Symantec.com
VERITAS.com
Partners
About Symantec
cartCart
WelcomeProducts & ServicesSecurity ResponseSupportSolutions & IndustriesLicensingTrainingStore
Enterprise
Symantec.com > Enterprise > Support > Knowledge Base


PRINT THIS PAGE PRINT THIS PAGE

Overview of Premium AntiSpam in Symantec Mail Security for Microsoft Exchange

Question/Issue:
You recently enabled Premium AntiSpam in Symantec Mail Security for Microsoft Exchange (SMSMSE). You want to know how Premium AntiSpam works and how to configure it.


Solution:
How Premium AntiSpam works

Premium AntiSpam assigns a spam score from 1 to 100 to every message it scans. A score of 1 means the message is not spam. A score of 100 means the message is spam. A spam message has a score of 90 to 100. By default, a suspected spam message has a score of 72 to 89. The suspected spam category is configurable. The lower threshold of the scale can be set as low as 25.

Premium AntiSpam has 3 action categories, Spam Messages, Suspected Spam and SCL, and Suspected Spam. You can configure a different action for each category.

NOTE:
Spam confidence level (SCL) is a value assigned to a message that indicates the likelihood that the message is spam. This value is separate from the spam score assigned to a message by Premium AntiSpam. The SCL values are 1 to 9. An SCL value of 1 means there is an extremely low likelihood that the message is spam. An SCL value of 9 means there is an extremely high likelihood that the message is spam.

Spam Messages
Messages defined as spam have a score of 90 to 100. Based on Symantec testing, there is a 1 in 1,000,000 chance of getting a false positive detection at this level.

Suspected Spam and SCL
Messages defined as Suspected Spam and SCL have both of the following characteristics:


Suspected Spam
Messages defined as Suspected Spam have a score between the values you have defined for suspected spam. The default range for suspected spam is 72 to 89.


How to configure Premium AntiSpam

This section explains how to configure Premium AntiSpam to do the following:

These settings reduce the amount of server resources required to process spam. In addition, they free the administrator from interacting with false positive spam identifications.

NOTE:
These settings are guidelines only. Symantec does not guaranty that these settings are the best for your environment. Please understand and test these settings thoroughly before implementing them in your production environment.

You must have Exchange 2003 with Service Pack 1 installed in order for these settings to work as described.

Premium AntiSpam Settings
To access Premium AntiSpam Settings, open SMSMSE. Click Policies > Premium AntiSpam Settings.
  1. Check ‘Enable Symantec Premium AntiSpam.’
  2. Under Spam scoring check ‘Flag messages as suspected spam.’
  3. Leave the ‘Lower spam threshold’ setting at 72. See the section Lower Spam Threshold for more information about this setting.

Premium AntiSpam Actions
To access Premium AntiSpam Actions, open SMSMSE. Click Policies > Premium AntiSpam Actions.

Spam Messages
Check ‘Reject the message.’

There are two reasons for rejecting spam messages:
Messages detected as spam receive a spam score of 90 to 100. This setting rejects messages detected as spam. The original sender receives a Non-delivery report (NDR). The NDR includes this text, 550.5.7.1 Requested action not taken; message refused.”

Suspect Spam and SCL
Ignore this section unless you have a front-end server. If you have a front-end server, use the same settings as ‘Suspected spam.’

Suspected Spam
  1. Check ‘Accept the message.’
  2. Check ‘Assign SCL value to message.’
  3. Set the SCL value to 9.

Do not check any other options in this section.

Exchange System Manager
To deliver the suspected spam messages to the user’s Junk E-mail folder, follow these steps to configure Intelligent Message Filtering (IMF):
  1. Open Exchange System Manager.
  2. Open Global Settings.
  3. Right click Message Delivery and select Properties.
  4. Click the Intelligent Message Filtering tab.
  5. Under Gateway Blocking Configuration:
    • Set the value to 9
    • Set the action to ‘No Action.’
  6. Under Store Junk E-mail Configuration:
    • Set the value to 8

Messages detected as suspected spam receive a spam score of 72 to 89 (by default.) The Suspected Spam settings accept the message and assign the message an SCL value of 9. The Exchange System Manager settings configure Intelligent Message Filtering to deliver the message to the user’s Junk E-mail folder.

Lower Spam Threshold
Depending on your environment and business needs, you may need to adjust the ‘Lower spam threshold’ under Premium AntiSpam Settings. The default is 72. If too much spam is going to the users' inboxes, lower the threshold. If too many legitimate email messages are going to the users Junk E-mail folder, raise the threshold. Make small incremental changes, 5 for example, until you reach the desired filtering level.

For example, if you started with a ‘Lower spam threshold’ of 72 and users complain that they are getting too much spam lower the threshold to 67. Let Premium AntiSpam run at that level for a while. If users continue to complain, lower the value to 62. Continue in this manner to determine the optimum ‘Lower spam threshold’ for your users.



References:
'Symantec Brightmail Gateway Effectiveness User’s Guide'
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2008100710321454

'Premium AntiSpam for Symantec Mail Security for Microsoft Exchange fails to detect spam'
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2007020615531854


Document ID: 2008031208452954
Last Modified: 10/14/2008
Date Created: 03/12/2008
Product(s): Symantec Mail Security 4.6 for Microsoft Exchange, Symantec Mail Security 5.x for Microsoft Exchange, Symantec Mail Security 6.0 for Microsoft Exchange
Release(s): 5.0 [All Releases], SMS 4.6 [All Releases], SMSMSE 6.0 [All Releases]


Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation