CommuniGate Pro

Kaspersky Anti-Spam Plugin for CommuniGate Pro


Kaspersky Anti-Spam Plugin Overview

The KAS Plugin runs as an External Filter and calculates a spam "score" for each message being processed. Unlike tools with statically defined patterns for spam messages, the KAS Plugin dynamically retrieves new patterns from KasperskyLabs Network thus roviding greater accuracy for new spam messages.

The score ranges from 0 to 100; the higher the message score the more likely the message is spam. The score info is added to message headers so it can be processed by Server-Wide, Domain-Wide and Account Rules.

By default the added header lines look like this:

X-Junk-Score:  92 [XXXX]
X-KAS-Score:  92 [XXXX]
X-Alert: possible spam!
X-Color: red
Besides the digital score value, the header field contains a "bar score" to simplify automated message processing: the more 'X' characters the higher the score. The following ratios between the digital and bar scores are used by default:
Digital score rangeBar score
0[]
1-39[X]
40-80[XX]
81-90[XXX]
91-95[XXXX]
96-99[XXXXX]
100[XXXXXX]

Every day at midnight the Plugin generates a report message about the number of mails processed and their spam scores. By default the report message is mailed to postmaster address from the CommuniGate main domain.

Note: The Kaspersky Anti-Spam Plugin is available only for some platforms supported with the CommuniGate Pro server software. Before you order the Kaspersky Anti-Spam Plugin License, make sure the plugin is available for your CommuniGate Pro Server platform.

Note: The Kaspersky Anti-Spam Plugin requires CommuniGatePro version 6.2.4 or later.


Download the Plugins

Kaspersky Anti-Spam plugins are available for certain platforms only..


Operating System CPU Download
РїРѕ
HTTP
РїРѕ
FTP
Linux
(RedHat, SuSE, Debian)
x86_64
x86
FreeBSD 10.x x86_64
x86

The current version of the Plugin is 1.0


Installing on Unix Systems


Testing the Plugin

On a Unix System:

Note:The plugin contains an internal Kaspersky license key file in licenses subdirectory, that key is required for the Kaspersky Engine to work. The key has limited validity period. The new keys are given by us for free of charge, please subscribe to the CommuniGate Updates List to be notified about new keys.


Integrating the Plugin with CommuniGate Pro.

Step #1: Create the Helper

Please check the External Filters section of the CommuniGate Pro manual.

Open the General page in the Settings section of the WebAdmin Interface and click the Helpers link. Create a Helper for the KAS Plugin:

Content Filtering
Log Level: Program Path:
Time-out: Auto-Restart:

Note: For Windows the Program Path must be full, i.e. "C:\CommuniGate Files\CGPKAS\CGPKAS.exe"

Step #2: Create the Scanning Rule

To invoke the KAS Helper you should create a Server-Wide Rule with "ExternalFilter KAS" action. The Scanning Rule will apply KAS to the message and the spam score will be added to the message header.
Note: It must be a Server-Wide Rule, not Domain-Wide or Account-level.

The recommended Scanning Rule is as follows:

Data Operation Parameter
Action Parameter

This rule skips messages from the MAILER-DAEMON address (such as non-delivery reports, return-receipts, etc.), skips messages from Client IP Addresses and from authenticated senders, and includes only messages for local accounts and mailing lists.

Note: The unlicensed installation of Kaspersky Anti-Spam Plugin is limited to 5 messages per hour. If the E-mail traffic exceeds the limit, the Plugin will let the messages go through unrated.

Step #3: Dealing with the Rated Messages

The plugin by itself doesn't block spam, it only assigns a spam score to the messages. To actually block spam you need to create yet another Rule which blocks messages according to their spam score. There are many scenarios possible:

Scenario #1: suitable for small companies where you can assign one person (e.g. postmaster) to look through the spam messages daily to check for false positives, and if any false positives found - redirect them to the appropriate persons.

Create a Server-Wide Rule with the following contents:

Data Operation Parameter
Action Parameter

This Rule moves the incoming messages with score 96 and greater to the "spam_box" mailbox of the postmaster@domain.com account. The "Discard" action is required to prevent the message from going to the initially intended destination (INBOX mailbox). Note in the example above, the "*" in [XXXXX* is necessary to filter all messages scored above 5 X's. Without it, the rule will only filter out messages with 5 X's.
Note: The priority of this Server-Wide Rule must be lower than the priority of the Scanning Rule.

Scenario #2: suitable for large companies and ISPs. Let users to deal with spam on their own.

