SpamCheetah is the spam control technique from Gayatri Hitech. SpamCheetah
achieves spam control by way of employing an SMTP proxy which invokes
various virus scanning, spam control and other header checks to enforce
standards compliance and to combat the evil of Internet spam.
In so doing SpamCheetah also implements several other features that an e-mail
security gateway product offers in the market. It also comes with rich
documentation inline which can be invoked by clicking at the swimming ring
icon given at the top which gives page level help as well as panel level help given
by the little info icon provided at the top right corner of each panel.
This document serves as a detailed technical manual without being too verbose
as the purpose of the product is to make things easy and less laborious. So this
document is also purposely kept short and to the point.
E-mail server level spam control is one of the most challenging problems faced
by IT systems administrators as well as business owners since nobody likes to
see unwanted commercial e-mail in the UCE an UBE category in their mailboxes.
To combat the evolving threat of Internet spam SpamCheetah resorts to several
techniques including Vipul's razor, ClamAV virus scanning, Bayesian probability
based statistical filtering and allied techniques.
SpamCheetah also implements firewall level network denial of service
protection against DdoS attacks which is a common form of spam sending in
which the mail server protected by SpamCheetah never sees the full TCP
connection but the half open TCP connections tend to slow down your network.
By implementing protection against botnets we can ignore mails originating
from known Bogons and other sources of spam.
SpamCheetah in addition to stopping spam and viruses also gives additional
facilities in dropping mails from certain senders, to certain recipients, mails that
contain a certain pattern etc. You can also inspect a quarantine database from
time to time to feed spam to the internal database of SpamCheetah in order to
improve its spam detection accuracy and also to guard yourself against false
Typically quarantine mailers are sent weekly or daily depending upon the
administrator's preference but individual users can also access their web
interface and tune this parameter. SpamCheetah also gives a user web interface
using which users can clear their quarantine from time to time. There is also a
quarantine expiry period when all mails in the quarantine are automatically
All of the configurations in SpamCheetah are performed using a web panel
provided not only for setting things up but also for monitoring, tuning and
performing maintenance tasks.
This document shall therefore focus mainly on the web panel since everything in
SpamCheetah is done using the web panel although the nCurses based interface
is used to configure the IP address, network mask and gateway before the web
panel can be used for further configuration.
You also install SpamCheetah from the LiveCD medium using nCurses. But after
you boot off the hard disk SpamCheetah performs all its functions using the web
Here is the login screen provided by SpamCheetah on accessing the URL given by
the nCurses display.
Once the administrator logins with the username admin and password as
provided by the nCurses UI, the user gets to see the dashboard as given below.
After the dashboard is loaded you can view the vital parameters of the
machine/VM in which SpamCheetah is running. This is updated every minute
automatically by the browser.
After that you are supposed to click at the “Base Setup” -> “Installation” menu
item which throws up the screen as given below.
Using this screen you can modify the IP address or network mask or gateway if
desired and also setup SpamCheetah to perform e-mail proxying using the
parameters given in the panels below in the same screen.
You can give the mail server's IP address and domain here. The moment you
specify that the installation of SpamCheetah in your network is complete.
After that you may add valid users for quarantine mailing by clicking at the next
menu item “Base Install” -> “Valid user table”.
It looks like this.
You can either add valid users for SpamCheetah one by one or by importing a
text file in the format
in each line.
You can also inspect the quarantine user and password creation in
SpamCheetah's database by logging out of SpamCheetah admin view and by
attempting a login to SpamCheetah quarantine view.
The quarantine view looks like this.
Now you can go back to the admin view by logging out and logging in as admin
again. You can set the admin password by clicking at the top right corner of
the page to change admin password. Please do this as quickly as you can since
the default password set by SpamCheetah should be changed quickly in order to
The next screen is the Licensing menu item which shows you the details about
the license status of SpamCheetah. This is the screen you have to use for loading
the license file after purchase of SpamCheetah.
Then you have the Time menu in which you can change the time manually or set
the time zone according to your geographical location.
The SMTP Controls menu item comes next. Here you can test against an LDAP
server for importing users from LDAP into the valid user table.
You can also specify the extra RFC compliance checks and other checks to further
tighten SpamCheetah's spam detection methods.
The mail server to domain mapping can be defined here to relay mails for
domains served by SpamCheetah's mail server.
The screen looks like this.
Next in line is the Rate controls menu. You can perform some firewall level mail
rate limiting using this page. You can also tweak the TCP state machine for some
low level manipulations but these changes can cause trouble if values are off.
SpamCheetah comes with some protection against TCP level attacks which can
be mitigated by these settings. The page shows up like this.
Then you have the Notifications menu item. You can set e-mail
notifications/alerts sent on virus sending/receiving, attachment blocking etc.
You can also globally control the enabling and disabling of notification feature.
The page looks like this.
You then have the E-mail disclaimers page. Using this feature you can set a
mail footer for every mail transiting SpamCheetah. You could enforce corporate
policy this way. You can also set exception Mail Ids for those special mail users
that should not have this feature enabled.
You could also globally enable and disable disclaimer sending.
