spamsentinel v7 reseller
Post on 12-May-2015
1.402 Views
Preview:
DESCRIPTION
TRANSCRIPT
The Best Spam and Virus Protection for Domino Servers
SpamSentinel Technical Overview
“It Just Works”More than a slogan…
SpamSentinel Technical Overview
High Performance and High Availability ProtectionHigher Performance means the ability to process as many as 4 million messages per day on a single server without upgrading hardware.
Fault Tolerance means if any problem occurs with processing, the spam check will be retried without releasing spam into your mail system.
SpamSentinel 7 Duo
Discrete Component Architecture (DCA) describes the 7 unique components that comprise “SpamSentinel”.
Each performs a separate task that contributes to high performance and high availability.
Individual components can be updated without restarting the server in almost all cases.
Discrete Component Architecture
Four Types of Mail• We categorize mail into four types:
– Category A: Valid Mail.– Category B: Spam-B, or “Suspect Spam”. It is not considered Spam,
rather one of the two engines suspect it could be spam whereas the other does not. Spam-B can be delivered to the end users Junk Mail folder in real-time for immediate verification.
– Category C: Spam-C, or “Confirmed Spam”. Both engines agree the message is Spam. This mail appears in the daily report to end users for verification.
– Category D: Spam-D, “Deletion Recommended” Spam. 100% Guaranteed Spam. Both engines strongly agree the message is Spam. This type of message we can silently Delete or Reject at the gateway. It does not require end user verification.
• Category D/Spam-D will average 90%+ of total spam volume daily.
The SpamSentinel Interceptor (ssintercept) is a Domino Extension Manager DLL file that intercepts all inbound SMTP mail and determines if a message should be deleted or rejected at the SMTP level using the SMTP Silent Delete/Reject options (Spam-D).Mail that is not rejected or deleted is written to the scan.box for further scanning.Using this method we can eliminate more than 90% of all spam before it enters your mail environment.All mail is now processed in scan.box before being routed to mail.box, significantly cleaning up mail.boxFor an additional license fee, our optional anti-virus add-on offers a second layer of protection even when another anti-virus tool is in use.
1 - SpamSentinel Interceptor
The SpamSentinel Scanner (SScanner) is a Windows service that reads mail in Scan.box and checks the messages for spam against our two anti-spam engines. It also checks attachments for viruses.Next it performs all other checks, such valid recipient processing, attachment restrictions, etc. It marks the message as complete and waits for the SpamSentinel Router to process them. (Good Mail, Spam-B, Spam-C, Spam-D)
Sample Log Entries: (Note: Good Mail is not reflected on the console)01/16/2008 12:49:39 PM SScanner: (Spam-C) IMPORTANT NOTICE01/16/2008 12:49:40 PM SScanner: (Spam-D) Doctor Approved And Recommended01/16/2008 12:49:40 PM SScanner: (Spam-B) Get out of debt - act now for free debt relief consultation01/16/2008 12:49:41 PM SScanner: (Spam-D) veinbrre
2 – SpamSentinel Scanner
05/28/2008 04:23:41 PM SScanner: Found configuration file D:\Spamsentinel\SScanner\Partition1\SpamSentinel.ini05/28/2008 04:23:42 PM SScanner: Using Notes INI file 'D:\Lotus\Domino\notes.ini'05/28/2008 04:23:42 PM SScanner: Reading INI file D:\Spamsentinel\SScanner\Partition1\SpamSentinel.ini05/28/2008 04:23:42 PM SScanner: Opening administration database: Local:SpamSentinel\SpamSentinelAdmin.nsf05/28/2008 04:23:42 PM SScanner: Reading configuration document for CN=XIMILE/O=CORP05/28/2008 04:23:42 PM SScanner: SpamSentinel version number: 7.5.3.105/28/2008 04:23:42 PM SScanner: SpamSentinel license Code: 11112008575d6bae6205/28/2008 04:23:42 PM SScanner: Watching scan database: SpamSentinel\Scan\Scan1.box05/28/2008 04:23:42 PM SScanner: Watching scan database: SpamSentinel\Scan\Scan2.box
What it looks like…SScanner Common Log Entries
The SpamSentinel Router (SSRouter) is a Domino task that watches the Scan.box for processed messages. SSRouter can directly deposit spam into a perimeter database that never enters the mail system.SSRouter also automatically creates a new perimeter Quarantine once the size reaches 500 megabytes, using a convention of: Quarantine_D_1, Quarantine_D_2, Quarantine_D_3 etc.If a Scan box does not exist, it creates it while the Domino server is running.Good messages are placed in mail.box for normal Domino Router processing.
