email – It Won't Byte Infoblog

Reset user email passwords in Plesk

If you have been previously set up as an email admin for your domain, you can use these directions to reset an email user’s passwords.

Step 1: Log in to your domain’s Mail Administration Control Panel (Plesk). Usually this is at http://yourwebsite.com/mail

Step 2: Click on ‘Mail’ on the left side if you aren’t already at the list of users, or if you are already there, click on the email address of the user whose password you want to change. See image below

reset_password_plesk_step_1

Step 3: Enter the new password for the user, and enter the same password in the ‘Confirm Password’ box. You can click the ‘Show’ button so you can make sure you know the password you are entering. See image below.

reset_password_plesk_step_2

Step 4: Click the ‘OK’ button to save your changes.

Even more Katharion Spam Filter Details

Welcome to the Katharion Anti-Spam Filter!

The first thing you’ll notice is that you’ll get less spam. You could actually stop here, but becuase you’ve just moved to this system, the filter doesnt’ know the types of emails that YOU might get that you say are NOT spam.

So we need to watch out for ‘false positives’ – this is the term used when a spam filter catches a ‘nonspam’ email and thinks that it is Junk email.

Our next step is to ‘train’ the filter to know which of our emails that it thinks of as spam are not really spam.

Training the Spam Filter: Whitelists, Blacklists, Quarantine

Every evening, you will get a digest containing ALL the email that was caught by the filter over the last 24 hours. The digest email is split into two parts: Probable spam, and Definite spam. Using traffic patterns, advanced content detection and other methods, Katharion splits your incoming ‘flagged’ junk mail into those two sections. Probable spam is the section that you will need to look at carefully for the first few weeks. This is the area that is most likely to have ‘false positives’.

On each email, under each section, it will show you the sender’s name and address, and the subject line of the email that has been quarantined. For the first week or so, you’ll want to go slowly through this list and look at both the subject line and the from: address. Sometimes companies use re-mailers to send out their bulk emails, and I personally have had items from reputable mailers quarantined because of their sender (Constant Contact, for example has agreements with most filtering companies that their mailings won’t be quarantined.)

I found an email that is NOT spam!

When you find an email that is good (or suspected to be good) you’ll click the ‘Release‘ button next to that email. This ‘Releases’ the email from quarantine and allows it to be delivered to your standard email program. (e.g. outlook). If you already know that this email is from a sender you want to ‘whitelist’ (always have their emails delivered to you without quarantine), then you can click the ‘whitelist’ button that will show up on the next page. If you’re not sure from looking at the subject and/or from: of the email if it is a good email or not, you can release it from quarantine, wait to get it in your inbox, and THEN go back and click the whitelist button.

If you already have a list of email addresses that you wish to whitelist, you can add it to your own personal whitelist after logging into your account.

Do I have to do this EVERY day?

After about a week or two, you may find that a few days will go by between seeing a suspected ‘false positive’ in your quarantine. When that day comes, you can turn off the daily digest emails, and then you’ll just check on the server if you think that an errant email has been caught.

To sign on, you’ll visit http://iwbyte.katharion.com/ and log in with your email address and password (which It Won’t Byte will supply you). On the web site, the last 1,000 messages are stored – this could be 2 days or 2 weeks, depending on how many messages you get in a day. You’ll also be able to see cool data like what percentage of your emails are spam, and customize the sending of your digest emails.

But what about…

If you have other questions, feel free to contact [email protected] and we’ll help you out.

More details for Katharion Anti-Spam filter

Earlier I gave an overview on the Katharion Anti-spam filter available to It Won’t Byte customers. Here’s some more information:

When your domain uses the Katharion Anti-Spam filter, the administrator for that domain will set up a list of users for the domain. Each user then has a number of email addresses that point to that user’s main address.

e.g. for the domain xyz.com, there may be three users:

Then to each user, we’ll attach email addresses.

So now Katharion knows where to send email that is addressed to any of the addresses @xyz.com. Note that there is no ‘catch-all’ available for katharion – if someone emails [email protected], that email address will bounce, even if it is set up on your local mail server, becuase the Katharion system will see it is not one of the above users or email addresses, and drop that email.

The reason to set up different users is because every day, a digest of ‘caught’ (also called ‘quarantined’) email messages is sent to the ‘user’ for a particular email address. So all the spam that is sent to either info@, sales@ and george@ in our example above gets sent in a list to [email protected].

The digest email is split into two parts: Probable spam, and definite spam. Using traffic patterns, advanced content detection and other methods, Katharion splits your incoming ‘flagged’ junk mail into those two sections. Probable spam is the section that your users will need to look at carefully for the first few weeks. This is the area that is most likely to have ‘false positives’.

From this digest email, your users will be able to release the email to let them read it and see if it is spam, and if it is not, they will be able to whitelist it so that it never is considered spam again. The whitelist is based on the sender address.

