EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   Runbox Forum (http://www.emaildiscussions.com/forumdisplay.php?f=18)
-   -   How To Improve SPAM Filtering using Runbox Filters (http://www.emaildiscussions.com/showthread.php?t=18751)

carverrn 30 Jan 2004 06:00 AM

How To Improve SPAM Filtering using Runbox Filters
 
2005-07-15: This information hasn't been updated since Runbox implemented the trainable DSPAM filter. But much of the information is still relevant.

A blocklist doesn't do much good for most SPAM since SPAM doesn't usually
have a valid "From" address nor use the same "From" address everytime.


Here's what seems to work very well for me.

(1) For "Detect junk mail" select "Yes, reject if possible"
I no longer recommend selecting this option. See below for details.

This allows Runbox to reject a message at the time it's being received,
if it is flagged as SPAM and if everyone receiving the message has agreed
to reject SPAM. I originally didn't use this option but the Linpro guys (the
ones hosting the Runbox mail servers) convinced me it's a good choice.


2005-07-15: After using "reject if possible" for a while I decided it's not a feature worth using. It can cause more problems than it solves. First, if you receive messages from groups like Yahoo Groups or Google Groups it can bounce spam messages back to Yahoo or Google which will cause your address to be marked as "bouncing" and you'll stop getting mail from your groups until you reactivate your address. Second, since a lot of spam is bulk mailed to many users at the same domain there's a good chance that for a given spam mail at least one user will not have selected this option so for that message it's disabled for everyone. Finally, it's probably more likely to bounce a valid message sent just to you that was incorrectly flagged as spam and you'd never know it.

(2) Create a "Spam" folder and a filter defined as:

Order: -2
Messages where: "Header" "contains" "X-Spam-Flag: YES"
will be: "saved to folder" "Spam"

By selecting "reject if possible" for the "Detect junk mail" option,
we have also disabled the ability to move SPAM to a Spam folder. This
defines our own Spam Filter that will do the same thing the original
Spam Filter did.

If you want your Spam Filter to be more restrictive, like have a cutoff
of 4 instead of the default of 5, you can define your filter like this:

Order: -2
Messages where: "Header" "contains" "X-Spam-Level: ****"
will be: "saved to folder" "Spam"

For this filter, any message with a score greater than 4 (e.g. 4.1) will
be moved to the Spam folder.


(3) Create a "NotInWhiteList" folder and a filter defined as:

Order: 999
Messages where: "Header" "doesn't contain" "USER_IN_WHITELIST"
will be: "saved to folder" "NotInWhiteList"

This should be your very last filter. If a message makes it all the way to
this filter, it's next stop would be the Inbox. This filter will make sure
that the message is from someone in your Whitelist, if not, it moves it to
the "NotInWhileList" folder.

Initially you will have messages in your "NotInWhiteList" folder that you
either want to add to your Whitelist or create a filter to move it to a
folder (could even be the Inbox). You will also have SPAM that wasn't caught
by SpamAssassin. Eventually, as you update your Whitelist and filters, the
"NotInWhiteList" folder will contain mostly uncaught SPAM.


(4) Messages over 250K in size are not scanned by SpamAssassin. The reason
being that mail that large is unlikely to be SPAM. Unless these messages are
moved to a folder by a filter, they would end up in the "NotInWhiteList"
folder because they will never contain the "X-Spam-Status" header for the
"USER_IN_WHITELIST" check. To avoid this you can add the following filter:

Order: 998
Messages where: "Header" "doesn't contain" "X-Spam-Status"
will be: "saved to folder" "Inbox"

This moves ANY message that hasn't been scanned by SpamAssassin to the Inbox.

Or you could create a NotSpamChecked folder and move it there.


(5) Add addresses of people/places you expect "ham" (not spam) email from
to the Spam Filter whitelist.

When SpamAssassin checks a message it will check the whilelist for the
"From" address. If it finds the address, it will add "USER_IN_WHITELIST"
to the "X-Spam-Status" header in the message.


