These settings allow for messages to be verified by external servers (defined as RBL - Realtime Blackhole List and DNSBL - DNS Blocklist) according to their predetermined criteria.
Maximum number of verified addresses from Received: headers. - You can limit the number of IP addresses that are checked by antispam. This concerns the IP addresses written in Received: from headers. The default value is 0 which is no limit.
Verify sender's address against end-user blacklist. - Email messages that are not sent from mail servers (computers that are not listed as mail servers) are verified to make sure the sender is not on the blacklist. This option is enabled by default. You can disable it if required, but messages not sent from mail servers will not be checked against the blacklist.
Additional RBL servers - Is a list of Realtime Blackhole List (RBL) servers which are queried when analyzing messages.
Alternatively, you can specify a server name with a return code in the format server:response (for example,. zen.spamhaus.org:127.0.0.4). When using this format, we recommend that you add each server name and return code separately, so that you'll have a complete list. Click Enter multiple values in the Add window to specify all server names with their return codes. Entries should look like the example below, your actual RBL server host names and return codes may vary:
RBL query execution limit (in seconds) - This option allows you to set a maximum time for RBL queries. RBL responses are only used from those RBL servers which respond in time. If the value is set to "0" no timeout is enforced.
Maximum number of verified addresses against RBL - This option allows you to limit how many IP addresses are queried against the RBL server. Note that the total number of RBL queries will be the number of IP addresses in the Received: headers (up to a maximum of RBL max-check IP addresses) multiplied by the number of RBL servers specified in RBL list. If the value is set to "0" an unlimited number of received headers are checked. Note that IPs on the ignored IP list do not count towards the RBL IP addresses limit.
Additional DNSBL servers - Is a list of DNS Blocklist (DNSBL) servers which are queried with domains and IP addresses extracted from the message body.
Alternatively, you can specify a server name with a return code in a form of server:response (for example, zen.spamhaus.org:127.0.0.4). When using this format, we recommend that you add each server name and return code separately, so that you'll have a complete list. Click Enter multiple values in the Add window to specify all server names with their return codes. Entries should look like the example below, your actual RBL server host names and return codes may vary:
DNSBL query execution limit (in seconds) - Allows you to set a maximum timeout for all DNSBL queries to complete.
Maximum number of verified addresses against DNSBL - Allows you to limit how many IP addresses are queried against the DNS Blocklist server.
Maximum number of verified domains against DNSBL - Allows you to limit how many domains are queried against the DNS Blocklist server.
Enable antispam engine diagnostic logging - Writes detailed information about the Antispam engine into the log file for diagnostic purposes. The Antispam engine doesn't use the Events log (warnlog.dat file) and therefore cannot be viewed in the Log files viewer. It writes records directly into a dedicated text file (for example C:\ProgramData\ESET\ESET Mail Security\Logs\antispam.0.log) so that all Antispam engine diagnostic data is kept in one place. This way, performance of ESET Mail Security is not compromised in a case of a huge email traffic.
Maximum message scan size (kB) - Limits Antispam scan for messages larger than the specified value. These messages will not be scanned by the Antispam engine. Behavior:
If Maximum message scan size is set to: 0 = unlimited scan
If Maximum message size is set to: 1 - 12288 = 12288
If Maximum message size is set to: more than 12288 = set value
Recommended minimum value is 100kB.
Enable temporary rejecting of undetermined messages - If the Antispam engine is not able to determine whether the message is or isn't SPAM, which means the message has some suspicious SPAM characteristics but not enough to be marked as SPAM (for example the first email of a campaign, or an email originating from an IP range with mixed ratings), then this setting (when enabled) allows ESET Mail Security to temporarily reject the message - the same way Greylisting does - and keep rejecting it for a specific time period, until:
a)the interval has elapsed and the message is accepted upon the next delivery attempt. This message is left with the initial classification (SPAM or HAM).
b)Antispam cloud gathers enough data and is able to properly classify the message before the interval elapses.
The rejected message is not kept by ESET Mail Security as it must be re-sent by the sending mail server in accordance with the SMTP RFC.
Enable submitting of temporary rejected messages for analysis - The message content is automatically sent to analysts for manual inspection and processing. This helps improve message classification of future email messages.