65.55.88.0/24, 66.100.210.82, 66.102.0.0/20 66.24, 66.135.197.*, 66.135.209.*, 66.162.216.166, 66.206.22.82, 66.206.22.83, 66.206.22.84, 66.206.22.85, 66.218.66.*, 66.218.67.*, 66.218.69.*, 66.249.82.*, 66.27.51.218, 66.89.73.101, 66.94.237.*, 66.94.237.30, 66.94.237.48, 66.94.237.49, 66.94.237.56, 68.15.115.88, 69.147.64.128, 69.147.64.131, 69.147.64.169, 69.147.64.186, 69.147.64.213, 72.14.204.*, 74.125.0.0/16 108.177.8.0/21 , 80.4.121.33, 82.117.36.*, 83.100.223.171, 85.158.137.83, 85.189.39.71, 9.80.0/20 72.14.192.0/18 , 94.245.120.64/26, 94.245.120.64/27
GreyExcludeAllowedSenders
Don't greylist allowlisted senders
bool
On/Off, True/False, Yes/No, 1/0
GreyExcludeDontCheckRcpt
Don't greylist recipients excluded from spam checks
bool
On/Off, True/False, Yes/No, 1/0
GreyExcludeDontCheckRcptMatches
Don't greylist specified recipients
text
GreyOctets
This setting can be used to control how strict the greylist checking is. IF it is set to 4 it will check the entire IP address (IP4) or 16 for IP6. If it is reduced to 3 or 2 it only checks the first parts of the IP address. This is useful if email is coming from very large email providers with very many servers. In some cases the retried email is sent from a new server each time, causing strict greylisting to fail the email temporarily for a long time. Using the 3 or even 2 setting can ensure the email is delivered more rapidly.
number
2 - 16 Octets
3 Octets
GreyOctets=3
GreyLocationEnable
Email found to originate from the listed countries will be greylisted if enabled
bool
On/Off, True/False, Yes/No, 1/0
false
GreyLocationEnable=false
GreyLocation
Any email found to originate from these countries will be greylisted
text
EC,EG,ER,ET,MA,ME,MG,ML,MN,MR,MW,MX,MY,UA,MZ,UG,UY,UZ,NA,NE,NG,NI,NP,VE,VN,GA,GE,GH,GM,GN,GQ,GT,GW,GY,OM,HN,HT,PA,PE,PG,PH,PK,PY,AE,AF,AL,AM,AO,AR,AZ,ID,IL,IN,IQ,IR,QA,YE,BD,BF,BI,BJ,BO,BT,BW,BZ,JO,JP,RO,RU,RW,ZA,ZM,ZR,ZW,CF,CG,CL,CM,CN,CO,CR,CU,CY,KE,KG,KH,KP,KR,KW,SA,KZ,SD,SL,SN,SO,SR,SV,SY,SZ,DJ,DM,LA,DZ,LB,LK,LR,LY,TD,TG,TH,TJ,TM,TN,TR,TW,TZ
GreyLocation=RU,TR,CN,IN
GreyScheduleTimes
You can optionally schedule greylisting only for specific times of the week. For example this can be used to prevent any unnecessary delay in email during working hours, but allow greylisting to take effect at weekends. Just click the weekday/hour cell in teh grid to activate greylisting for that period. The cell will turn grey to indicate greylisting is active. Green denotes no greylisting active for the period. Local times are used when checking the schedule. Remember that only email from a new sender, ip and recipient triplet is delayed.
