Protection for the Hub Transport role tab
Expand all | Collapse all
Virus scan settings
The Virus scan settings drop-down section lets you configure Anti-Virus scan settings.
Enable anti-virus protection for the Hub Transport role
If this check box is selected, Anti-Virus protection of a Microsoft Exchange server deployed in the Hub Transport role is enabled.
If this check box is cleared, Anti-Virus protection of a Microsoft Exchange server deployed in the Hub Transport role is enabled.
The check box is selected by default.
The Object processing settings section lets you configure the actions taken by the application on objects detected during the Anti-Virus scan.
Infected object
The drop-down list Infected object lets you select the action to be taken by the application upon detecting an infected object.
The following options are available:
- Allow. The application delivers the message with the infected object to the recipient unchanged.
If the Add label to message subject and Tag for external recipients check boxes are selected, the application adds an extra text (tag) to the message subject. The Add label to message subject check box adds a tag to messages for internal recipients, while the Tag for external recipients check box adds a tag for external recipients. The tag text can be edited. Default tag value: [Infected object detected]
.
- Delete object. The application attempts to disinfect the infected object. If disinfection has failed, the application deletes the infected object and delivers the message to the recipient.
If the Add label to message subject and Tag for external recipients check boxes are selected, the application adds an extra text (tag) to the message subject. The Add label to message subject check box adds a tag to messages for internal recipients, while the Tag for external recipients check box adds a tag for external recipients. The tag text can be edited. Default tag value: [Infected object deleted]
.
- Delete message. The application completely deletes the message containing the infected object.
Save a copy of the object in Backup
Saves a copy of the original message in Backup.
If this check box is selected, the application saves a copy of the message in Backup in the following cases:
- Before deleting the message
- Before deleting the attachment
If this check box is cleared, the application saves no copy of the object in Backup.
The check box is selected by default.
Attachment and content filtering
The Attachment and content filtering drop-down section allows you to configure rules for filtering files attached to messages and the contents of messages.
Enable attachment and content filtering
Enables filtering of attached files in email messages.
If the check box is selected, the Add rule button becomes available. By clicking this button, you can configure rules by which the application will filter attachments in email messages.
The application applies the action configured in the filtering settings to the objects it detects (skips the message, deletes the attachments, deletes objects from the attachments, or deletes the message).
If an attached file of a message match the parameters of multiple rules, the application will apply the rule with the most strict parameters: delete the message, delete the attached object, or delete the entire attachment.
If the check box is cleared, attachment filtering is disabled.
The check box is cleared by default.
Filtering messages of the same type
The Filtering messages of the same type drop-down section lets you configure a limit on the number of messages sent by a user of your organization per unit of time. The main purpose of this limit is to prevent a situation where an infected mailbox automatically generates an endless stream of messages sent to internal and external recipients. Normally, such messages have a common attribute, such as the same subject or the same attachment.
Limit the number of same-type messages sent by an internal user
If the check box is selected, same-type message filtering is enabled.
If the check box is cleared, same-type message filtering is disabled.
The check box is cleared by default.
Maximum permissible number of messages
The maximum number of same-type messages that can be sent by an internal user during a specific period of time. If the number of messages exceeds the value specified in the entry field, the application performs the action defined in the settings: deletes excess messages or delivers them to the recipient while adding the corresponding X header.
The application keeps a separate tally of the number of messages for each Security Server.
The default value is – 100.
Time interval (min)
The time period (in minutes) corresponding to the limit on the number of same-type messages sent by an internal user.
The default value is – 30.
Apply the limit to the following types of messages
The Apply the limit to the following types of messages section lets you specify the attribute by which the application identifies messages as the same type and applies the set limit. You can select one of the following options:
- All messages;
- Messages with the same subject;
- Messages with the same attachment;
- Messages with the same subject or attachment.
Having the same subject refers to an exact match of the subject of messages (with matching cases).
Having the same attachment refers to an exact match of the extension and name of file attachments (with matching cases).
The default value is All messages.
Action
In this drop-down list, you can select the action taken by the application on same-type messages of a quantity that exceeds the set limit:
To receive information about same-type messages sent by an internal user that exceed the set limit, you can configure notifications or logging of events to the Windows Event log.
Do not apply the limit to the following internal senders
If this check box is selected, you can specify internal senders that will be added to the list of exclusions from same-type message filtering. The application does not apply set limits to messages that are sent from the email addresses specified in the list of exclusions. You can create a list of email addresses of senders, using the entry field and the buttons listed below.
You can add individual email addresses (for example, user@mail.com) and email address masks (for example, *@domain.net) to the list.
