SEASURF SELF-CONTROLLED SPAM FILTER
Please e-mail us at support @ seasurf.net if you do not completely understand the following and would prefer that we set this up for you. I know that a lot of you just want the quick instructions, so here they are, but please also read the detailed system explanation so you understand what is going on. READ THE SETUP INSTRUCTIONS COMPLETELY, THESE INSTRUCTIONS MUST BE FOLLOWED EXACTLY. DO NOT MAKE ANY ASSUMPTIONS. THESE INSTRUCTIONS WORK FOR BOTH THE WEBMAIL AND FOR THE POP CLIENTS LIKE OUTLOOK, NETSCAPE, ETC.
To set it up:
1) Start with going to http://www.seasurf.net
2) Click on the link titled Seasurf Webmail and login. If you have never used OpenWebmail before you will get a new user screen, answer the questions and continue.
Make sure that "Spam" shows up when you click on the Folders button.
Click Logout unless you are going to stay in Webmail and read your mail.
NOTE: YOUR LOGIN ID FOR WEBMAIL IS YOUR USERNAME ONLY, NOT USERNAME@SEASURF.NET
SETTING UP THE FORWARDING AND AUTO-SPAM SORTING CONFIGURATION
Step 1) Go to www.seasurf.net and click on the button on the list (left hand side of screen) that says 'Forwarding and Auto-Spam Sorting Configuration'
Step 2) You will get a login that looks like this :
Step 3) Put in your email login ID and password and click LOGIN. You will then see a page that looks like this:
Step 4) Click MAIL on the left and you will then see a page that looks like this:
Step 5) Click PROCMAIL MAIL FILTER (on the left) and you will get a page like this:
Step 6) Click the MANUALLY EDIT CONFIGURATION button and type in ":0" then click SAVE as seen below:
Step 7) Click APPEND TO FILE under the ACTION TO TAKE option as seen below:
And then you should get this screen:
Step 8) Make the following changes (see below) and click save:
Step 9) Click theLOGOUT link (on the left):
From the Seasurf website, click on the link titled Personal whitelists and blacklists" Click past any SSL warning messages and login with your username and password.
Adjust settings to suit your taste.
Note: Raising Spam Score makes the filter less sensitive. Lowering Spam Score makes the filter more sensitive.
IMPORTANT: The Subject tag must show ***SPAM*** when you save the configuration
ALSO IMPORTANT: When whitelisting, you must click both the Add button followed by the Update button for the changes to be saved.
NOTE: YOUR LOGIN ID FOR PHPSAADMIN IS YOUR USERNAME ONLY, NOT USERNAME@SEASURF.NET
From now on all incoming mail to you that is identified as spam will not show up in your inbox, thus it will NOT be downloaded when you check mail from Netscape, Outlook or whatever. Instead it will be put in your spam folder which you can access from Open Webmail or you can access from Outlook if you setup your Outlook client as an IMAP client.
If you want to download a particular piece of mail that was marked SPAM to your Outlook or Netscape, such as a false positive, then you must login to Webmail and move it from the spam folder to your Inbox, logout, then download it with Outlook or Netscape.
DRACONIAN SPAM FILTER SETUP
Some people have found that if they only have a limited number of people who ever send them mail, that they can have a Draconian spam filter that eliminates almost everything by simply listing everyone who sends them mail in their whitelist, and putting: * in their blacklist. Of course, this means that nobody but those people can send mail to them. We do not recommend this configuration.
TIP: If your going to be on vacation and you want to forward your mail to someone else to watch it you can do it from the mail forwarding link on the Seasurf main website.
The spam filtering on the Seasurf/Internet Partners mailserver is actually a set of programs that work together.
SPAMASSASSIN - This is a spam content filter that is tied into a number of blacklist servers on the Internet, and uses a dictonary of "spamlike" constructions that occur in spam to decide the LEVEL of "spamminess" of an e-mail. It assigns points for every "clue" that is present in an e-mail that could indicate the mail is spam. If the message has enough points, it exceeds a "Spam Score" threshold and will be tagged as spam by marking in the subject line.
The system-wide threshold is 4.1, but this can be overridden on a per-user basis.
phpSAAdmin - This is a front-end to a SQL database that stores user whitelist and blacklist settings as well as your personal spam score. There are other more complex front ends to this SQL database that we are looking into deploying later on. The old "spamate" interface was one of these kinds of front ends.
Procmail - This is a mail delivery program that inspects any mail coming into your inbox and diverts anything tagged by Spamassassin to your personal spam folder.
Webmail - This is a webinterface to the mailserver that allows you to get into your spam folder and see what spam is there.
These programs all work together, to see how this happens let's trace the path of an incoming mail message to the mailserver.
A sending server on the Internet contacts mail.seasurf.net and asks if it's OK to send a message to it. Mail.seasurf.net first does some preliminary checks on the sending server and message to see if the sending server is forging the mail or not, or if the sending server is a high-volume mail one-shot mail transmitter, etc.
