Rahul.Net Home :
Classic Linux Environment
-
For current documentation, please see:
Older pages are below.
- Subcategories:
(Old) Adding/Removing Email Addresses
(Old) Email Hyphenated Suffixes
(Old) Classic Linux: SMTP Filtering to Keep Out Spam
(Old) Email Address and Advanced SMTP Filtering Control
(Old) Selective Whitelisting
(Old) SpamAssassin to Identify Spam
(Old) Virus Scanning
(Old) If Legitimate Mail is Blocked
- 2009-Oct-25 05:03
Rahul.Net Home : Classic Linux Environment :
(Old) Adding/Removing Email Addresses
- You can add or remove email addresses by going to the web page
https://userinfo.rahul.net/
and following the link entitled "Email Address and SMTP Filtering Control".If you have a custom domain, you can add arbitrary email addresses in your domain. An email address may forward to any other email address on the Internet. To simply cause an email address to forward to your mail account, specify your username as the destination. Here are some examples:
joe@example.com => joe sales@example.com => mysalesguy@remotelocation.com accounting@example.com => joe
If you do not have a custom domain, you can still forward mail for any hyphenated suffix of your email address. (See also:
(Old) Email Hyphenated Suffixes.)
For example:
joeuser@rahul.net => joeuser joeuser-school@rahul.net => myothermailbox@elsewhere.net joeuser-office@rahul.net => joeuser
You can also cause mail arriving for an email address to be rejected, by forwarding that email address to the special token "fail". This may optionally be followed by a colon and an error message. The sender of the failed email will see the error message when his mail fails. Examples are below.
sue@example.com => fail joe@example.com => fail:Joe is no longer here bill@example.com => fail:Bill has moved to bill@elsewhere.net joeuser@example.com => joe@someotherdomain.net joeuser-school@example.com => fail:I am no longer in school
When incoming mail is rejected due to the use of the "fail" token as above, our network refuses to accept the message, by returning an SMTP error code during the SMTP transaction. No bounce message is sent back, since the original incoming message is never accepted in the first place.
joeuser-office@rahul.net => fail:I no longer have an office joeuser-school@rahul.net => fail:Joe is no longer in school joeuser-xxx@rahul.net => fail:No such person
- 2009-Oct-25 05:01
Rahul.Net Home : Classic Linux Environment :
(Old) Email Hyphenated Suffixes
- Any email address may be used with a hyphenated suffix in the part before
the @ character.
For example, a user "joeuser" whose normal email address is "joeuser@rahul.net" could make up new email addresses like this:
joeuser-xxx@rahul.net joeuser-yyy@rahul.net joeuser-school@rahul.net
and so on. He can then supply such email addresses to others. For example, he could tell his school to use the address joeuser-school@rahul.net when sending him email. Then, when email arrives for him, he can have his mail program, if it has the capability, automatically refile the email into the right mail folder.When this user signs up for correspondence at a web site, he can make up a new email address just for that web site. Later on, if he starts to receive spam at that email address, this may be a good indication that that web site gave his email address to the spammer.
Multiple hyphens are permitted, i.e., an email address like joeuser-xxx-yyy@rahul.net will also work, and will cause mail to be delivered to joeuser@rahul.net.
Any
(Old) Classic Linux: SMTP Filtering to Keep Out Spam
that is active for an email address is automatically also applied to any
corresponding hyphenated email address. Thus, for example, if SMTP filtering is
enabled for joeuser@rahul.net, then it is also automatically enabled for
joeuser-xxx@rahul.net.
If you have a custom domain, you may generate hyphenated email addresses in the same way, by adding a hyphenated suffix before the @ character to any email address in your domain. For example: joeuser@example.com, joeuser-xxx@example.com, joeuser-yyy@example.com, and so on.
If you wish to separately control SMTP filtering for a hyphenated email addresses, simply add each such address (see:
(Old) Adding/Removing Email Addresses).
Then you can set SMTP filtering status independently for each hyphenated suffix.
Note that email addresses with hyphenated suffixes can be made up at any time, and you need not explicitly add each one to the mail system. Only if you want to separately set SMTP filtering or mail forwarding for such an address do you need to explicitly add it.
