Anti-SPAM measures at nikhef.nl
Introduction
This page describes the anti-SPAM measures implemented at nikhef.nl and gives an overview of the tools and methods.
General info
A considerable fraction of the incoming mail at nikhef.nl consists of SPAM, also known as unsolicited commercial e-mail. Such mail is considered a nuisance by a growing part of the Internet community, and is not welcome at NIKHEF either. It wastes network, machine, and human, resources.
The majority of the spam mail is not sent directly from the originating machine to the intended targets, but is distributed via intermediate hosts that allow third-party relay of messages from arbitrary sources to arbitrary destinations.
The NIKHEF SPAM policy is based on:
- rejecting mails from suspected sites on black lists and
- checking all incoming mails against a rule base and mark them as being SPAM before delivered to the user.
Spamassassin
The SPAM filter spamassassin checks all incoming mail against its rule base and marks a mail as being SPAM in case the score is above a certain predefined level. SPAM mails are not blocked by the filter, but just like all other mails delivered to the end user.
Information on the'open source' spamassassin filter and its rule base can be found here. As spammers are continuously change their strategy, the rule base of SpamAssassin is updated within regular time intervals. We have installed a default configuration which filters all incoming mails. Individual users can adapt this default configuration to their own needs (how to do this).
A user has to decide how to deal with SPAM mails:
- Do nothing. Mail marked as SPAM can be recognized by the label ***SPAM*** in the subject field and can be manually deleted from the inbox folder.
- Configure a message filter in the mail client to store a mail in the folder spam if the subject field contains the string ***SPAM*** (how to do this).
- Use the
procmailservice on the mail server to store SPAM mails in the folder spam before its delivered to the default mail folder This is the recommended method. The SPAM mails are stored in a spam folder indepently from the mail clients. Users are not aware of SPAM until the spam folder is opened (how to do this).
Black lists
The header of an e-mail contains information about the location from which the e-mail is sent and about the route followed when the mail is transported to the destination (such as domain and IP addresses). This specific header information is checked against so called 'black lists'. These lists contain domain names and IP addresses of suspected locations. Many of these lists are available on the internet for on-line consultation.We consult a local maintained black list and a non-commercial remote black list (NJABL) for each mail delivered at the NIKHEF mail server . If a match is found the mail is bounced back to the originator. The destination address (you!) is not notified about this at all, nevertheless the transaction is logged by the mail server in a history file.
NIKHEF maintains a local blacklist of notorious spam sites, containing both domain names and IP addresses of open relay hosts, and domain names in e-mail addresses. For each incoming SMTP connection the following items are checked
- the domain name and IP address of the connecting SMTP peer
- the domain name in the SMTP envelope sender address
- the domain name in all message header addresses representing an originator
If a match is found on the blacklist for any of these items the mail is rejected, unless approved via a special whitelist of trusted hosts. The transaction is rejected with a permanent error status after the SMTP DATA stage, and the entire SMTP dialogue is logged.
A lot of spam comes from several big public access service providers. Incoming mail from such providers will be rejected, unless it is received directly from the official mail servers of these providers. This allows for direct person to person communication, but blocks mail expanded elsewhere via mailing lists or
.forwardfiles.
How to configure spamassassin
The
spamassassinfilter on the nikhef mail servers checks all incoming mails. The site-wide configuration defines default values for a number of parameters for thespamassassinfilter.The most relevant parameters and corresponding default settings are:
required_hits 5 # How many hits before a mail is considered spam. whitelist_from *@nikhef.nl # Accept all mail from inside nikhef.nl.Individual users can overrule these default configuration settings by editing the file ~/.spamassassin/user_prefs in the Unix home directory.
As an example, the default value of the required_hits parameter can be set to a lower value (which implies more mails wil be marked as spam):
required_hits 2 # How many hits before a mail is considered spam.Or another example, I will always accept mails from user
myfriend@cern.ch, but I want al mails from userdirty-joe@hotmail.comto be considered as spam:whitelist_from myfriend@cern.nl blacklist_from dirty-joe@hotmail.comNote: it is not recommended to put *@cern.ch in the whitelist, because in this case all mail from CERN, including spam mails forwarded from CERN accounts, will not be filtered at all.
For more detailed information on
spamassassinrefer to the manual page and thespamassassinweb site
How to configure procmail
Procmailprocesses automatically all incoming mails on the mail server. In case a file.procmailrcexists in the Unix home directory of the addressed user, procmail will handle the mail according to the recipes found in.procmailrc.The following code in the
.procmailrcfile in the user's home directory stores mails labelled by the spam filter as being spam, into a folder named$HOME/Mail/spam.MAILDIR=$HOME/Mail :0 * ^X-Spam-Status: Yes spamPerform the next steps to implement this feature:
- Login to a Unix (Linux) host.
- Create or edit the
.procmailrcfile in the home directory (using your favourite editor such asvi).- In case
imapis used for reading your mail: subscribe in your mail client (Netscape, Eudora, Outlook, etc) the folder~/Mail/spam.- In case the (not recommended)
POPprotocol is used to read your mail, you can not access directly from your mail client the~/Mail/spamfolder.More advanced users can add more recipes to
.procmailrcfor more sophisticated filtering of the incoming mail. Refer to the manual page ofprocmailhow to do this.