The CSG Maintained Spam Filter, or just mailfilter, is an easy way to filter your email. It is simply a procmail configuration file that uses some widely available tools to detect spam.

No spam filter can catch all spam or guarantee against misidentifications and mailfilter is no exception.

Installing mailfilter

Installation is very simple. At a shell prompt on a Sun workstation, type:

mailfilter-install

This will install mailfilter unless you have an existing .forward or .procmailrc file. If you do, then it will complain and exit without doing anything. In that case, if you still want the filter installed, send an email to help and request that the filter be installed manually.

What is installed?

When you run mailfilter-install, two files are written in your home directory. The first is a .forward file. It directs the Mathnet mail delivery program to deliver e-mail to a program instead of directly to your inbox. The second is a .procmailrc file. It is a procmail configuration file that directs procmail to use the system-wide filters that make up the mailfilter system.

You can add your own procmail configuration directives to this installed .procmailrc file to customize procmail's behavior to meet your individual needs.

What is filtered?

The filter has 3 main components any of which can be turned off on a per user bases:

spam filter

The spam filter consists of locally written procmail recipies and the popular spam detecting program SpamAssassin. Among the many criteria that SpamAssassin uses to determine whether a given message is spam is membership in one or more of several blackhole lists including:

• NJABL.ORG - Not Just Another Bogus List
• SORBS - Spam and Open Relay Blocking System
• The SpamCop Block List
• The SpamHaus Block List

virus filter

Viruses are detected using Clam AntiVirus which compares email messages to various virus "signatures" contained in a local database of signatures. The local database is updated every four hours from http://database.clamav.net/. Other tests may be added from time to time to supplement the Clam AntiVirus test.

alt-charset filter

A lot of spam is sent in alternage character sets. Since most people aren't expecting messages in alternate character sets, this filter can be quite effective. However, if you regularly receive email in alternate characater sets, you should disable this filter or maybe ask for help customizing a filter that only filters messages in character sets that you don't want to see.

The exact contents of the filters is dynamic. You can look at the current filters here. The filters are changed as new spam patterns are found. Please send email to mailfilter-admin@math.psu.edu if you would like to suggest a rule to add to our filter.

Each night an e-mail is sent to anyone that has had email filtered by the CSG maintained filter during the previous 24 hour period. The email contains a listing of filtered Subject and From headers.

Where does mail go when it is filtered?

When a message is filtered, it is saved in a directory:

/var/spool/mail/mailfilter-quarantine/USERNAME

the files in that directory are expired after a period of time. As the filter is new, the expiration period is still to be determined, but it will probably be over two weeks.

You can get a list of From and Subject headers of filtered messages with the command:

mailfilter-list

If you just want to see messages filtered over the last 5 days, for example, you can use the the same command with the -d flag.

mailfilter-list -d 5

The mailfilter-list command will output a list with one line per filtered message that will look something like:

msg.FEG   address1@foo.com                *****SPAM***** spam subject
msg.GEG   anotheraddr@bar.com             a subject

If you'd like to retrieve a copy of a message that has been filtered, you can use normal unix commands to copy the message file or you can use the command:

        mailfilter-retrieve MESSAGE_NAME

where MESSAGE_NAME is the string in the first column of the report that mailfilter-list generates. The mailfilter-retrieve command will copy the message file to your home directroy. That is it will create a file in your home directory named MESSAGE_NAME. It will complain if a file with that name already exists.

Client-side filtering

It is possible to configure the CSG maintained filter to mark messages as spam only and to leave filtering to the end user's mail application. To do this:

1. Open your .procmailrc file in a text editor.
2. Remove the line: INCLUDERC=/etc/procmail/filter-spam
3. Replace it with: INCLUDERC=/etc/procmail/mark-spam
4. Save the file.

After you have done this, spam will no longer be moved to the server side quarrantine. Mail that SpamAssassin considers spam will have headers that begin with the strings:

        X-Spam-Flag: YES
        X-Spam-Status: Yes

You mail client may be able to filter or mark mail that contains those headers.

If you would like to do this but don't want to edit your .procmailrc, just send a message to help.