- 2009-Oct-25 05:02
Rahul.Net Home : Classic Linux Environment :
(Old) Classic Linux: SMTP Filtering to Keep Out Spam
-
By the use of Greylisting and black lists (see references below), a substantial amount of spam is rejected before it enters our network. This is called SMTP filtering.
You may adjust the SMTP filtering for your email address(es) by going to:
and following the link entitled "Email Address and SMTP Filtering Control".
You can add multiple email addresses (see
(Old) Adding/Removing Email Addresses)
and set the SMTP filtering for each as you prefer.
Wildcard domains: A domain name beginning with '@', such as @example.com, is called a wildcard domain. In our system this represents all unknown addresses in the domain.
To keep out dictionary attacks and prevent excessive machine load, email arriving for a wildcard domain, i.e., for unknown addresses in a domain, will always be subjected to a high degree of SMTP filtering and this cannot be switched off. You may create specific email addresses in your domain and separately adjust the SMTP filtering for each one.
References: For more information about greylisting and black lists, please see:
- 2009-Oct-25 05:02
Rahul.Net Home : Classic Linux Environment :
(Old) Email Address and Advanced SMTP Filtering Control
-
A newer version of this page can be found at http://info.rahul.net/classic:email_address_and_advanced_smtp_filtering_control.
An old version of this page is below.
An advanced user interface to SMTP filtering can be used by going to: https://userinfo.rahul.net/ and following the link entitled "Email Address and Advanced SMTP Filtering Control".
To enable or disable SMTP filtering, check or uncheck the ENABLE box. Checked will give you less spam and unchecked will give you more spam. Also from among A, B, C, ..., X select one or more.
The ENABLE checkbox acts like a master OFF switch. If it is left cleared (i.e., unchecked), then SMTP filtering will not be active, regardless of whether any of A, B, C, ..., X are checked.
A, B, and C will very rarely, if ever, block legitimate email. C is slightly more aggressive than B but not unduly so.
- A: Greylisting. See (Old) Classic Linux: SMTP Filtering to Keep Out Spam and references therein.
- B: Black lists that list (a) individual IP addresses of misconfigured open proxies and virus-infected Microsoft machines, (b) netblocks of locations with dynamic IP addresses, and (c) individual IP addresses or small netblocks of the most egregious spam sources.
- C: Other conservative black lists that list both individual IP addresses and larger network blocks that appear to be dedicated to sending spam.
Enabling D, E, and X should eliminate almost all spam, while allowing an occasional false hit. If you enable any of D, E, or X, then B and C will also become active.
- D: Strict checking of Internet standards, e.g., DNS, hostname, SMTP HELO.
- E: Aggressive black lists that include sending locations believed to be spam-friendly or spam-suspect.
- X: Extremely aggressive black lists and new or experimental techniques.
To find out more details about what each of A, B, C, ..., X does, look for a link entitled "Details about A, B, C, ..., X" near the bottom of the SMTP Filtering user interface.
You don't have to stick to any one combination of SMTP filtering options. Simply add a number of email addresses (see
(Old) Adding/Removing Email Addresses) and set the SMTP filtering for each as you prefer. For example, email addresses that you give to close friends or family can be left only mildly filtered, while email addresses that you publish on a web page may need to be heavily filtered.
Finding Out Which Mail was Blocked
You can find out which mail arriving for you was blocked by SMTP filtering with the help of the scan.logs command. Invoke this at the Linux shell with -h for help, like this:
scan.logs -h
Motivated and Non-Motivated Senders
Regardless of how aggressively an email address is filtered, a motivated sender should always be able to get through to you. When SMTP filtering blocks a message, the blocked message is rejected with a valid SMTP code. The sender will get back an error indication from his mail system. So the sender will know that his email did not get through. If he really wants to reach you, he will find some way. Contrast this with the more conventional approach in which spam gets refiled into a spam folder. If the intended recipient doesn't check the spam folder and notice a misfiled non-spam message, the non-spam message is silently lost. The sender thinks it reached, but the recipient never notices it. SMTP filtering does not let mail get silently lost this way--either the recipient gets it, or the sender knows that the recipient did not get it.
But non-motivated senders will sometimes not reach you if SMTP filtering is enabled. A non-motivated sender is one who discards or ignores sending errors or, knowing that an error occurred, makes no noticeable effort to solve the problem that caused his email to you to fail. Ask non-motivated senders to send you email at an email address that is completely non-SMTP-filtered.