(6) Add filters for Mailing Lists and Groups. For mailing lists or groups
(e.g. Yahoo Groups) that use the senders real email in the "From" address
instead of the list/group email address, setup filters to move these messages
to the proper folder. If they use the list email address in the "From" address
you could White List it instead but you still might want to have a filter to
move them to a folder.


(7) Add other filters as needed/wanted.

Messages are checked by SpamAssassin as they arrive at the Runbox servers.
However, messages flagged as *SPAM* are not filtered until your filters are
processed. The Spam Filter runs at an order value of "-2".

If you want your filters to run BEFORE the Spam Filter, allowing you to handle
ALL messages, your filter order values must be less than -2 (-3 through -99).

If you want your filters to run AFTER the Spam Filter, allowing flagged SPAM
to be filtered, your filter order values must be greater than -2 (-1 through
999).

CAUTION: You can have multiple filters with the same order value. Within
the same order value, filters are processed in the order in which the entry
was first added to the database. The filters page will show the filters in
the order processed.


It may seem a bit complicated but it's working really well for me.


Regards,
Rich

jbs 30 Jan 2004 07:59 AM

Rich,

Thanks for an excellent set of instructions. I've dodged spam thus far but I think I will start building up my whitelist just in case.

Along those lines I'm wondering whether there is an easy way to add a lot of addresses to the whitelist. I'd love to be able totake my contact manager software, dump out a file of all the email addresses and add them to my whitelist. Doing so I'd have 99% of my wanted email already flagged for whitelist.

I tried using the RBTB2 and entering multiple addresses in the input field, separated by spaces, commas or semicolons but could only get it to work with one at a time. Is that the way it works?

Along similar lines, I know your toolbar has an excellent tool for mass-uploading to one's address book . . . does being in the address book make a contact automatically count as whitelisted?

If not, then can I respectfully suggest to the Runbox team (or the Toolbar "team" ;-) a mechanism for mass uploading of whitelist names?

--Jason

carverrn 30 Jan 2004 12:13 PM

Hi Jason,

Quote:

Along those lines I'm wondering whether there is an easy way to add a lot of addresses to the whitelist.
There is a way, "kind of". You can use my Edit Whitelist bookmarklet. It will display all the Whitelist entries in an edit box so that you can add/paste/delete/cut/edit. Each address should be on a line by itself. If you can export your addresses that way then you can simply cut and paste the whole list. Otherwise you'll have to cut and paste one at a time.
Quote:

I tried using the RBTB2 and entering multiple addresses in the input field, separated by spaces, commas or semicolons but could only get it to work with one at a time. Is that the way it works?
RBTB2 ... I like that :)

It currently only handles one address at a time. I could take a look at handling multiple addresses.
Quote:

Along similar lines, I know your toolbar has an excellent tool for mass-uploading to one's address book . . . does being in the address book make a contact automatically count as whitelisted?
Unfortunately no. It would be nice if this was possible in the future.

Regards,
Rich

jbs 31 Jan 2004 12:34 AM

Quote:

Originally posted by carverrn
There is a way, "kind of". You can use my Edit Whitelist bookmarklet. It will display all the Whitelist entries in an edit box so that you can add/paste/delete/cut/edit. Each address should be on a line by itself. If you can export your addresses that way then you can simply cut and paste the whole list. Otherwise you'll have to cut and paste one at a time.
Rich-

Well, I hate to correct you in public like this, but you were wrong when you said there is a way 'kind of'. In fact, your bookmarklet (surprise surprise) is PERFECT!! Not only did it allow me to wasily and quickly add 500 email addresses to my whitelist, but it also id'ed for me a dozen or so cases where I had improperly formatted email addresses in my Palm Pilot!

The process was relatively simple. I exported the email field of my Palm address book to a CSV file, opened in excel, then copied into notepad and back into excel (this split records where I had multiple email addresses separated by carriage returns into separate cells in Excel. Then I split data to columns using commas as delimiters, so that any fields where I had multiple emails separate by commas would go into separate cells. I pasted the cells that were now in columns B, C, etc into column A and sorted alphabetically. I then pasted them into your form (about 100 at a time) and voila!

