public:emai:spam_chain

This is an old revision of the document!


Spam fiters at CERGE-EI

Incoming emails

Incoming email filtering consists from several steps:

Appliance gw.cerge-ei.cz - Fortimail from Fortinet vendor

Fortimail checks for: IP reputation, SPF, DKIM, DMARC, viruses, suspicious content, phishing links, newsletters, executable files, encrypted files etc.

Malicious content - is blocked and is put to system quarantine for further analysis.

Suspicious content - usualy add warning to the subject - warning texts are in lowercase: [Spam], [Newsletter] , [Warning - bad SPF] etc.

2 appliances iport.cerge-ei.cz and iport2.cerge-ei.cz - Cisco Email Security Appliance

Primary appliance is iport (iport2 is auxiliary)

Ironport checks for: IP reputation, viruses, spam signatures, mass-mail behavior, executable, encrypted files etc.

Malicious content - is rejected

Suspicious content - is put to personal quarantine. Warnings are added to the subject - warning texts are in uppercase: [SPAM], [SUSPECTED SPAM] etc.

User gets regular email digest about newly quarantined emails. It is possible to manually release email and even whitelist sender.

Zimbra mailserver may put problematic email message to the Junk folder.

It uses Spamassasin for spam detection. User may check message headers for detailed info about spam detection (clasification etc.).

Last step of detection is usualy done in user's client software (Thunderbird, Outlook, …).

Each email client deals with suspicious content differently. It is necessary to be informed how your specific client works and where to find problematic emails (Junk folder, Spam folder, Newsletter folder etc.)

  • /var/www/html/dokuwiki/data/attic/public/emai/spam_chain.1623840487.txt.gz
  • Last modified: 2021-06-16 10:48
  • by vesely