How can I reduce SpamProfiler high false positive rates?


This article applies to:

  • Trustwave MailMarshal (SEG) versions 6.5 through 6.9

Question:

  • How can I reduce SpamProfiler high false positive rates?

Procedure:

The registry setting described below can help to reduce SpamProfiler false positives.

This setting is available in versions 6.5 through 6.9. The setting is enabled by default but you may need to add it if you upgraded from an earlier version.

Note: This setting is not available in later versions. IP information cannot be excluded from evaluation in version 7.0 and above.

This setting disables IP reputation checking in the SpamProfiler checks. Experience shows that the IP reputation check generates significantly more false positives than other parts of SpamProfiler.

  1. On the MailMarshal SMTP Array Manager Server, edit the registry.
  2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\MailMarshal\Default\Receiver
  3. Create a REG_MULTI_SZ registry value named AuthEngineConfig 
  4. In the Value Data field, enter: use ip information=no

    NOTE: If the key already exists, add the above data value on a new line.
  5. To apply the change, commit configuration and then restart the MailMarshal Receiver service on all email processing nodes.

Notes:

  • For additional information about minimizing false positives, see Trustwave Knowledgebase article Q12092.
  • As always, take due care when editing the Registry.

Last Modified 4/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle12699.aspx