Just tested it with an email from myself (fortunately I'm on my whitelist -- it's obviously not that exclusive) :D and saw the beloved USER_IN_WHITELIST flag. I've never used this before because of the difficulty in adding addresses one at a time, and a concern that if I only added them from emails I got, I would slways be getting emails in my "NotInWhitelist" folder from that person you'd not heard from in a long while.

Even though Spam's not been a problem for me yet at this new address, I'm going to modify my growing system of filters to mimic what you've described above, and start to build a good solid pre-emptive system for dealing with spam.

Thanks again, Rich! You rock!!

--Jason

Liz 31 Jan 2004 01:47 AM

Just FYI, I'm working on incorporating Rich's excellent "scheme" in the help pages, just have to find a way that doesn't send the insecure users into spasms of panic. ;)

Also, the current placing of the Toolbar and bookmarklets links is way too hidden away, I think (in the Help pages, under email add-ons).

Liz

petrs 31 Jan 2004 02:14 AM

that would be great - but please, make it 'idiot-proof' so even I can undestand it :D

Liz 31 Jan 2004 02:16 AM

If I understand it, you will too. ;)

Liz

carverrn 31 Jan 2004 03:37 AM

For the Spam Filtering, I know the process sounds a bit complicated although it's not too bad. I tried to add a little explanation of "why" it was being added but it might be easier for some if you just say "trust me, it will work" and just show the filters to add. Some better formatting via HTML and aa few screen shots might make it easier to follow too.

For the Whilelist editing, I said "kind of" because it would be a lot easier if it could import CSV files directly. I could probably do this with the import stuff form the Import Addressbook bookmarklet. I should probably write an Export Addressbook too then. I guess it's time to work on bookmarklets again.

Rich

MikhailT 31 Mar 2004 04:20 PM

i was wondering if anybody have time to make a visual repersentation of what carvern is talkin about. Not a lot of people would understand and i admit even tho im an IT major, i had trouble understand where is where and to input what.

Liz 31 Mar 2004 11:56 PM

Not a bad idea...if anyone would like to set up a dummy account with dummy contacts and make some screenshots with text a la the POP/IMAP setups guides (JPEG please), they will be rewarded. :) Do mail us first though, in case more than one person volunteers. :)

Liz

Gnome 1 Apr 2004 04:26 AM

Hi, problem with setting these filters around case sensitivity of the in the email address.

My work address gets sent as:
Joseph.Cairns@ibx.com

But on the white list I'm only able to put:
joseph.cairns@ibx.com

There's no way for me to enter anything with upper case, so unfortunately, the server isn't putting the "USER_IN_WHITELIST" tag on this header.

The process should be converting everything to lower case before it compares addresses but it doesn't seem to be doing this.

Thanks!

Daniel S 1 Apr 2004 04:30 AM

You might want to reformat your address so it doesn't get spammed (userATdomain instead of realuser@realdomain). Also, you don't need to put your username, enough to put your UserName for the example.

Gnome 1 Apr 2004 04:40 AM

How my email admins at work set up my address' format is outside of my control.

This is coming from my worlk server with the capitals but I'm unable to enter an address with capitals in the white list.

Edit Note: regardless email addresses are not case sensitive and User@xyz.com should match user@xyz.com.

Daniel S 1 Apr 2004 04:45 AM

according to the RFC's, the localpart is case sensitive.
I ment how you write your address in your post. (write supportATrunbox instead of support@runbox).

Gnome 1 Apr 2004 04:50 AM

Ahh gotcha have a million things going on here at once and my head is spinning. ;)

My address at work is send only so no worries there, but I'll keep it in mind for future reference, thanks!

Quote:

according to the RFC's, the localpart is case sensitive.
RFC?

Daniel S 1 Apr 2004 05:39 AM

RFC = Request For Comments
list
These documents set the current and future standards (define the protocols, etc).