You may also whitelist specific addresses or even entire domains in advance of messages getting stuck in the quarantine by using the control panel. These whitelists can be per-user, or the administrator for the domain can make domain-wide whitelists and blacklists that affect all users.

Some clients have a central ‘Junk mail officer’ who checks spam for all the users on the domain. In their setup, if George is the JMO, they might set up their domain this way:

[email protected]
- [email protected]
- [email protected]

In the above example, Todd and Mary and George all get their email delivered to them separatley as usual, but their spam is all held in George’s quarantine, and he is the only one who can release the email (to be sent to the original recipient) if he determines that it may not be spam.

The Katharion system also checks for Viruses, but we recommend a desktop anti-virus system in addition to watch for viruses that are not disseminated by email.

Want to learn more? See Part III of our Katharion details write-up

More questions? Contact [email protected] for assistance.

What do you mean ‘mailbox on the server’?

Here’s an real-world analogy for your email:

Imagine you’re sitting in your house – when the mail truck comes by, do you get your mail auto-deposited in your lap? No, you have to go out and get it from the mailbox, right? Then you take your mail back into the house and put it on the counter or desk and go thru it and open the ones you want, delete the ones you don’t want, etc.

Your online email goes thru the same process. When someone sends a message to [email protected], the message is deposited in your ‘mailbox’ on the server. Unless you do something, you’ll never see that message. So how do you ‘walk out to your mailbox’ in this online scenario? This is the purpose of that ‘check mail’ or ‘get/send messages’ button on your email program (outlook, Eudora, apple mail, etc.). When you click that button, your computer does a few tasks:

Ask you for your username & password to connect to the server – if you checked the ‘save password’ box at some point in the past, then you’ll skip this step. It doesn’t mean you don’t have a password, just that your computer is remembering it for you
Real-world Analogy: Get the key to your mailbox
Connect to the mail server at yourdomain.com and log in using the above username and password
Walk out to your mailbox at the end of your driveway
Look at your mailbox – is there mail in it? If so, note the # of messages and the date they came in
Open the mailbox
Download each message individually to your mail program, then delete that specific message from the online mailbox and continue with the next message.
Take out an envelope and tuck it under your arm
Once done downloading all the messages, disconnect from the server and display your new mail for you.
Close the mailbox door, walk back inside the house, spread the mail out and start sorting it.

So what happens in this scenario if you have a check put in the box for your desktop mail program to ‘leave mail on server for 7 days’? Well, step 4 then becomes:

4. Download each message individually to your mail program, then delete that specific message unless the message is less than 7 days old, in which case leave a copy of the message on the server.
Take out an envlope, photocopy the contents and put it back in the mailbox, taking the original envelope with you

Why should you do this?

Well, its nice as a back-up – if you were to have problems with your mail program, you could restore from a backup (you have a backup, right?), and be able to re-download all of the mail that came thru in the past week since you made your backup. It also works great if you are in & out of the office and want to be able to check your mail via web-mail that same day or the next day (more on that in another article)

Why should you not do this?

The big reason is that the messages in your online inbox are taking up space on the server that count against your quota. Each mail account has its own quota of so many MegaBytes (MB) of data – once you reach that quota, your (online) mailbox is Full and any further email you get will be bounced back to the sender.

Again, going back to our analogy – if you keep those photocopies of your mail in your mailbox, eventually there will be so many photocopies sitting in there that the mailperson will be unable to stuff any more mail in your box. Even if you take the original envelopes that you bring int your house and throw them all away, that won’t do anything to the copies of the mail you left in your mailbox unless you go out and throw those away too.

If you check email once a day or even every few days, you’ll never end up with a full mailbox, since the occasion where you receive 40 MB of email (as an example) in a single day is very rare. BUT if you leave your mail on the server, then even if you check mail every 10 minutes, that mail is still sitting in your mailbox for 7 days (using our example above).

Therefore, our recommendation is NOT to use the ‘leave mail on server’ option in your mail program checked unless you have a very good reason, and if so, be aware that if you get lots of those ‘oh so funny’ movie files from your friends, even if you delete them all in your mail progrm, they’ll still be taking up lots of space in your online mailbox and you run the risk of bouncing email.

If you have further questions, feel free to contact [email protected] and we’ll be happy to walk you through your specific situation.

I didn’t send this email that bounced back to me!

Here’s a request i’ve been seeing a lot lately:

I came in this morning and found a large number of bounced messages that were all set from me that were sent to lots of random people, but I didn’t send them! My computer even was unplugged/off/in a wheat thresher – do I have a virus?

Quick answer: No, you aren’t infected, you didn’t do anything wrong, nothing to see here – just delete them and move on.

Detailed answer: You have just become another example of Spam Backscatter. When you get a spam message, it usually comes from some random email address, most likely completely unrelated to the topic of the spam. (If it were a real sender and/or related to the message, it wouldn’t be spam, then, would it? ). Well, those email addresses are usually picked out of the millions of ‘good’ email addresses that the spammers have in their database, and since they send out millions of emails, the probability is that every once in a long while, that ‘from’ address they use is going to be you.