text
sat14:00,mon22:00,sat19:00,sat03:00,sat08:00,thu04:00,sun20:00,mon00:00,sun14:00,wed20:00,sun19:00,sun03:00,sun08:00,tue22:00,fri21:00,wed03:00,tue00:00,fri04:00,sat23:00,sat12:00,mon20:00,sat17:00,sat01:00,sat06:00,thu02:00,sun23:00,mon03:00,sun12:00,sun17:00,wed23:00,sun01:00,sun06:00,tue20:00,wed01:00,tue03:00,fri02:00,sat21:00,thu22:00,sat10:00,sat15:00,mon23:00,sat04:00,thu00:00,sat09:00,sun21:00,mon01:00,sun10:00,sun15:00,wed21:00,sun04:00,sun09:00,tue23:00,fri22:00,wed04:00,tue01:00,fri00:00,thu20:00,sat13:00,mon21:00,sat18:00,sat02:00,sat07:00,thu03:00,mon04:00,sun13:00,sun18:00,sun02:00,sun07:00,tue21:00,fri20:00,wed02:00,tue04:00,fri03:00,sat22:00,thu23:00,sat11:00,sat16:00,sat00:00,sat05:00,thu01:00,sun22:00,mon02:00,sun11:00,sun16:00,wed22:00,sun00:00,sun05:00,fri23:00,wed00:00,tue02:00,fri01:00,sat20:00,thu21:00
GreyScheduleTimes=sat14:00,mon22:00,sat19:00,sat03:00,sat08:00,thu04:00,sun20:00,mon00:00,sun14:00,wed20:00,sun19:00,sun03:00,sun08:00,tue22:00,fri21:00,wed03:00,tue00:00,fri04:00,sat23:00,sat12:00,mon20:00,sat17:00,sat01:00,sat06:00,thu02:00,sun23:00,mon03:00,sun12:00,sun17:00,wed23:00,sun01:00,sun06:00,tue20:00,wed01:00,tue03:00,fri02:00,sat21:00,thu22:00,sat10:00,sat15:00,mon23:00,sat04:00,thu00:00,sat09:00,sun21:00,mon01:00,sun10:00,sun15:00,wed21:00,sun04:00,sun09:00,tue23:00,fri22:00,wed04:00,tue01:00,fri00:00,thu20:00,sat13:00,mon21:00,sat18:00,sat02:00,sat07:00,thu03:00,mon04:00,sun13:00,sun18:00,sun02:00,sun07:00,tue21:00,fri20:00,wed02:00,tue04:00,fri03:00,sat22:00,thu23:00,sat11:00,sat16:00,sat00:00,sat05:00,thu01:00,sun22:00,mon02:00,sun11:00,sun16:00,wed22:00,sun00:00,sun05:00,fri23:00,wed00:00,tue02:00,fri01:00,sat20:00,thu21:00
Geolocate
Enable geolocation detection of client IP addresses. This identifies the likely geographic location of connecting client IP addresses and can thereby be used to weight, block or delete email originating from specific countries. Use this to weight block or delete email from countries from which it is unlikely you receive legitimate email
bool
On/Off, True/False, Yes/No, 1/0
on
Geolocate=on
GeolocateSenderMismatch
If the sender e mail address mismatches the email sending IP location you can choose to mark, weight, block or delete the email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
GeolocateSenderMismatch=Weight
GeolocateMap
Click the countries on the map to weight email originating from the selected country. Click again to block, and once more to delete. Click a final time to clear the setting for the specified country.
text
GeolocateWeight
Any email found to originate from these countries will be weighted higher as spam
text
AL,RU,RO,TR,CN,IN,TH,KR,GM,NG,ZW,ZR,ZM,YE,UZ
GeolocateWeight=RU,TR,CN,IN
GeolocateBlock
Any email found to originate from these countries will be blocked as spam
text
GeolocateBlock=RU,CN,NG
GeolocateDelete
Any email found to originate from these countries will be DELETED as spam
text
GeolocateDelete=RU,CN
GeolocateWhiteIP
You may not wish to block some IPs or IP ranges regardless of the country in which they are based. For example, you should not block Hexamail IP ranges.
text
82.117.36.*
GeolocateWhiteIP=82.117.36.*
URLGeolocate
Enable geolocation detection of URLs. This identifies the likely geographic location of contained URLs and can thereby be used to weight, block or delete email with links to websites in specific countries. Use this to weight block or delete email from countries from which it is unlikely you receive legitimate email
bool
On/Off, True/False, Yes/No, 1/0
on
URLGeolocate=on
URLGeolocateMismatch
If a URL contained in an email mismatched the email sending IP location you can choose to mark, weight, block or delete the email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
URLGeolocateMismatch=Weight
URLGeolocateFail
If a URL host contained in an email fails to resolve to an IP address due to invalid or expired DNS entries you can choose to mark, weight, block or delete the email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
URLGeolocateFail=Weight
URLGeolocateMap
Click the countries on the map to weight email originating from the selected country. Click again to block, and once more to delete. Click a final time to clear the setting for the specified country.