RFC2821 (SMTP) states (Section 2.4):
Quote:

The local-part of a mailbox MUST BE treated as case sensitive.

Gnome 1 Apr 2004 05:55 AM

Ahh cool, I'll read through that. The whitelist section should allow us to add case sensitive addresses then, it currently only alllows entries of all lower case.

trond 1 Apr 2004 09:20 AM

Quote:

Originally posted by Daniel S
RFC2821 (SMTP) states (Section 2.4):
(that local-parts are case sensitive)

Yes, that's true, but as the next passage says:

Quote:


Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. In particular, for some hosts the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.

So this just says that the mailserver must never change the case of the local-part when it receives a mail and hands it on to another mail server. Our mailserver (and pretty much every mailsystem connected to the internet) has case insensitive usernames (local-part).

So, regarding the whitelist question. I'm really surprised that a lower case mail address doesn't match the mixed case address. I'll have to check spamassassin to find out if this is expected behavior.

carverrn 4 Apr 2004 02:10 PM

Quote:

So, regarding the whitelist question. I'm really surprised that a lower case mail address doesn't match the mixed case address. I'll have to check spamassassin to find out if this is expected behavior.
SpamAssassin isn't case sensitive. The lower case names in the Whitelist will match any case. I tested it before and just retested it and it works fine.

It should be noted that a change to the Whitelist might not be instant. There could be several minutes before SpamAssassin actually sees the updated Whitelist. With my most recent test, a test message sent immediately after changing the Whitelist did not result in a USER_IN_WHITELIST. All subsequent test messages did.

Regards,
Rich

Gnome 5 Apr 2004 11:44 PM

It may be that way for you but it's not the case for me as of last Friday. That setup is working for every incoming email I have in my white list sans the one with the capital letters for the account name.

If it's not case then I don't know what it is.

Gnome 5 Apr 2004 11:45 PM

Something changed since Thursday/Friday then as this now works now with no changes on my end.

carverrn 6 Apr 2004 05:20 AM

Glad to hear it's working now.

Rich

mail2me 7 May 2004 05:02 AM

Re: How To Improve SPAM Filtering using Runbox Filters
 
Quote:

Originally posted by carverrn
Here's what seems to work very well for me.

(1) For "Detect junk mail" select "Yes, reject if possible"

This allows Runbox to reject a message at the time it's being received,
if it is flagged as SPAM and if everyone receiving the message has agreed
to reject SPAM. I originally did use this option but the Linpro guys (the
ones hosting the Runbox mail servers) convinced me it's a good choice.

Does the Runbox "reject" really work?

I have tried sending the famous "ADV: Your Membership Exchange order -- Question to eBay seller g.r.a.p.e?" message minus the "ADV" ( since FastMail doesn't allow sending messages with it in the subject line) from various accounts to test this feature. The message definitely gets flagged as spam and filed to the Spam folder but it doesn't get rejected.

jbs 7 May 2004 06:19 AM

Re: Re: How To Improve SPAM Filtering using Runbox Filters
 
Quote:

Originally posted by mail2me
Does the Runbox "reject" really work?

I have tried sending the famous "ADV: Your Membership Exchange order -- Question to eBay seller g.r.a.p.e?" message minus the "ADV" ( since FastMail doesn't allow sending messages with it in the subject line) from various accounts to test this feature. The message definitely gets flagged as spam and filed to the Spam folder but it doesn't get rejected.

I think I can answer this, it's a bit tricky but here's how I understand it. When a spam comes through for, say, 10 users, SA looks at it and determines if it is, in fact, spam. If it is, then the Runbox mail server has the option of rejecting the entire transaction from the sending mail server, but ONLY if every one of the recipients had selected Reject If Possible.

If anyone did not have Reject If Possible chosen, then Runbox is required by email protocol to accept it and deliver it to all recipients.

The strange thing in what you describe is, as I understand it, you should not be able to have simultaneously selected "Reject if Possible" and "File in XX folder". They are 2 different options.

