ispmanager 6 lite, pro, host

/
/
/
SpamExperts

SpamExperts

SpamExperts is a professional solution for spam filtering and mailbox protection.

In the ispmanager control panel, administrators can install and configure the module, while users can use SpamExperts.

SpamExperts features

  • Flexible configuration and management through integration with the ispmanager control panel.
  • Automatic protection against spam, phishing, virus, and malware content.
  • Automatic machine learningmechanism based on incoming spam.
  • DKIM, DMARC, and SPF support for email authentication.
  • Domain reputation protection prevents spam from being sent from your servers.
  • DNSBL protection.
  • Web version of the panel supported via MX records.
  • On-premise panel support for complete data control.
  • SMTP, POP3, IMAP, and API support.
  • Analysis of attachments (PDF, DOC, EXE, etc.) for malicious code.
  • Blocking of fake emails from banks, social networks, etc.
  • Flexible blacklist and whitelist configuration for users.
  • Detailed logging and reporting on blocked emails.
  • Branded interface of the admin panel.
  • Isolation for: superadministrators, administrators, subadministrators, and technicians.

How SpamExperts works in the ispmanager panel

SpamExperts automates email spam protection and filtering. It processes all email traffic, with each email being analyzed individually by SpamExperts servers. Emails undergo automated filtering steps: header analysis, content scanning, attachment analysis, and network analysis.

Details

Header analysis

  • SPF (Sender Policy Framework) is a standard for verifying the authenticity of a mail server. It allows a domain to publish in the DNS an official "whitelist" of mail servers authorized to send emails on its behalf.
  • DKIM (DomainKeys Identified Mail) is a standard for verifying the authenticity of emails. It verifies the email content and the domain.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance) is a policy that governs the results of SPF and DKIM checks.
  • Server chain integrity analysis (search for inconsistencies).

Content Scanning

  • Bayesian Filtering — spam detection through stop phrase analysis. This filtering method is trained on millions of emails.
  • Heuristic Analysis — spam detection based on a predefined set of rules, such as repeated characters and stop words in the email header.
  • Link Analysis — detection and verification of phishing links. All links from an email are extracted and checked in real time against databases of malicious and phishing sites.

Attachment analysis

  • The file type is checked (executable files in EXE, SCR, and other formats disguised as documents are blocked).
  • Archives are extracted and scanned by antivirus engines for known threats.

A spam score is assigned at each stage. If the score exceeds a certain threshold, the email is considered spam.

Network analysis is considered a separate stage, as a scoring system is not used to block emails. This stage includes:

  • Global spam signature — when a new spam email is detected globally, its signature (fingerprint) is added to the SpamExperts database. For example, in the case of a mass spam mailing, the first email will be analyzed and added to the server database. The remaining emails will be blocked.
  • Reputation analysis is a real-time analysis of sender behavior based on:
    • email sending speed
    • number of recipients of emails with the same content
    • IP address history
    • IP address usage frequency

Network analysis saves time and server resources by accessing global data.

Аiltration principles of operation are described below:

  1. An email targeted at your domain is sent to SpamExperts servers (instead of your mail server).
  2. All stages of email analysis are launched.
  3. Possible email processing results:
    • Clean email — forwarded to your mail server
    • Spam – quarantined by SpamExperts
    • Suspicious – marked with a tag in the header (e.g., [SPAM]) and forwarded to your email client for final decision
  1. Emails sent from your server (by your user) are processed by SpamExperts.
  2. The user is checked to ensure they are not compromised or sending spam (for example, due to a stolen password).
  3. Possible results of email processing:
    • Clean email — forwarded to the recipient.
    • Spam — blocked before reaching the recipient, protecting the reputation of your IP address and domain. If your server starts sending out spam, providers will blacklist it, and "clean" email will no longer reach recipients.

SpamExperts requirements

Ispmanager control panel:

SpamExperts admin access:

SpamExperts installation

  1. Log in to ispmanager with an administrator-level account or above.
  2. Navigate to the Modules section.
  3. Find SpamExperts in the list of modules.

  4. Click Install next to the module.

  5. Wait for SpamExperts to install.

SpamExperts setup

Configure SpamExperts module after installation:

  1. Log in to ispmanager with superuser rights.
  2. Navigate to the Modules section.
  3. Click next to the SpamExperts module.

  4. In the Setting up SpamExperts tab, enter your admin login information:

    • Antispam API URL — a mandatory field containing the SpamExperts API address. It is used for all API requests and authorization in the SpamExperts admin panel. Example: https://api.antispamcloud.com.

    • API username — a mandatory field containing the username. It is used for all API requests and authorization in the SpamExperts admin panel. Example: admin.

      We recommend that you utilize different users for different servers.
      One SpamExperts license works with one account but can be used on multiple ispmanager panels.

