Web Server Configuration

Top  Previous  Next

During SpamFilter's installation, the installer provides an option to install an ASP-based sample web interface to access the quarantine area. This requires Microsoft IIS to be installed on a server, and the Active Server Pages extensions to be enabled.

 

The same sample ASP pages, along with a PHP version of the same application, is also available for download on our website.

 

The webserver does not need to communicate with the server where SpamFilter is installed on. The web server instead does need to connect to the database server. We recommend using an UDL file for the database connection in the ASP/PHP code, as you are able to place this file in a secure location on the webserver, outside the public web area, making it harder for intruders to gain access to it. The UDL file can contain the database password, so you will not have to store it in the web pages.

 

Configuration

The only item that needs to be configured in the web interface is the database connection. To proceed, simply edit the db_Connect.asp web page, and modify the line:

 

       UDLPath = "c:\EditThisPath\SpamFilter.udl"

 

to reflect the correct path to the UDL file on the webserver that is used to connect to the database. Sample UDL files for the various database platforms are located in the \SpamFilter\database installation directory.

 

 

User Authentication for Web Access to Quarantine

The sample ASP-based web interface provided allows users to self-register for the quarantine access. Users can enter their email address and a random password will be generated and emailed to them. They will then be able to login with their email address access their quarantine area.

 

 

Customizing User Authentication

An important part in using the web interface is choosing a way to authenticate users. We provide a tblLogins table in the database that can store a list of Email addresses and passwords. Our sample authenticate.asp and authenticate.php pages perform authentication based on that table. You can choose your own authentication schema and create your own pages to authenticate in other ways. At the end, ensure that the authenticated email address will be stored in a session variable.  The ListSpam and ResolveSpam pages list and deliver the emails belonging to the address stored in the session variable.

 

When an end user forces the delivery of a quarantined email to his mailbox, the sender of that email will be whitelisted so that the number of false-positives (good emails wrongly classified as spam) is reduced. The list of user-created entries is stored in the file AutoWhiteListForceDelivery.txt. The whitelisting is on a per-user basis, meaning that a sender is whitelisted only when he sends emails to that specific recipient. This will prevent a user mistakenly whitelisting a spammer, who could then send spam to all of your users.

 

The tblQuarantine has a Deliver field and an Expire field with default values of 0. Changing the Deliver field to 1 will cause SpamFilter to deliver that email within 10 seconds. Changing the Expire field to 1 will cause SpamFilter to erase that email from the database within 1 hour. The web pages simply update these two fields to deliver and delete the emails.

 

Limitations in the Evaluation version of SpamFilter

Note that in the free version of SpamFilter, the web interface will not deliver emails to the recipients!