So, for people who choose Reject if Possible, you need to set up a filter in your Manager to reject anything that meets your criteria of spam. So mine, for example, says any messsage whose header contains "X-Spam-Level: ****" should be filed as spam. This catches anything with a SA score above ~4 and moves it to my Spam folder.

Post here again if you have "Reject If Possible" selected, no other Spam filters that you've set up yourself, but Spam getting moved to a separate folder. I'd be interested in understanding it better.

What you've described (not being rejected, filed in folder) would make sense if the second of the 3 spam options is selected, "Detect, and file in XX".

In the mean time, hope this all makes sense.

--Jason

mail2me 7 May 2004 06:44 AM

Hi Jason,

Thanks for the reply.

These are some of my points.

1) I have currently selected "Yes, reject if possible". The "Yes, save to folder" is Trash but it is not selected. I also have a filter order -2 which reads:
Messages where: "Header" "contains" "X-Spam-Flag: YES" will be: "saved to folder" "Spam" as suggested above by Carverrn.

2) Previously I had also selected "Yes, reject if possible", but the "Yes, save to folder" was Spam but it was also not selected. However, the spam messages continued to file to "Spam" folder. Don't you think this is strange?

3) I sent out a sample message from both my FastMail account as well as my MailSnare account. They both had my correct email addresses as the "From" address. The messages were classified as spam by runbox, but were filed to folder instead of being rejected. Can you explain it?

4) Can you give me one example of how I can test the reject feature to see that it really works?

Thanks.

carverrn 7 May 2004 07:13 AM

How the "reject if possible" is suppose to work was described in this posting by Sigurdur from Linpro (the host for Runbox's mail servers):

http://www.emaildiscussions.com/...203#post160203

Based on that I would have expected your test SPAM to be rejected (assuming you only sent it to one Runbox address).

I think SpamAssassin is handled at the Linpro end so maybe Liz can ask them to comment on this.

Rich

tore 7 May 2004 08:35 AM

Quote:

Originally posted by mail2me

1) I have currently selected "Yes, reject if possible". The "Yes, save to folder" is Trash but it is not selected. I also have a filter order -2 which reads:
Messages where: "Header" "contains" "X-Spam-Flag: YES" will be: "saved to folder" "Spam" as suggested above by Carverrn.

Actually, the "save to folder" setting is just a filter much like the one you've added manually. It doesn't check the headers, but a flag in the database, but it won't make a difference to you.

The folder in the "save to" setting is used even if you've selected the "reject if possible" option (I think so, at least), so you could just do that instead of adding the filter.

Do note the "if possible" part of "Reject if possible", though. For instance, if the mail is received from POP retreival or sent by another Runbox user from the web interface, this setting won't be used.

Quote:


2) Previously I had also selected "Yes, reject if possible", but the "Yes, save to folder" was Spam but it was also not selected. However, the spam messages continued to file to "Spam" folder. Don't you think this is strange?



I suggested having the "reject" option as a check box (which then could be turned on/off if the "Yes, save to" radio box setting was selected) when we implemented it, and I still think that would have reflected the actual process better. But I don't meddle around in the webapp code at all, so.. shrug

Quote:


3) I sent out a sample message from both my FastMail account as well as my MailSnare account. They both had my correct email addresses as the "From" address. The messages were classified as spam by runbox, but were filed to folder instead of being rejected. Can you explain it?



The reject feature was temporarily disabled a few days ago due to the load it inflicted. A new box -- bolivar -- was installed today to take over that particular task, and I expect to re-enable the feature sometime tomorrow. This new box should also pave the way for extended spam filtering functionality such as per-user bayesian databases, too.

Quote:


4) Can you give me one example of how I can test the reject feature to see that it really works?

You could try sending yourself a mail with the eicar.com test-virus attached (from another system). It will be rejected in the exact same manner as a spam would have been. Or, you could wait until sometime tomorrow and send yourself a "spammy" e-mail, and hope that I've had time to set up SpamAssassin on the new box and make the MXes use it.

jbs 7 May 2004 11:00 AM

Sounds like that explains why it was not rejected -- that the feature was temporarily disabled. Otherwise, mail2me, I would expect that your spammy message, sent from outside Runbox to only one recipient at runbox should be rejected.

