Faculty of Information Technology, BUT

Spam is unsolicited mass spread message. Text spam itself is not dangerous. Newer spam in HTML form may contain some return channels to identify validity of recipient's address. Spams are omnipresent, it is reported that up to 90% of delivered mail is spam.

E-mail servers on FIT and FEEC use several effective tools to filter out unsolicited e-mails:

  1. E-mails are accepted from servers properly registered in DNS (both direct and reverse record are required). If you experience a problem please let us know - wrongly registered servers may be added to whitelist.
  2. Mail server has to identify itself using legal name in SMTP HELO/EHLO command. Server is rejected if pretends to be in BUT domain, uses illegal name (e.g. loclahost) or name without domain. This step is omitted in aces of authenticated connections (submitting messages from clients).
  3. Connection from servers known to be source of spam is rejected based on on-line lists:
  4. All messages are scanned with Clamav antivirus system. All infected mails are discarded. Clamav also detects phishing attempts.
  5. Spam detector SpamAssassin checks all messages. E-mails with lower spam level is marked with a header and delivered, spams with high level (over 10) are discarded.

SpamAssassin

SpamAssassin is installed on servers KAZI, EVA, GUTA, KOS and FEST. Using SpamAssassin depends on user. If you wish you may configure SpamAssassin and use it. Detailed documentation is on Web - just follow instructions for procmail user settings.

Example .procmailrc for those who do not bother reading documentation:


# rule for procmailrc
:0:
* ^X-Spam-Status: Yes
mail/probably-spam

Spamassassin adds the X-Spam-Status header to the letter. The X-Spam-Status header contains the first word 'Yes' if the spam rating exceeds the default value (default 7.0), otherwise the first word 'No' is the first word. In addition, this heading lists the numeric rating and the list of spam flags found. Example:
X-Spam-Status: Yes, hits=20.0 required=7.0
	tests=ALL_CAPS_HEADER,CALL_FREE,DATE_IN_PAST_24_48,
              DRASTIC_REDUCED,FROM_HAS_MIXED_NUMS,HOME_EMPLOYMENT,
              INVALID_DATE,INVALID_MSGID,LINES_OF_YELLING,
	      MSGID_HAS_NO_AT,NO_REAL_NAME,ONCE_IN_LIFETIME,
	      RAZOR2_CHECK,RCVD_IN_OSIRUSOFT_COM,REMOVE_SUBJ,
	      SMTPD_IN_RCVD,SPAM_PHRASE_21_34,UNDISC_RECIPS,
	      X_OSIRU_DUL,X_OSIRU_DUL_FH
	version=2.43
X-Spam-Level: ********************
  • If procmail finds a message with X-Spam-Status header containing 'Yes' the message is moved to special mailbox 'probably-spam' in directory $HOME/mail (the name of mailbox may be changed but do not discard such messages automatically since even innocent message may be marked as SPAM sometimes). After editing .procmailrc do check everything works fine (send a message to yourself, verify it is delivered etc.).

    Standard rules for evaluating SPAM level of messages are stored in directory /var/db/spamassasin/. User setting is read from file $HOME/.spamassassin/user_prefs (it is created during the first run) where you can set:

    required_hits 5
    Level of point value to mark message as SPAM
    rewrite_subject 1
    Insert string '*******SPAM*********' into Subject header, if evaluated as SPAM (on by default, should be set to 0 when filtering SPAMs to special mailbox).

    Procmail

    Procmail is a delivery program in use on all mail server of FIT and FEEC. Delivery is controlled by $HOME/.procmailrc file. Procmail can filter messages using any other programs, store them in different mailboxes or forward to other addresses. The description can be read in man procmailrc and examples in man procmailex. When using procmail for forwarding messages do not forget to include condition * !^FROM_MAILER to appropriate rule:
    :0
    * !^FROM_MAILER			# do not forward errors
    * < 1000			# only small messages to mobile phone
    ! petr.novak@sms.oscar.cz
    
    This rule ensures no messages from daemons are forwarded (messages originated at mail server, from users like postmaster, daemon, mmdf, uucp and many more). If you omit this rule infinite mail loop may be created: if destination mailbox is full the message is rejected, error message is forwarded again to blocked mailbox and new error message is generated...

    How to deal with SPAM

    • Do not waste your time reading SPAM. If a message is labelled as a SPAM level 15 by SpamAssassin, it certainly does not contain any important information and you can immediately delete it.
    • Letters from bank, office, system administrator, etc. may be counterfeited. Before you choose to click on the URL in the email (login here to your account and change your password), verify the address from which the email was actually sent (see full email headings and how the email was relayed, if a letter from "České spořitelny" was sent from anonymous PC in Nigeria, it is better to drop it). Emails have two sets of headers, email client shows you the headers that the sender generates in their mail program and can set anything up there. Protocol headers (starting with the word Received:) are usually hidden (mutt displays them on the h key, Thunderbird on View / Headers / All).
    • Do not be tempted to reply or click on Unsubscribe link. The scarce percentage of senders actually discards your address from the distribution list (only 5% are really effective opt-out links according to the latest statistics). Most will evaluate your response or opt-out as a confirmation of the validity of your address, and will spam you even more, and possibly share it with other spammers (see offers for 15 million guaranteed email addresses, etc.).
    • Do not enter your e-mail address when you are not sure how it will be handled (special offers like "win just for registration", etc.).

    Back to guides

    Send comments to lampa@fit.vutbr.cz
  • Back to top