SpamAssassin

Figure. SpamAssassin main view.

SpamAssassin is an open source project dedicated to fighting spam. This software uses a set of complex rules to ascertain whether a message is spam or genuine. Basically, these rules check against typical spam templates.

These rules are constantly updated as new spamming techniques are introduced.

SpamAssassin is very good at identifying "phishing" messages that are trying to fool a user into giving out financial information.

SpamAssassin uses wide variety of local and network tests to identify spam signs. This makes it harder for spammers to identify one aspect which they can craft their messages to work around.

IceWarp Server uses the SpamAssassin rules but has its own in-house written engine to process them.

Tip: Until the whitelist_from_rcvd variable is implemented, you can use the following workaround to whitelist a sender safely:
Create a content filter that checks the sender (MAIL FROM) and compares with its true rDNS. Example for emails sent from Facebook:
Where Sender matches facebookmail.com
AND Where rDNS (PTR) matches facebook.com
Accept message

Figure. General section.

Field

Description

Active

Enables the SpamAssassin filters.

Warning: This option is recommended.

Use SURBL

Check this option to enable Spam URI Realtime Blocklist technology.

Rather than trying to identify spam senders, SURBL works by identifying the presence of the URI's of spam hosters in the message body. It is much more difficult for a spammer to change his host URI than anything else so this is a very reliable way of identifying them.

SURBL is an excellent way of identifying "phishing" sources, i.e. sources that are well known for sending out messages intended to defraud people by the capture of bank login or credit card details.

You can find more information at http://www.surbl.org/.

Note: This feature has to be enabled, if you want to run URIBL.

Use SPF

Check this option to enable SPF (Sender Policy Framework) technology.

SPF technology uses DNS to determine whether a message reported as coming from one domain and originating from another is valid. This relies on the DNS records being published, which is not always the case, and a "softfail" can occur, whereby the technology believes the sending host is not valid but cannot be sure.

Use the slider to tell IceWarp Server what to do when the SPF check returns a "softfail".

  • Low: Adds 0.1 to the spam score..
  • Medium: Adds 2.0 to the spam score..
  • High: Adds 5.0 to the spam score - very strict!

For an introduction to SPF please visit http://www.openspf.org/.

Use Razor2

Check this option to have IceWarp Server use the Razor2 antispam technology.

Razor2 is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor2 establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam.

Emails are identified by a hashed random portion of the email itself. Because the portion is random, and the position of the portion is constantly changing, it is very difficult for spammers to create a message that will bypass Razor2.

You can find out more about Razor2 at http://razor.sourceforge.net/.

Note: For Razor2 to function correctly, you will need to open the 2703 port on your firewall and/or router

Use DKIM

Check this option to enable DKIM technology.

See http://antispam.yahoo.com/domainkeys/ for a full introduction.

If an incoming email from a domain which has a DNS DomainKey record is not signed, the total spam score is increased.

If an incoming email is not signed at all, the score is also increased (but less than in the first case).

Configuration file

Click this button to open the SpamAssassin configuration file (local.cf).

Warning: Please, do not change any option within this file unless you are sure you know what you are doing. For information on creation rules within the local.cf file, refer here:
http://wiki.apache.org/spamassassin/WritingRules

Example of SpamAssassin tests for version 3.3.x: https://spamassassin.apache.org/tests_3_3_x.html

Warning: SMTP service restart is necessary after any SpamAssassin rule creation/change (within this file).
To avoid that, you can update the spam update URL. In the console - File - API console, search for "spamupdateurl", double-click it and click OK, so it refreshes.
Or use tool.exe:
tool modify system c_as_spamupdateurl http://www.icewarp.com/update/spam.xml

(For SpamAssassin rules (the rule rule.cf file), it is still necessary to restart the SMTP service.)

Note: When creating customer rule files (.cf files), put them into the /spam/rules/custom folder, so that they do not get overwritten when IceWarp Server updates the rules folder.

 

Figure. Reporting section.

Field

Description

Enable reporting functions

Check this option if you wish to enable SpamAssassin reporting.

Choose one of the three options for how you want reporting to function.

Report is added to headers and/or subject of the original message

The message will be received with modified headers.

Note: This option is recommended.

Generate report message (attach original message to report)

SpamAssassin report message will be received, with the original message attached.

Convert original message to text and attach to report message

SpamAssassin report message will be received, with the original message attached as a text file.

 

Figure. Statistics section.

Field

Description

Log daily statistics to file

Enter a directory\file_name to have SpamAssassin statistics logged to a file. You can use the yyyymmdd style of a file name here to have the file dated.