GWAVA 4.5 on Linux
After moving GWAVA from a NetWare server to a Linux server, there is a significantly lower amount of spam. Is it possible that GWAVA is also blocking legitimate messages?
The answer to this problem depends on GWAVA's settings. GWAVA can be configured in a number of ways, all of which can have a different effect.
Follow these steps to narrow down whether GWAVA is blocking the proper messages:
1) Find out what scanning method is being used.
Log in to the GWAVA Management Cosole, and browse to Server/Scanner Management-> [Server Name]-> Manage Scanners-> [scanner]-> Scanning Configuration-> Antispam-> Heuristics.2) Check if Connection Dropping is enabled.
Click on 'Show Spam Scanner Settings.'
The signature method is not available on NetWare servers, and is a much more powerful and efficient way to scan for spam. The signature method uses global signatures, to create definitions of what is spam. Depending on how GWAVA was setup on the NetWare server, the signature method should significantly decrease the amount of spam received.
If another 'Score method' is selected, such as Score or Probability, then the 'thresholds' may be too high, and most messages are getting deleted. Adjusting the spam thresholds is a trial-by-error process, and it is recommended to use the Automatic setting for Antispam configuration mode.
In GWAVA Management Console, browse to Server/Scanner Management-> [Server Name]-> Manage Scanners-> [scanner]-> Scanning Configuration-> Antispam.3) Check the 'Exceptions' lists.
There are three scanning settings, under Antispam, that use 'Connection Dropping.' Connection Dropping can only be used on a SMTP scanner. RBL, IP Reputation, and SPF all use Connection Dropping, more information about Connection Dropping can be found here.
If any of these options have Connection Dropping enabled, then messages that trigger that event will have the connection terminated, and the message is no longer in process. These messages will not be quarantined and notifications will not be sent as well, so you will not see a large portion of the spam hitting your server.
In GWAVA Management Console, browse to Server/Scanner Management-> [server]-> Manage Scanners-> [scanner name]-> Exceptions.4) Check the filters.
Browse to, Server/Scanner Management-> [server]-> Manage Scanners-> Scanning Configuration.
Filters and exceptions such as these create a lot of problems, and it is highly recommended to have more specific addresses, like *@abcbank.com or even *@*.abcbank.com. These at least limit the actions being done, to one domain.
If all of these settings seem normal and you are concerned that legitimate mail is getting blocked, contact GWAVA support to check through the log files to verify whether legitimate senders are being blocked.
This article was originally published in the GWAVA knowledgebase as article ID 1816.