Create one Domain-Wide rule or many Account-level rules for each account with the following contents:

Data Operation Parameter
Action Parameter

This Rule moves the incoming messages with score 96 and greater to the "Junk" mailbox of the original recipeint account. The users should regularly check their "Junk" mailboxes and purge them. The "Discard" action is required to prevent the message from going to the initially intended destination (INBOX mailbox). Note in the example above, the "*" in [XXXXX* is necessary to filter all messages scored above 5 X's. Without it, the rule will only filter out messages with 5 X's.

The "Junk" mailbox from the above example must exist in every account in the domain. Otherwise the Rule will fail and the message will be delivered into the user's INBOX.

Alternatively, you can use "Junk Mail Control" simplified Rule on domain or account level:

Junk Mail Control
High probability: Medium probability: Low probability:

Scenario #3: suitable for large companies and ISPs for users who don't have access to mailboxes other than INBOX, e.g. POP3 users.

Create one Domain-Wide rule or many Account-level rules for each account with the following contents:

Data Operation Parameter
Action Parameter

This Rule marks subjects of spam messages with [SPAM] prefix.

Scenario #4:suitable for companies with relatively small input traffic, available from CommuniGate Pro version 5.1 and greater.

In CommuniGate Pro version 5.1 and greater you can enqueue messages synchronously. Use the WebAdmin Interface to configure the Enqueuer component. Open the Queue page in the Settings->Mail realm. Clear off the checkbox of the "Enqueue Asynchronously" option:
Message Enqueuer
Log Level: Processors:
Hop Counter Limit:   Enqueue Asynchronously

Please see the details in CommuniGate Manual.

Create a Server-Wide Rule with the following contents:

Data Operation Parameter
Action Parameter

When enqueueing synchronously, when a message is rejected with a Server-Wide Rule it is rejected on SMTP level with 5xx error code, rather than accepted and bounced.

In any scenario it's not recommend to discard spam messages blindly without saving them because of the possible false positives. It's either highly not recommended to automatically reject spam (unless you're in synchronous mode using scenario#4) because usually the return addresses are forged and the rejection notice message will go to an innocent person or a spamtrap, which may result in your server to become blacklisted. When rejecting in syncronous mode, the sending host will get an error during SMTP transaction and there will be no bounce message generated by your server.

The recommended threshold (the score you start treating messages as spam) is 96. If not enough spam is caught then lower the threshold to 90; if there too many false positives, raise the threshold to 100.


The Plugin Configuration File

On startup the KAS Plugin reads the contents of the CGPKAS.cfg file from the current directory. The format of the file data elements is described in http://www.communigate.com/CommuniGatePro/Data.html. The description of the data elements you may find in the CGPKAS.cfg file. The default CGPKAS.cfg is available here.

The default CGPKAS.cfg has the following contents:

Header="X-Junk-Score: ^1 [^2]";
This line defines the header to be added to the rated messages.
The ^1 combination is replaced with the digital message score.
The ^2 combination is replaced with the bar score.
To create a multi-line header use the \e combination as a line breaker. Make sure each line is a RFC-compliant header, it would be best if you start each with the "X-" prefix. Example: Header="X-Score: ^1\eX-Bar-Score: ^2"

AlertLevel=96;
This line defines the score which triggers the AlertHeader to be inserted into the message, and the messages whose source and destination addresses will be listed in the daily reports as Spam Sources and Targets.

AlertHeader="X-Alert: possible spam!\eX-Color: red";
This line defines the header to be added to the rated messages if its score is equal or greater than the value of AlertLevel. The "X-Color: red" combination changes the message color when viewed via CommuniGate Pro WebMail interface.
Note: To dispatch spam via Rules you may check for the AlertHeader presence instead of checking the message scores, but this method is not flexible because different users may want to use different scores as a threshold.

SubmittedDirectory = "Submitted";
This line defines the CommuniGatePro Submitted directory required for submitting the reports via PIPE module. There can be relative or absolute path, e.g. "/var/CommuniGate/Submitted"

OnLicenseLimitReached=Pass;
This line defines the behaviour of the Plugin when the number of messages exceeds the licensed limit. When it is set to "Delay" the Plugin suspends the CommuniGate Pro Queue processing module until next window, when it is set to "Pass" the Plugin lets extra messages to go through unrated. Messages not scored will not have any X-KAS-Score headers. You will also be notified in CommuniGate log when your license has reached its limit.

CommuniGate® Pro Guide. Copyright © 1998-2018, Stalker Software, Inc.