ESET Online Help

Search English
Select the topic

Advanced settings

Configure these settings for message verification by external servers (defined as RBL—Realtime Blackhole List and DNSBL—DNS Blocklist) according to their predetermined criteria. RBL servers get queried with IP addresses extracted from Received: headers and DNSBL servers get queried with IP addresses and domains extracted from the message body. For detailed explanations, refer to articles on RBL and DNSBL.

Maximum number of verified addresses from Received: headers

You can limit the number of IP addresses that are checked by Antispam. This concerns the IP addresses written in Received: from headers. The default value is 0, meaning only the last identified sender's IP address is checked.

Verify sender's address against end-user blacklist

Email messages that are not sent from mail servers (computers that are not listed as mail servers) are verified to ensure the sender is not blacklisted. This option is enabled by default. You can disable it if required, but messages not sent from mail servers will not be checked against the blacklist.


note

Results of external third-party Blocklists have priority over end-user blacklists for IP addresses in Received: from headers. All IP addresses (up to the specified maximum number of verified addresses) are sent for evaluation by external third-party servers.

Additional RBL servers

A list of Realtime Blackhole List (RBL) servers that are queried when analyzing messages.


note

When adding Additional RBL servers, type the server's domain name (for example. sbl.spamhaus.org). It will work with any return codes that are supported by the server.

antispam_rbl_list_server

Alternatively, you can specify a server name with a return code in the format server:response (for example, zen.spamhaus.org:127.0.0.4). When using this format, we recommend that you add each server name and return code separately, to have a complete list. Click Enter multiple values in the Add window to specify all server names with their return codes. Entries should look like the example below; your actual RBL server host names and return codes may vary:

antispam_rbl_list_server1

RBL query execution limit (in seconds)

This option allows you to set a maximum time for RBL queries. RBL responses are only used from those RBL servers that respond in time. If the value is set to "0" no timeout is enforced.

Maximum number of verified addresses against RBL

This option allows you to limit how many IP addresses are queried against the RBL server. Note that the total number of RBL queries will be the number of IP addresses in the Received: headers (up to a maximum of RBL maxcheck IP addresses) multiplied by the number of RBL servers specified in the RBL list. If the value is set to "0" an unlimited number of received headers are checked. Note that IPs on the ignored IP list do not count toward the RBL IP address limit.

Additional DNSBL servers

A list of DNS Blocklist (DNSBL) servers that are queried with domains and IP addresses extracted from the message body.


note

When adding Additional DNSBL servers, enter the server's domain name (for example, dbl.spamhaus.org). It will work with any return codes that are supported by the server.

antispam_dnsb_list_server

Alternatively, you can specify a server name with a return code in the form of server:response (for example, zen.spamhaus.org:127.0.0.4). We recommend that you add each server name and return code separately, so that you have a complete list. Click Enter multiple values in the Add window to specify all server names with their return codes. Entries should look like the example below; your actual DNSBL server host names and return codes may vary:

antispam_dnsb_list_server1

DNSBL query execution limit (in seconds)

Allows you to set a maximum timeout for all DNSBL queries to complete.

Maximum number of verified addresses against DNSBL

Allows you to limit how many IP addresses are queried against the DNS Blocklist server.

Maximum number of verified domains against DNSBL

Allows you to limit how many domains are queried against the DNS Blocklist server.

Maximum message scan size (kB)

Limits Antispam scan for messages larger than the specified value. Default value 0 means an unlimited message size scan. Normally, there is no reason to limit Antispam scan, but if you need to set a limit in certain situations, change the value to the required size. When set, the Antispam engine will process messages up to the specified size and ignore larger ones.


note

The smallest limit is 12 kB. If you set the value from 1 to 12, the Antispam engine will always read at least 12 kB.

Enable temporary rejecting of undetermined messages

If the Antispam engine is not able to determine whether the message is or is not SPAM, meaning the message has some suspicious SPAM characteristics but not enough to be marked as SPAM (for example, the first email of a campaign or an email originating from an IP range with mixed ratings), then this setting (when enabled) allows ESET Mail Security to temporarily reject the message—the same way Greylisting does—and keep rejecting it for a specific time period, until:

The interval has elapsed, and the message is accepted on the next delivery attempt. This message is left with the initial classification (SPAM or HAM).

The Antispam cloud gathers enough data and properly classifies the message before the interval elapses.

The rejected message is not kept by ESET Mail Security as it must be re-sent by the sending mail server per the SMTP RFC.

Enable submitting of temporary rejected messages for analysis

The message content is sent automatically for further analysis. This helps improve the message classification for future email messages.


important

It is possible that temporarily rejected messages that are sent for analysis could be HAM. In rare cases, temporarily rejected messages may be used for manual evaluation. Enable this feature only if there are no risks of leaking potentially sensitive data.