[SPAM]Fighting Spam

Spam is unsolicited mass spread message. Text spam itself is not dangerous. Newer spam in HTML form may contain some return channels to identify validity of recipient's address. Spams are omnipresent, it is reported that up to 90% of delivered mail is spam.

E-mail servers on FIT and FEEC use several effective tools to filter out unsolicited e-mails:

  1. E-mails are accepted from servers properly registered in DNS (both direct and reverse record are required). If you experience a problem please let us know - wrongly registered servers may be added to whitelist.
  2. Mail server has to identify itself using legal name in SMTP HELO/EHLO command. Server is rejected if pretends to be in BUT domain, uses illegal name (e.g. loclahost) or name without domain. This step is omitted in aces of authenticated connections (submitting messages from clients).
  3. Connection from servers known to be source of spam is rejected based on on-line lists:
  4. All messages are scanned with Clamav antivirus system. All infected mails are discarded. Clamav also detects phishing attemtps.
  5. Spam detector SpamAssassin checks all messages. E-mails with lower spam level is marked with a header and delivered, spams with high level (over 10) are discarded.

SpamAssassin

SpamAssassin is installed on servers KAZI, EVA, GUTA, KOS and FEST. Using SpamAssassin depends on user. If you wish you may configure SpamAssassin and use it. Detailed documentation is on Web - just follow instructions for procmail user settings.

Example .procmailrc for those who do not bother reading documentation:


:0:
* ^X-Spam-Status: Yes
mail/probably-spam

Spamassassin adds the X-Spam-Status header to the letter. The X-Spam-Status header contains the first word 'Yes' if the spam rating exceeds the default value (default 7.0), otherwise the first word 'No' is the first word. In addition, this heading lists the numeric rating and the list of spam flags found. Example:
X-Spam-Status: Yes, hits=20.0 required=7.0
	tests=ALL_CAPS_HEADER,CALL_FREE,DATE_IN_PAST_24_48,
              DRASTIC_REDUCED,FROM_HAS_MIXED_NUMS,HOME_EMPLOYMENT,
              INVALID_DATE,INVALID_MSGID,LINES_OF_YELLING,
	      MSGID_HAS_NO_AT,NO_REAL_NAME,ONCE_IN_LIFETIME,
	      RAZOR2_CHECK,RCVD_IN_OSIRUSOFT_COM,REMOVE_SUBJ,
	      SMTPD_IN_RCVD,SPAM_PHRASE_21_34,UNDISC_RECIPS,
	      X_OSIRU_DUL,X_OSIRU_DUL_FH
	version=2.43
X-Spam-Level: ********************
  • If procmail finds a message with X-Spam-Status header containing 'Yes' the message is moved to special mailbox 'probably-spam' in directory $HOME/mail (the name of mailbox may be changed but do not discard such messages automatically since even innocent message may be marked as SPAM sometimes). After editing .procmailrc do check everything works fine (send a message to yourself, verify it is delivered etc.).

    Standard rules for evaluating SPAM level of messages are stored in directory /var/db/spamassassin/. User setting is read from file $HOME/.spamassassin/user_prefs (it is created during the first run) where you can set:

    required_hits 5
    Level of point value to mark message as SPAM
    rewrite_subject 1
    Insert string '*******SPAM*********' into Subject header, if evaluated as SPAM (on by default, should be set to 0 when filtering SPAMs to special mailbox).

    Procmail

    Procmail is a delivery program in use on all mail server of FIT and FEEC. Delivery is controlled by $HOME/.procmailrc file. Procmail can filter messages using any other programs, store them in different mailboxes or forward to other addresses. The description can be read in man procmailrc and examples in man procmailex. When using procmail for forwarding messages do not forget to include condition * !^FROM_MAILER to appropriate rule:
    :0
    * !^FROM_MAILER			# do not forward errors
    * < 1000			# only small messages to mobile phone
    ! petr.novak@sms.oscar.cz
    
    This rule ensures no messages from daemons are forwarded (messages originated at mail server, from users like postmaster, daemon, mmdf, uucp and many more). If you omit this rule infinite mail loop may be created: if destination mailbox is full the message is rejected, error message is forwarded again to blocked mailbox and new error message is generated...

    How to deal with SPAM

    • Do not waste your time reading SPAM. If a message is labeled as a SPAM level 15 by SpamAssassin you may be sure there is no useful information inside and the message may be deleted immediately.
    • Do not be tempted to reply or click on Unsubscribe link. Hardly any sender will remove your address although obliged by law. By reply or attempt to unsubscribe you provide precious information you really read mail sent to your address and you may receive even more SPAM.
    • Do not supply your e-mail address when you are not sure it will be treated properly (special offers like "win just for registration" etc.).
  • Your IPv4 address: 54.146.227.92
    Switch to https

    DNSSEC [dnssec]