Your SlideShare is downloading. ×
Spamsentinel V7 Reseller
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Spamsentinel V7 Reseller


Published on

This slideshow outlines how the markets leading Anti-SPAM software for IBM Lotus Domino Server Works. This product is available from Rivett & Associates. Email:

This slideshow outlines how the markets leading Anti-SPAM software for IBM Lotus Domino Server Works. This product is available from Rivett & Associates. Email:

Published in: Business, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. SpamSentinel Technical Overview The Best Spam and Virus Protection for Domino Servers
  • 2. SpamSentinel Technical Overview “It Just Works” More than a slogan…
  • 3. SpamSentinel 7 Duo High Performance and High Availability Protection Higher Performance means the ability to process as many as 4 million messages per day on a single server without upgrading hardware. Fault Tolerance means if any problem occurs with processing, the spam check will be retried without releasing spam into your mail system.
  • 4. Discrete Component Architecture Discrete Component Architecture (DCA) describes the 7 unique components that comprise “SpamSentinel”. Each performs a separate task that contributes to high performance and high availability. Individual components can be updated without restarting the server in almost all cases.
  • 5. Four Types of Mail • We categorize mail into four types: – Category A: Valid Mail. – Category B: Spam-B, or “Suspect Spam”. It is not considered Spam, rather one of the two engines suspect it could be spam whereas the other does not. Spam-B can be delivered to the end users Junk Mail folder in real-time for immediate verification. – Category C: Spam-C, or “Confirmed Spam”. Both engines agree the message is Spam. This mail appears in the daily report to end users for verification. – Category D: Spam-D, “Deletion Recommended” Spam. 100% Guaranteed Spam. Both engines strongly agree the message is Spam. This type of message we can silently Delete or Reject at the gateway. It does not require end user verification. • Category D/Spam-D will average 90%+ of total spam volume daily.
  • 6. 1 - SpamSentinel Interceptor The SpamSentinel Interceptor (ssintercept) is a Domino Extension Manager DLL file that intercepts all inbound SMTP mail and determines if a message should be deleted or rejected at the SMTP level using the SMTP Silent Delete/Reject options (Spam-D). Mail that is not rejected or deleted is written to the for further scanning. Using this method we can eliminate more than 90% of all spam before it enters your mail environment. All mail is now processed in before being routed to, significantly cleaning up For an additional license fee, our optional anti-virus add-on offers a second layer of protection even when another anti-virus tool is in use.
  • 7. 2 – SpamSentinel Scanner The SpamSentinel Scanner (SScanner) is a Windows service that reads mail in and checks the messages for spam against our two anti-spam engines. It also checks attachments for viruses. Next it performs all other checks, such valid recipient processing, attachment restrictions, etc. It marks the message as complete and waits for the SpamSentinel Router to process them. (Good Mail, Spam-B, Spam-C, Spam-D) Sample Log Entries: (Note: Good Mail is not reflected on the console) 01/16/2008 12:49:39 PM SScanner: (Spam-C) IMPORTANT NOTICE 01/16/2008 12:49:40 PM SScanner: (Spam-D) Doctor Approved And Recommended 01/16/2008 12:49:40 PM SScanner: (Spam-B) Get out of debt - act now for free debt relief consultation 01/16/2008 12:49:41 PM SScanner: (Spam-D) veinbrre
  • 8. What it looks like… SScanner Common Log Entries 05/28/2008 04:23:41 PM SScanner: Found configuration file D:SpamsentinelSScannerPartition1SpamSentinel.ini 05/28/2008 04:23:42 PM SScanner: Using Notes INI file 'D:LotusDominonotes.ini' 05/28/2008 04:23:42 PM SScanner: Reading INI file D:SpamsentinelSScannerPartition1SpamSentinel.ini 05/28/2008 04:23:42 PM SScanner: Opening administration database: Local:SpamSentinelSpamSentinelAdmin.nsf 05/28/2008 04:23:42 PM SScanner: Reading configuration document for CN=XIMILE/O=CORP 05/28/2008 04:23:42 PM SScanner: SpamSentinel version number: 05/28/2008 04:23:42 PM SScanner: SpamSentinel license Code: 11112008575d6bae62 05/28/2008 04:23:42 PM SScanner: Watching scan database: 05/28/2008 04:23:42 PM SScanner: Watching scan database:
  • 9. 3- SpamSentinel Router The SpamSentinel Router (SSRouter) is a Domino task that watches the for processed messages. SSRouter can directly deposit spam into a perimeter database that never enters the mail system. SSRouter also automatically creates a new perimeter Quarantine once the size reaches 500 megabytes, using a convention of: Quarantine_D_1, Quarantine_D_2, Quarantine_D_3 etc. If a Scan box does not exist, it creates it while the Domino server is running. Good messages are placed in for normal Domino Router processing. Sample Log Entries: 05/16/2008 12:49:41 PM SSRouter: Moved 3 messages to Quarantine D 05/16/2008 12:49:43 PM SSRouter: Moved 1 messages to 05/16/2008 12:49:43 PM SSRouter: Moved 2 messages to Quarantine D
  • 10. What it looks like… SSRouter Common Log Entries 05/28/2008 04:18:45 PM SSRouter: Initializing version 05/28/2008 04:18:45 PM SSRouter: Reading configuration document for CN=XIMILE/O=CORP 05/28/2008 04:18:45 PM SSRouter: Watching mailbox: 05/28/2008 04:18:45 PM SSRouter: Watching scan database: 05/28/2008 04:18:45 PM SSRouter: Watching scan database: 05/28/2008 04:18:45 PM SSRouter: Version started > load ssrouter
  • 11. 4 - SSDuoE1 & SSDuoE2 SSDuoE1 and SSDuoE2 are Windows services that work with the SScanner to check messages. These two services create redundancy. Only one of the two Duo services are necessary, so a failure of either engine will not impact spam and virus processing. These engines use both the Community approach (Cloudmark) to blocking spam and the Sender Reputation approach (CommTouch), providing 99.44% block rates. They also perform anti-virus checks with Norman anti-virus against all attachments. The anti-virus feature is an option. It is not required.
