PolluStop questions

How can I easily train PolluStop's database?

PolluStop databases must be trained for PolluStop to be able to guess what's spam and what isn't. Spam is pretty much the same on most locations, but Good mail isn't, that's why a pre-trained Spam database is provided, but not a pre-trained Good database.

Here's a few simple rules to train your PolluStop database. If you have stored spam, you should try not to use the pre-trained Spam database, but train it by yourself. You'll get better results.

Do NOT use drop mailboxes and forward addresses to perform the initial training of PolluStop. This will not give the expected results. These training methods are provided for 'fine tuning of the training once the Initial Training is completed. The Initial Setup Wizard offers you a simple way to perform the Initial Training; you can also do it using the terminal, it is even faster and provides real-time information

1. Find a few accounts on your server containing several hundreds good messages.
   • Most users who keep their old mail keep it in a set of subfolders. These subfolders offers the best message set to train the PolluStop Good DB.
   • INBOXes are also usually a good choice, providing they has been cleaned from unsorted spam.
   • Discussion List folders, as well as Sent Items folders are usually NOT a good choice. Sort them out.
2. Open the PolluStop initial setup wizard, on the Training page.
3. Enter the path of those selected mailboxes in the according fields, or use the Mailbox Browser to locate them.
4. PolluStop will then read all mail in those mailboxes and train the database.
   For instance, you specify
   • good: yourdomain.com/useraccount/INBOX
   • spam: yourdomain.com/useraccount/INBOX/Spam
   • ignore: yourdomain.com/useraccount/INBOX/DiscussionLists
   • ignore: yourdomain.com/useraccount/INBOX/Spm/NotSure
   1. PolluStop will read all mails in INBOX and subfolders and will train the Good DB. However, it will not read INBOX/Spam and Inbox/DiscussionLists to train the Good DB as these folders are specified in the Spam/Ignore list.
   2. PolluStop will then read all mails in INBOX/Spam to train the Spam DB. However, it will not read INBOX/Spam/NotSure as this folder is in the Ignore list.
5. You must train PolluStop with ideally 4000 to 5000 of each good and spam messages.

If you don't use the pre-trained Spam database, it is preferable to train PolluStop with spam taken from the same accounts you train PolluStop's Good DB with.

Could you clarify the difference between drop mailboxes, forward addresses, forward as attachment, etc?

There are three email address to help the pollustop plugin, as well as two drop mailboxes. Drop mailboxes should be used with IMAP/Webmail/MAPI users. Forward addresses should be used with POP users.

• They are used after initial training to make further training the spam/good DB
• They should be used only with email that has already been processed by PolluStop but not filtered properly

1. Inline forward address #1: pollustop-good@yourdomain.com
   • Should be used with good mail tagged as spam
   • Should be used with inline (standard) forward
   • PolluStop gets only partial header inforomation
2. Inline forward address #2: pollustop-spam@yourdomain.com
   • Should be used with spam NOT tagged as spam
   • Should be used with inline (standard) forward
   • PolluStop gets only partial header information
3. Attachment forward address: pollustop@yourdomain.com
   • Should be used with any incorrectly-filtered email, either spam or good. PolluStop will read the original diagnostic headers and will know what you wanted to do
   • Should be used with forward as attachment
   • Several email clients, has an option to forward messages as attachment, either by default, or using a different command. MS Outlook Express can forward as attachment by clicking on the message with the right mouse button and selecting the correct menu item. MS Office Outlook doesn't have such option or doesn't do it properly. Mozilla Thunderbird does attachment forward by default.
   • PolluStop gets full header info, making this method the more accurate Forward method to fine tune PolluStop filtering.
   • This forward method will allow PolluStop to report a false positive/negative in the statistics page. PolluStop will not report false positive/negatives for the inline forward methods (above)
   • This forward method will also allow PolluStop to automatically whitelist the sender of a reported false positive.
4. Drop Mailbox #1: Drop/Good
   • Should be used with good mail tagged [spam]
   • IMAP/Webmail/MAPI only
   • This method is as accurate as the attachment-forward and is even more efficient, CPU-wise.
   • This method allows PolluStop to report false positive as well as automatically whitelist the sender
5. Drop Mailbox #1: Drop/Spam
   • Should be used with spam not tagged [spam]
   • IMAP/Webmail/MAPI only
   • This method is as accurate as the attachment-forward and is even more efficient, CPU-wise.
   • This method allows PolluStop to report false negative

All of my users are on POP3, can I still use PolluStop?

Yes, of course.

While PolluStop install process is optimized for IMAP/Webmail/MAPI users, it can still be setup for POP users. Still, especially if your server is for corporate mail (if you're not an ISP) you should evaluate the possibility to transfer your users to IMAP/Webmail/MAPI. This offers more security, and especially more versatility to your users: ability to create multiple folders in their account, ability to share mailboxes with other users, server-based backup.

Of course this requires more server disk space, but the cost of disk storage is always going down, it is far less expensive than having to backup each user machine to protect their mail. And you can create CGP account/domain-level rules for spam sorting and other similar operation without having to walk to each desktop and configure a mail client.

This said, it is understandable that IMAP/Webmail/MAPI may not always be an option. In those cases, PolluStop can be configured to help those POP users.

• Since POP users don't have access to submailboxes in their CGP account, the spam must not be stored in a submailbox. When running the PolluStop Initial Setup wizard, be sure to SKIP the step 2. If you didn't skip it, just go, in CGP webadmin, to the domain-level rules, and disable the PolluStop rule.
• PolluStop adds an header to the message telling if it's spam or not. Your POP users will want to sort these spam-tagged messages in a separate local folder in their email client. Most mail clients are not able to sort mail based on arbitrary headers; instead, PolluStop should be setup to tag the subject of spam messages with something such as [SPAM]. Go to the General page of PolluStop configuration and enable the Subject Line Modification feature.
• Then, proceed to email client configuration and create a rule to sort mail based on the presence of this [SPAM] tag.
  Major mail clients setup (spam-sorting rule and attachment forwarding)
  • AppleMail
  • MS Outlook (Office Outlook)
  • MS Outlook Express 6
  • Mozilla Thunderbird (Mac or PC)
  • Entourage
  • Eudora
  • PowerMail
  • Claris Emailer
• Drop Mailboxes can't be used by POP users, they should use the Forward addresses, preferably the Attachment forward address. Read the above FAQ entry for more information

Why hasn't this message been scanned by PolluStop?

Headers:

Return-Path: <valid_user@mydomain.com>
From: Mr. El Spammer <forged_address@otherdomain.com>
To: Your Name <valid_user@mydomain.com>
Subject: Your meds [...]

PolluStop thinks the message comes from a local user. You don't want PolluStop to think your local users are sending spam to other local users, don't you?

PolluStop assumes you are using SMTP Auth to prevent external senders to impersonate your users. SMTP Auth is recommended in all configurations, you may want to think about enabling it.

Meanwhile, or if for any major reason you can't enable SMTP Auth, you can configure PolluStop to stop relying only on the return-path to determine where the message came from.

Open PolluStop Settings, Advanced, and enable the "Check More Than Return-Path" option, near the top of the page. When you enable SMTP Auth in CGP, disable this option.