Spam Filter

From IT Service Wiki
Jump to: navigation, search

Setting Up the Spamfilter

The spam filter must be activated on per users basis. The system administrator is not allowed to manipulate the users mail until he is adviced to.

We have created an easy to use Setup-Script. See mailfilter-setup how to use it. But still read the rest, to understand the levels of filtering.

We have predefined filter sets which you can include into your .procmailrc. Open or create a file .procmailrc in the root of you home directory insert the following line at the top of this file:

 INCLUDERC=FILENAME

FILENAME can be

/etc/procmailrc.junkfilter/keep-all  
moves the junk to subfolders, but does not delete it. A mail need to get 5 spam points to be moved to the subfolder "Junk". Mails with more then 8 points are moved to the Folder "Definitely" which is a subfolder of "Junk". This rule set is not recommended, because in the past many users were not subscribed to "Junk/Definitely" and never noticed that ten thousands of spam mail are messing up their home. If you really want this, please check if you are subscribed to both folders and regularly check the contents and delete.
/etc/procmailrc.junkfilter/purge-high
Junk Mails with 5 to 8 points are moved to "Junk". Junk with more the 8 points is deleted silently, instead of stored in the "Definitely" Folder. This is the recommended setting, because no correct mail gets more than 8 points. Even more than 5 for a correct mail does realy seldom. You still have to delete spam from the "Junk"-Folder.
/etc/procmailrc.junkfilter/purge-all 
Every suspected spam is delete (more than 5 points). This rule set is recommended for accounts which are rarely used or get massiv spam.
/etc/procmailrc.junkfilter/purge-high-pass-moderate 
This is the recommended setting, when using a forward and you don't login to ITP mail service to check the spam folder. This purges high level spam but forwards moderate spam (and possible false positives) to the Inbox or the forwarded address. It is likely that some of the mails are rejected by the foreign mail server.

It is up to you, we are not responsible if you miss an important Mail!

The Junk-Mails stored in the Junk folder does not get deleted by the system. Make sure that you don't let this folder grow to infinity. This applies even more to the junk/definitely Folder if you use the keep-all rule. Most junk is belong to that type. If you use thunderbird, you have option to expire mails after a specific amount of time. This can be activated through the folder properties.

Uncaught spam

It's usual, espacially when you just activated the spam filter, that you find unwanted mail in your Inbox. Move this mail to the Folder named "Junk". Check your subscriptions if you don't see this folder. This mails are used for training the bayes-filter, at least once a days. Please, do not use any build in filter from your mail program. This reduces the success of the bayes-filter and can lead to false positives.

Further options

Log file

If you like to see what's going an, you have the option to log the procmail activities. Simply add the following lines at the head of your .procmailrc:

 LOGFILE = $HOME/procmail.log
 LOGABSTRACT = "all"

And don't forget to rotate the log file from time to time.

Adjusting Spam Limit

By default a mail is marked as spam if it gets 5 or more spam points. If you get lots of spam and the Bayesian learning filter doesn't catch them all, you can decrease the spam limit.

Open the file ".spamassassin/user_prefs" in your editor, remove the comment sign (#) in front of the statement "requiered_score" and adjust the values. Less then 2 is not recommended and can lead in a significant number of false positives.

Links

  • Spam Assassin Homepage [1]