      Example

      A provider purchased a SpamExperts license and received login credentials for the admin panel. Later they decided to migrate from the old server running ispmanager to the new one. The migration process is a multi-step process: some domains have already been transferred, while others are still running on the old server. All domains will be managed through a single account if they are defined in the SpamExperts settings.

    • API password — a mandatory field containing the user password. It is used for all API requests and authorization in the SpamExperts admin panel, is stored encrypted in the ispmanager configuration file.
  5. Specify MX records:

    • Primary MX record is a mandatory field containing the MX record for the email domain. The MX record value is specified in the SpamExperts admin panel. It is used to configure protected domains within the priority in the ispmanager panel. The default priority value is 10. Example MX record: mx1.spamexperts.com.

      Additional MX records

      Secondary, tertiary, and quaternary MX records are used to distribute the load between SpamExperts servers and prevent spam filter bypasses. Additional MX records are optional.

      Up to four MX records can be configured in ispmanager. This number is unlimited in the SpamExperts admin panel.

      • A secondary MX record is an additional MX record. The MX record value is specified in the SpamExperts admin panel. It is used to configure protected domains within the priority list in the ispmanager panel. The default priority value is 20. Example MX record: mx2.spamexperts.com.
      • A tertiary MX record is an additional MX record. The MX record value is specified in the SpamExperts admin panel. It is used to configure protected domains within the priority list in the ispmanager panel. The default priority value is 30. Example MX record: mx3.spamexperts.com.
      • A quaternary MX record is an additional MX record. The MX record value is specified in the SpamExperts admin panel. It is used to configure protected domains within the priority in the ispmanager panel. The default priority value is 40. Example MX record: mx4.spamexperts.com.
  6. Set the required options:
    • Automatic action upon first SpamExperts connection:
      • Connect all domains found on the server to SpamExperts — after installing and running the module for the first time, SpamExperts protection is automatically enabled for all email domains. This option is enabled by default.
      • Do not connect — after installing and running the module for the first time, email domains will not be protected by SpamExperts.
    • Automatic action upon adding new mail domains:
      • Connect to SpamExperts newly created email domains will be automatically protected by SpamExperts. This option is enabled by default.
      • Do not connect — new email domains will not use SpamExperts.
    • Automatic action for MX records of protected domains:

      • Update — the MX records of all protected domains will be automatically updated to the MX records specified in the module settings. All emails will be migrated to SpamExperts servers. If ispmanager doesn't manage the domain's DNS, the update will fail. This option is enabled by default.

        For correct operation of SpamExperts, enable MX record updates.

      • Do not update — the MX records will not change. Emails will not be migrated to SpamExperts servers unless the email domain's MX records are manually changed. Applicable for external DNS servers.
    • Where the filtered mail traffic will be directed to when connecting mail domain to SpamExperts:
      • Address of current mail domain MX records — the request will contain the address of the MX records of the protected mail domain. This option is enabled by default.
      • Mail domain IP address — the request will contain the IP address of the mail domain.
  7. Save the changes.

After the initial setup, the module will be automatically enabled and begin protecting email domains through SpamExperts if the "Connect all domains found on the server to SpamExperts" option was enabled.

Login to the SpamExperts admin panel

  1. Log in to ispmanager with an administrator-level account or above.
  2. Navigate to the Mail domains section.

  3. Click SpamExperts on the toolbar.

When logging into SpamExperts, administrators and superusers will be logged in under the same account specified in the module settings.

If all the details in the module settings are correct, you will be automatically redirected to the SpamExperts admin panel. If the login details are incorrect, a notification will appear in ispmanager and redirection will not be performed.

After successful authorization, configure SpamExperts to manage your mail.

SpamExperts.jpg

Configuring incoming and outgoing mail in the SpamExperts admin panel

To configure emails, log in to the SpamExperts panel using your administrator account.

  • Incoming - Protection Settings → Filter Settings (available under the domain) — configure quarantine and TLS for a single domain.
  • General → Mailboxes configuration (Mailbox tab) — configure incoming email filtering for a single mailbox.
  • Incoming - Protection Settings → Recipient allow list — configure a recipient whitelist.
  • Incoming - Protection Settings → Recipient bock list — configure a recipient blacklist.
  • Incoming - Protection Settings → Sender allow list — configure a sender whitelist.
  • Incoming - Protection Settings → Allow list filtering rules — create whitelist rules.
  • Incoming - Protection Settings → Sender block list — configure a sender blacklist.
  • Incoming - Protection Settings → Block list filtering rules — create blacklist rules.
  • Outgoing - Protection Settings → Sender block list — configure a blacklist of senders.
  • Outgoing - Protection Settings → Block list filtering rules — create blacklist rules.
  • Outgoing → Manage users — configure protection by IP, smarthost system, or for each individual user domain.

Enabling SpamExperts for an email domain

  1. Log in to ispmanager with an administrator-level account or above.
  2. Navigate to the Mail section.
  3. On the toolbar, click Mail domains.
  4. Click Create a mail domain on the toolbar or edit an existing one.
  5. In the email domain settings, click Enable SpamExperts.

  6. Save the changes.

After saving the settings:

  • The mail protection and filtering settings configured in the SpamExperts admin panel will be applied
  • The MX records for the domains will change; the records specified in the SpamExperts settings will be used
  • Creating and editing MX records will no longer be available in ispmanager
  • MX record management will be available in the SpamExperts admin panel
  • Exim will be automatically configured for incoming mail from protected domains

Configuring mail filtering in Exim

Exim is automatically configured for protected mail domains. The following changes are made to the mail server configuration files:

For Debian-based operating systems

  • /etc/exim4/spamexperts/spamexperts.conf — stores information about lists of subnets and protected mail domains. Contents:

    hostlist spamexperts_ips = iplsearch;/etc/exim4/spamexperts/spamexperts_ips
domainlist protected_domains = lsearch;/etc/exim4/spamexperts/protected_domains
  • /etc/exim4/spamexperts/spamexperts_ips — stores the list of subnets required by SpamExperts to forward mail to servers.
  • /etc/exim4/spamexperts/protected_domains — stores the list of protected domains.

  • /etc/exim4/spamexperts/router.conf — stores mail forwarding information. Contents:

    spamexperts_local_delivery:
    driver = accept
    domains = +protected_domains
    condition = ${if match_ip{$sender_host_address}{+spamexperts_ips}}
    transport = local_delivery
    no_more
For RHEL-based operating systems

  • /etc/exim/spamexperts/spamexperts.conf — stores information about lists of subnets and protected mail domains. Contents:

    hostlist spamexperts_ips = iplsearch;/etc/exim/spamexperts/spamexperts_ips
domainlist protected_domains = lsearch;/etc/exim/spamexperts/protected_domains
  • /etc/exim/spamexperts/spamexperts_ips — stores the list of subnets required by SpamExperts to forward mail to servers.
  • /etc/exim/spamexperts/protected_domains — stores the list of protected domains.

  • /etc/exim/spamexperts/router.conf — stores mail forwarding information. Contents:

    spamexperts_local_delivery:
    driver = accept
    domains = +protected_domains
    condition = ${if match_ip{$sender_host_address}{+spamexperts_ips}}
    transport = local_delivery
    no_more

Outgoing mail filtering is included in a separate paid SpamExperts service, and requires manual configuration in Exim.

To deliver mail to SpamExperts services:

  1. Log in to ispmanager with superuser rights.
  2. Navigate to the File manager section.

  3. Add new sections to the Exim configuration file:

    For Debian-based operating systems

    Sections for the configuration file /etc/exim4/exim4.conf.template:

    • begin routers

      spamexperts_router:
driver = manualroute
domains = lsearch;/etc/exim4/spamexperts/domains
transport = spamexperts_smtp
route_list = * smtp.antispamcloud.com
no_more

    • begin transports:

      spamexperts_smtp:
driver = smtp
hosts = smtp.antispamcloud.com
port = 587
hosts_require_tls = *
    For RHEL-based operating systems

    Sections for the configuration file /etc/exim/exim.conf:

    • begin routers

      spamexperts_router:
driver = manualroute
domains = lsearch;/etc/exim/spamexperts/domains
transport = spamexperts_smtp
route_list = * smtp.antispamcloud.com
no_more

    • begin transports:

      spamexperts_smtp:
driver = smtp
hosts = smtp.antispamcloud.com
port = 587
hosts_require_tls = *
  4. Add a list of email domains for outgoing mail filtering to the file:
    • For Debian-based operating systems: /etc/exim4/spamexperts/domains.
    • For RHEL-based operating systems: /etc/exim/spamexperts/domains.
  5. Save the changes to the files.

Disabling SpamExperts for an email domain

  1. Log in to ispmanager with an administrator-level account or above.
  2. Navigate to the Mail section.
  3. On the toolbar, click Mail domains.
  4. Select the desired email domain from the list and edit it.
  5. Disable SpamExperts in the email domain settings.

  6. Save the changes.

The email protection and filtering settings configured in the SpamExperts admin panel will no longer work for the email domain. Manual creation and editing of MX records will become available in ispmanager.

SpamExperts configuration files

When changing and saving module settings, all values ​​are written to the main ispmanager configuration file: /usr/local/mgr5/etc/ispmgr.conf.

Parameters:

When changing parameter values ​​in the configuration file, the values ​​are automatically updated in the module settings.

In this article