Email, Spam Control, How to get service for departmental email servers

I am a Network Administrator and I would like to add Spam Control to our department's email servers

Network administrators who run Procmail as the local delivery agent on departmental mail servers (and who process their mail through the campus relays) can use recipes to automatically filter their users' email based on Spam Control's X-Spam-Bar header.

Note: To use the following directions, your department's mail must be processed through the campus relays. If you are a network administrator who is interested in this service, please email the Spam Control service manager at spam-manager@illinois.edu.

The X-Spam-Bar header

Spam Control adds several headers to messages that pass through the campus mail relays. Of these, the X-Spam-Bar header is best suited for Procmail recipes.

The X-Spam-Bar header uses 0 to 10 asterisks (*) to denote whether a message is legitimate or spam. The more asterisks, the more likely the message is spam. The following chart provides a comparison of the number of asterisks in a message to the probability that it is spam. (Note: Messages that score 0 asterisks are not tagged with an X-Spam-Bar header.)

ScoreRegarded asDefinition
0 to 4 asterisksNot SpamThe email is legitimate correspondence.
5 to 8 asterisksLikely SpamThe email has questionable characteristics but could be legitimate.
9 or 10 asterisksCertain SpamThe email is definitely spam.

 

Your users might have questions about how the X-Spam-Bar header relates to the X-Spam-Score used by Spam Control's Personal Spam Policies. An asterisk roughly corresponds to about 10 X-Spam-Score points. For example, a message with five asterisks in the X-Spam-Bar header would have an X-Spam-Score of 50 to 59 points.

Creating a global filter

To create a global filter for your users' email accounts:

  1. Open the .procmailrc file on your mail server (often located in the /etc/ directory unless you chose to store it elsewhere).
  2. Create recipes in your .procmailrc file in the following 3-line format:

    Line 1: Enter  :0:

    Line 2: Enter  * ^X-Spam-Bar: followed by the pattern of asterisks that the recipe will minimally match against (i.e., \*\*\* matches messages with 3 asterisks and above). Precede each asterisk with an escape character (\) to prevent Procmail from interpretting the asterisk as a wildcard character.

    Line 3: Enter the mailbox name, including the path if necessary.

  3. Save and exit the .procmailrc file.

For example, the following recipe would send email scoring 8 or more asterisks to a mailbox named spam.

:0:
* ^X-Spam-Bar: \*\*\*\*\*\*\*\*
/var/spool/mail/spam

If you want a second mailbox for email messages that have fewer asterisks but are still potential spam, you can create a second rule that sends email scoring 5 or more to a different mailbox (in this example named possible_spa)):

:0:
* ^X-Spam-Bar: \*\*\*\*\*
/var/spool/mail/possible_spam

Note that this recipe must follow the first recipe because Procmail runs filters in the order they are listed in the .procmailrc file. If you reverse the order of the recipes, then the 5-or-more asterisk recipe would also catch emails that are in the smaller 8-or-more asterisk range.

Creating a local filter

If your users create their own procmail rules in their home directories, then they can also sort their email based on the X-Spam-Bar header.

  1. Make sure the user has a .procmailrc file in their home directory. If not, create one with the following details (which might vary depending on your mail server configuration):

    PATH=/bin:/usr/bin:/usr/local/bin
    MAILDIR=$HOME/mail
    PMDIR=$HOME/.procmail
    LOGFILE=$PMDIR/log
    INCLUDERC=$PMDIR/general.rc

  2. Create recipes in the user's .procmailrc file in the following format (note that the asterisks must be preceded by the escape character "\"):

    :0:
    * ^X-Spam-Bar: (followed by the pattern of 'escaped' asterisks that the recipe will minimally match against)
    mailbox_name

  3. Save and exit the local .procmailrc file.

For example, the following recipes would send email with 5 asterisks or more to a mailbox called 'sspam'  (suspected spam) in the $HOME/mail directory.

:0:
* ^X-Spam-Bar: \*\*\*\*\*
sspam

The user can create similar recipes if they want to move messages with a higher number of asterisks to a separate mailbox. Again, the order of the recipes is important. Make sure that any recipes that filter on a higher number of asterisks are placed before the recipes that filter on a lower number of asterisks.