How can I filter out spam emails?
Spam emails (also known as unsolicited email, junk email or bulk commercial emails) are an annoying problem for many users. Since spammers use a variety of techniques, combatting the spam is not simple and a multi-layered approach works best. For more details see Dealing With Spam at CSE. The rest of this FAQ is a quick guide to filtering out emails tagged as spam by the CSE and UNSW mailservers.The extremely popular and effective open source program Spamassassin is installed on the CSG-linux computers so any user can run it to check their email; see the manpage or Spamssassin website for details. There are also many websites with tips on tweaking your Spamassassin ruleset. However, the CSE and UNSW mailservers also run Spamassassin and all emails that come into CSE from non-UNSW addresses are run through these central programs. Users can thus easily filter out spam, using a program such as procmail, by looking for one or both of the mail headers X-CSE-Spam-Flag: YES (CSE's Spamsssassin) or X-Spam-Flag: YES (UNSW's) which are inserted by Spamassassin when the spam count reaches the threshold of matches against the spamassassin rules (known as 'hits'), currently set to 5.0. This is a fairly rigorous threshold; if you find too many emails are being tagged as spam then use a procmail rule based on the header X-Spam-Level which adds an asterisk * for every rule matched.
If you've setup a .procmailrc file already, something like the following rule will move all email tagged as spam into a file called spam. If not, you may want to have a look at the FAQ on Filtering Email. It is best to start by saving and checking emails tagged as spam as there may be false positives; some mailing list emails, for instance, can score surprisingly high on spam checklists.
:0
* ^X-CSE-Spam-Flag.*YES
spam
If you want to count the spam hits instead, the following rule will consider spam any email with 5 or more hits (5 is the Spamassassin default):
:0
* ^X-CSE-Spam-Level.*\*\*\*\*\*
spam
You can, of course, get a lot fancier than this. For instance, any email with 10 or more hits is almost guaranteed to be spam, so if you're daring you could try the following 2 rules:
:0
* ^X-CSE-Spam-Level.*\*\*\*\*\*\*\*\*\*\*
/dev/null
:0
* ^X-CSE-Spam-Level.*\*\*\*\*\*
spam
This destroys emails with 10 or more hits, while those with 5-9 hits are saved to the spam file for further checking. The order is important!
The SpamAssassin website has some more tips on using procmail.
Spam to mailing lists
Occasionally a CSE mailing list is targeted by spamsters. In order to avoid the duplication of effort of making everybody on the list setup the above rules, CSG has an mlalias pageboy that will do it for them. If you are the owner of a mailing list that is receiving spam, you can use this pageboy. If you don't own the list, ask SS to do it for you. The following example assumes Fred Bloggs owns a list called fbloggs.list:
mlalias fbloggs.list -f moderated -M fbloggs.list@spamassassin.program
mlalias -C fbloggs.list.spam -a fbloggs
The first command makes the list moderated by the pageboy so every email received by the list (that isn't from an authorised poster) is checked for an X-Spam-Flag: YES header ie. it has been tagged as spam. The second step creates a place for tagged emails to go for further checking. In this case Fred is sending these emails to himself, and he can then setup a procmail rule as above to filter these emails to an appropriate file.