  • 12. 5- SpamSentinel Monitor The SpamSentinel Monitor (SSMon) Domino task ensures all components are running cleanly and correctly. The components it will start are: SScanner, SSRouter, SSMgr, SSDuoE1, SSDuoE2, and SpamSentinel Reporter The Monitor will alert MayFlower if there is any problem. The Monitor now does the anti-virus downloads in the background, transparently.
  • 13. What it looks like… SSMonitor Common Log Entries 05/28/2008 04:23:37 PM SSMonitor: Initializing version 05/28/2008 04:23:37 PM SSMonitor: Reading administration database LOCAL:SpamSentinel/SpamSentinelAdmin.nsf. 05/28/2008 04:23:37 PM SSMonitor: Reading configuration document for CN=XIMILE/O=CORP 05/28/2008 04:23:39 PM SSMonitor: Check-in log sent to MayFlower. 05/28/2008 04:23:40 PM SSMonitor: Anti-virus definitions are up to date. 05/28/2008 04:23:40 PM SSMonitor: version started 05/28/2008 04:23:41 PM SSMonitor: Waiting for SpamSentinel engines to start... 05/28/2008 04:23:42 PM SSMonitor: Started service SScanner1 05/28/2008 04:23:42 PM SScanner: Check-in log sent to MayFlower. 05/28/2008 04:23:42 PM SSMonitor: Started service SpamSentinel Reporter > load ssmon
  • 14. What it looks like… SSMonitor Anti Virus Definition Update 01/16/2008 11:58:31 AM SSMonitor: Downloading anti-virus update file. 01/16/2008 12:00:47 PM SSMonitor: Anti-virus update file received successfully. 01/16/2008 12:00:48 PM SSMonitor: Applying anti-virus update. Stopping SpamSentinel services. 01/16/2008 12:00:48 PM SScanner: Paused for 10 minutes. Anti-virus update in progress. 01/16/2008 12:02:34 PM SSMonitor: Stopped service SpamSentinelE1 01/16/2008 12:02:41 PM SSMonitor: Stopped service SpamSentinelE2 01/16/2008 12:02:41 PM SSMonitor: Copying files from C:NORMANNsebin to C:NORMANNsebinUpdates 01/16/2008 12:02:41 PM SSMonitor: Updated anti-virus file C:NORMANNsebinNvcbin.def 01/16/2008 12:02:42 PM SSMonitor: Anti-virus updates applied. Starting SpamSentinel services. 01/16/2008 12:02:42 PM SSMonitor: Restarting SpamSentinel Duo Engines. 01/16/2008 12:02:42 PM SSMonitor: Started service SpamSentinelE1 01/16/2008 12:02:43 PM SSMonitor: Started service SpamSentinelE2 01/16/2008 12:03:03 PM SScanner: Resumed 01/16/2008 12:03:04 PM SSMonitor: Anti-virus update complete.
  • 15. 6 – SpamSentinel Updater The SpamSentinel Updater (SSMgr) is a key Domino task to Auto-Update SpamSentinel software. SSMgr contacts our Data Center ( for new updates and patches and fixes and installs them. Ensures that you have the latest engine and templates Minimizes Administrative Effort and can be scheduled to meet your needs > ‘tell ssmgr update’ 05/16/2008 01:08:59 PM SSMgr: Checking for new updates
  • 16. SpamSentinel Update Usage MayFlower controls what is updated and when by default. Requests for updates are available by contacting us. We regularly release updates as-needed in the case of an error condition, or, in batches of 25 to 50 servers on average for major releases daily. If you have not opted out of auto-updates you are eligible to be updated at any time. You control the frequency which available updates are checked.
