How we filter mail on the SEAS Mail Server

This article is designed to give the technical details of how we filter mail for spam. Please see our spam filter article for more practical details about filtering spam.

The steps

  1. A message comes in to a SEAS mail gateway.
  2. The gateway rejects the message if it cannot be delivered (eg, no such user).
    When a message is rejected, the SEAS gateway tells the sending machine. The sending machine usually tells the sender.
  3. The gateway rejects the message if the From address domain doesn't exist (e.g. user@foo.com will be rejected if foo.com is not a real domain name).
    Rejecting a message is much faster than accepting it and delivering it to your spam folder. We would need a much larger mail system if we didn't reject obvious garbage.
  4. The gateway rejects the message if it is larger than a certain limit (currently 20M).
  5. The gateway rejects the message if it contains a known virus or some other attack.
  6. The gateway uses Proofpoint to score the message, and the score is recorded in the message headers.
  7. If the message has a Proofpoint score over 9.5, the gateway rejects the message.
  8. The gateway detects types of attachments that we consider "dangerous". The message is "quarantined", and we notify the recipient by email. For more details, please see our prohibited attachments article.
  9. The gateway passes the mail to your SEAS mail server.
  10. The mail server uses Bogofilter and your personal spam database to score the message, and the score is recorded in the message headers.
  11. The mail server then passes the message to your SEAS account for delivery.
  12. In your SEAS account

  13. Mail from addresses in your allow list are passed through immediately.
  14. Mail from addresses in your block list are filtered out immediately.
  15. Mail with Proofpoint scores over 5 (or whatever you've adjusted your spam settings to) goes into your spamfolder.
  16. Mail that Bogofilter scores as definitely Spam goes into a spam folder.
    Bogofilter is trained using webmail and mutt. If you don't train it, then it lets everything through. If you use Thunderbird, Apple Mail, or Eudora, you can use their built in personal filter instead.
  17. Remaining mail gets put into your inbox.
  18. In your mail software

  19. Some mail software (e.g. Thunderbird, Apple Mail, and Eudora) can be trained to do personal mail filtering when they get the message from your inbox.
  20. You read the message and indicate whether it is "spam" (unwanted) or "ham" (wanted). This trains your personal mail filter. Please see our personal spam filter article.

Comments

The personal filter is a convenient way to fine-tune your personal preferences. It works best in conjuction with Proofpoint, catching the messages that get past Proofpoint that you consider spam.

Thunderbird, Eudora, and AppleMail all have built-in personal spam filtering. For our Mutt and Webmail users, we've added a similar personal spam filtering program called Bogofilter. Information about Bogofilter is available from their web site, www.bogofilter.org. You are also welcome to write your own procmail code instead of our standard code.

© Computing and Educational Technology Services | Report a Problem
cets@seas.upenn.edu | 215.898.4707