Security

On the Security page, you can enable spam filters, antivirus scanning, or blacklist and whitelist to protect your Synology MailPlus Server and its clients.

Antispam

Set up spam filters and configure auto-learning to achieve accurate and flexible spam detection.

To enable the antispam engine:

Edit the general antispam settings for flexible spam control.

  1. Go to Antispam and tick Enable antispam engine.
  2. Click Update Settings to set a daily schedule to download the latest antispam rules. You can also click Manual Update to update immediately.
  3. Under Spam control, you can find the following options:
  4. Specify how long to keep spam messages in the Delete spam interval (days). Spam messages will be automatically deleted after the specified days.
  5. Save the settings to complete the basic configuration. Refer to the following section to create custom rules and filters.

To configure advanced antispam settings:

Create filters and define rules to customize your antispam engine.

  1. Go to Antispam.
  2. Under Spam control, click Custom Spam Filter to set up the following two kinds of filters:
  3. Also under Spam control, click Advanced to edit the following settings:
  4. Save the settings.

To enable automatic spam learning:

Train your MailPlus Server to better detect spam with specialized algorithms.

  1. Go to Antispam.
  2. Under Spam control, click Advanced > Auto learning.
  3. Enable Auto learning.
  4. Specify the following score settings:
  5. Tick Enable spam reporting to allow client users to report spam and false spam from Synology MailPlus or a third-party email client (e.g., Microsoft Outlook).
  6. Click Reported Spam to check all the reported spam and false spam and manage them as follows:
  7. Tick Set daily schedule for learning reported spam to schedule the learning activities.
  8. Save the settings.

Note:

To enable DNSBL:

DNSBL (DNS-based Blackhole List) helps filter out spam published through the Internet Domain Name Service (DNS) based on the IP addresses of computers or networks.

  1. Go to Antispam.
  2. Under DNSBL, tick Enable postscreen protection against spam.
  3. Click DNSBL Settings to manage the server list.
  4. Save the settings.

To enable the greylist function:

When there is a new message, the system will check if there are records of the same IP address, sender, or recipient. If no records are found, the message will be considered suspicious, and an error message will be sent to its sender, requesting the sender to send the message again later. Generally, ordinary senders will try to send messages again at a later time, while most spam senders will just give up sending. The greylist function blocks spam based on different reactions of the two.

  1. Go to Antispam.
  2. Under Greylist, tick Enable greylist to enhance spam detection by temporarily rejecting suspicious incoming mails.
  3. Click Greylist Settings to apply different actions to messages from different IP addresses or domains.
  4. Click Create.
  5. Specify the rule criteria:
  6. Select an action:
  7. Click Settings to edit the default action and the greylist time period.
  8. Save the settings.

Note:

Antivirus

Run an antivirus engine to scan all incoming and outgoing messages for viruses. When a message is found infected, the system will delete or quarantine the message and send notifications to the related recipients.

To enable the antivirus engine:

  1. Go to Antivirus.
  2. Tick Enable antivirus engine.
  3. Select either of the following antivirus engines:
  4. Click Update Settings to set a daily schedule to update the virus definitions. You can also click Manual Update to update immediately.
  5. When ClamAV is selected as the antivirus engine, consider the additional options below:
  6. Save the settings.

Note:

To manage infected messages:

When an infected message is detected, the system will react according to user-defined policies.

  1. Go to Antivirus.
  2. Choose what to do with an infected message from the Antivirus action menu:
  3. To mark infected messages, tick Add subject prefix to infected mail and specify the text that will appear on the message subject.
  4. To notify recipients of an infected message when it gets deleted or quarantined, tick Send notifications to recipients after deleting or quarantining viruses. Click Template Settings to define the notification content.
  5. Save the settings.

Authentication

Apply authentication mechanisms to validate inbound emails and reduce spam. With authentication enabled, an inbound email needs to go through all the verification processes. When the user opens an email that does not pass the verification, a warning message will pop up to remind the user of the suspicious email.

To enable SPF verification:

  1. Go to Authentication.
  2. Tick Enable SPF verification to verify the sender identity and detect forged sender addresses.
  3. Tick Reject SPF softfail to reject emails with softfail verification results.
  4. Save the settings.

To enable DKIM verification:

  1. Go to Authentication.
  2. Tick Enable DKIM verification on inbound emails to check for a valid DKIM signature on incoming emails. Emails rejected by DKIM will be moved to the Spam folder of the MailPlus client, and a warning message will pop up when users open such emails.
  3. Under Minimum key length for DKIM verification, select a value from the drop-down menu. Emails with DKIM keys shorter than the set value will be rejected. Lowering the value will allow emails with shorter keys to pass the verification. Thus, we recommend setting a longer key length so that emails from less secure domains with shorter keys cannot pass the verification.
  4. Save the settings.

To enable DKIM signing and create a DKIM whitelist:

  1. Go to Domain and double-click the domain in use.
  2. At the General tab, click Advanced.
  3. Tick Enable DKIM signing on outbound emails, so that all the emails from the domain will carry a DKIM signature.
  4. Go to Security > Authentication > DKIM and click Whitelist to add an internal host or subnet to the whitelist. Outbound emails sent from the specified source via Synology MailPlus, a third-party email client, or the terminal will all carry a DKIM signature.
  5. Save the settings.

To enable DMARC:

  1. Go to Authentication.
  2. Tick Enable DMARC to validate the senders' email domains. Emails quarantined by DMARC will be moved to the Spam folder of the MailPlus client, and a warning message will pop up when users open such emails.
  3. Update your DNS records using a TXT record, so that your outbound emails will be able to pass DMARC authentication of other email servers. The TXT record should be added as follows:

Content Scan

Configure the system to scan messages for potentially dangerous content.

To scan emails for dangerous content:

  1. Go to Content Scan.
  2. Tick Enable dangerous content scan.
  3. Enable the desired options below:
  4. Save the settings.