The following buttons are designed for creating a list:
- – add the record from the entry field to the list.
- – remove the selected record from the list.
- – export the list to a file.
- – import the list from a file.
If the check box is cleared, the entry field, buttons, and the list are unavailable.
The check box is cleared by default.
Anti-Spam scan settings
The Anti-Spam scan settings drop-down configuration section lets you configure the settings for scanning messages for spam and phishing content.
Enable anti-spam scanning of messages
Enables / disables scanning of incoming messages for spam using the Anti-Spam module.
If the check box is selected, the application scans incoming messages for spam.
If this check box is cleared, incoming messages are not scanned for spam.
The check box is selected by default.
Sensitivity level
The slider sets the sensitivity level of the anti-spam scanning. Anti-Spam takes the value of this setting into account when categorizing a message as spam or probable spam.
The following sensitivity levels of message analysis for spam are available:
This slider is available if the Enable anti-spam scanning of messages check box is selected.
The Spam processing settings section lets you configure the actions to be taken by the application on messages depending on the status tag assigned by Anti-Spam, as well as configure the use of additional spam analysis services.
Table of spam processing settings
The table consists of rows containing status tags that can be assigned to a message by Anti-Spam and columns containing the actions taken by the application on messages with the corresponding status tags. This table is available if the Enable anti-spam scanning of messages check box is selected.
The table contains the following message status tags:
- Spam. The application has considered the message to be spam.
- Probable spam. The application has considered the message to be possible spam.
- Formal notification. The application has considered the message to be a formal notification.
- Address blacklisted. The message sender is on the sender denylist.
- Mass mail. The application has considered the message to be bulk email delivery.
The following settings can be configured for each status tag in the corresponding table columns:
- The Action drop-down list lets you select the action to be taken by the application on messages with a status tag assigned by Anti-Spam. The following operations are available for selection:
- Allow. The application delivers the message to the recipient. This action is selected by default for all status tags.
- Reject. The application does not deliver the message to the recipient. An error message is returned to the sending server (error code 500).
- Delete. The application does not deliver the message to the recipient. The sending server receives a notification that the message has been sent (error code 250).
- Add SCL value check box.
If the check box is selected, the application supplements the message with the spam confidence level (SCL). The SCL rating can be a number ranging from 0 to 9. A higher SCL rating means a higher probability of spam content in a message. By default, the check box is selected for the Spam, Probable spam, Address blacklisted, and Mass mail statuses.
- Save copy check box.
If the check box is selected, the application saves a copy of the message in Backup. The check box is cleared for all status tags by default.
- Add label to message subject check box.
If this check box is selected, the application adds the text (tag) appearing in the entry field next to the check box, to the message subject. The tag text can be edited. By default, the check box is selected for the Spam, Probable spam, Address blacklisted, and Mass mail statuses.
Enable anti-phishing scanning of messages
If the check box is selected, the application scans incoming messages for phishing links.
If this check box is cleared, incoming messages are not scanned for phishing links.
This check box is available if the Enable anti-spam scanning of messages check box is selected.
The check box is selected by default.
Table of phishing processing settings
This table contains a string with settings, which define actions that the application takes on messages with the Phishing status. This table is available if the Enable anti-spam scanning of messages check box is selected.
The string contains the following settings:
- The Action dropdown list allows you to select an action to be taken by the application on messages with the Phishing status:
- Allow. The application delivers the message to the recipient. This action is selected by default.
- Reject. The application does not deliver the message to the recipient. An error message is returned to the sending server (error code 500).
- Delete. The application does not deliver the message to the recipient. The sending server receives a notification that the message has been sent (error code 250).
- Add SCL and PCL rating check box.
If this check box is selected, the application adds a spam confidence level (SCL) rating of 9 and a phishing confidence level (PCL) rating of 8 to the message. The check box is selected by default.
- Save copy check box.
If the check box is selected, the application saves a copy of the message in Backup. The check box is cleared by default.
- Add label to message subject check box.
If this check box is selected, the application adds the text (tag) appearing in the entry field next to the check box, to the message header. The tag text can be edited. The check box is selected by default.
Use Kaspersky Security Network
Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to the Kaspersky online knowledge base that contains information about the reputation of files, web resources, and software. Kaspersky Security Network is intended for improving detection of viruses and other threats, spam and phishing links, as well as for receiving statistics used to detect threats.
If you do not want to transmit data of your organization over the Internet, you can use the Kaspersky Private Security Network service.
