Configuring the Anti-Spam module

The Anti-Spam module only scans the first 50 MB of the message. If the message is bigger, the rest of it is not scanned, and the status is assigned based on the first 50 MB.

To configure the Anti-Spam module:

1. In the application web interface window, select the Settings → General → Protection section.
2. Select the Anti-Spam tab.
3. Enable or disable the Anti-Spam module with the Use Anti-Spam toggle switch.

   By default, the Anti-Spam module is enabled.

4. If at the previous step you enabled the Anti-Spam module, configure the following:
   1. Enable or disable the Moebius service with the Use Moebius toggle switch.

      By default, the Moebius is disabled.

   2. Use the Protection against AD spoofing toggle switch to enable or disable protection against spoofing attacks.

      Protection against spoofing attacks is disabled by default.

   3. If you enabled protection against spoofing attacks at the previous step, use the Group LDAP: distinguishedName field to specify the Active Directory group whose users and contacts will receive this protection.

      The protection is applied to contacts of the group if receiving contact email addresses is enabled in LDAP server connection settings and the synchronization with the LDAP server was successful.

      You can add only one group. The number of entries in a group containing an email address must not exceed 10 000. When this number is exceeded, protection against spoofing attacks will be applied to 10 000 users and contacts randomly selected from this group.

   4. Use the IP and domain reputation toggle switch to enable or disable use of the Anti-Spam module databases to check the reputation of IP addresses and domains that were the source of messages.

      Checking the reputation of IP addresses and domains is enabled by default.

   5. Enable or disable Anti-Spam Quarantine with the Use Anti-Spam Quarantine toggle switch.

      If Anti-Spam Quarantine is enabled, email messages less than 200 MB in size that do not have a final Anti-Spam check result are temporarily stored in Anti-Spam Quarantine.

      Modifying default Anti-Spam quarantine settings can lower the level of spam detection.

   6. In the Maximum scanning time (s) subsection, specify the maximum duration of Anti-Spam scanning of a message in seconds.

      Possible values: integers from 1 to 600. Default value: 30.

      If Anti-Spam scanning of a message does not finish within the time limit you specified, Kaspersky Secure Mail Gateway:

      • Stops scanning the message (Skip action).
      • Assigns the Error status to the message.
      • Delivers the message to the recipient.
      • Adds a record to the /var/log/ksmg-messages event log.
5. In the Maximum Quarantine duration (s) field, specify the time to store a message in Anti-Spam Quarantine before the message is delivered to the recipient.

   Possible values: integers from 1 to 86400. Default value: 3000.

6. In the Maximum number of messages, specify the number of messages that, once exceeded, prevents messages from being quarantined.

   Specify 0 if no limit is required.

   Possible values: integers from 0 to 9007199254740993. Default value: 0.

7. In the Maximum Quarantine size (MB) field, enter the size of Anti-Spam Quarantine that, once exceeded, prevents messages from being quarantined.

   The minimum value is 1 MB. The default value is 1024 MB (1 GB).

   If the Anti-Spam module scan result is not final for the message, but the message cannot be placed in Anti-Spam Quarantine because of a triggered limit, the Not detected status is assigned to the message.

8. Click Save.

The Anti-Spam module is configured.