Login
You are here » Software Products » GFi MailEssentials - Anti-Spam, Anti-Phishing » TechNotes » Mailflow MailSecurity 8 & MailEssentials 11 Register
 In which order are MailSecurity 8 and MailEssentials 11 processing emails?
This is the order MailSecurity plug-ins uses to check email: Decompression Engine, Virus Scanning Engines, Trojan Scanner, Email Exploit Detector, Html Script Removal, Attachment Checking, Content Checking

Here is the order that is used to check emails by MailSecurity.

  1. Decompression Engine
  2. Virus Scanning Engines
  3. Trojan Scanner
  4. Email Exploit Detector
  5. Html Script Removal
  6. Attachment Checking
  7. Content Checking
The Anti-Spam scanning in MailEssentials is split into multiple modules. Following is the order in which the Anti-Spam checks are done on inbound emails.
  1. IP Whitelist
      Check if the sending mail server is in the IP Whitelist
  2. Sender Policy Framework
      Check the SPF DNS record of the sender's domain
  3. Email Whitelist Module
      Check if the Mime From is in the Whitelist Check if the Mime To is in the Whitelist Check if the Mime From is in the AutoWhitelist
  4. Directory Harvesting Module
      Check if recipient's email address exists in Acitve Directory
  5. Keyword Whitelist
      Check the message body for any keywords that are found in the keyword whitelist.
  6. Custom Blacklist Module
      Check if the Mime From is in the BlackList Check if the Mime To is in the BlackList
  7. DNSBL Module
      Check if the ip addresses found in the message header is on the DNS Black List
  8. SPAM URI Realtime Blacklist
      Checks if the email messages contains URI found on the selected servers.
  9. Bayesian Filter Module
      Bayesian Filter
  10. Header Checking Module
      Check if the Mime From is empty Check that the Character Set used in the message is allowed Check for numbers in the Mime From email address Check if the subject contains the first part of the email message (the part before the @ sign) Check if the email is addressed to more then the specified amount of recipients Check if the Mime From is a malformed email address Check if the email contains any remote images and less then 512 characters Verify that sender domain is valid by performing a DNS lookup on the domain part of the Mime From email address.
  11. Keyword Checking Module
      Subject keyword scanning Text body keyword scanning HTML body keyword scanning
  12. New Senders
      Identifies inbound emails form addresses that you have never sent emails to.
MailSecurity Notes:
  1. This processing order cannot be changed.
  2. The Virus Scanning Engines, the Attachment Checking Rules and the Content Checking rules can have their priority changed
  3. When a MailSecurity plug-in quarantines an item and the item is approved by the administrator, the rest of the plug-ins will process the item. This could result in having the same item quarantined multiple times.
MailEssentials Notes:
  1. All the above options can be enabled or disabled from the MailEssentials configuration -> Anti-Spam node.
  2. Scanning stops as soon as a check returns true. E.g. “Check if the Mime From is empty” check flags an email as spam the rest of the checks are not performed on the email. The same applies to the Whitelist modules. If an email address is found in the Whitelist, the rest of the Anti-Spam module will not check the email.
  3. Starting from MailEssentials 11, the order of the modules can be altered by right clicking on the Anti Spam node and selecting “Order module priorities”. You can adjust the priority of the Anti-Spam checking modules as you require.
Sources: KBID001774, KBID002348
      

Copyright 2006 by Keysys Inc   Terms Of Use  Privacy Statement