Kaspersky Private Security Network (KPSN) is a solution that lets you receive access to Kaspersky Security Network data via a server located within your organization's network. KPSN enables Kaspersky applications to receive access to the online Kaspersky Knowledge Base for information about the reputation of files, web resources, and software. KPSN does not transmit statistics and files to Kaspersky. For more detailed information, please refer to the Kaspersky Private Security Network Administrator's Guide.
The Kaspersky Private Security Network service was designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:
- Servers have no Internet connection
- Legislative ban on transmitting any data outside of the country
- Corporate security requirements imposed on the transmission of any data outside of the corporate LAN
If this check box is selected, the application uses data from Kaspersky Security Network during a scan.
If this check box is cleared, Kaspersky Security Network is not used.
The check box is cleared by default.
The Use Kaspersky Security Network check box is available if the I accept the KSN Statement option is selected in the KSN Settings section in the Settings node. Use Kaspersky Security Network or the Use Kaspersky Private Security Network (KPSN) option. All settings of the Kaspersky Security Network service are applied to the Kaspersky Private Security Network service.
Maximum waiting time when requesting KSN
The maximum time of waiting for a response to a request of Kaspersky Security Network server (in seconds).
The default value is 5 sec.
This setting is available if the Use Kaspersky Security Network check box is selected.
Use Reputation Filtering
Use of the Reputation Filtering service in Anti-Spam scans.
If this check box is selected, the application uses the Reputation Filtering service during Anti-Spam scanning.
If this check box is cleared, Reputation Filtering service is not used.
The check box is cleared by default.
This setting is available if the Use Kaspersky Security Network check box is selected.
Use Enforced Anti-Spam Updates Service
Use of Enforced Anti-Spam Updates Service.
If the check box is selected, the application uses the Enforced Anti-Spam Updates Service during Anti-Spam scanning.
If the check box is cleared, the Enforced Anti-Spam Updates Service is not used.
The check box is selected by default.
Outgoing message processing settings
Scan outgoing messages and delete spam messages or messages containing phishing links
Enables / disables scanning of outgoing messages for spam and phishing content using the Anti-Spam module. If messages containing spam are being sent from a specific address in your organization, this could mean that a specific computer in your organization is infected with a virus.
If the Anti-Spam module detects a message that contains spam or phishing content, the message status takes the value Spam or Phishing. The application deletes the outgoing message containing the detected spam or phishing content while saving a copy of the outgoing message in Backup.
The Sender type field for outgoing messages in Backup has the value Internal. To determine whether or not a specific computer distributing spam or phishing content in your organization is infected, you can view the list of copies of outgoing messages in Backup, the list of events in the Windows Event Log, or the list of events in the Kaspersky Security Center Event Log.
The Anti-Spam Module scans outgoing mail messages addressed to external email addresses. The module does not scan messages related to the following categories:
- Messages addressed to internal email addresses.
- Messages whose recipient addresses are on the allowlist.
The Anti-Spam Module determines the message status based on the text content and the message header. In the scan results, the application accounts for only the presence of spam or phishing content in messages to which the Anti-Spam Module assigned the status of Spam or Phishing. In the scan results, the application does not take into account positives in messages with the following statuses:
The Reputation Filtering service is not used when scanning outgoing messages for spam and phishing.
If the check box is selected, the application scans outgoing messages for spam and phishing content.
If this check box is cleared, outgoing messages are not scanned for spam and phishing content.
The check box is cleared by default.
White list of Anti-Spam addresses
The White list of Anti-Spam addresses drop-down section lets you create a list of allowed message sender and recipient addresses. The application will not scan messages from those senders or to those recipients for spam and / or bulk email delivery.
You can add the addresses of internal and external senders and recipients to this list.
Add recipient
Clicking this button opens the White list record settings window in which you can update the allowlist by adding the address of a recipient or group of recipients for whom the application should not scan messages for spam and/or mass mail.
Add sender
Clicking this button opens the White list record settings window in which you can update the allowlist by adding the address of a sender or specify a mask for a group of senders whose messages should not be scanned for spam and/or mass mail.
Change
Clicking this button opens the White list record settings window in which you can edit the settings of a selected record on the address allowlist.
Delete
Clicking this button lets you delete one or more selected records from the address allowlist.
Address allowlist table
Export
Clicking this button lets you export records from the address allowlist to a file. Address allowlist records are saved in a file with the wlist extension.
Import
Clicking this button lets you add records from a file to the address allowlist. Import supports the following file types:
- wlist—XML files that contain exported address allowlist records.
