SpamAssassin
Figure. SpamAssassin main view.
SpamAssassin is an open source project dedicated to fighting spam. This software uses a set of complex rules to ascertain whether a message is spam or genuine. Basically, these rules check against typical spam templates.
These rules are constantly updated as new spamming techniques are introduced.
SpamAssassin is very good at identifying "phishing" messages that are trying to fool a user into giving out financial information.
SpamAssassin uses wide variety of local and network tests to identify spam signs. This makes it harder for spammers to identify one aspect which they can craft their messages to work around.
IceWarp Server uses the SpamAssassin rules but has its own in-house written engine to process them.
Tip: Until the whitelist_from_rcvd variable is implemented, you can use the following workaround to whitelist a sender safely:
Create a content filter that checks the sender (MAIL FROM) and compares with its true rDNS. Example for emails sent from Facebook:
Where Sender matches facebookmail.com
AND Where rDNS (PTR) matches facebook.com
Accept message
Figure. General section.
Active
|
Enables the SpamAssassin filters.
Warning: This option is recommended.
|
Use SURBL
|
Check this option to enable Spam URI Realtime Blocklist technology.
Rather than trying to identify spam senders, SURBL works by identifying the presence of the URI's of spam hosters in the message body. It is much more difficult for a spammer to change his host URI than anything else so this is a very reliable way of identifying them.
SURBL is an excellent way of identifying "phishing" sources, i.e. sources that are well known for sending out messages intended to defraud people by the capture of bank login or credit card details.
You can find more information at http://www.surbl.org/.
Note: This feature has to be enabled, if you want to run URIBL.
|
Use SPF
|
Check this option to enable SPF (Sender Policy Framework) technology.
SPF technology uses DNS to determine whether a message reported as coming from one domain and originating from another is valid. This relies on the DNS records being published, which is not always the case, and a "softfail" can occur, whereby the technology believes the sending host is not valid but cannot be sure.
Use the slider to tell IceWarp Server what to do when the SPF check returns a "softfail".
For an introduction to SPF please visit http://www.openspf.org/.
|
Use Razor2
|
Check this option to have IceWarp Server use the Razor2 antispam technology.
Razor2 is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor2 establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam.
Emails are identified by a hashed random portion of the email itself. Because the portion is random, and the position of the portion is constantly changing, it is very difficult for spammers to create a message that will bypass Razor2.
You can find out more about Razor2 at http://razor.sourceforge.net/.
Note: For Razor2 to function correctly, you will need to open the 2703 port on your firewall and/or router
|
Use DKIM
|
Check this option to enable DKIM technology.
See http://antispam.yahoo.com/domainkeys/ for a full introduction.
If an incoming email from a domain which has a DNS DomainKey record is not signed, the total spam score is increased.
If an incoming email is not signed at all, the score is also increased (but less than in the first case).
|
Configuration file
|
Click this button to open the SpamAssassin configuration file (local.cf).
Warning: Please, do not change any option within this file unless you are sure you know what you are doing. For information on creation rules within the local.cf file, refer here: http://wiki.apache.org/spamassassin/WritingRules
Example of SpamAssassin tests for version 3.3.x: https://spamassassin.apache.org/tests_3_3_x.html
Warning: SMTP service restart is necessary after any SpamAssassin rule creation/change (within this file). To avoid that, you can update the spam update URL. In the console - File - API console, search for "spamupdateurl", double-click it and click OK, so it refreshes. Or use tool.exe: tool modify system c_as_spamupdateurl http://www.icewarp.com/update/spam.xml
(For SpamAssassin rules (the rule rule.cf file), it is still necessary to restart the SMTP service.)
Note: When creating customer rule files (.cf files), put them into the /spam/rules/custom folder, so that they do not get overwritten when IceWarp Server updates the rules folder.
|
Figure. Reporting section.
Enable reporting functions | Check this option if you wish to enable SpamAssassin reporting. Choose one of the three options for how you want reporting to function. |
Report is added to headers and/or subject of the original message | The message will be received with modified headers. Note: This option is recommended. |
Generate report message (attach original message to report) | SpamAssassin report message will be received, with the original message attached. |
Convert original message to text and attach to report message | SpamAssassin report message will be received, with the original message attached as a text file. |
Figure. Statistics section.
Log daily statistics to file | Enter a directory\file_name to have SpamAssassin statistics logged to a file. You can use the yyyymmdd style of a file name here to have the file dated. |