Tore- I did not think that the file to folder still worked even if the Reject if Possible option was selected. I agree with you, it should be possible to select both, the Reject should be a checkbox enabled as an option when the Detect and File is picked.

I have my personal filter set up because I thought I'd read in a posting that the file to folder would not work if the reject option is selected.

By the way, for mail2me and others, the reason I filter on the occurrence of "X-Spam-Level: ****" instead of just SpamFlag: Yes is that it allows you to tailor your spam tolerance. SA decides it's spam when the score is 5 or greater, but I was occasionally getting spam that scored a 4, 4.5 4.9 etc, so I lowered my "tolerance" to 4. You could also make it X-Spam-Level: ** which would lower it to 2 (and still would catch ***, ****, *****, etc), just depends on how aggressive you want to be.

--Jason

mail2me 7 May 2004 11:50 AM

Thanks tore for the reply. You have answered all the questions.

I will wait till the reject function is enabled before testing again.

carverrn 7 May 2004 02:26 PM

Hi tore!

Quote:

This new box should also pave the way for extended spam filtering functionality such as per-user bayesian databases, too.
Speaking of spam filtering, could you jump over to this thread and address a question I had with the SpamAssassin "autolearn" values in the headers?

http://www.emaildiscussions.com/...threadid=21309

Thanks,
Rich

tore 7 May 2004 07:16 PM

Quote:

Originally posted by mail2me
Thanks tore for the reply. You have answered all the questions.

I will wait till the reject function is enabled before testing again.

You're welcome. The new box is now in production, so feel free to start your testing.

mail2me 7 May 2004 11:39 PM

Quote:

Originally posted by tore
The new box is now in production, so feel free to start your testing.
I'm afraid that the test spam message sent from both my FastMail and MailSnare simply got filed to "Spam" folder instead of being rejected. Reject if possible option was selected in Runbox Mail Manager.

mail2me 9 May 2004 02:40 AM

Quote:

Originally posted by mail2me
I'm afraid that the test spam message sent from both my FastMail and MailSnare simply got filed to "Spam" folder instead of being rejected. Reject if possible option was selected in Runbox Mail Manager.
The Runbox reject seem to work now. A possible reason for it not working previously might have been the filter order "-2" saving messages to spam folder before the Runbox spam filter action which is at order "-1". Therefore I suggest that those who want to setup a customized more aggressive manual filter to give it an order number of "0" if they want the "reject if possible messages" to be rejected first.

The reject message that Runbox sends out is as follows:
Quote:

From: Mail Delivery System
Sent: Saturday, May 8, 2004 04:22 PM
To: <sender email address>
Subject: Undelivered Mail Returned to Sender

This is the Postfix program at host <sender smtp server>

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Postfix program

<your email address>: host aibo.runbox.com[193.71.199.94] said: 550-This message
was automatically rejected because the recipient has chosen 550-not to
receive unsolicited email. If you feel your message was erroneously
550-rejected you may want to reformat/rephrase it and try again, or contact
550 support@runbox.com. (in reply to end of DATA command)

tore 9 May 2004 02:57 AM

Quote:

Originally posted by mail2me
The Runbox reject seem to work now. A possible reason for it not working previously might have been the filter order "-2" saving messages to spam folder before the Runbox spam filter action which is at order "-1". Therefore I suggest that those who want to setup a customized more aggressive manual filter to give it an order number of "0" if they want the "reject if possible messages" to be rejected first.

Actually, the filters doesn't matter at all here. The "reject" stuff happens before the message is accepted into Exim's queue, while the filters are processed as the message is departing from Exim's queue and into your home directory (or to a forwarded address, perhaps).

