Support for CleanMail Antispam Server

Welcome to CleanMail Server support. Here you will find the CleanMail FAQ lists, and links to some "How To..." guides.

Forum

The CleanMail support forum allows users to share tips and tricks on the topics of installation and custom rule design, and general discussion on the use of SpamAssassin™ on Windows™ platforms.

SpamAssassin Resources

To learn more about SpamAssassin's configuration options, see the SpamAssassin documentation files in the "sa\doc" subdirectory of your installation directory, or visit http://spamassassin.apache.org. Check out SpamAssassin's mailing lists, the archives are available here. There is also a powerful archive search engine available.

There are many SpamAssassin custom rulesets to be found in the SpamAssassin Wiki.

ClamWin Resources

Please visit the ClamWin anti virus web page for more information on ClamWin.

CleanMail Server Howtos

CleanMail Server FAQs

Basics

What is Spam Assassin™?
Award-winning SpamAssassin™ (http://spamassassin.apache.org) is considered the industry's leading spam filter, always finishing as one of the top contenders, or even best, in all spam filter tests. CleanMail always includes the latest stable version of SpamAssassin™. Future updates of SpamAssassin™ will be merged into the distribution, once they are proven and stable.

Note: We do not sell SpamAssassin™, as it is free open source software! SpamAssassin is a trademark of Deersoft, Inc. The SpamAssassin open source project resides at http://spamassassin.apache.org.

What is ClamWin™?
ClamWin™ (http://www.clamwin.com) is a free anti virus program for Microsoft Windows 98/Me/2000/XP/2003 and Vista. The CleanMail installer will offer you to download and install the latest stable version of ClamWin.

Note: We provide integration of the ClamWin download into the CleanMail installer only to simplify things for users. We do not sell ClamWin, as it is free open source software. ClamWin is a trademark of ClamWin Pty Ltd.

Why do I seem to get email addressed to other people?
This can happen for two reasons:

Trial Version, Registration Keys and Installation

Where can I download the free trial version?
Please go to http://www.byteplant.com/download/cleanmail/server and download the setup program. If you are behind a firewall blocking the download of executable files, choose to download the .zip archive, and use any archive software to unpack the setup program. Start the setup program with a double click.

What are the limitations of the trial version?
The Trial Version is fully functional for 30 days after installation. After this time, the restrictions of the freeware license apply. After you purchase and register a license, the freeware limitations are removed.

Where can I enter the registration key?
To enter the registration key, bring up CleanMail's admin application (if you don't know how to do this, see below). Choose Help -> Register from the menu. After pressing "Register", the display should change to show information about your key and your support plan.

What can I do when I lose my registration key?
Please go Customer Service Center and request the key. It will then be sent to your email address again.

What version am I using?
There are three ways to find out which version you are using

How do I know there is an important update?
In the "Global Settings" dialog, enable "Check For Updates". Also, make sure that your firewall allows CleanMail to connect to our web server (www.byteplant.com:80). This will notify you whenever important updates of CleanMail are available. To get a mail notification, enable "Send Daily Admin Mail" feature in the admin wizard, and check "include update information".

There is a newer version of CleanMail available. How do I update my installation?
Download the latest version and install it on top of your current installation. Installation will replace all the files of the SpamAssassin distribution, but the configuration files local.cf and CleanMail.cf are preserved.

Cleanmaild fails to start on a 64bit Debian/Ubuntu installation. What am I doing wrong?
Cleanmaild is a 32bit executable, and you probably did not install the 32bit shared libraries. When trying to start cleanmaild, you only see the error message "no such file or directory", and ldd cleanmaild reports "not a dynamic executable". Install the 32bit shared libraries (apt-get install ia32-libs libcairo2) to fix this.

Licensing

I have 27 email boxes set up on my server but on my daily spam filtering report I have a "Mail Addresses Used" count of 51. How can this happen?
CleanMail counts every recipient address (mailboxes plus aliases) accepted by your mail server that matches the list of address patterns you specified (if you did not specify this list, every address accepted by your mail server is counted). To reduce the total number of recipient addresses used to a minimum, you should

I removed the user account from the mail server, but the address still shows up in my used address list. How do I reset the used address list?
Restart the CleanMail Service, using either the Windows services manager, or the CleanMail Admin wizard.

CleanMail Server Configuration

My Exchange 2007/2010 Server does not accept incoming emails from the Internet and testing the Outgoing Server settings in the CleanMail SMTP Port wizard fails!
When using CleanMail with Exchange Server 2007/2010:

You should also verify the following Exchange settings:

When I install CleanMail on my Microsoft SBS 2003/2008 (Exchange 2003/2007/2010) Server, it is not picking up any email. Exchange always seems to grab the emails first.
When installing CleanMail on a SBS 2003/2008 (Exchange 2003/2007/2010) server, you have to disable the SBS internet connector first, then setup CleanMail and after that, reconfigure the SBS internet connector with the correct IP's etc BEFORE you re-enable it.