  • 17. 7 - End User Reporting Using the End User Report is optional and the administrator can choose who gets the report and who does not. By default, the End User Report shows Spam-B and Spam-C including Sender, Subject, Date/Time. The End User Report allows users to click on document links to review messages quarantined more closely. The End User can release, forward, or privately whitelist senders and/or domains without calling the Help Desk. (Optional) Spam-B and/or Spam-C can be routed to the user’s Junk Mail folder. End User reports can be customized in many ways.
  • 18. End User Report Example
  • 19. End User View of a message in Quarantine
  • 20. Anti-Virus Anti-virus is an additional license fee We use Norman Data Defense Systems anti-virus software ( Be sure to exclude the NormanAvscan directory from any file system anti-virus software. Windows Domino servers can use SpamSentinel's Anti- virus in addition to any other third-party anti-virus. SpamSentinel anti-virus checks only inbound, outbound, and (optionally) Notes-to-Notes mail.
  • 21. Show Tasks … Database Server Process Monitor SpamSentinelScanner v7.5.3.0 - Blocking spam and viruses SpamSentinelMonitor v2.5.1.7 - Monitoring all SpamSentinel components SpamSentinelRouter v2.5.2.7 - Mail: 1 Spam-D: 1 Spam-C: 0 Spam-B: 0 SpamSentinel Update v2.5.0.8- Loads the latest SpamSentinel updates LDAP Server Listen for connect requests on TCP Port: 389 … > show tasks
  • 22. Checking in to Available to Windows Domino servers. SpamSentinel Monitor (SSMon) will restart components in the case of errors. Each component checks in to our server during startup and shutdown and in the case of errors. Our staff is constantly refining our ability to respond to errors, often before a customer is aware that an error condition exists.
  • 23. Check-in Entries in Log.nsf > load ssmon 01/16/2008 11:58:18 AM SSMonitor: Check-in log sent to MayFlower. 01/16/2008 11:58:19 AM SScanner: Check-in log sent to MayFlower. 01/16/2008 11:58:28 AM SSMonitor: Initializing version 01/16/2008 11:58:29 AM SSMonitor: Check-in log sent to MayFlower. 01/16/2008 11:58:34 AM SScanner: Check-in log sent to MayFlower. > tell ssmon quit
  • 24. Maysoft Monitoring DB
  • 25. Monitoring SpamSentinel Customer Checkin Status
  • 26. SpamSentinel Admin Database Contains all settings Dashboard utility shows current statistics and information Whitelists and Blacklists (Senders and Domains) Quarantine settings (Auto-Delete, SMTP Silent Delete, etc.)
  • 27. SpamSentinel Dashboard
  • 28. SpamSentinel Quarantines Perimeter Quarantines accept mail from SSRouter directly. The mail router is not used. Mail-In Quarantines accept mail from the mail router. Perimeter Quarantines are created on demand by SSRouter as needed. Mail-In Quarantines are not created on demand.
  • 29. Internet SMTP Listener SSInterceptor SPAM Good Mail Spam B Spam C Spam D Mailuser.nsf Inbox = Good Mail Mailuser.nsf Inbox = SPAM Domino Default Inbox = Good Mail SpamSentinel Junk Mail = Spam B
  • 30. Additional Implementations of SpamSentinel Linux, AS400, and Solaris are also supported with a Windows PC installed with a Lotus Notes client that remains on 24/7. Software runs on the client machine and checks mail in We use a mail rule (Domino 6 and greater) to hold mail for processing. Uses a separate installer found at the bottom of
  • 31. Backscatter Prevention For all licensed users of SpamSentinel, the Scanner checks for backscatter. Stops between 80%-90% of Backscatter. It deletes backscatter during the SMTP session. Backscatter prevention does not generate non-Delivery reports, or reject messages, as that would just add to the Backscatter problem. We offer a version for non-SpamSentinel users called: SpamSentinel NoBS (No Backscatter) in the form of a nobs.dll interceptor. The separate NoBS product has No license fees and No expiration date (and no support - except via email on a best efforts basis). Both versions compatible with all Lotus Domino Anti-Virus products.
  • 32. Support Resources For a 30 day trial email Mobile phone numbers Vaughan Rivett Email: +64 21 206 2500 sales@rivettassocia For more information Skype id: Search for vrivett “Vaughan Rivett’s Blog”
  • 33. SpamSentinel Technical Briefing Completely Rebuilt for the Best Spam and Virus Protection for Domino Servers It Just Works