St. Louis Unix Users Group St. Louis UNIX Users Group   Your forum for exchanging information about open standards,
open systems, open source, products, services and architectures
  Spam Scanning

SLUUG is now scanning incoming mail for spam with SpamAssassin, controlled by MailScanner.

  • Mail with a very high spam score is deleted without notification to you or the sender. The cutoff is a score (also called "stars") of 11.0 or higher. Mail with a lower score is delivered to your inbox, or forwarded as requested by a .forward or .procmailrc file in your SLUUG home directory. Quite a lot of spam will still get through the system-wide deletion, and you will probably want to do your own filtering using a .procmailrc in your SLUUG home directory, or using options in your mail client. The high score was choosen so it would delete a majority of the spam ith a very low probability of valid mail being deleted by accident.
  • It is still a good idea to do your own filtering using a .procmailrc in your SLUUG home directory, or using options in your mail client. You might find that almost everything over a score of 2 or three is spam and send it to a separate mail folder. You might use two levels, with 7 stars and higher goes to the bit bucket while 2 through 6 goes to a folder for review. Of course, you might also decide to have your filter silently delete spam so you aren't bothered by it at all.
  • No Microsoft virus scanning is being done.
  • We are currently configured not to scan outgoing mail. That is, mail we generate locally will not be scanned for spam so it will not have a SpamAssassin score. Mail that is received by SLUUG and forwarded to another system is scanned when it is received.

Modifications to incoming mail:

  • Three headers are added to each message. For example: X-SLUUG-MailScanner-SpamCheck: not spam, SpamAssassin (score=2.112, required 5, ALL_TRUSTED -2.82, AWL -2.52, BODY_8BITS 1.50, DIET_1 0.36, DRUGS_ANXIETY 0.00, DRUGS_ANXIETY_EREC 0.00, DRUGS_ERECTILE 0.03, DRUGS_SLEEP 0.11, DRUGS_SLEEP_EREC 2.72, INFO_TLD 0.48, LONGWORDS 2.26) X-SLUUG-MailScanner-SpamScore: ss X-SLUUG-MailScanner-From:
  • The X-SLUUG-MailScanner-SpamCheck header has the numeric score assigned by SpamAssassin with a low or negative number indicating the message is probably not spam and a high positive number indicating the message probably is spam. It also contains the words "not spam" or "spam" depending on whether the score is below or above a threshold, which is currently a score of 5. The numeric score is followed by details on which tests contributed to the score and the value they contribute. Tests that weren't triggered are not listed. This header is blank if mail was not scanned by us.
  • The X-SLUUG-MailScanner-SpamScore header has a number of "stars", that are actually the lower case letter "s", representing the spam score. The maximum number of stars is 60, even if the score is higher. This header doesn't appear if the score is less than positive one.
  • The X-SLUUG-MailScanner-From header basically repeats the normal From: header and is mostly used for internal tracking by MailScanner. You can normally ignore it.
  • No changes are being made to the Subject:, From:, or To: of messages.

More details:

  • The current scanning is being done on mail as it is received by SLUUG. The configuration is system-wide for all users, you can't specify your own SpamAssassin or MailScanner configuration files or databases used for Bayesian, white/black list, etc. You also can't set the score used to mark a message as spam or not, but can ignore that marking and just use the numeric score in your filter, such as procmail, to determine your own level for the dividing line(s).
  • Design any filters you use to continue to work if the the spam related headers are not in mail or change format.
  • Don't configure any filter to send spam back to the "sender". Most return addresses in spam are now forged so attempting to reply will either fail or be sent to an inocent individual whose address was used without permission. Just throw spam away instead of trying to return it to the "sender".
  • Large e-mails will not be scanned since they take too long to scan and few large messages are spam. Currently the limit is 30kB.
  • The scanning and marking options are subject to change.
  Home | About Us | Resources | Members | Volunteer | Other Groups | Sponsors | Contacts 
Copyright ©  St. Louis UNIX Users Group  2003-2004 |