Disable the SBS Internet Connector first, then setup CleanMail and after that, reconfigure the SBS Internet Connector with the correct IP addresses BEFORE you re-enable it.

How do I enable Recipient Filtering/Recipient Verification on my Exchange 2007/2010 Servers?
If you are using an Edge Transport server:

If you are using a single Exchange server (Hub Transport server):
First, install the Anti-Spam Features on your Exchange server (for more information, see the TechNet article for Exchange 2007 or Exchange 2010): Next, enable the Recipient Filtering feature:

My mail server is configured as SMTP relay server to all locally connected users (relay restrictions are configured based on IP addresses). Now - after installing CleanMail - I have an open relay!
When CleanMail forwards mails your mail server "sees" only the IP address of the machine running CleanMail. You have to exclude the IP address of the CleanMail server from the list of hosts that you allow relaying for. Make sure the users you relay for connect to your mail server directly, not via CleanMail. The CleanMail server is meant to filter incoming emails from the internet, and not the email of your trusted users.

Both CleanMail and the mail server run on the same machine. The IP address of that machine is not on the list of IP addresses where relaying is allowed. Why do I still have an open relay?
In CleanMail's server settings, make sure you use the IP address as the outgoing server, and not localhost (127.0.0.1). If this isn't enough to fix the problem, assign two IP addresses to the machine, and use one for your mail server, and the other for CleanMail.

How can I make sure my mail server is not an open relay?
Open the CleanMail Admin Wizard and select "Perform Open Relay Test" from the "File" Menu to find out if your mail server accepts mails to external recipients. This test is also performed automatically every time you restart the CleanMail service.

How can I change the incoming SMTP port of Microsoft Exchange 5.5?
Microsoft Exchange Server 5.5 doesn't directly support changing the incoming port for SMTP mail. In some circumstances (you have a firewall/router with network address translation) you may be able to direct incoming mail to the CleanMail proxy on another port, which can then pass it to the Exchange server on port 25.  This may not be possible or desirable, e.g. when using applications that do not support configurable destination ports, or when there is no possibility for port translation, or when there are simply too many sources for messages that it would be inconvenient to reconfigure them all. 
In these circumstances you can change the Exchange Server's incoming SMTP port by editing the 'services' file, found in \WINNT\system32\drivers\etc\ for example. Change the line:
   smtp   25/tcp    mail   #Simple Mail Transfer Protocol
to:
   smtp   26/tcp    mail   #Simple Mail Transfer Protocol
Restart the machine after this change and Exchange will start listening on the new port. CleanMail can then listen on port 25 and forward mail to Exchange on port 26.  Note that outgoing messages from the Exchange Server will continue to be sent to port 25.

I am trying to use CleanMail with Exchange 2000 in a two IP address configuration. Why does the CleanMail service fail to start?
Exchange sometimes grabs the SMTP port on all interfaces, even when it has been configured not to. Click here for a Microsoft knowledge base article that tells you what to do.

I am trying to use CleanMail with Exchange 2003 in a two IP address configuration. Why does the CleanMail Service fail to start?
To solve this issue you have to disable socket pooling for the protocols that you want to filter with CleanMail. For SMTP and POP3 you can apply the following procedure:

 1. Open a command prompt

 2. Change the directory to Inetpub\scripts (or Inetpub\adminscripts)

 3. Enter the following depending on the service that you want to disable socket pooling for, e.g. for SMTP:

   net stop smtpsvc
   cscript adsutil.vbs set smtpsvc/disablesocketpooling true
   net start smtpsvc

How do I configure the CleanMail Service to automatically restart on failure?
Launch the Services Manager, select the 'CleanMail Service' entry and open its property page by double-clicking, switch to the 'Recovery' tab page and select 'Restart Service' for failure from the dropdown list.

The log file contains many 'connection closed by client' messages. Is there a problem?
The most likely cause for this message is that some bulk mail software used by a spammer did not wait for the confirmation that the mail server has accepted the message. CleanMail writes the above message to the log and immediately releases all resources held by this SMTP session.

Does rejecting spam cause additional SMTP traffic?
It does, but not directly for you. The only difference between accepting and rejecting a mail is your side's reply to the DATA command: In the accept case it is "250 message queued for delivery" (or something similar), in the reject case it is "550 [your rejection message]". The mail delivery failure notice is not created by your mail server, but by the sending mail server. The mail delivery failure notice typically does not reach spammers at all, as a spammer won't give his real address, but it can be useful to inform legitimate users that their message was tagged as spam and might not be read.