Then you have to click at “Quarantine” -> “View/Manage quarantine” menu
item. This page shows the list of all quarantined mails stored within the
SpamCheetah's quarantine database.
You can perform some bulk actions on them by selecting all and deleting,
releasing or training for spam.
The page looks like this.
Then you have the Search quarantine menu item. A separate page is provided
for this for clarity.
You can just inspect the quarantine and optionally export the whole database in
MS Excel, PDF or HTML formats.
The page looks like this.
You can configure the quarantine mailer frequency and set user specific
quarantine frequencies that are over ridden by the global setting. You can also
configure the username and mail ID under which the quarantine mailer will
The screen Quarantine settings looks like this.
You can then access the Feed spam menu. This is a very simple menu item
using which users can feed spam back to SpamCheetah to tune the spam
filtering subsystem in SpamCheetah. You can save the mail content to a text file
and load it using the file upload menu.
The filtering policy menu item looks like this. Using this menu we can set
therefore global defaults for SpamCheetah to pass, quarantine or reject virus
mails, spams and banned attachments.
Now we move on to the “System internals” -> “Mail arrival” screen.
You can view the mail traffic patterns live as well as a bar graph display of the
mail load handled by SpamCheetah. There is nothing to configure here as it is a
read only display which looks like this.
Then we have the
longest screen in
feature rich “System
item. This gives a
very deep insight
into the inner
SpamCheetah as well
information on spam
statistics of interest
in a graphical display
as well as give you
tools to ping, trace
route, figure out the
MX record, do a load
test on a mail server
and so on.
The screen looks like
You can view the live SMTP handshake using the SMTP handshake menu.
You can view the SMTP proxying done by SpamCheetah, spams getting rejected,
mails passing thro' if you observe this screen for a while.
Next we have the Graphs menu. This shows the time series data of the spam
ratios, mails received by month, by year and also by hour.
You then have the reporting screen in which all the vital statistics of interest are
shown in a tabular form.
This is also a view only screen.
Following that you have the Mail history menu. Here you get to see all the mails
that SpamCheetah passed without rejecting as spam and without quarantining
them. You can run queries and also also export to MS Excel, PDF or HTML.
Then you have the SMTP Proxy Logs menu. You can download the Proxy logs in
full for offline viewing here. All the subsequent menus after this are for later log
Here is the screenshot.
Then you have the SMTP log which contains only the SMTP handshake log which
most industry standard mail servers give out for figuring out mail issues with
the SMTP protocol.
Then you have the Web logs which shows the screens clicked by the admin for
editing SpamCheetah.This can be useful for figuring out which configuration
screens were accessed in case you make some mistake.
It looks like this.
You can also optionally download the Syslogs from the Syslogs menu. This is the
UNIX syslogs which give you information about the appliance as a whole.
Then you have the Engines -> Virus Engines menu. You can view statistics
related to the virus filtering subsystem of SpamCheetah.
You then have the Updates menu. Using this screen you can upgrade
SpamCheetah when new releases are made depending on license validity.
Then you have the Mail control menu. This is a very impotant menu item since
you can do some very sophisticated mail filtering using this menu.
Then you have the Monitor SpamCheetah menu item. Using this you can raise
alerts on various conditions and have SpamCheetah send you mails on extra CPU
use, swap use etc.
Then you have the Console -> Web Interface settings menu. Using this menu
you can set the theme of SpamCheetah UI, upload your logo and also reset all
configuration values to default values should something go wrong.
Next you have the Backup menu item. You can take rsnapshot incremental
backups and backup of the internal databases and restore manually if needed.
Then you have the OS ghosting menu. Instead of a part by part backup you can
completely “ghost” the SpamCheetah appliance using this menu by uploading to
an FTP server either using anonymous FTP or by using a username and
You can also configure hosts for UDP syslog server to upload the various logs
exported by SpamCheetah. Make sure they are in the same LAN.
You can than configure some of the SNMP parameters for the SNMP agent
running within SpamCheetah.
You then have the Shutdown menu item using which you can turn down
SpamCheetah or reboot if for maintenance purposes. Remember that
SpamCheetah is a highly critical component of your network mail infrastructure
and if you wish to shutdown we recommend that you cluster SpamCheetah and
leave at least one instance running.
You can view the SNMP parameters exported by SpamCheetah using a local
SNMP manager running inside SpamCheetah.
Then you have the countrywise view to figure out which countries are sending
mail to the domains protected by SpamCheetah.
The top 50 countries originating mail are shown in a choropleth view in which
the dark green tones stand for countries sending you more mails than the others
shown in lighter tones. The numbers and percentages are also shown in the table
Finally you have the Cluster -> clustering menu using which you can trivially
setup SpamCheetah clustering for 100% uptime guarantee and also for load
sharing using a separate node to redirect traffic in front of SpamCheetah.
You will have to setup a CARP virtual IP address and a VHID parameter which
you can leave unchanged in case you have only one cluster in your network.
SpamCheetah is a very versatile spam control product with easy clustering
ability and a very attractive price tag.
You also have user quarantine web panels as well as quarantine mailers sent to
each of the users for managing their own quarantine.
Gayatri Hitech provides very good quality support by phone, e-mail or chat.