SpammerTrap Performance Tuning

SpammerTrap Email Security appliances are designed perform exceptionally well when sized correctly. (See http://www.secnap.com/support/faqs/maximum-mailboxes.html)

The Appliances are designed to support an expected usage and are not restricted as to maximum usage.  HOWEVER, even if an SME500 is designed to handle up to 1000 users, there can be situations and circumstances that can create performance problems with a smaller user count.  SECNAP IONSPAM hosted cloud based services scale automatically to support the licensed user count.  If you are experiencing performance problems with your IONSPAM service, please contact support.

If you are experiencing delays or performance issues with your SpammerTrap, you can try these simple options prior to needing to think about an upgrade.  You may also check to see if your SpammerTrap has entered into the 'STRESS' mode.  In STRESS mode, the SpammerTrap is more selective of the number of concurrent connections it allows in order to try to deliver existing email. (See information on STRESS mode.  click here)  You can also look at the Home screen or Status graphs to see if you are experiencing a larger than expected amount of spam or email.

1.  Disable “Wildcard Recipients”

One of the very first checks the SpammerTrap does on incoming email is to determine if the recipient is valid.  Spammers often flood spam into organizations simply guessing at email addresses that never existed, or no longer exist.  This simple check can actually eliminate 80% or more of your spam very quickly and efficiently.  Wildcard recipients are domains, which the SpammerTrap will accept any email sent to it as a valid.  They still go through the other filtering layers and the spam emails will likely still be blocked, but it’s much more efficient to reject the email if it’s sent to a non-existent user.  Furthermore, having a wildcard domain entry can create 'backscatter' and get your mail server blacklisted if it bounces the forged email back to an innocent third party.  NOTE: IONSPAM Hosted and VPS services have Wildcard disabled.

How to check for Wildcard Recipients

Navigate to Reports->Recipients

A wildcard recipient will have an email address in the form of a domain “@domain.com” and the Receive Emails column will say “Y”, as shown in the picture below.

To Disable the Wildcard Recipient

Double click on the domain(s) affected.  In the Edit User screen change the Receive Emails drop down to “No” and save your changes.  NOTE: this does NOT stop this domain from receiving email, as it would for a This e-mail address is being protected from spambots. You need JavaScript enabled to view it record.  It just stops the wildcard acceptance of This e-mail address is being protected from spambots. You need JavaScript enabled to view it .  If you wish to actually stop email delivery to one of your domains, you can delete it, or suspend delivery (See Configuration->Email Routing [Email Delivery])

2.  Disable “DHA Logging”

Dictionary Harvest Attacks (DHA) are spammers who guess at valid recipients in an attempt to send more spam to more people.  These are emails being sent to non-existent users.  These events represent a large portion of the logging requirements on the SpammerTrap.  By disabling DHA logging, you can increase not only email delivery performance, but reports will execute quicker also.

To Disable DHA Logging

Navigate to Configuration->Quarantine

Under the Log Retention settings, change Rejected Emails to 0, as shown below.

3.  Limit the use of the SpammerTrap as your Smart Host or SMTP Relay for outbound marketing or newsletters.

If you are using your SpammerTrap to filter your outbound email as well as your inbound email, consider limiting its use.  Bulk emails such as large marketing mailers, or even chain letters sent from employees may slow down the SpammerTrap and delay other legitimate email delivery.  Bulk email should be sent directly to the Internet by a dedicated mailing list server, or sent through a third party mailing list manager such as MailChimp which offers free accounts for companies sending to less than 1000 users and 6000 emails a month.

4.  Disable TLS encryption for internal delivery

By default, the SpammerTrap will TLS encrypt every email that passes through it if the other mail server supports such encryption.  This may or may not be required depending on your configuration.  For example, with a SpammerTrap located in the same local subnet with your corporate mail server (Exchange) there may not be any need to encrypt the communication between the SpammerTrap and the corporate mailserver. NOTE: Check with your Corporate Privacy and Compliance officer for information on regulatory compliance and 'Data In Motion' Encryption requirements.

To Disable TLS Encryption to Local Domains

Navigate to Security->TLS Encryption.

Here you can define per-domain based email encryption settings.  Click on the Add button, type in your local domain and select “Off” for encryption, as shown below.

This will disable TLS encryption for messages from the SpammerTrap destined for your local domains, which should be traveling over your local trusted LAN anyway.  Repeat this for each of your local domains.  Email between the SpammerTrap and the outside world would continue to be Encrypted were possible.

5. Disable TLS encryption for external delivery

By changing the default settings (Security->TLS Encryption, see 'Default Settings' upper right hand option), you can change the defaults to 'Off'.  If you do have specific domains that you wish to send TLS Encrypted emails to, you can then enter them and set to 'Force'.

6. Send and Receive 'Group' emails.

One of the problems that is often seen with smaller devices under stress is the delivery of 'mass' emails.  Even legitimate mass emails.  An example would be if you had a vendor or partner sending emails to your marketing group, and sent an email to ' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ' and cc'd 30 other users.  Under stress, the sme150 (and the IONSPAM hosted servers) would rate limit the email so that some of the users would receive the email immediately, while others would see a delay of 15 mins to an hour.  The reason this is done so that 'non bulk emails', send to only one or two people can have priority.  The best solution to this is to create a 'group delivery' account and put everyone in the marketing department in that account and have your vendor change your contact email address.  That way, only ONE email is sent, and it would be received immediately.

7. DNS problems.

The SpammerTrap uses an extensive list of DNS based tests.  Your internet connection, and firewall must allow for unrestricted access to the internet DNS servers. If you are using DNS in Forward only mode, you might be overloading your internal DNS servers.  The SpammerTrap does have a built in caching DNS server, so that multiple requests for the same information are cached, but sometimes using internal shared servers can cause delays.  Several tests use DNS:  A and mx lookups, check validity of the domain and email address.  SPF and DKIM key tests, attempt to check authenticity of the sender.  40 RBL (DNS based real time blacklists) use DNS tests, as well as DNS lookups for the four reputation filters.  If you suspect DNS problems, verify that you are NOT Using forward mode, and run a couple of DNS diagnostic lookups under the help menu.  If you cannot solve the DNS problems, you may need to turn off SPF and DNS based white/blacklists.