Spam UCE Policy

Policy

Our policy is not to decide for you what mail you should receive and what mail you shouldn't. Our approach is to filter messages for information purposes only. That is, if we believe a message is spam we will mark it but still deliver it to your inbox. This approach gives you full control over your e-mail. It is up to you to configure client-side filters to deal with these messages.

But there is a practical side to this as well. If we delivered every e-mail that we received your mailbox would quickly fill up to it's quota and you would no longer be able to receive truly important messages. So for practical reasons we quarantine all messages with an very high spam rating. You will be notified daily of all the messages sent to you that were quarantined, just in case it was important.

Procedure

Our mail server uses the amavisd-new suite of tools to filter for spam and viruses. This tool set included SpamAssassin and ClamAV.

  • ClamAV signatures are updated every two hours.
  • All infected attachments, as decided by ClamAV, are quarantined.
  • All attachments with executable content are quarantined.
    • Banned extensions are: ade, adp, app, bas, bat, chm, cmd, com, cpl, crt, emf, exe, fxp, grp, hlp, hta, inf, ins, isp, js, jse, lnk, mda, mdb, mde, mdw, mdt, mdz, msc, msi, msp, mst, ops, pcd, pif, prg, reg, scr, sct, shb, shs, vb, vbe, vbs, wmf, wsc, wsf, wsh
  • All mail scored 4.0 or less by SpamAssassin is delivered as "CLEAN"
  • All mail scoring more than 4.0 is added to the Bayes Database.
  • All mail scoring more than 4.0 and less than 10.0 is delivered as "[SPAM]"
  • All mail scoring more than 10.0 is quarantined.
  • Mail recipients that had messages quarantined will be notified daily.

You can inspect the filter result of a message by looking at the "message source", all filtering data is added as "X-" headers.

Before an email is even accepted by the mail server it goes through a number for checks. These checks are build into Postfix, and are documented here: http://www.postfix.org/documentation.html

 

# UCE RESTRICTIONS
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
allow_untrusted_routing = no

#This is the destination for undeliverable mail from "<>"
empty_address_recipient = bit-bucket

smtpd_data_restrictions =
reject_unauth_pipelining,
permit

smtpd_recipient_restrictions =
# Administrative allow/reject for special addresses: "postmaster", "abuse", etc.
check_recipient_access hash:/usr/local/etc/postfix/recipient_check.map,
# We reject mail without the proper information
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
# very few servers honor this requirement
# reject_non_fqdn_hostname,
# Then we permit $mynetworks, for outgoing email
permit_mynetworks,
# And authenticated clients
permit_sasl_authenticated,
#Of questionable value: Some mail clients are "unknown"
# reject_unknown_client,
# Reject if I am not final delivery, ie no relaying
reject_unauth_destination,
# Reject if recipient is unknown, not yet implimented
# reject_unlisted_recipient,
# Do some additional sanity checking; must be after "permit_mynetworks"
# this catches a lot of spam from clients pretending to be "localhost" and "digipen.edu"
check_helo_access hash:/usr/local/etc/postfix/helo_check.map,
# If all is good pass it through
permit

In addition to the default SpamAssassin rules we also use these rules from SARE (updated daily from the SARE repository):

  • 70_sare_adult.cf
  • 70_sare_bayes_poison_nxm.cf
  • 70_sare_genlsubj0.cf
  • 70_sare_header0.cf
  • 70_sare_html0.cf
  • 70_sare_obfu0.cf
  • 70_sare_oem.cf
  • 70_sare_random.cf
  • 70_sare_specific.cf
  • 70_sare_spoof.cf
  • 70_sare_unsub.cf
  • 70_sare_uri0.cf
  • 72_sare_bml_post25x.cf
  • 72_sare_redirect_post3.0.0.cf
  • 99_sare_fraud_post25x.cf
  • backhair.cf
  • bogus-virus-warnings.cf
  • chickenpox.cf
  • evilnumbers.cf
  • random.cf
  • weeds.cf

Reviewing Spam Status

Embedded in every email you receive as an "X-header" containing information about what the spam filter found in the email.

 

X-Spam-Status: Yes, score=33.455 tag=-999 tag2=4 kill=10 tests=[BAYES_99=3.5,
DATE_IN_FUTURE_12_24=2.767, DRUGS_ERECTILE=0.493, INFO_TLD=1.273,
MORE_SEX=1.95, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5,
RAZOR2_CHECK=0.5, RCVD_IN_SORBS_DUL=2.046, SARE_SEXDRIVE=1.666,
SARE_SXLIFE=0.796, URIBL_JP_SURBL=4.087, URIBL_SBL=1.639,
URIBL_SC_SURBL=4.498, URIBL_WS_SURBL=2.14, URI_NO_WWW_INFO_CGI=4.1]
X-Spam-Score: 33.455
X-Spam-Level: *********************************
X-Spam-Flag: YES

In order to improve the spam filter I need to know about messages that it incorrectly categorized: message that it thought were spam but were not and messages it thought were not spam but were.

I ONLY need to know about messages that the filter was wrong about. I already have data on every message that gets filtered. I need data on messages that the filter was incorrect about. Also, please forward only one message per email. You can help by forwarding me those messages to either of:

apowers+spam@digipen.edu for messages that are spam but the filter thought were not. Please forward only one message per email.

apowers+ham@digipen.edu for messages that are not spam but the filter thought were spam. To protect the confidentiality of the message you can send me only the "X-Spam-Status" header. (View the message source and cut, paste any line that begins with "X-Spam" into a message and send it to the above address.

apowers@digipen.edu normal messages including questions regarding the spam policy. Please, DO NOT send spam to this address.