On 27/05/21 08.18, Syafril Hermansyah via Mdaemon-L wrote:
--- dilanjutkan ke bagian 2 -->
Mengaktifkan Outbreak Protection Antispam
Outbreak Protection merupakan bagian antispam dari MDaemon Antivirus
untuk mencegah spam dan malware.
http://mdaemon.dutaint.co.id/mdaemon/21.0.1/sp_outbreak_protection.html
> --- Kutipan -->
Outbreak Protection is completely content agnostic, meaning that it
doesn't rely on strict lexical analysis of message content. Thus, it
doesn't require heuristic rules, content filtering, or signature
updates. Further, that means it is not fooled by the addition of seed
text, clever spelling changes, social engineering tactics, language
barriers, or differences in encoding techniques. Instead, OP is based
on Cyren's Recurrent Pattern Detection and Zero-hour technologies. It
relies on the mathematical analysis of message structure and message
distribution characteristics over SMTP—it analyzes "patterns"
associated with an email transmission and compares them to similar
patterns collected from millions of email messages worldwide, which
are sampled and compared in real time. Note: OP never transmits the
actual content of messages, nor can message content be derived from
the extracted patterns.
It is important to note, however, that the Outbreak Protection
feature is not a replacement for traditional anti-virus, anti-spam,
and anti-phishing techniques. In fact, OP provides another
specialized layer of protection on top of the existing heuristics,
signature, and content based tools found within MDaemon.
Specifically, OP is designed to deal with large-scale outbreaks
rather than old, unique, or specifically targeted messages that can
be more readily caught by the traditional tools.
> --- akhir kutipan -->
Di MDaemon antivirus yang include di versi 21.0.1 ada fitur baru untuk
Outbreak Protection mendeteksi (juga) marketing messages, cara
pengaktifannya sbb:
- Edit file \\mdaemon\app\MDOP.dat
di Section [Outbreak Protection] tambahkan berikut ini
ValidBulkEnabled=1
setelah itu restart MDaemon service.
Pengaktifan di MDaemon sbb:
http://mdaemon.dutaint.co.id/mdaemon/21.0.1/sp_outbreak_protection.html
[x] Enable Outbreak Protection
Viruses should be... [x] blocked in real time
Spam should be... [x] accepted for filtering Score: +5.5
[x] When blocking spam, block messages which classify as “bulk” spam also
[x] Log processing activity to MDaemon's plugin log file
[x] Authenticated SMTP sessions are exempt from OP processing
[ ] SMTP sessions from trusted IPs are exempt from OP processing
[ ] SPF/DKIM approved mail is exempt from OP processing
[x] Spam Honeypots and Spam Filter white listed addresses are exempt
from OP processing
> --- Kutipan -->
False Positives and False Negatives
>
False positives, or classifying a legitimate message improperly as
part of an outbreak, should rarely if ever happen. Should a false
positive occur, however, you can send that message to us at
[email protected] for spam/phishing false positives or
[email protected] for virus false positives, so that we can use it to
help refine and improve our detection and classification processes.
> --- Akhir kutipan --->
Lakukan filter terhadap message dimana Outbreak Protection mendeteksi
sebagai spam, pindahkan ke holding queue atau quarantine queue (agar
Administrator mendapat notification adanya mail disitu).
Setelah itu secara manual pilah message yang asli spam untuk dihapus,
sementara non-spam (false positive result) laporkan ke MDaemon.com (dari
Right-Mouse Clik menu pilih "Report to MDaemon.com as Spam False
Positive) agar kedepannya tidak lagi terjadi FP result.
Spam false positive yang terdeteksi OP, setelah dilaporkan ke
MDaemon.com dilakukan approve dari Right-Mouse Clik menu di quarantine
queue atau holding queue dengan memilih menu "release".
Buat Message Process Content Filter rule
http://mdaemon.dutaint.co.id/mdaemon/21.0.1/cf_creating_a_new_content_filter_rule.html
RuleName=Outbreak Protection Spam Detection
Enable=Yes
ThisRuleCondition=All
ProcessQueue=BOTH
Condition01=If define header X-Spam-Report contains MDAEMON_OP_SPAM_HIGH
Action01=Copy Message to folder \\mdaemon\queues\holding (atau ke
\\mdaemon\Cfilter\quarant)
Action02=Delete the Message
Kalau tidak sabar menunggu response dari MDaemon.com untuk perbaikkan
Spam False Positive, boleh masukkan From address atau sender address
kedalam Antispam Whitelist No Filtering
http://mdaemon.dutaint.co.id/mdaemon/21.0.1/sf_white_list.html
Untuk valid spam yang terdeteksi dari tidak terdeteksi boleh dikirim ke
[email protected] melalui Right-Mouse Click menu di quarantine queue
atau holding queue atau kirimkan ke milis ini atau ke [email protected].
Untuk sementara boleh dipindahkan ke bad queue folder.
--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderator, run MDaemon 21.0.2 64bit
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.
Wisdom.... comes not from age, but from education and learning.
--- Anton Chekhov
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 21.0.2, SecurityGateway 8.0.1