- txt—Text files that contain email addresses or masks listed line by line
When importing addresses from a TXT file, records that you are adding take the following values for settings:
- Purpose = Sender
- Scope = Spam and bulk email delivery
Black list of Anti-Spam addresses
The Black list of Anti-Spam addresses drop-down section lets you create a list of denied addresses of message senders. The application assigns those messages the Address blacklisted status and processes them in accordance with the settings that have been defined for this status in the spam processing settings. You can expand this list by adding the addresses of senders from which you need to always delete or reject messages.
Add sender
Clicking this button opens the Black list record settings window in which you can update the denylist by adding the address of a sender or specify a mask for a group of senders whose messages must be processed according to the settings defined for messages with the Address blacklisted status.
Change
Clicking this button opens the Black list record settings window in which you can edit the settings of a selected record in the address denylist.
Delete
Clicking this button lets you delete one or more selected records from the address denylist.
Address denylist table
This table contains records with sender addresses that have been added to the denylist.
The table records contain the following information:
- Type—Type of address added to the denylist:
- —Email address
- —IP address
- Address—Email address, email address mask, or IP address, which defines senders from which the application will process messages in accordance with the settings defined for the Address blacklisted status.
- Modified by—account of the user who made the latest change to the record.
- Changed on—Date the record was last changed (UTC).
- Comment—Additional record details. For example, you can specify the reason for adding an address to the denylist.
Export
Clicking this button lets you export records from the address denylist to a file. Address denylist records are saved in a file with the blist extension.
Import
Clicking this button lets you add records from a file to the address denylist. Import supports the following file types:
- blist—XML files that contain exported address denylist records.
- txt—Text files that contain email addresses or masks listed line by line
Spam rating detection settings
The Spam rating detection settings dropdown section allows you to configure an increase in the spam rating of messages that show indirect signs of spam.
The Increase spam rating if section lets you configure an increase in the spam rating of a message based on results of analysis of the sender's and recipient's addresses.
"To" field contains no addresses
If the check box is selected, the application increases the spam rating of a message with an empty "To" field (a sign that the message has been sent to a list of blind carbon copied recipients).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
Sender's address contains numbers
If the check box is selected, the application increases the spam rating of a message with numbers in the sender's address (a sign of automatically generated addresses).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
Sender's address in the message body does not contain the domain part
If the check box is selected, the application increases the spam rating of a message with no domain in the sender's address (a sign of a spam sending application at work).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
The Increase spam rating if the subject contains section lets you configure an increase in the spam rating of a message based on results of the e-mail subject analysis.
More than 250 characters
If the check box is selected, the application raises the spam rating of a message with a subject longer than 250 characters (a sign of spam).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
Many blanks and/or dots
If the check box is selected, the application raises the spam rating of messages with a subject containing multiple blanks and/or dots (a sign of spam).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
Time stamp
If the check box is selected, the application raises the spam rating of a message with a subject containing a time stamp (or a digital ID).
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is selected by default.
The Increase spam rating if the message language is section lets you configure an increase in the spam rating of the message based on the results of message language analysis.
Chinese
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
Korean
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
Thai
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
Japanese
If the check box is selected, the application raises the spam rating of a message written in this language.
If the check box is cleared, the application does not increase the spam rating of the message.
The check box is cleared by default.
Using external Anti-Spam services
The Using external Anti-Spam services drop-down section lets you configure the usage of external services that scan IP addresses and URL addresses for spam.
Use external resources for spam scan
If this check box is selected, when scanning messages for spam, the application takes account of the results returned by external services that scan IP addresses and URL addresses for spam.
If the check box is cleared, when scanning messages for spam the application does not use external services that scan IP addresses and URL addresses for spam.
The check box is selected by default.
The DNSBL settings section lets you configure usage of the DNSBL service (Domain Name System Blocklist).
Use set of DNSBL black lists
If the check box is selected, Anti-Spam scans messages using a custom list from the set of DNSBL denylists shown below.
If the check box is selected, you can form a custom list of DNS names of servers and assign weighting coefficients to them.
The following buttons are designed for creating a list:
- – adds the record appearing in the entry field to the custom list.
- – removes the selected record from the custom list.
- – exports the custom list to file.
- – import the custom list from file.
If the check box is cleared, the buttons and the list are unavailable, and Anti-Spam does not use the custom list during scanning.
The check box is cleared by default.
Server DNS name
The DNS name of the server that you want to add to the DNSBL or SURBL custom denylist.
This entry field is available if the Use set of DNSBL black lists or Use set of SURBL black lists check box is selected.
Weighting coefficient
The weighting coefficient of a DNSBL server or SURBL server from the custom list. It can range from 1 to 100.
If the sum of all custom list servers that have responded is greater than 100, the probability that the message is spam increases. If the sum is smaller than 100, the spam rating of the message is not increased.