text
URLGeolocateWeight
Any email found to originate from these countries will be weighted higher as spam
text
AL,RU,RO,TR,CN,IN,TH,KR,GM,NG,ZW,ZR,ZM,YE,UZ
URLGeolocateWeight=RU,TR,CN,IN
URLGeolocateBlock
Any email found to originate from these countries will be blocked as spam
text
URLGeolocateBlock=RU,CN,NG
URLGeolocateDelete
Any email found to originate from these countries will be DELETED as spam
text
URLGeolocateDelete=RU,CN
SpamURLWhiteHosts
You may not wish to block some domains or hosts regardless of the country in which they are based. For example, you should not block Hexamail www.hexamail.com
text
*.hexamail.com,*.bbc.co.uk,*.google.com,*.microsoft.com,*.nyt.com,*.lemonde.fr,*.opera.com,*.firefox.com,*.messagelabs.com,*.postini.com,*.ebay.fr,*.ebay.co.uk,*.ebay.com,*.amazon.com,*.amazon.co.uk,*.msn.com,finance.yahoo.com,*.gmail.com,*.homebase.no,*.screwfix.com,*.tooled-up.com,*.facebook.com,*.myspace.com,*.googlemail.com,*.snapfish.com,*.photobox.com,*.fuji.co.uk,*.fuji.com,*.sony.com,*.webbuyersguide.com,*.welt.de,*.ittoolbox.com,*.tesco.com,*.zeit.de,*.zeitabo.de,*.maplin.co.uk,*.friendster.com,*.egg.com,www.fool.co.uk,*.nwolb.com,*.oneaccount.com,*.apple.com,*.youtube.com,*.spamhaus.org,*.dmoz.org,*.gov,*.gov.uk,*.gov.fr,*.gov.de
SpamURLWhiteHosts=*.hexamail.com,*.bbc.co.uk,*.google.com,*.microsoft.com,*.nyt.com,*.lemonde.fr,*.opera.com,*.firefox.com,*.messagelabs.com,*.postini.com,*.ebay.fr,*.ebay.co.uk,*.ebay.com,*.amazon.com,*.amazon.co.uk,*.msn.com,finance.yahoo.com,*.gmail.com,*.homebase.no,*.screwfix.com,*.tooled-up.com,*.facebook.com,*.myspace.com,*.googlemail.com,*.snapfish.com,*.photobox.com,*.fuji.co.uk,*.fuji.com,*.sony.com,*.webbuyersguide.com,*.welt.de,*.ittoolbox.com,*.tesco.com,*.zeit.de,*.zeitabo.de,*.maplin.co.uk,*.friendster.com,*.egg.com,www.fool.co.uk,*.nwolb.com,*.oneaccount.com,*.apple.com,*.youtube.com,*.spamhaus.org,*.dmoz.org,*.gov,*.gov.uk,*.gov.fr,*.gov.de
SpamNDREnable
Increasingly spammers spoof email from other peoples addresses. Sometimes this can result in your users receiving non delivery reports (NDRs) for email they did not send. An NDR typically takes the form of an email informing the sender, real or faked, that an email they sent could not be delivered, and often has the original email attached. If these NDRs are in response to email that appear to have been sent from the user's account, it can be confusing and alarming for users. It is wise to block these 'false' NDRs (spam NDRs) where possible to prevent further miscommunications and recriminations between the email parties involved. Use the settings on this page to block NDRs received for email that was not sent from your server but was sent using spoofed addresses at your domain as the senders. Setting up an SPF record can help alleviate the problem by allowing remote servers to check that the sending server is allowed to send from your domain. More information can be found at http://www.openspf.org/
bool
On/Off, True/False, Yes/No, 1/0
Off
SpamNDREnable=Off
SpamNDRAlias
Often you will have users with a single primary email address and multiple alias to which they can receive email. If they never send using these alias as their sender or replyto address you can automatically block NDRs being returned to these addresses, knowing them to be spam NDRs
bool
On/Off, True/False, Yes/No, 1/0
Off
SpamNDRAlias=Off
SpamNDRWild
Often you will have users with a single primary email address and a wildcard alias to which they can receive email, e.g. use bob.parsons@yourdomain.com may haev the alias bob*@yourdomain.com. If they never send using these alias as their sender or replyto address you can automatically block NDRs being returned to these addresses, knowing them to be spam NDRs
bool
On/Off, True/False, Yes/No, 1/0
Off
SpamNDRWild=Off
SpamNDROutbound
If you are processing outbound email using Hexamail Nexus it can automatically gather information about all recipients of email from your domain. You can then use this option to block NDRs arriving from addresses that have never been sent to through your server, evidently spam NDRs. Ensure that all email sent from your domain is sent thru Hexamail Nexus for this to be 100% reliable. For example automated email from a webserver or database application should also go out thru Hexamail Nexus in order that it can record those recipients too.
