[SPAM]Fighting Spam

Spam is unsolicited mass spread message. Text spam itself is not dangerous. Newer spam in HTML form may contain some return channels to identify validity of recepient's address. Spams are omnipresent, it is reported that up to 90% of delivered mail is spam.

E-mail servers on FIT and FEEC use several effective tools to filter out unsolicited e-mails:

  1. E-mails are accepted from servers properly registered in DNS (both direct and reverse record are required). If you epxerience a problem please let us know - wrongly registered servers may be added to whitelist.
  2. Mail server has to identify itself using legal name in SMTP HELO/EHLO command. Server is rejected if pretends to be in BUT domain, uses illegal nam (e.g. loclahost) or name without domain. This step is ommited in aces of authenticated connections (submitting messages from clients).
  3. Connection from servers known to be source of spam is rejected based on on-line lists:
  4. All messages are scanned with Clamav antivirus system. All infected mails are discarded. Clamav also detects phishing attemtps.
  5. Spam detector SpamAssassin checks all messages. E-mails with lower spam level is marked with a header and deliverd, spams with high level (over 10) are discarded.

SpamAssassin

SpamAssassin is installed on servers KAZI, EVA, BOCO and FEST. Using SpamAssassin depends on user. If you wish you may configure SpamAssassin and use it. Detailed documentation is on Web - just follow instructions for procmail user settings.

Example .procmailrc for those who do not bother reading documentation:


#
:0:
* ^X-Quarantined-By: .*vutbr.cz
mail/virus

:0fw
* < 65536
| spamassassin

:0:
* ^X-Spam-Status: Yes
mail/probably-spam

Comments (for syntax details see man procmailrc and man procmailex):
  1. The first rule moves all infected mails into mail/virus mailbox. Infected messages are recognized by special header included by mail server at BUT.
  2. The second rule filters messages smaller then 64KB using spamassassin. You are strongly encureade NOT to filter larger messages since big messages are usually not SPAMs and filtering huge messages is very time-consuming for the server. Spamassassin adds message headers X-Spam-Level and X-Spam-Status. X-Spam-Level header indicates SPAM level with number of stars. X-Spam-Status contains word 'Yes' if the predefined level is exceeded (default 7.0), otherwise the word is 'No'. This header contains number indicating test result and the list of identified SPAM flags. THe message with added headers is processed by following rules (flag :0fw). If there are none the message is stored in incoming mailbox with added headers. Example:
    X-Spam-Status: Yes, hits=20.0 required=7.0
    	tests=ALL_CAPS_HEADER,CALL_FREE,DATE_IN_PAST_24_48,
                  DRASTIC_REDUCED,FROM_HAS_MIXED_NUMS,HOME_EMPLOYMENT,
                  INVALID_DATE,INVALID_MSGID,LINES_OF_YELLING,
    	      MSGID_HAS_NO_AT,NO_REAL_NAME,ONCE_IN_LIFETIME,
    	      RAZOR2_CHECK,RCVD_IN_OSIRUSOFT_COM,REMOVE_SUBJ,
    	      SMTPD_IN_RCVD,SPAM_PHRASE_21_34,UNDISC_RECIPS,
    	      X_OSIRU_DUL,X_OSIRU_DUL_FH
    	version=2.43
    X-Spam-Level: ********************
    
  3. If procmail finds a message with X-Spam-Status header containing 'Yes' the message is moved to special mailbox 'probably-spam' in direcotry $HOME/mail (the name of mailbox may be changed but do not discard such messages automaticaly since even innocent message may be marked as SPAM sometimes).
After editing .procmailrc do check everything works fine (sned a message to yourself, verify it is delivered etc.).

Standard rules for evaluating SPAM level of messages are stored in directory /usr/share/spamassasin/*.cf, any local additions in /etc/mail/spamassasin/*.cf. User setting is read from file $HOME/.spamassassin/user_prefs (it is cerated during the first run) where you can set:

required_hits 5
Level of point value to mark message as SPAM
rewrite_subject 1
Insert string '*******SPAM*********' into Subject header, if evaluated as SPAM (on by default, should be set to 0 when filtering SPAMs to special mailbox).

Procmail

Procmail is a delivery program in use on all mail server of FIT and FEEC. Delivery is controlled by $HOME/.procmailrc file. Procmail can filter messages using any other programs, store them in different mailboxes or forward to other addresses. The description can be read in man procmailrc and examples in man procmailex. When using procmail for forwarding messages do not forget to include condition * !^FROM_MAILER to appropriate rule:
:0
* !^FROM_MAILER			# do not forward errors
* < 1000			# only small messages to mobile phone
! petr.novak@sms.oscar.cz
This rule ensures no messages from daemons are forwarded (messages originated at mail server, from users like postmaster, daemon, mmdf, uucp and many more). If you omit this rule infinite mail loop may be created: if destination mailbox is full the message is rejected, error message is forwarded again to blocked mailbox and new error message is generated...

How to deal with SPAM

  • Do not waste your tim reading SPAM. If a message is labeled as a SPAM level 15 by SpamAssassin you may bu sure there is no usefull information inside and the message may be deleted immediately.
  • Do not be tempted to reply or click on Unsubscribe link. Hardly any sneder will remove your address although obliged by law. By reply or attempt to unsubscribe you provide precious information you really read mail sent to your address and you may receive even more SPAM.
  • Do not supply your e-mail address when you are not sure it will be treated properly (special offers like "win just for registration" etc.).

Your IPv4 address: 54.80.140.5
Switch to IPv6 connection

DNSSEC [dnssec]