This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Setting Up Anti-Spam

This Article Applies to:

  • Avast Business CloudCare

IMPORTANT: ESS and ShadowProtect have been officially retired. If you have not yet moved away from these services, please do so immediately to avoid encountering any disruption once they are completely turned off. For more information on CloudCare services discontinuation, see CloudCare Services EoL.

 

The AntiSpam component of CloudCare Email Security Services helps prevent spam, viruses, and email spoofing in your customer's email network.

Adding customer's domain to AntiSpam

Log in as a solution provider at https://cloudcare.avgcloud.net

If you would like to brand the login page, you can add /login?domain=example.com, replacing example.com with your domain.

Click on Customers, then New Customer

Enter a descriptive name for your customer

Enter the domain name(s) used for email by your customer, along with the corresponding delivery destinations for incoming mail sent to the domain(s), and set as the primary domain

Enter the IP address(es) of the trusted host(s), which should be the server(s) allowed to send mail through the AntiSpam server to remote addresses

Configuring Enterprise Properties and Default Settings

This section configures settings for all new users. In addition to the indicated defaults, we recommend the following settings:

  1. Under Messages to Unknown User Addresses, select Deny Delivery. This will block inbound messages to users not configured in AntiSpam
    1. If you do select this option, you will need to ensure you have all users added to AntiSpam, and can then disable security on those you don't want protected. Otherwise, mail may be lost.
  2. Under Manage Enterprise Options, select Add new users the first time they send an email. This eliminates the need to add any future users manually
  3. Under New User Security Settings
    • the default Security Mode is Content Filtering/Cautious, which blocks messages with spam scores higher than 90. If you find that this results in too many false negatives for a particular user, consider changing to Content Filtering/Optimized
    • select Spoofing Prevention. This setting blocks all mail sent to the customer's domain from the customer's domain, if it doesn't originate from the trusted host(s) or through SMTP Authentication, which eliminates spoofing
    • we do not recommend changing the default Quarantine Settings, as the links in the Daily Quarantine Summary do not require credentials to operate
  4. Under New User Message Format Options:
    • select Attach a Control Panel to provide users with a simple means of changing a sender's security settings. When Control Panels are on, we recommend sending a Welcome Message because links in the Control Panel require credentials to work
    • if your customer is not using Outlook, deselect Optimize Delivery for Microsoft Outlook

Creating users, aliases, and public distribution lists

There are three options for creating user accounts and importing email addresses, if you are not using the Add new users the first time they send an email option.

  • Automatic via LDAP Sync (Recommended): this method requires you configure LDAP by navigating to UsersLDAP Setup. By configuring LDAP sync, all changes made in Active Directory users will sync over to AntiSpam
  • Manual: for this method, navigate to UsersNew User. Enter the user's name, primary email address, alias addresses (if desired), and user type
  • Import as CSV: for this method, navigate to UsersImport Users, and upload the .csv file. Column 1 should be the customer's full name, column 2 should be the customer's primary email address, and all subsequent columns should be aliases, if any

Distribution Lists and Public Folders accessible from the Internet should be added as separate users; these users are omitted from billing only when LDAP is used.

Configuring the network

In order to properly secure the customer's domains, a few changes should be made.

  1. Modify the customer's MX record to point to:
    • mx1.avgcloud.net
    • mx2.avgcloud.net
    • The preference for both records should be the same, and no other MX records should be listed for your domain name.
  2. For customers using Microsoft Exchange, modify the SMTP server to route all outbound mail through the following smart host: outbound.avgcloud.net
  3. Allow the DNS to propagate for 72 hours. Additionally, create a firewall rule to deny all inbound SMTP connections except from the following Avast subnets:
    • 100.42.120.96/27 (255.255.255.224)
    • 100.42.115.0/27 (255.255.255.224)
    • 208.70.208.0/22 (255.255.252.0)
  4. If you are using the outbound filtering service and have a need for an SPF record on your domain, add the following to your domain's SPF: v=spf1 ip4:100.42.120.96/27 ip4:100.42.115.0/27 ip4:208.70.208.0/22 ~all

 

Other Articles In This Section:

Email Security Services Overview

Configuring LDAP

User Management

Configuring Unfiltered Users

SMTP Authentication in Anti-Spam

Setting Up ESS With Office 365

Rate Limiting

Closing Email Security Services Account

Related Articles:

Secure Internet Gateway (SIG) Overview

ShadowProtect Overview

Cloud Backup Overview