Mailing Lists
Many operators of mailing lists are non-motivated senders. Subscribe to such mailing lists using a hyphenated suffix email address (see
(Old) Email Hyphenated Suffixes)
and keep SMTP filtering disabled for that email address.
You may need to subscribe to the mailing list twice: once with your "normal"
email address so you can conveniently send mail to the list, and again with the
hyphenated suffix email address at which you receive mail from the list.
Set your subscription options so the list sends no mail to your "normal"
email address, but still recognizes that email address as a
subscriber to the list.
However, one result of the above strategy might be that many people on the mailing list will have your "normal" email address in their address-books. Sooner or later, this email address will leak out into the global Internet, and you will begin getting (more) spam at it. A less spam-prone option is to use the same hyphenated email address to send mail to the list. If you can, use a mail program (e.g., pine) that can automatically set your from email address based on the address to which you send mail. If in the future you begin getting too much spam at the hyphenated email address, simply forward that address to "fail" and re-subscribe to the mailing list with a new hyphenated email address.
Country-Specific Blocking
You can block all mail from certain countries of your choice by following the link from within the Advanced interface to the Baroque interface. Then select the countries to block using two-character codes below. Countries are identified by the IP address of the remote host that connects to our servers to send mail.
- ar: Argentina
- au: Australia
- br: Brazil
- ca: Canada
- cn: China
- es: Spain
- fr: France
- hk: Hong Kong
- in: India
- jp: Japan
- kr: Korea (South)
- ru: Russia
- sg: Singapore
- tw: Taiwan
- gb: Great Britain
Old Filtering
The Baroque interface will also let you select an option "OLD". This enables SMTP filtering at a level equal to the way it used to be in March 2006, before the new options became available. The OLD filtering can be activated only if options B and C are both unchecked (to avoid duplicate processing, because B and C include everything that OLD does).
Warning
Warning: The descriptions above are approximate. Black lists and techniques in use may change without notice. IP address-to-country mappings are believed to be close to 100% accurate but are not guaranteed to be so.
- A: Greylisting. See
- 2009-Nov-22 05:58
Rahul.Net Home : Classic Linux Environment :
(Old) Selective Whitelisting
- Sometimes you may find that the SMTP filtering gets in the way of some
specific sender. You don't want to completely switch off SMTP filtering,
but you still want to receive mail from that sender.
Although our SMTP filtering does not allow a specific sender to be white-listed, you can take advantage of our
(Old) Email Hyphenated Suffixes feature.
Simply create a new email address just for use by that sender, explicitly add
that address (see (Old) Adding/Removing Email Addresses),
and keep SMTP filtering switched off for only that email address
(see (Old) Classic Linux: SMTP Filtering to Keep Out Spam).
Then give that sender this new
email address and ask him to send mail to you at this email address.
Now that sender can send you email, while
all your other email is still spam-filtered just as well as ever.
Also please see:
(Old) If Legitimate Mail is Blocked.
- 2009-Oct-25 05:02
Rahul.Net Home : Classic Linux Environment :
(Old) SpamAssassin to Identify Spam
- The SpamAssassin spam-detection program (see its home page at
http://spamassassin.apache.org/) scans all incoming email in the Classic Linux
Environment (i.e., on the servers green.rahul.net, mauve.rahul.net, azure.rahul.net, ...).
SpamAssassin only assigns a spam score to each message. It does not block any message or refile any message into any spam folder. You may in your .procmailrc file take any
preferred actions based on the spam score assigned by SpamAssassin.
This implementation of SpamAssassin includes Bayesian (i.e., probabilistic) spam filtering that uses a central database.
Every email message you receive will end up containing a spam rating added by SpamAssassin. Look for headers beginning with 'X-Spam-', for example:
X-Spam-Flag: X-Spam-Report: X-Spam-Status: X-Spam-Level:
Based on these headers you can have other code in your .procmailrc file that will refile or delete spam based on your preferences.Note: Mail arriving for certain Nojunk domains, such as boxmail.com, might not be scanned by SpamAssassin at this time. This will be corrected in the future.
