SMTP-level protection
The Enable Greylisting function activates a feature that protects users from spam using the following technique: The transport agent will send a “temporarily reject” SMTP return value (default is 451/4.7.1) for any received email that is not from a recognized sender. A legitimate server will try to resend the message after a delay. Spam servers will typically not attempt to resend the message, as they usually go through thousands of email addresses and do not waste time resending. Greylisting is an additional layer of antispam protection, and does not have any effect on the spam evaluation capabilities of the antispam module.
When evaluating the message source, the Greylisting method considers the Approved IP list, the Ignored IP list, Safe Senders and the Allow IP lists on the Exchange server and AntispamBypass settings for the recipient mailbox. Emails from these IP addresses/senders lists or emails delivered to a mailbox with the AntispamBypass option enabled will be bypassed by the Greylisting detection method.
Use only domain part of sender address
This feature ignores sender's name in the email address; only the domain is considered.
Synchronize greylisting databases across the ESET cluster
Greylisting database entries are shared in real time between the servers in ESET cluster. When on one of the servers receives a message that is processed by greylisting, this information is broadcast by ESET Mail Security over to the rest of the nodes in ESET cluster.
Time limit for the initial connection denial (min.)
When a message is delivered for the first time and temporarily refused, this parameter defines the time period during which the message will always be refused (measured from the first refusal). After the defined time period has elapsed, the message will be successfully received. The minimum value you can enter is 1 minute.
Unverified connections expiration time (hours)
This parameter defines the minimum time interval for which the triplet data will be stored. A valid server must resend a desired message before this period expires. This value must be greater than the value of Time limit for the initial connection denial.
Verified connections expiration time (days)
The minimum number of days for which the triplet information is stored, during which emails from a specific sender will be received without any delay. This value must be greater than the value of Unverified connections expiration time.
SMTP response (for temporarily denied connections)
Specify a Response code, Status code and Response message, which define the SMTP temporary denial response sent to the SMTP server if a message is refused. Below is an example of a SMTP reject response message:
Response code |
Status code |
Response message |
|---|---|---|
451 |
4.7.1 |
Please try again later |
|
You can also use system variables when defining the SMTP reject response. |
|
Incorrect syntax in SMTP response codes may lead to the malfunction of Greylisting protection. As a result, spam messages may be delivered to clients or messages may not be delivered at all. |
All messages that have been evaluated using the greylisting method are recorded in the SMTP protection log.
Backscatter protection
Spam backscatter is misdirected bounce messages sent by mail servers and an undesirable side effect of spam. When the recipient's mail server rejects a spam message, a Non-Delivery Report (NDR), also known as a bounce message, is sent to a supposed sender (an email address forged as a sender of the original spam message), not an actual sender of the spam. The email address owner receives an NDR message, even though the owner wasn't involved with the original spam message. This is where Backscatter protection comes in. You can prevent spam NDRs being delivered to users' mailboxes within your organization using ESET Mail Security Backscatter protection.
When you Enable NDR check, you must specify a Signature seed (a string of at least eight characters, something like a passphrase). ESET Mail Security Backscatter protection writes X-Eset-NDR: <hash> into the header of each outgoing email message. The <hash> is an encrypted signature that also contains Signature seed you have specified.
If a legitimate email message cannot be delivered, your mail server usually receives an NDR, which is checked by ESET Mail Security looking for the X-Eset-NDR: <hash> in the headers. If the X-Eset-NDR: is present and the signature <hash> matches, the NDR is delivered to the sender of the legitimate email message indicating the message delivery failed. If the Eset-NDR: is not present or signature <hash> is incorrect, it is identified as spam backscatter, and the NDR is rejected.
Automatically drop NDR messages if check fails
If your NDR check results in an immediate fail, an email message can be rejected before it is downloaded.
You can see Backscatter protection activity in the SMTP protection log.