UPDATE 4/23/08: It seems that the backscatter spam is actually a tactic chosen by spammers – since bounced emails don’t get read, and the entire contents of the spam are often included in the bounce message, they are more likely to have their messages delivered to a human being, bypassing filters.

Its very easy to spoof (fake) the sender of an email (remember this the next time you get an email from [email protected] telling you to forward this letter to all your friends and you’ll get money). Since the spammers want to make sure their email gets thru the filters, they don’t use the same email address in the From: field every time. So they randomly pick out an email address from their database and use that one.

Also, the spammers really don’t care how many bounce messages they get from rejected emails, or from non-existant addresses, so why should they be bothered with all the bounce messages? Better for someone else to get them.

So fast-forward to today, when you got 127 bounce messages in your inbox from random addresses around the world, saying your email was rejected, or so-and-so is over quota, etc. If you look at the body of the message and see that it is all a spam message, then you can simply delete the bounce messages and go about your day. Since spammers switch email addresses often within the same ‘batch’, most likely you’ll get one group of bounces over a 4-6 hour period, and then nothing else.

It isn’t very likely these days, but if you do get someone writing back to you telling you to ‘take me off your list’ or using not-so-nice words to describe their attitude, you can safely ignore them, or to explain to them that you’re an unrelated victim as well, point them to this article for more information.

Katharion Anti-Spam Add-on

All hosting accounts at IWByte.com offer built-in filtering for spam using the open-source SpamAssassin program. This is available at no cost with all email accounts. SpamAssassin uses a ‘points’ method of filtering, with various facts about an email receiving specific points. That is, an email with a subject in ALL CAPS would receive .5 points, the occurance of words like “viagra” or ‘Cialis” would be 1 point, saying you’ve won $25,000,000 (TWENTY FIVE MILLION DOLLARS) would be worth 2.5 points, etc.

Then all emails that have ‘spam-point’ totals of more than a certain amount (a default of 5.0) would be marked as ‘spam’ and filtered into a holding box on the server These Spam emails are then saved for 7 days and then auto-deleted.

SpamAssassin (SA) is a great tool, especially for being open source (read: free). Its strength is its Bayesian learning techniques, which improve over time as you receive more spam. That means that each person’s mail filter is personalized based on the specific type of spam they receive. So the more of a specific type of spam you get, the more likely that specific spam will be caught in the filter.

Using these two methods, the built-in SpamAssassin spam filters catch 90% of all spam after running for a few weeks, and for many clients, this is sufficient.

However, over the last few years, spam has become even more prolific, and while SA may catch 90% of spam, with spam levels going from 200 a day to 2,000/day means that the spam that is let through increases as well. For some clients, depending on how public their addresses are, they may recieve more spam than others, and may need a more advanced filtering system.

This is why It Won’t Byte has partnered with Katharion to offer their Anti-Spam filters for our clients. With SpamAssassin, the filters are applied on a per-user basis, but with the Katharion system, all email for a domain is redirected to Katharion’s servers, where it is checked for spam using a more advanced and updated ruleset, and then passed back to It Won’t Byte’s servers, to be run through SpamAssassin and then placed in each user’s mailbox.

Katharion has many advantages to SpamAssassin, including:

Discover current spam that needs filtering by use of ‘Honeypots‘
Dedicated staff to adjust rules on-the-fly
Large number of accounts – an email sent to hundreds of unrelated accounts at once is more likely to be spam.

We tested Katharion on the IWByte.com domain for several months and then invited some select clients to sign up for the service and they have experienced dramatic reductions in spam. At the time of this post, the pricing for Katharion per-domain (for up to 25 users) is $12.00/domain/month. If you have multiple domains that point to the same address (i.e. [email protected] and [email protected] both point to the same account) then these can be aliased to the main domain at no additional cost.

All billing is done through It Won’t Byte and is synced with your hosting renewal dates, billed in 3,6, or 12 month increments to match your hosting account. Note that a ‘user’ is counted as a specific emailbox that finally receives the email. So if info@ and welcome@ and joe@ all go to Joe’s mailbox, then that only counts as one user toward the 25 user limit.

How does it work?

Once configured for your domain, each user will be provided with a password (if you have a password you would like to use for each user, let us know beforehand). Then each user can log in the administrative panel to manage their preferences.

Each member can adjust their spam tolerances (i.e. how strict do they want the filters to be) as well as how often notices are sent to list the spam that was caught. By default, the configuration is to hold all caught mail in quarantine for 7 days.

On each emailed notice you will be given a chance to release an email from quarantine, or whitelist that user so that they won’t be marked as spam next time, or both.

Each email address and aliases for that address are all covered by one configuration log-in, so an email address of info@ and welcome@ that all go to johndoe@ will all be covered by one log-in.

For more details, see Part II of our Katharion write-up.
If you would like to sign up for Katharion anti-spam filtering, please contact us at [email protected]