Spam and Viruses
All incoming email to the department is subject to a vigorous screening process involving (among other things) checks against lists of known spammers and checks for viruses. Once email passes through the first set of checks, a program named SpamAssassin scans it. SpamAssassin is a filter that attempts to identify spam.
Please note that while the Linux workstations and our servers are rarely vulnerable to viruses, infections on other machines can generate a large number of emails as they attempt to propagate. Some wide-reaching viruses will use a technique known as "spoofing" by which the virus randomly selects an address it finds on an infected computer. The virus uses this address as the From address when it performs its mass-mailing routine. Therefore, you may receive a return message by a site or individual claiming you sent them a virus. This does not mean that you've been infected, only that someone with your email address on their computer has been.
SpamAssassin
All emails sent to the Math Department are filtered by a program called SpamAssassin. The filter examines each incoming email, identifying individual characteristics common to spam (unsolicited marketing email) and assigning a points based rating based on how "spammy" it is. Once a certain number of points are reached, action is taken by the filter. In our current set-up, once a message is considered spam by the filter the subject line is then relabeled "*****SPAM*****".
Opting Out Of SpamAssassin
You can stop SpamAssassin from re-labeling your email, by taking the following steps.
- Using a text editor, open .spamassassin/user_prefs (which is in your home directory)
- Find the following line:
# required_score 5 - Change it to:
required_score 5 - Make sure to remove the # at the beginning of the line and then save the changes to the file
Filtering Spam Into A Separate Folder
- Create a file in your home directory called '.procmailrc' and add the following lines to it:
MAILDIR = $HOME/mail
:0: mail.lock
* (^X-Spam-Status: Yes)
SPAM
- You're done! All caught spam will now be redirected into the folder ~/mail/SPAM . Make sure the ~/mail folder exists, and also make sure you check this folder from time to time in case there are any false positives, i.e. good mail tagged as spam.
Filtering Spam Before Forwarding Elsewhere
Forwarding your email to some other account is perfectly OK, but doing so without screening out spam is not. Please follow these instructions to set up a procmail filter to sort out spam before it is forwarded:
- Create a file in your home directory called '.procmailrc' and add the following lines to it:
MAILDIR = $HOME/mail
:0: mail.lock
* (^X-Spam-Status: Yes)
SPAM
:0c
! youremail@somewhere.else.com
- Replace 'yourmail@somewhere.else.com' with the address to which you will forward mail. This will instruct procmail to forward mail that has not been marked as spam to your other email account and your math department inbox. To only forward email and not deliver a copy to your math inbox, remove the 'c' from the line with :0c.
- Make sure the SPAM folder exists in your mail directory so that procmail will have a place to dump marked spam messages:
mkdir ~/mail
touch ~/mail/SPAM
- Set the proper permissions, and move away your .forward file:
chmod 600 ~/.procmailrc
mv -v .forward .forward.off
Spamassassin will now filter spam from your email before it is forwarded along.
Creating A Personal Whitelist
To ensure that SpamAssassin does not label emails you consider legitimate, take the following steps:
- Using a text editor, open .spamassassin/user_prefs (which is in your home directory)
- Find the following lines:
# Whitelist and blacklist addresses are now file-glob-style patterns, so
# friend@somewhere.com, *@isp.com, or *.domain.net will all work
# whitelist_from someone@somewhere.com - Under these lines, add a line in the following format for each email address you want to ensure will be received and will not be labeled by SpamAssassin:
whitelist_from myfriend@aplace.math.edu (change myfriend@aplace.math.edu to a real email address) - Save the changes to the file
Creating A Personal Blacklist
A blacklist is a list of email addresses that will be automatically marked as spam. This is a useful tool to use if you tend to receive lots spam from email addresses that managed to get through the spam filter.
To create a blacklist, take the following steps:
- Using a text editor, open .spamassassin/user_prefs (which is in your home directory)
- Find the following lines:
# Whitelist and blacklist addresses are now file-glob-style patterns, so
#friend@somewhere.com, *@isp.com, or *.domain.net will all work
# whitelist_from someone@somewhere.com - Under these lines and after any whitelist entries, add a line in the following format for each email address you want to ensure is marked as spam by SpamAssassin:
blacklist_from spammer@spamcity.com (change spammer@spamcity.com to a real email address) - Save the changes to the file
Directing Tagged Messages To Another Mailbox
Emails marked as spam can be automatically sent to a separate mailbox, which you can then review at your leisure.
For Pine Users:
- In pine's Main Menu, press S (for Setup)
- Press R (for Rules)
- Press F (for Filters)
- Press A (for Add)
- Initially, the Nickname field should be highlighted. Select it by pressing Enter, then set the nickname to Spam Filter.
- Under the section FILTERED MESSAGE CONDITIONS BEGIN HERE, highlight (using the arrow keys) Add Extra Headers. Then press X and enter X-Spam-Flag. After doing this, the line that allows you to set the match pattern. X-Spam-Flag should be highlighted. Press Enter, then as the text to be added enter YES (all caps).
- Check the CURRENT FOLDER CONDITIONS BEGIN HERE section. Make sure that the Specific option is set and the Folder List is INBOX. If not, make the required changes to the configuration.
- Scroll down to the ACTIONS BEGIN HERE section. Make sure the Filter Action option is set to Move. Select the Folder List item in that section and set it to spam.
- Press E (for Exit Setup) and press Y to commit the change. If you are asked to create the spam folder, accept the change.
- Press E again (for Exit Setup) and press Y to commit the change
After filtering setup is in place, suspected spam will be sent to the spam folder in the mail directory that's within your home directory.
For mail, elm and mutt users:
- Using a text editor, create the file .procmailrc in your home directory
- Insert the following:
MAILDIR=$HOME/Mail
:0:
* ^X-Spam-Flag: YES
spam - Save the changes to your file
- Mail marked as spam can be read with the -f Mail/spam flag to your mail program
Note to users already using procmail: simply add the three-line rule above to your .procmailrc. Position it where you like, making sure to allow other rules to apply to suspected spam first.
Training SpamAssassin
SpamAssassin comes with a Bayesian Learning Filter which you can train using your own collection of spam and non-spam. Since it will be customized to your incoming mail, this will create a more accurate filtering system.
In order to use this learning filter, you will first need to redirect tagged spam to another folder as described above. Then take the following steps:
For Pine Users:
- In Pine's Main Menu, press L (for Folder List)
- Press A (for Add a New Folder)
- Name the folder spam-train
- Open your Inbox in Pine. Save each spam that wasn't tagged by SpamAssassin to your spam-train folder. Ensure that your Inbox is free of spam, and then exit Pine.
- Run the following commands:
sa-learn --mbox --spam ~/mail/spam-train
sa-learn --mbox --nonspam /var/mail/$username (replace $username with your
username)
Depending on the amount of spam that enters your inbox, steps 4 and 5 should be done daily or weekly.
For Users of Other Mail Programs:
The concepts are similar to the process for Pine. Make a mail folder for the spam this isn't caught by SpamAssassin and move all those messages from your inbox to that folder. Then run sa-learn --mbox –spam on your spam training folder and sa-learn --mbox -nonspam on your inbox. If you have trouble, send an email to help@math.mit.edu.