This article explains how to configure SecurityGateway to perform certain actions of messages that have not been rejected or quarantined, but score over a certain amount.
From the Dashboard, after logging in:
- Click on Security in the lower-left corner
- Locate the Anti-Spam section
- Click on Message Scoring
You may then configure the following options:
-
Enable actions based upon final message score
If this is enabled, any message that SecurityGateway is still processing after going through the enabled security options will either be refused for delivery, or quarantined, depending on the options below. By default, this is disabled.
-
Reject messages with score greater or equal to xx
If, after processing the message, it has a score equal or higher to this number, it will be rejected and not delivered. By default, this is enabled, with a score of 12.0.
-
Quarantine messages with score greater or equal to xx
If, after processing the message, it has a score equal or higher to this number, it will be quarantined for later review. By default, this is enabled, with a score of 5.0.
-
Add subject tag to messages with score greater or equal to xx
You may also wish to add something to the subject line of messages that have a high message score. By default, this is disabled, with the setting '*** SPAM ***'.
-
Exclude messages from whitelisted senders
If the sending email address, domain, or IP address is on the server's whitelist, or on the recipient's personal whitelist, then SecurityGateway will not quarantine or refuse the message. By default, this is enabled.
-
Exclude messages from authenticated sessions
If the connecting user authenticates their session using a username and password on the SecurityGateway server before sending the message, SecurityGateway will not quarantine or refuse the message. By default, this is enabled.
-
Exclude outbound sessions
If the message is bound for a remote address, SecurityGateway will not quarantine or refuse the message. If you enable this, make sure SecurityGateway can check that the sending user can be verified as valid, to avoid an open-relay situation. By default, this is disabled.