|
|
 IMF Tune - Bringing Back the Exchange Connection Filter
Working with IMF Tune v5.5 Moderator/ReportingThe IMF Tune Web interface provides a mix of email moderation and reporting functionality. In this document we take a closer look at how to use this interface. Index
1. Setup and ConfigurationThis is the third article discussing the new Moderator/Reporting functionality in IMF Tune v5.5. In Installing IMF Tune v5.5 Moderator/Reporting and Configuring IMF Tune v5.5 Moderator/Reporting we discussed the setup and configuration of the Web component. We now turn our attention to working with the interface itself. To begin let's start the browser and enter the application URL: Here the server name identifies the machine where the web component is installed. This opens the application login screen:
In Quarantine Users we walked through the creation of new users, granting them access rights over the web interface functionality. These are the credentials that have to be entered at the browser login.
2. Main Email ListAssuming we have been granted
This is the main moderator page, with the email list taking center stage. It includes the basic information; Date/Time, SCL, Subject, From and To headers. Next to Date/Time we have the Action column showing how emails were handled. The action icons match those used at the IMF Tune server configuration Email Handling category. In this manner we visually link the actions configured with the actions actually applied.
The right most columns include a checkbox for selecting emails, and small buttons to View, Delete and Resubmit emails.
3. Email FilteringThe interface provides two filtering methods. At the top-left corner we have the
IMF Tune gives us the opportunity to publish any email at the Moderator, even those accepted and delivered to user mailboxes. This point is discussed in Publishing Emails to the Database Server. However by default the We now turn our attention to the
Here we can choose to filter emails by E-mail Action, IP, Sender, Recipient, Subject, Body, Combined subject/body, Attachment name, Header values, SCL, or Date Range. Each filter presents a set of relevant options. For example when filtering by Sender or Recipient we can enter either the full email address or *@domain. The Header/Value filter allows us to enter a header name plus a phrase to be matched against emails containing that header.
4. Viewing EmailsFrom the list view, clicking the Subject or the small lens button on the right opens the email.
Here we have the full email except for the HTML body and attachment content. The body is limited to 32Kb of text. Larger bodies are truncated. As for attachments we provide the name, size and MIME media type. Even though the Moderator lacks access to this information, in case we resubmit an email, IMF Tune is still able to retrieve the original from the disk archive. Thus resubmitted emails include everything. The Summary page shown above presents an interface typical of a regular email client. Moving to the second page, we find the full list of headers:
The next page shows the SMTP protocol data:
This is the envelope information extracted from the SMTP session. Note that the Recipients section here shows the full list of addresses to which the email was sent, including any BCCs. BCCs are normally considered to be confidential. Thus it may be preferable for regular users not to have access to this information. This is why the recipient list is only visible if the user is assigned the View message processing details right. The next two property pages may also be considered to contain confidential information. Thus these also require the user to have the
The Keyword Reporting page will be familiar with all those using the IMF Tune server Keyword Reporting feature. Here we show the Keyword Report snippet that is relevant to the current email. The report contains information on any Whitelists, Blacklists and Rules matching the email. In this manner we see exactly all keyword matches and hence why the IMF Tune server changed the original SCL rating. The last set of properties is grouped under the IMF Tune Processing page.
This page shows any additional IMF Tune server processing. This includes Archiving, Logging, server-side Keyword Reporting and Auto-Replies. The Archiving field gives us the full path to the email file saved at the disk archive. An administrator could use this to open the file directly. Of course the path is located on the IMF Tune server that published the email. This may not be the same machine where the Web interface is running. Likewise the Logging and Keyword Reporting fields show the file paths for CSV logging and HTML reporting where the email was recorded. Lastly Auto-Reply shows whether any reply was sent by IMF Tune in response to this email.
5. Resubmitting/Deleting EmailsQuite obviously the moderator allows us to Resubmit and Delete emails. Access to these actions is granted by the E-mail delete and E-mail re-submit rights. When a user selects to Delete or Resubmit, the Moderator simply flags the email for processing. The actual operations are fulfilled by the IMF Tune server that originally quarantined the email. Deleting an email is straight forward since it is only a matter of removing data. Resubmitting involves seeking the email from the disk archive and delivering it to the original recipients. Note: IMF Tune only stores a single copy of the email even in case this was addressed to multiple recipients. A resubmitted email is thus delivered to all its original recipients. Likewise, if deleted, the email is removed and none of the recipients gets a copy.