However, changing the reject setting doesn't come into effect real-time - the configuration is distributed to the MXes every six minutes (if I recall correctly). That also applies to the white list. That was probably the reason it didn't work for you the first time around - there is no other obvious one I can think of, at least.

carverrn 9 May 2004 02:59 AM

Thanks for posting what the spam rejection message looks like. I hadn't seen it yet.

However, the filters shouldn't have anything to do with why you weren't getting the rejection message before. According to Linpro and Runbox, SPAM rejection takes place while the message is being received so that it is never actually accepted by the Runbox mail servers. Since it is never really delivered I don't think it can ever be processed by the filters.

At least this is my understanding.

Maybe they were still playing around with getting it working again while you were playing around with the filters.

Regards,
Rich

carverrn 9 May 2004 03:00 AM

Thanks for the explanation Tore!

Rich

Liz 21 May 2004 09:23 AM

Could a MODERATOR please make this thread sticky? Thanks. :)

Liz

shelmart 6 Jun 2004 01:56 AM

Quote:

Originally posted by jbs
Just tested it with an email from myself (fortunately I'm on my whitelist -- it's obviously not that exclusive) :D and saw the beloved USER_IN_WHITELIST flag.

--Jason [/b]
I'm making extensive use of the whitelist function in Runbox but I'm not familiar with the USER_IN_WHITELIST flag. I've just looked at a couple of emails that came from folks who are on my whitelist, and this flag doesn't appear anywhere. Is there something that I need to turn on in order to see these flags?

Shelley

jbs 6 Jun 2004 04:21 AM

Quote:

Originally posted by shelmart
I'm making extensive use of the whitelist function in Runbox but I'm not familiar with the USER_IN_WHITELIST flag. I've just looked at a couple of emails that came from folks who are on my whitelist, and this flag doesn't appear anywhere. Is there something that I need to turn on in order to see these flags?

Shelley

It's not it's own header flag, but is rather embedded in the Spam Status flag. By way of examples, here's a message I got this morning from my mother (yes, she's on my whitelist too :D )

X-Spam-Status: No, hits=-99.0 required=5.0 tests=CLICK_BELOW, HTML_60_70, HTML_FONTCOLOR_BLUE, HTML_LINK_CLICK_HERE, HTML_MESSAGE, HTML_TAG_BALANCE_HTML, NO_REAL_NAME, USER_IN_WHITELIST

So it's that last entry in the X-Spam-Status flag that tells you the sender is in the whitelist, and it adds a -100 (negative one hundred) to the spam score. Thus my mother would have to REALLY send me a lousy piece of mail for it to add up to a plus five total. ;)

When you look in that flag, do you then see the USER_IN_WHITELIST text?

--Jason

oysterquartz 19 Jun 2004 01:54 AM

Re: How To Improve SPAM Filtering using Runbox Filters
 
Quote:

Originally posted by carverrn


(2) Create a "Spam" folder and a filter defined as:

Order: -2
Messages where: "Header" "contains" "X-Spam-Flag: YES"
will be: "saved to folder" "Spam"

By selecting "reject if possible" for the "Detect junk mail" option,
we have also disabled the ability to move SPAM to a Spam folder. This
defines our own Spam Filter that will do the same thing the original
Spam Filter did.

If you want your Spam Filter to be more restrictive, like have a cutoff
of 4 instead of the default of 5, you can define your filter like this:

Order: -2
Messages where: "Header" "contains" "X-Spam-Level: ****"
will be: "saved to folder" "Spam"

For this filter, any message with a score greater than 4 (e.g. 4.1) will
be moved to the Spam folder.


(3) Create a "NotInWhiteList" folder and a filter defined as:


Is anyone using multiple X-Spam-Level : ---- filters in order to filter different S.A. values into folders? If so, what is the folder preference level set at (-2 or other) and how does this affect X-Spam-Status (which I assume is like saying) X-Spam-Level: *****

I started using Rich's method and (shockingly) spam seems to have disappeared. This worries me somewhat (the fear of false positives) ;)


All times are GMT +9. The time now is 09:04 PM.


Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy