📜 ⬆️ ⬇️

New module Traffic Inspector: protect traffic from spam

Any program should be developed. Only this way allows it to remain in the "holder", to be in demand, to make a profit. The developers of the well-known Traffic Inspector system are following this way. With enviable periodicity, new versions are released, new features appear, new modules are added. So this time, the functionality of the program has been expanded with a new module - Traffic Inspector AntiSpam .

Consider the basic features and features of this very useful add-on (there will be a lot of text and screenshots).


The module is designed to protect internal mail servers from spam. It works if you use the Traffic Inspector program's SMTP gateway. (This feature is currently available for Gold.) The module analyzes all messages arriving at the mail server, recognizing spam based on the specified rules and algorithms, which are based on the Bayesian classifier that has already become a classic for such checks. An important feature of this classifier is that it can be constructed on the basis of a sample with missing values, which is very well suited for checking a variety of mail messages.

The Traffic Inspector AntiSpam module, although it is based on the standard Bayesian classifier, but is implemented taking into account its own research and improvements in the definition of unwanted messages and specific signs of spam.

Most often, anti-spam filters on email messages are placed either on email clients (for individual users) or on email servers (both for general use and corporate). The filter that checks incoming mail before it arrives at the server is used less frequently. Although in the conditions when the program is used to record traffic, why not use it to check mail? Antiviruses stand in the way of the traffic, now antispam can also be installed.

The module that is embedded in Traffic Inspector, self-learning. It analyzes all incoming messages, recognizing spam by the rules and algorithms that are displayed by their own self-learning system. But nevertheless the help of the administrator or the user is necessary - it is impossible to completely rely on the work of the program, since the filters can fail, skipping over explicit spam and writing quite correct messages to poor quality mail.

This module can be considered either main or additional - besides it, there is a second module on the guard against spam in the program - RBL SMTP filter. But he sometimes gives "misfires" and is not always convenient to use. Although for some databases of IP addresses protection provides reliable.

So, in order to enable the anti-spam filter, you need to have an SMTP gateway configured. Only if it is connected will the filter be available. Its configuration can be divided into two stages. The first is to set up actions when spam or benign messages are detected. As a rule, actions are reduced to adding the word SPAM to the letter header, as well as information about how this spam was detected, into the service message fields. In addition, each response to detected spam increases the weight value of the parameters that were used for this detection.

On the contrary, for benign letters the weight value of the parameters decreases. The smaller the weight parameter, the more likely it is that the letter is good, and vice versa. If you wish, you can add information about the test to the header and the service fields of the message.

Finally, there are also simply suspicious letters, about which the module cannot give a definite answer - whether the message is spam or not. For such letters, the weight value of the parameters can be left unchanged, and in the header add information that this letter is only possibly spam.


Here in the settings you can set the level of “aggressiveness” of the filter for checking messages (the higher it is, the smaller the message will be considered as spam). It is possible to adjust the size of the database for storing statistical data. But the bigger the base, the better the filter works, but it will work slower. Therefore, it is possible to remove data from it with a period longer than the established one. The base can be cleared completely, but this will mean that the filter configuration for spam recognition will have to start anew.


The settings mentioned above provide automatic processing of incoming messages. However, especially at the first stage, additional verification of the correctness of the filter response by a person is required. This task is performed through the module interface. Here you can display a list of received messages already processed by the filter and having the appropriate marks. Looking through the list, you can decide for yourself what is spam and what is not. Markers set by the user replace the automatic creation data and provide additional adjustment of the rules used by the filtering module. To increase the accuracy of message identification, it is possible to create “black” and “white” lists in order to indicate to the system in advance what is good and what is bad. And you can create your own rules based on stable expressions that can be searched for in the recipient’s address, sender, subject or content, and by the presence of these expressions, you can match incoming emails with spam or regular, normal messages.


Each user can perform work with letters in the Traffic Inspector personal account, which, in addition to defining spam, allows you to individually configure folders for sorting incoming letters and spam. Formed lists of incoming mail can be sorted by various signs, apply filters to view (for example, leaving only the doubtful). Reports can also be generated by such parameter as the words according to which the letters were classified as “spam”.

Users of the network where the Traffic Inspector product with the anti-spam module is installed and receiving mail using MS Outlook do not need to tune the module through the program’s personal account. Instead, it is enough to install a small plugin for your email client, and all adjustments to the distribution of letters between "benign" and spam can be made through the control panel. Having chosen the necessary letter, you can define it as spam or, on the contrary, remove the affixed sign and transfer the received letter to the category of “benign”.


No matter how well the filter works, sometimes it works on quite correct messages. In order not to lose the necessary letters, the system provides the possibility of guaranteed delivery. It lies in the fact that when blocking spam the sender can be sent a message about the impossibility of delivery, where in the reason you will be asked to add a keyword to the subject of the letter for guaranteed delivery (default NOSPAM). Such letters will automatically be redefined as good and will increase the accuracy of the module response.


Thus, the use of the Traffic Inspector AntiSpam module increases the capabilities of the system as a whole, protecting users from spam.

Source: https://habr.com/ru/post/102695/

All Articles