The message comes into mail.seasurf.net and is given to Spamassassin which examines it for spamlike qualities as well as checking the listed senders against blacklist servers on the Internet. Spamassassin also makes a query into the SQL database to see if any preferences exist for the specific user the message is targeted to, and executes those rules if it finds them. (ie: personal whitelists and blacklists) Spamassassin then tags the message as spam or not, depending if the total spam points are over the spam score for the user, or not.
The message then goes to Procmail which looks to see if the user has any local procmail filters such as the Spam-Level filter. If the message is Spam then the Spam-Level filter makes Procmail put the message into the user's spam folder, otherwise the message is put in the users inbox where it is either downloaded to the users home Netscape or Outlook programs on their computer, or it is read from there from the Webmail program.
If you are interested in more advanced spamfighting here are some things for you to review:
Spam Reporting - Many of the tests that we use for spam depend on Blacklist Servers on the Internet. These servers work by identifying spam sources and cataloging them, our filters then compare incoming mail against these blacklists and if the sources match then it increases the spam score that the filter assigns to the message.
The blacklist servers identify spam sources by a number of ways, the two most important ways are by HONEYPOT e-mail addresses and by direct submittals of spam by users.
Needless to say, it is a waste of time to report spam to the blacklist servers that has already been caught by our spam filter. Where reporting spam becomes important is for spams that "leak" past our filters, undetected.
This is in fact a much better alternative than listing spammers in a personal blacklist, because the blacklist can look at the spam and identify the source, then block it. The blocks are immediate and work immediately on our spam filter, and then even if the spammer changes a senders address the block will still work.
We recommend if you wish to report spams that you use the following blacklist server:
You will need to register with Spamcop to report spam. There is no cost to do so.
Unfortunately, the only problem with reporting spam is that the e-mail clients like Outlook make reporting difficult. Accurate spam reports depend on an intact HEADER being included. Outlook strips the header of the message away to make it "easier to read" (Note that Outlook was designed a decade ago when the need to report spam was not as great because spam was not as prevalent) Netscape mail, Eudora Mail and several other mail clients made similar design decisions and have the same problem.
All of these clients do have mechanisms for the user to be able to view the e-mail header. Here is a list of e-mail programs and how to get the headers:
See the following for an explanation of what is in the header:
Docs on the filtering are here:
The general rules of thumb on blacklists is as follows:
If the spammer repeatedly uses the SAME sender address then the blacklist will work. Typical examples are email@example.com and such - these are legitimate companies that feel that because you gave them your e-mail address at some point in the past, that they have the right to subscribe you to a new mailing list every time they create a new one, and make you unsubscribe yourself. Or, they are spammers who are forging popular senders addresses - I see for example a lot of forgeries for citibank, bank of america, etc. If you don't bank with one of these then it's not a problem to blacklist them.
Wildcards also will work and a lot of spammers do rotate domains but use the same top-level-domain name, so you could block *.cz for example. Refer to the above doc link.
One problem with personal blacklists is that there's a way to bypass them - that is, if your CC'd on a spam that has multiple addresses listed on the CC, then the server won't pull your personal blacklist settings up. It is, however, very rare for a bona-fied spam to have multiple CCs. Most of the time this is a problem for personal whitelists not triggering on false positives, if it does happen.
In summary, there is only a limited amount you can do with the whitelist/blacklists.
The real meat of the scanner is in the various spam tests which are documented here:
These are controlled by your Spam Score, settable in your personal spam interface.
Before you change this from the default of 4, you need to get familiar with what your spam is in fact scoring at. If you look at the headers of the "leaks" you will see a "X-Spam-Status: No, score=" header in the message followed by a number. The global default is 4.1, the web interface sets it at 4.0 automatically when you update anything, this is a trick we use so that you can tell if a message had the personal settings used when the filter assigned scores.
A 5 is the nominal value that most people use but we have found that while it is almost unheard of to get a false positive with a score of 5, this does allow a very large amount of spam through as well.
A 4 is more agressive and there is a very high chance that you will on occassion get a false positive. Probably a tenth of a percent of your legitimate mail will be tagged as spam.
A 3 is extremely agressive and you will regularly get false positives on a weekly basis, you will almost certainly need to whitelist a few of your coorespondents.
If you can deal with setting the overall score lower then making a bunch of whitelist entries, that may work for you.
Remember, the filter is like a man feeling around in a pitch black room for something. It cannot 'see' at once that a piece of mail is a spam, the way that the human brain can. Computers have always been almost useless in any observational situation dealing with people and spam filtering is no exception.
THE SCORING FILTER
If you really read the docs you will see the spam filter assigns fractional point values for most tests. This is because spammers are constantly inventing new ways to bypass content filters and the spamassassin authors are constantly designing and adding in new tests. Thus a regular non spam mail has a greater and greater chance of being tagged with a match on one of these tests.
As a result in order to preserve people's spam scoring for each new version of spamassassin, every time more tests are added the amount of control that each test has over the overall spam score must decrease. As a result of this it is not common for the spam score to come out an even whole number for any given message.
If you analyze your own mail. both spams AND non-spams, you can develop an optimal sweet spot spam score for yourself. This number will most likely not be a whole number. So far the only interface we have deployed only allows you to set a personal score as a whole number. Please contact us if you want to use a decimal number.