Sample Log Entries:05/16/2008 12:49:41 PM SSRouter: Moved 3 messages to Quarantine D05/16/2008 12:49:43 PM SSRouter: Moved 1 messages to mail.box05/16/2008 12:49:43 PM SSRouter: Moved 2 messages to Quarantine D
3- SpamSentinel Router
05/28/2008 04:18:45 PM SSRouter: Initializing version 2.5.2.705/28/2008 04:18:45 PM SSRouter: Reading configuration document for CN=XIMILE/O=CORP05/28/2008 04:18:45 PM SSRouter: Watching mailbox: mail.box05/28/2008 04:18:45 PM SSRouter: Watching scan database: SpamSentinel\Scan\Scan1.box05/28/2008 04:18:45 PM SSRouter: Watching scan database: SpamSentinel\Scan\Scan2.box05/28/2008 04:18:45 PM SSRouter: Version 2.5.2.7 started
> load ssrouter
What it looks like…SSRouter Common Log Entries
SSDuoE1 and SSDuoE2 are Windows services that work with the SScanner to check messages. These two services create redundancy. Only one of the two Duo services are necessary, so a failure of either engine will not impact spam and virus processing.These engines use both the Community approach (Cloudmark) to blocking spam and the Sender Reputation approach (CommTouch), providing 99.44% block rates.They also perform anti-virus checks with Norman anti-virus against all attachments. The anti-virus feature is an option. It is not required.
4 - SSDuoE1 & SSDuoE2
The SpamSentinel Monitor (SSMon) Domino task ensures all components are running cleanly and correctly. The components it will start are: SScanner, SSRouter, SSMgr, SSDuoE1, SSDuoE2, and SpamSentinel ReporterThe Monitor will alert MayFlower if there is any problem.The Monitor now does the anti-virus downloads in the background, transparently.
5- SpamSentinel Monitor
05/28/2008 04:23:37 PM SSMonitor: Initializing version 2.5.1.705/28/2008 04:23:37 PM SSMonitor: Reading administration database LOCAL:SpamSentinel/SpamSentinelAdmin.nsf.05/28/2008 04:23:37 PM SSMonitor: Reading configuration document for CN=XIMILE/O=CORP05/28/2008 04:23:39 PM SSMonitor: Check-in log sent to MayFlower.05/28/2008 04:23:40 PM SSMonitor: Anti-virus definitions are up to date.05/28/2008 04:23:40 PM SSMonitor: version 2.5.1.7 started05/28/2008 04:23:41 PM SSMonitor: Waiting for SpamSentinel engines to start...05/28/2008 04:23:42 PM SSMonitor: Started service SScanner105/28/2008 04:23:42 PM SScanner: Check-in log sent to MayFlower.05/28/2008 04:23:42 PM SSMonitor: Started service SpamSentinel Reporter
> load ssmon
What it looks like…SSMonitor Common Log Entries
01/16/2008 11:58:31 AM SSMonitor: Downloading anti-virus update file.01/16/2008 12:00:47 PM SSMonitor: Anti-virus update file received successfully.01/16/2008 12:00:48 PM SSMonitor: Applying anti-virus update. Stopping SpamSentinel services.01/16/2008 12:00:48 PM SScanner: Paused for 10 minutes. Anti-virus update in progress.01/16/2008 12:02:34 PM SSMonitor: Stopped service SpamSentinelE101/16/2008 12:02:41 PM SSMonitor: Stopped service SpamSentinelE201/16/2008 12:02:41 PM SSMonitor: Copying files from C:\NORMAN\Nse\bin to C:\NORMAN\Nse\bin\Updates01/16/2008 12:02:41 PM SSMonitor: Updated anti-virus file C:\NORMAN\Nse\bin\Nvcbin.def01/16/2008 12:02:42 PM SSMonitor: Anti-virus updates applied. Starting SpamSentinel services.01/16/2008 12:02:42 PM SSMonitor: Restarting SpamSentinel Duo Engines.01/16/2008 12:02:42 PM SSMonitor: Started service SpamSentinelE101/16/2008 12:02:43 PM SSMonitor: Started service SpamSentinelE201/16/2008 12:03:03 PM SScanner: Resumed01/16/2008 12:03:04 PM SSMonitor: Anti-virus update complete.
What it looks like…SSMonitor Anti Virus Definition Update
The SpamSentinel Updater (SSMgr) is a key Domino task to Auto-Update SpamSentinel software.SSMgr contacts our Data Center (www.maysoft.com) for new updates and patches and fixes and installs them.Ensures that you have the latest engine and templatesMinimizes Administrative Effort and can be scheduled to meet your needs
> ‘tell ssmgr update’05/16/2008 01:08:59 PM SSMgr: Checking for new updates
6 – SpamSentinel Updater
SpamSentinel Update UsageMayFlower controls what is updated and when by default.Requests for updates are available by contacting us.We regularly release updates as-needed in the case of an error condition, or, in batches of 25 to 50 servers on average for major releases daily.If you have not opted out of auto-updates you are eligible to be updated at any time. You control the frequency which available updates are checked.
