|Set-up for Email|
Spam filtering implementing SpamAssassin
To reduce the annoyance of unsollicited commercial email (spam), incoming email are refused when they come from an email gateway with open relaying.
Some email gateways are set-up to accept and process emails with sender and recipient located outside of their own domain (the red arrow on the graph). This is known as open relay. A spamer can send email to an open relay, that will then be forwarded to the final recipient. It help to hide spamer's tracks.
A list of email gateways with open relay is kept by MAPS/RBL. CSIM email server will refuse any incoming email that originates from a server on the list.
Starting on February 1st, 2002, incoming email is also filtered by SpamAssassin (SA). SA combines recognition of certain expressions, patern of delivery, and databases of recognized spam messages.
Each rule in SA gives some points to the email message. When a message reach the score of 5, it is considered to be likely to be spam.
During the test period, in February 2002, only very few email messages (less than 1 ) where falsely classified as spam when they were valid messages.
Email that is detected as possible spam is not delivered to your mailbox, but is instead quarantined in a separate directory. Once a day, you will receive a summary of the messages that have been quarantined. The summary gives the name of the sender, the subject and the date, as well as an identifier of the quarantined messages, messages are sorted by level of spam-iness:
Note: quarantined messages are kept for 30 days only, after that, they are automatically deleted.
You can recover any quarantined message, before the delay of 30 days expires, by sending an email to firstname.lastname@example.org where you mention the identifier of the message you want to recover:
It will be added to your mailbox immediately. The message will contain the explanation by SA why it has been detected as spam:
You can also tune some of the features of SpamAssassin. In your home directory, there is a subderictory called .spamassasin that contains the file user_prefs:
If you change the value required_hits you can tell SpamAssassin to
be more or less strict on what is considered to be spam:
The default threshold is 5.
Note: that you must remove the # at the begining of the line.
You can also add one email address in the whitelist if someone often
writes to you and his messages are potentiall marked as spam:
Or you can blacklist and address that would otherwise send spam undetected:
There are many more options that you can configure in order to tune SpamAssassin to detectes spam accurately in your incoming emails. The page about SpamAssassin configuration file describes all the existing features.
Many viruses are spread through email. To reduce the risk of virus infection, email are checked and quarantined if they are infected. Both incoming and outgoing emails are checked, to protect us from outside, and also to protect outside from a virus we could accidently spread.
CSIM has invested in a virus checking software, by Kaspersky. The virus signature file is updated every two hours in order to guarantee you that the most recent viruses are caught.
To increase the security, a second anti-virus is now running on the email server. This anti-virus is ClamAV an open source anti-virus, known to have good response time to new threats.
AIT has invested in a centralized anti-virus system that you can install on your desktop machine. In case of virus checking, redundancy can only bring more security.Despite this fact
, the systematic virus scanning of email should not prevent you to exert caution when reading email. You should consider the following questions before opening any attachement:
If any of the answer is "no", wait before opening th attachement. Ask the sender if he really emailed that file to you on purpose, and wait for his answer. A little delay is better than being sorry.
Also note that some attachement can have missleading names like image.GIF.exe that looks like an image but is really an executable file (a program). Some email program could even hide the .exe part under the false argument that a filename can only have one extention. In any case, never open a file with a missleading name, such names are forged to have you do something you would not do under normal curcumstances.
You can find some more information about email borne virus in the advisory from CERT.
In the case your machine got infected and you try to send an infected email, the email will not be delivered. Instead you will receive a warning looking like:
In such case, it is urgent that you get your machine cleaned.
|Contact us: Olivier Nicole||Last update: Aug 2007|