You can adjust your SpamAssassin preferences by editing the user_prefs file in your .spamassassin directory. If this does not already exist, SpamAssassin will automatically create one for you. You can also use a web interface to update your SpamAssassin preferences at this URL:
https://usermin.rahul.net:20000/
Use the above web interface to adjust the following settings to your satisfaction:
Allowed and Denied Addresses -> From: addresses to never classify as spam From: addresses to always classify as spamThere are a large number of other SpamAssassin settings, but we recommend you change them only if you consider yourself to be an advanced SpamAssassin user.
Spam Classification -> Hits above which a message is considered spam Languages in email that are not considered potential spam Character sets in email that are not considered potential spam
- Answers in this category:
(Old) SpamAssassin: How to Enable
(Old) SpamAssassin: Bayesian Filtering
(Old) SpamAssassin: Upgrade from Private Installation
(Old) SpamAssassin Security
- 2009-Oct-25 05:02
Rahul.Net Home : Classic Linux Environment : (Old) SpamAssassin to Identify Spam :
(Old) SpamAssassin: How to Enable
- Since SpamAssassin is automatically active, you need do nothing to enable it. However,
if in the past you had explicitly enabled SpamAssassin by adding any lines into
your .procmailrc file, you should remove those lines, to avoid making SpamAssassin
run twice.
If you have lines like the following in your .procmailrc file, or any other lines that invoke "spamassassin" or "spamc", you should remove them or comment them out.
# spamassassin beta-test {{{
# back up :0c: ./Mail/Backupmail
# filter :0fw | spamc
# }}}
- 2009-Oct-25 05:03
Rahul.Net Home : Classic Linux Environment : (Old) SpamAssassin to Identify Spam :
(Old) SpamAssassin: Bayesian Filtering
- Bayesian filtering involves SpamAssassin learning which email
you consider to be spam and which email you consider to be non-spam.
SpamAssassin will automatically try to initialize the Bayesian database
from some of your email messages by guessing which ones are
spam and which ones are not. However, this wil not give the
best results. For best results, you must yourself teach SpamAssassin
before Bayesian filtering will become fully effective.
Collect non-spam messages in a mailbox, and then use this command:
% sa-learn --progress --mbox --ham <filename>
where <filename> is the filename of the mailbox containing non-spam (termed 'ham').Collect spam messages in another mailbox, and then use this command:
% sa-learn --progress --mbox --spam <filename>
The sa-learn command will automatically ignore duplicates, so you can efficiently run it on the same mailbox(es) over and over again.After sa-learn has seen a few hundred spam messages, and a few hundred non-spam messages, Bayesian filtering will become active. Then you will notice that the X-Spam-Status lines in email will includes tokens such as BAYES_99 indicating the Bayesian probability of the message being spam.
- 2009-Oct-25 05:04
Rahul.Net Home : Classic Linux Environment : (Old) SpamAssassin to Identify Spam :
(Old) SpamAssassin: Upgrade from Private Installation
- If you were previously using a privately-installed version of
SpamAssassin, you should follow the recommendations below. NOTE: If you
have any privately-installed SpamAssassin programs in your execution
PATH, you may encounter problems. Before proceeding, either remove
these privately-installed SpamAssassin programs or make sure they are at
the end of your execution PATH, not near the beginning, so the
system-supplied SpamAssassin programs are always executed.
You probably already have a user_prefs file in your .spamassassin directory. Manually combine your personal settings in this file with the global defaults contained in the file:
/usr/share/spamassassin/user_prefs.template
Your previous SpamAssassin installation may already have collected some Bayesian tokens. If so, they will be in your .spamassassin directory in files whose names match 'bayes*', such as:
bayes_journal bayes_seen bayes_toks
You can import these into the new SpamAssassin's central database.First, use 'sa-learn' at least once with the --spam or --ham option (as described in the
(Old) SpamAssassin: Bayesian Filtering section above),
so that the central database is correctly initialized for you. Otherwise the steps
below may fail.
Then cd into your .spamassassin directory and use the following commands:
% sa-learn --siteconfigpath=/ --backup > data.txt % sa-learn --restore data.txt
The first sa-learn command above will export your current Bayesian data into a file called 'data.txt'. Any error message of the form 'bayes: bayes db version 2 is not able to be used, aborting! ...' can be safely ignored.The second sa-learn command will import data from 'data.txt' into the central database.
Both sa-learn commands above can take a while, depending on the size of your existing Bayesian data.
After the --restore step above, you can check the size of the imported data with:
% sa-learn --dump magic
Look at the 'nham' and 'nspam' values to get a count of non-spam and spam tokens respectively in the database.After the import has been done, you can delete the bayes* files in your .spamassassin directory thus:
% rm bayes*
- 2009-Oct-25 05:04
Rahul.Net Home : Classic Linux Environment : (Old) SpamAssassin to Identify Spam :
(Old) SpamAssassin Security
- SpamAssassin uses a shared databse and a "spamd" daemon that changes
to your username before processing your mail. Due to the nature of
the implementation, a dedicated adversary logged into the machine
could cause spamd to read your user_prefs file, or possibly add addresses
to your whitelist, or read or write your Bayesian tokens. Since your Bayesian
tokens are stored in a hashed form, it is unlikely that anybody else will be
able to tell what text is contained in your email.
In practise we don't expect any of this to be a problem. In no case does SpamAssassin allow anybody to access any of your data outside of your .spamassassin directory and outside of the Bayesian database.
- 2009-Oct-25 05:04
Rahul.Net Home : Classic Linux Environment :
(Old) Virus Scanning
- All incoming email is scanned for viruses before it is permitted into our
Classic Linux servers. If any virus is recognized, the email
message is immediately rejected with an error message similar to:
550 Virus Detected; Content Rejected
If you are sending outgoing mail from your home or office machine through our SMTP server, and if the send attempt fails with a message like the one shown above, it means that our SMTP server is detecting a virus in the email that you are attempting to send. Use an antivirus program on your home or office machine to clean it of any viruses and then try again.If anybody trying to send you email complains that his email to you is bouncing back with an error message like the one above, it means that our SMTP servers are detecting a virus in the email that he is trying to send to you. Ask him to use an antivirus program on his home or office machine to clean it of any viruses and then try again.
- 2009-Oct-25 05:02
Rahul.Net Home : Classic Linux Environment :
(Old) If Legitimate Mail is Blocked
- Our SMTP filtering does not block spam per se. It blocks all mail arriving from certain hosts and IP addresses that are more likely than others to send spam. Non-spam mail coming from these locations will also be blocked. Although the fraction of legitimate mail that will be blocked is small, it is not zero.
If a correspondent is unable to send you email because our SMTP filtering is blocking his host or IP address, here are some of your choices.
- You can ask the person who administers the sending site to correct the problem that is causing the blocking, if it is correctable. For example, if he is sending mail from a dynamic IP address, he could relay mail via his connectivity provider's mail server. If he is sending mail from a host that does not have valid DNS, he could attempt to correct the DNS configuration, or relay outgoing mail via another server (a "smarthost") that does have valid DNS. If he is operating or sending from a pro-spam site that is blocked because of its reputation, he can persuade his organization to cease its pro-spam activities and have itself de-listed from the various black lists.
- You can ask the sender to get a different mailbox (for example, at a free email provider) and send you mail from there.
- You can switch off your own SMTP filtering. Then you will be able to receive mail from this sender. You will also get more spam. Details are in
(Old) Classic Linux: SMTP Filtering to Keep Out Spam. (Note: switching off SMTP filtering does not leave you completely helpless. All incoming email is also scanned by 
(Old) SpamAssassin to Identify Spam and you may adjust your .procmailrc script to delete or refile spam as appropriate to your needs. This may, however, increase the burden on you to visually check your spam folder for any misfiled mail.)
- You can add an alternate email address for yourself, keep SMTP filtering switched off for this alternate address, and ask the sender to send you mail at this alternate email address. Details are in
(Old) Selective Whitelisting.
If you think that our blocking is too aggressive, and that some innocent party sending mail from a well-administered location, not affiliated with any pro-spam organization, having valid DNS, and not using a dynamic IP address, is being unfairly blocked, then please do the following.
FIRST, take action as described above, so the innocent sender is able to send you mail.
THEN, ask the person who administers the sending site to go to one or more of the web sites below, and check to see if his IP address is being blocked in any black lists, and if so, to take all possible reasonable steps to get his IP addresses delisted from the ones that are in wider use.
- OpenRBL http://www.openrbl.org/
- CompleteWhoIs http://www.completewhois.com/rbl_lookup.htm
- Robtex http://www.robtex.com/
- Declude http://www.declude.com/Articles.asp?ID=97FINALLY, please contact support@rahul.net and notify us of the situation.
- 2009-Oct-25 05:03