Navigation:  Exchange Server Toolbox > FAQ >

Spam-Filter

 Previous pageReturn to chapter overviewNext page

Q: Too many spams get through after receiving a bulk of mails. What can I do against it?

A:  Spam occurs often in bulk.
In this case the Exchange Server receives up to several hundreds of spam in the same time.
The Exchange Server 2003 processes incoming emails sequentially, so that the "Queue" increases drastically. Further incoming mails will be processed with delays.
On the contrary the Exchange Server 2007/2010 processes incoming mails in parallel. The SpamAssassin Daemon (SpamD), which is used in Exchange Server Toolbox, needs more time for processing a huge amount of incoming mails. But the time for the Exchange Server Toolbox Agent for processing mails is limited by the Exchange Server.
For handling a huge amount of incoming mails you can change three different settings:
 1.) Enable "Receive Filter":
         You can find instruction under FAQ: Exchange Server ->How can I enable "Receive Filter"?
 2.) Increasing performance of "SpamD":
         If the "Receive Filter" don't suffice, you may want to increase the number of parallel processes, SpamAssassin uses to identify spam mail.
         Please notice, that this will also increase the amount of RAM that is used by SpamAssassin, so please make sure your system does have enough free memory space.
         To increase the performance you have to change the registry values described as follows:
         Open the Windows registry and locate the following path:
                 HKEY_LOCAL_MACHINE\SOFTWARE\JAM Software\spamdservice
         or when using a 64-bit system:
                 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JAM Software\spamdservice
         Look for the following registry values and change them to a appropriate value:
                 --max-spare=3            --> 5    (number of minimum SpamAssassin instance)
                 --max-children=10        --> 15    (number of maximum SpamAssassin instance)
 3.) Limit Receive Connector Connection:
         Is described in FAQ: Exchange Server -> How can I limit the receive connections?

Q: Do I need to open any ports for the integrated SpamAssassin?

A: Yes,  the integrated SpamAssassin does not only use RBL which need ICMP for requesting, you also need to open TCP Port 7 and TCP Port 2703 to make SpamAssassin able to use Razor2.
Otherwise spam scans may last longer than one minute or you need to disable Razor2:
 - Create a cf file like "XMySettings.cf" (text files) and put "RAZOR2_CHECK 0" in it.
 - Put this file in "C:\Program Files\Common Files\JAM Software\SpamAssassin\etc\spamassassin\"

Q: I get an error message of an access violation in spamd.exe and then SpamAssassin some times is not available any longer. How do I get rid of this?

A: This error message does only occur when a "real" JIT debugger like "vsjitdebugger.exe" from Visual Studio is installed. It is never recommended to have such an JIT debugger running on a productive system!
The JIT debugger will attach to any process causing an unhandled exception and ask for debugging. So spamd.exe will be paused/blocked. Please de-register any JIT debugger from your system or exclude spamd.exe if possible.
For de-registering you need to clear the following registry entry:
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]        "Debugger"=""
 
on x64bit systems additionally:
 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug]      "Debugger"=""

Q: Where should I put my own SpamAssassin rule file, if I want to backup it automatically?

A: when adding custom SpamAssassin rules file put it into C:\Program Files\Common Files\JAM Software\SpamAssassin\etc\spamassassin and rename it X<myfile>.cf then it will be in backup too.

Q: Will the engine of ClamAV and SpamAssassin be updated?

A: Yes. The "Engines" of integrated ClamAV and SpamAssassin will be updated with our products. The signature of ClamAV will be updated automatically from the public ClamAV signature database several times per day, independent from the update of Exchange Server Toolbox. The rule set of SpamAssassin will be updated automatically every three days. You can specify the SpamAssassin rule update interval in the registry setting called "SaUpdateIntervalInDays", see part 2) of the first FAQ entry how to locate the registry setting.