6. General Spam Detection ReportImportant Note: The reports shown at the Web interface only includes those emails published to the database by the IMF Tune server(s). In order for reporting to account for all processed emails, the configuration option Store information on all processed emails for reporting purposes should be selected. The General Spam Detection Report provides a collection of bar charts and line graphs describing the overall filter performance in real time. Access to this report is only granted if the user is assigned the View general spam detection report right.
The report header gives us some general information including: Reporting Date From and Reporting Date To - These two dates will show the time range covered by the report. The number of days is controlled from the IMF Tune server configuration setting Retain quarantine information for reporting purposes for (days). Report Generated On - Shows the time when the Report was last generated. Reports are cached for 5 minutes. If multiple users are accessing the interface at the same time the same report is presented to them until the cache data expires. Total E-mails - The total number of emails recorded at the database. These are the emails from which the report information is generated. This total will normally be greater than the number of emails available for moderation at the email list view. For details on what this total includes, check the description for the bar chart titled E-mail matching whitelist, blacklist or SCL rule - Shows the total number of emails hitting at least one whitelist, blacklist or an SCL Rule. Following the header area we have a set of bar charts and line graphs with the headings:
The previous screenshot showed what the first chart looks like (How many e-mails were Accepted, Rerouted, Deleted, Rejected by IMF Tune?). The second chart (How many e-mails were Re-Submitted (Accepted) or Deleted at the Moderator?) needs a little more explaining:
This chart is really showing a breakdown of the Not Moderated - Emails shown at the Moderator list. Re-Submitted/Deleted - Emails that were re-submitted or deleted from the moderator interface. Deleted by Maintenance - Emails that have been automatically deleted because of the Disk Maintenance Backup operation as discussed in Email files moved to backup will also be deleted from quarantine. Others - Emails published exclusively for reporting purposes. This feature may be enabled at the IMF Tune server configuration using the Store information on all processed emails for reporting purposes option. All the other bar charts and line graphs are well described by their heading. Here is the chart showing the total number of emails matching each SCL rating.
And the following plots the SCL ratings for each day covered by the report.
All this information can be very useful in maintaining the best filtering performance. For example, consider the case where by mistake we configure a whitelist that ends up matching a large number of spam emails. In that case we would see a sharp rise in the line for the whitelisted rating. That would already be a good warning signal. Combining that, with the information at the detailed spam detection report we should be able to pinpoint the problem.
7. Detailed Spam Detection ReportImportant Note: The reports shown at the Web interface only includes those emails published to the database by the IMF Tune server(s). In order for reporting to account for all processed emails, the configuration option Store information on all processed emails for reporting purposes should be selected. The detailed report highlights specific patterns of processed emails. Access to this report is only granted if the user is assigned the View detailed spam detection report right. The report headings here read:
These headings give a good description of what the reports are about. Here are some screenshots. These were taken from a test environment with a very basic setup and just a few mailboxes. In practice the reports will normally contain a lot more entries than what is shown here:
The first report (How are individual keywords performing?) is one of the most interesting in this category. It shows exactly how often each keyword/phrase entered at the configuration is matching an email. Following that we have six reports highlighting the top 100 recipients, senders and IPs receiving most emails/spam. Lastly we have a report that simply lists the last 100 emails processed by IMF Tune.
8. User Account SettingsThe last page shown at the main Web interface view is the My Account page.
This shows the settings for the currently logged in user. The interface is different from that of the IMF Tune Server user configuration. However the same set of settings is displayed. Most notably the user rights are presented as a flat list of flags. These are organized differently at the IMF Tune configuration. At the My E-mail addresses section, we have the list of addresses "owned" by the user. These are only relevant in case the user is assigned rights such as 'View own emails only', 'Delete emails if user is the only recipient' etc. These rights grant access to emails whose recipient list matches one of the user addresses. At the bottom we have the Change Password button. This is the only actionable option available here. Clicking this, the user is prompted to supply his current password and the new password.
|