bool
On/Off, True/False, Yes/No, 1/0
On
SpamNDROutbound=On
SpamNDRAddresses
If you have wildcard alias setup or have not restricted incoming email to your defined users list then you can use this list to nominate any email addresses that keep receiving spam NDRs but are not valid addresses. You can often receive NDRs to addresses spammers have chosen to use to spoof spam from, eg. xyz@yourdomain.com
text
SpamNDRAddresses=xyz@yourdomain.com
SpamNDRAction
Use this setting to select whether to quarantine the spam NDRs or have them immediately deleted. It is sometimes wise to quarantine them (block) while you are ensuring your setup is correct and then select to Delete once you are satisfied that no legitimate NDRs are being blocked based on your settings above.
text
Block
SpamNDRAction=Delete
SpamURLDownload
Use this setting to select whether to download content from URLs contained in email to check the web page content for spam
text
Off
SpamURLDownload=Off
SpamURLDownloadContentPhrases
Use this setting to select whether to check all your custom content phrases in downloaded content from URLs contained in email to check
text
On
SpamURLDownloadContentPhrases=On
SpamURLDownloadFail
If a URL contained in an email fails to download you can choose to mark, weight, block or delete the email
select

(More Info)Off, Weight, Mark, Block, Delete
Weight
SpamURLDownloadFail=Weight
SpamURLCache
Use this setting to select how much content to cache in memory when downloading URLs.
text
16 MB
SpamURLCache=16
SpamURLExpiry
Downloaded URL content is saved to disk to prevent repeated download. Use this setting to control how much content is stored.
text
7 days
SpamURLExpiry=7
SpamLogLevel
this sets how detailed you wish the spam list logging to be
select
Off, Critical, General, Verbose, Full, Debug
Debug
SpamLogLevel=Debug
SpamLogTypes
this sets which types of messages you wish to be logged
flags
Error+Warning+Message+Service+Config+Licence
SpamLogTypes=Error+Warning+Message+Service+Config+Licence
SpamLogMaxSize
this sets the maximum size to which the spam list log file will be allowed to grow, in kbytes
number
1 - 32000 kbytes
4096 kbytes
SpamLogMaxSize=4096
SpamLogHistory
this sets the number of archived spam list log files you wish to retain
number
1 - 64 files
10 files
SpamLogHistory=10
SpamLogFlushSize
this sets at what size the spam list log file will be flushed to disk, in kbytes. If trouble-shooting set this to 0, set it higher for maximum performance
number
1 - 64 kbytes
64 kbytes
SpamLogFlushSize=64
SpamLogFlushPeriod
this sets when the spam list log file will be flushed to disk, in seconds. If trouble-shooting set this to 0, set it higher for maximum performance
number
1 - 600 seconds
60 seconds
SpamLogFlushPeriod=60
SpamHeader
Insert a MIME header into the email specifying which action was taken (marked,blocked,deleted). This header is not inserted for email that isn't matched as spam
text
X-HXMSpamAction
SpamHeader=X-HXMSpamAction
SpamHeaderValue
You can customise the header value, use to include the action taken
text
<action>
SpamHeaderValue=<action>
SpamHeaderReason
Insert a MIME header into the email specifying the reason the email was considered spam (or nonspam)
text
X-HXMSpamReason
SpamHeaderReason=X-HXMSpamReason
SpamHeaderReasonValue
You can customise the header value, use to include the reason
