How we filter mail on the SEAS Mail Server
This article is designed to give the technical details of how we filter mail for spam. Please see our spam filter article for more practical details about filtering spam.
- A message comes in to a SEAS mail gateway.
- The gateway rejects the message if it cannot be delivered (eg, no such user).
When a message is rejected, the SEAS gateway tells the sending machine. The sending machine usually tells the sender.
- The gateway rejects the message if the From address domain
doesn't exist (e.g. firstname.lastname@example.org will be rejected if foo.com is not a real domain name).
Rejecting a message is much faster than accepting it and delivering it to your spam folder. We would need a much larger mail system if we didn't reject obvious garbage.
- The gateway rejects the message if it is larger than a certain limit (currently 20M).
- The gateway rejects the message if it contains a known virus or some other attack.
- The gateway uses Proofpoint to score the message, and the score is recorded in the message headers.
- If the message has a Proofpoint score over 9.5, the gateway rejects the message.
- The gateway detects types of attachments that we consider "dangerous". The message is "quarantined", and we notify the recipient by email. For more details, please see our prohibited attachments article.
- The gateway passes the mail to your SEAS mail server.
- The mail server uses Bogofilter and your personal spam database to score the message, and the score is recorded in the message headers.
- The mail server then passes the message to your SEAS account for delivery.
- Mail from addresses in your allow list are passed through immediately.
- Mail from addresses in your block list are filtered out immediately.
- Mail with Proofpoint scores over 5 (or whatever you've adjusted your spam settings to) goes into your spamfolder.
- Mail that Bogofilter scores as definitely Spam goes into a spam folder.
Bogofilter is trained using webmail and mutt. If you don't train it, then it lets everything through. If you use Thunderbird, Apple Mail, or Eudora, you can use their built in personal filter instead.
- Remaining mail gets put into your inbox.
- Some mail software (e.g. Thunderbird, Apple Mail, and Eudora) can be trained to do personal mail filtering when they get the message from your inbox.
- You read the message and indicate whether it is "spam" (unwanted) or "ham" (wanted). This trains your personal mail filter. Please see our personal spam filter article.
In your SEAS account
In your mail software
The personal filter is a convenient way to fine-tune your personal preferences. It works best in conjuction with Proofpoint, catching the messages that get past Proofpoint that you consider spam.
Thunderbird, Eudora, and AppleMail all have built-in personal spam filtering. For our Mutt and Webmail users, we've added a similar personal spam filtering program called Bogofilter. Information about Bogofilter is available from their web site, www.bogofilter.org. You are also welcome to write your own procmail code instead of our standard code.