The attachment/antivirus filter seem to ignore the whitelist. What is going wrong?
For security reasons, the attachment filter and the anti virus filter ignore whitelisting. You can change this behaviour by setting IgnoreWhitelist="false" for these filters by modifying the corresponding sections in the config file with a text editor. Please see the reference chapter of the user manual for details.

I want to write my own custom filter. What do I have to keep in mind?
Any custom (external) filter has to be a separate executable, reading the mail input from stdin and writing the (modified) mail output to stdout. Filter results can be indicated by setting different exit codes, which can then be used to control the actions to be taken by assigning an appropriate mail policy. Please see e.g. the Zip Filter for an example of such a filter.

A legitimate message is rejected because of a MIME violation. What gives?
MIME errors may be used to slip malware past our filters, so we recommend rejecting malformed messages outright. The MIME checks are done by the attachment filter, and the reason is logged in CleanMail's log file, if you enabled the "log filter errors" option. If you have captured the offending message with a mail storage, you can also validate the message after the fact, by using our free online email validator.

SpamAssassin Configuration

How do I add custom spam phrase rules?
Adding custom rules is very easy. All you have to do is to open the sa/ruleset/local.cf file with a text editor of your choice and use one of these templates:

Please note that rule names (like MY_RULE_x in the above examples) must be unique. For further information on how to write your own rules, please see the Custom Rules Tutorial.

Is it possible to have CleanMail add the spam indication via an X header rather than changing the subject line?
By default the mail headers already contain "X-Spam-Status" and "X-Spam-Level" headers you can use as spam indicators. If you want to disable subject rewriting, just clear the "subject tag" edit field in the CleanMail Admin wizard. This will disable the appropriate "rewrite_header" configuration option of SpamAssassin.

Some obvious spam messages aren't tagged as SPAM. What can I do?
SpamAssassin is not human, spam which is obvious to you may not be obvious to SpamAssassin. You have several possible options:

How do I use SpamAssassin's automatic Bayesian Learning in CleanMail?
If you use the default SpamAssassin configuration provided, Bayesian Learning will be enabled. The Bayesian database is then built incrementally by learning from incoming mails which hit the spam or nonspam thresholds. You can also learn messages manually (choose messages to learn on the report tab of the CleanMail application). For details about learning multiple messages or entire message folders see the SpamAssassin documentation, and the sa-learn documentation. If you are using Microsoft™ products, read the "How to..." guides supplied here and here.

I just installed CleanMail, and only 77% of the spam messages I get are tagged as SPAM. What's wrong?
The Bayes tests do not work immediately. At least a minimum number of 200 messages has to be learned before the results of the Bayes tests are used by SpamAssassin. If you do not use sa-learn to explicitly add more spam mails to your Bayesian database, this database may grow only slowly.

Can I change SpamAssassin command line options?
You can change the default command line used to start SpamAssassin by editing the SpamAssassin filter settings. Be sure to check "advanced options" before proceeding from the first page of the wizard. The default setting is as follows:

    sa\spamassassin.exe -x --siteconfigpath="sa/ruleset" -e 255.

Help! My new rule/configuration change does not work! How can I validate my changes?
Open a command line window, change to the CleanMail configuration directory and test all your .cf files with SpamAssassin's lint option:

   sa\spamassassin.exe -x --siteconfigpath="sa/ruleset" --lint

If you want to check whether SpamAssassin is using a certain configuration file, just put in a syntax error in this file (e.g. write a line with the word "foo" in it). If the file is used by SpamAssassin, an error should be reported.

How do I run SpamAssassin to produce diagnostic output?
Open a command line window, change to the CleanMail configuration directory and run:

   cd [CleanMail configuration directory]

   sa\spamassassin.exe -x --siteconfigpath="sa/ruleset" -D <  <mail message file> >out 2>err

<mail message file> is a file containing a test message to be scanned. The diagnostics are written to the err file.

How do I block mails in foreign languages?
Add a line like this one in your sa\ruleset\local.cf file:

   ok_locales xx [ yy zz ... ] (default: all)

and make sure that your sa\ruleset\v310.pre file contains this line

   loadplugin Mail::SpamAssassin::Plugin::TextCat

without a leading comment symbol (#). Delete the # symbol if necessary.

This option is used to specify which locales are considered OK for incoming mail. Mail using the character sets that are allowed by this option will not be marked as possibly being spam in a foreign language.

If you receive lots of spam in foreign languages, and never get any non-spam in these languages, this may help. Note that all ISO-8859-* character sets, and Windows code page character sets, are always permitted by default.

The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and CHARSET_FARAWAY_HEADERS are triggered based on how this is set.

Examples:

Note: if there are multiple ok_locales lines, only the last one is used.

Select the locales to allow from the list below:

Anti Virus Filter Configuration

I'm receiving empty messages (no body and no subject). What is wrong?
Make sure the "use console output (stdout)" checkbox is not checked. Most virus filters only are analyze only, and have no output.