text
<reason>
SpamHeaderReasonValue=<reason>
SpamHeaderScore
Insert a MIME header into the email specifying the spam score of the email
text
X-HXMSpamScore
SpamHeaderScore=X-HXMSpamScore
SpamHeaderScoreValue
You can customise the header value, use to include the score
text
<score>
SpamHeaderScoreValue=<score>% Match
SpamHeaderScoreExt
Insert a MIME header into the email specifying the spam score of the email
text
X-HXMSpamScoreExt
SpamHeaderScoreExt=X-HXMSpamScoreExt
SpamHeaderScoreExtValue
You can customise the header value, use to include the score as a gauge. The gauge is a row of *s, one for each 10 percent of score. So an email scoring 30% has a scoregauge of ***
text
<scoregauge>
SpamHeaderScoreExtValue=<scoregauge>
SenderTagLocation
Off
SenderTagLocation=Off
SenderTagHeader
Email MIME header to tag or add
X-HXM-SenderTag
SenderTagHeader=X-OrigSender
SenderTagString
Text to use for tagging. Use - SMTP envelope sender, - SPF check result, - DKIM check results
WARNING External Sender (<smtpsndr>)
SenderTagString=<smtpsndr> SPF:<spf> DKIM:<dkim>
SenderTagWhite
You can also tag senders in allowlisted email
off
SenderTagWhite=off
SenderTagSPF
Tag email that fails SPF
off
SenderTagSPF=off
SenderTagDKIM
Tag email that fails DKIM
off
SenderTagDKIM=off
SenderTagSMTPMIME
Tag email that SMTP envelope sender vs MIME displayed From mismatches
off
SenderTagSMTPMIME=off
SenderTagSkip
Do not tag email from senders that match these expressions
ExMailboxJunkFolder
Folder to move spam into using automatic inbox rules in Exchange 2010 onwards
text
Junk Email
ExMailboxJunkFolder=Junk Email
StoreMax
This setting allows automatic removal of old email when the maximum number to store is exceeded.
number
250 - 250000 email
75000 email
StoreMax=75000
StoreCache
This sets the maximum amount of memory used to cache email in the quarantine, sent and error stores. NOTE if you change this setting you will need to press APPLY and then stop and start the service.
number
1 - 1024 mbytes
132 mbytes
StoreCache=132
StoreReap
This setting allows automatic deletion of email when it has been in the store for longer than the specified number of days
bool
On/Off, True/False, Yes/No, 1/0
off
StoreReap=off
StoreReapAgeDays
Automatically delete email older than the specified number of days
number
1 - 365 Days
30 Days
StoreReapAgeDays=4
StorePurgeAgeDays
Automatically purge deleted email older than the specified number of days
number
1 - 120 Days
15 Days
StorePurgeAgeDays=4
StoreNormalizedSubjects
Show automatically normalized subject lines. Only applies to the spam email store
bool
On/Off, True/False, Yes/No, 1/0
On
StoreNormalizedSubjects=On
ErrorStoreMax
This setting allows automatic removal of old email when the maximum number to store is exceeded.
number
250 - 100000 email
20000 email
ErrorStoreMax=20000
ErrorStoreReap
This setting allows automatic deletion of email when it has been in the store for longer than the specified number of days
bool
On/Off, True/False, Yes/No, 1/0
on
ErrorStoreReap=on
ErrorStoreReapAgeDays
Automatically delete email older than the specified number of days
number
1 - 200 Days
30 Days
ErrorStoreReapAgeDays=4
ErrorStorePurgeAgeDays
Automatically purge deleted email older than the specified number of days
number
1 - 120 Days
15 Days
ErrorStorePurgeAgeDays=4