This field is available if the Use set of DNSBL black lists or Use set of SURBL black lists check box is selected.
The SURBL settings section lets you configure usage of the SURBL service (Spam URI Realtime Block List).
Use set of SURBL black lists
If the check box is selected, Anti-Spam scans messages using a custom list from the set of SURBL denylists shown below.
If the check box is selected, you can form a custom list of DNS names of servers and assign weighting coefficients to them.
The following buttons are designed for creating a list:
- – adds the record appearing in the entry field to the custom list.
- – removes the selected record from the custom list.
- – exports the custom list to file.
- – import the custom list from file.
If the check box is cleared, the buttons and the list are unavailable, and Anti-Spam does not use the custom list during scanning.
The check box is cleared by default.
Check sender IP for presence in DNS
The check uses a reverse record lookup for the sender's IP.
If the check box is selected, Anti-Spam performs a reverse lookup for the message senders' IP addresses.
If the check box is cleared, Anti-Spam does not check the senders' IP addresses in DNS.
The check box is selected by default.
Use SPF, DKIM, and DMARC technologies
Enables the use of SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) technologies.
If the check box is selected, Anti-Spam performs a check for the implementation of SPF, DKIM, and DMARC during analysis.
If the check box is cleared, SPF, DKIM, and DMARC technologies are not used.
The check box is selected by default.
Check if sender's IP address is dynamic
The sender's IP address is checked for potential belonging to a botnet using reverse lookup of its DNS.
If the check box is selected, the application checks if the sender's IP address belongs to a dynamic DNS. If the sender's IP address belongs to a dynamic DNS (an indirect sign that the IP address is part of a botnet), the application raises the spam rating of the message.
If the check box is cleared, the sender's IP address is not checked for potential belonging to a botnet.
The check box is cleared by default.
Maximum DNS request timeout
The maximum time during which a DNS server response is awaited (seconds).
The default value is 5 sec.
Advanced settings of Anti-Spam
The Advanced settings of Anti-Spam drop-down section lets you limit the maximum duration of message scanning and size of the object being scanned, as well as configure scan settings for Microsoft Office files and other additional Anti-Spam settings.
The Restrictions section lets you limit the duration of message scanning by Anti-Spam and the maximum size of the message being scanned.
Maximum time for scanning a message
Maximum time in seconds allotted for scanning a single message for spam and phishing. If the scan time exceeds the value specified in the field, message scanning for spam and phishing is stopped automatically.
The default value is 60 sec.
Maximum object size to scan
The maximum size of a message being scanned for spam and phishing together with all attachments (kilobytes). If the message size together with all attachments exceeds the value in the entry field, the application delivers the message to the recipient without scanning it for spam and phishing.
The default value is 1,536 KB (1.5 MB). The maximum value is 2096128 KB (2047 MB), and the minimum value is 1 KB.
The Scan settings for Microsoft Office files section lets you configure the settings of Microsoft Office documents scanning.
Scan DOC files
Enables Anti-Spam scanning of .doc files attached to messages.
If the check box is selected, Anti-Spam scans .doc files.
If the check box is cleared, Anti-Spam skips .doc files without scanning them.
The check box is cleared by default.
Scan RTF files
Enables Anti-Spam scanning of .rtf files attached to messages.
If the check box is selected, Anti-Spam scans .rtf files.
If the check box is cleared, Anti-Spam skips .rtf files without scanning them.
The check box is cleared by default.
The Other settings section allows you to configure the use of image analysis technology and configure scanning of trusted connections and scanning of messages sent to the Postmaster address for spam.
Use image analysis
Enables the use of the GSG image analysis technology.
If the check box is selected, the application checks images attached to messages against samples in the Anti-Spam database. The application raises the spam rating of messages if it detects matches.
If this check box is cleared, the application does not check images attached to messages against samples in the Anti-Spam database.
The check box is selected by default.
Scan messages arriving over trusted connections for spam
Enables spam scanning for messages received via a trusted connection.
If this check box is selected, Anti-Spam performs a spam scan on messages received via a trusted connection.
If the check box is cleared, Anti-Spam skips such messages without scanning them.
Scanning of messages received via a trusted connection for malicious (phishing) links is enabled permanently.
The check box is cleared by default.
Skip messages for the Postmaster address
Disables the scanning of messages for spam and phishing for the Postmaster address.
If the check box is selected, Anti-Spam skips messages sent to the Postmaster address without scanning them.
If the check box is cleared, Anti-Spam scans such messages for spam and phishing.
The check box is selected by default.
Page top