7 - End User ReportingUsing the End User Report is optional and the administrator can choose who gets the report and who does not.By default, the End User Report shows Spam-B and Spam-C including Sender, Subject, Date/Time.The End User Report allows users to click on document links to review messages quarantined more closely.The End User can release, forward, or privately whitelist senders and/or domains without calling the Help Desk. (Optional) Spam-B and/or Spam-C can be routed to the user’s Junk Mail folder.End User reports can be customized in many ways.
End User Report Example
End User View of a message in Quarantine
Anti-Virus
Anti-virus is an additional license feeWe use Norman Data Defense Systems anti-virus
software (www.norman.com)Be sure to exclude the Norman\Avscan directory from
any file system anti-virus software.Windows Domino servers can use SpamSentinel's Anti-
virus in addition to any other third-party anti-virus.SpamSentinel anti-virus checks only inbound,
outbound, and (optionally) Notes-to-Notes mail.
…Database Server Process MonitorSpamSentinelScanner v7.5.3.0 - Blocking spam and virusesSpamSentinelMonitor v2.5.1.7 - Monitoring all SpamSentinel componentsSpamSentinelRouter v2.5.2.7 - Mail: 1 Spam-D: 1 Spam-C: 0 Spam-B: 0SpamSentinel Update v2.5.0.8- Loads the latest SpamSentinel updatesLDAP Server Listen for connect requests on TCP Port: 389…
> show tasks
Show Tasks
Available to Windows Domino servers.SpamSentinel Monitor (SSMon) will restart components in the
case of errors. Each component checks in to our server during startup and
shutdown and in the case of errors. Our staff is constantly refining our ability to respond to errors,
often before a customer is aware that an error condition exists.
Checking in to maysoft.com
> load ssmon01/16/2008 11:58:18 AM SSMonitor: Check-in log sent to MayFlower.01/16/2008 11:58:19 AM SScanner: Check-in log sent to MayFlower.
01/16/2008 11:58:28 AM SSMonitor: Initializing version 2.5.1.701/16/2008 11:58:29 AM SSMonitor: Check-in log sent to MayFlower.
01/16/2008 11:58:34 AM SScanner: Check-in log sent to MayFlower.> tell ssmon quit
Check-in Entries in Log.nsf
Maysoft Monitoring DB
Monitoring SpamSentinel Customer Checkin Status
SpamSentinel Admin Database
Contains all settings
Dashboard utility shows current statistics and information
Whitelists and Blacklists (Senders and Domains)
Quarantine settings (Auto-Delete, SMTP Silent Delete, etc.)
SpamSentinel Dashboard
SpamSentinel Quarantines
Perimeter Quarantines accept mail from SSRouter directly. The mail router is not used.
Mail-In Quarantines accept mail from the mail router.
Perimeter Quarantines are created on demand by SSRouter as needed.
Mail-In Quarantines are not created on demand.
Internet
SMTP Listener
SSInterceptor
Scan.boxMail.box
Good Mail
Spam B
Spam DSpam C
Mail\user.nsf
Inbox = Good Mail
Junk Mail = Spam BSpamSentinel
Domino Default
Mail.boxSPAM
Mail\user.nsf
Inbox = Good Mail
Inbox = SPAM
Additional Implementations of SpamSentinel
Linux, AS400, and Solaris are also supported with a Windows PC installed with a Lotus Notes client that remains on 24/7.
Software runs on the client machine and checks mail in mail.box
We use a mail rule (Domino 6 and greater) to hold mail for processing.
Uses a separate installer found at the bottom of www.maysoft.com/ss
Backscatter PreventionFor all licensed users of SpamSentinel, the Scanner checks for backscatter.Stops between 80%-90% of Backscatter. It deletes backscatter during the SMTP session.Backscatter prevention does not generate non-Delivery reports, or reject messages, as that would just add to the Backscatter problem. We offer a version for non-SpamSentinel users called: SpamSentinel NoBS (No Backscatter) in the form of a nobs.dll interceptor. The separate NoBS product has No license fees and No expiration date (and no support - except via email on a best efforts basis).Both versions compatible with all Lotus Domino Anti-Virus products.
Support Resources
For a 30 day trial emailsales@rivettassociates.com
For more informationSearch www.google.com for“Vaughan Rivett’s Blog”
Vaughan Rivett+64 21 206 2500
Skype id:vrivett
Email:sales@rivettassociates.com
Mobile phone numbers
Completely Rebuilt for the Best Spam and Virus Protection for Domino Servers
It Just Works
SpamSentinel Technical Briefing
top related