Phishing Scams and Spam Filtering

     If you get e-mail saying eskimo.com has blocked X as spam but login and you can get them, this is a phishing scam from someone in Digital Sewer hosting (Digital Ocean) trying to get customers authentication info here.  Please never login to anything e-mail tells you to based upon any link contained in that e-mail.

     I’ve also received no fewer than three people complaining about spam blocked that isn’t spam, I will re-iterate again, I have no control over the sending sites properly configuring their mail servers and unfortunately often they don’t and if we can’t positively identify a sending site then it is going to be scored as spam.  You have control over this.  You can white list a specific domain or address or you can set your spam filtering score so high that nothing will be scored as spam.  Anything that has improper DKIM, SPF, or DMARC is counted by our site as a forgery so will be scored 50+ depending upon other offending factors.  Normal spam will usually score between +5 and +15, that is why the default score is set to 5.

     If you want ALL of your spam to come through unfiltered, set the SCORE to 99.  If you are seeing very little spam but getting a few false positives, consider setting your score slightly higher than the default say somewhere between 7-10, if you are getting a lot of spam consider setting it lower say ‘3 or 2’ and then whitelisting any false positives that do occur.

     The following document describes in detail how to adjust spam filtering, clicking on the document will give you a better formatted version, WordPress somewhat messes the formatting.

Spam Control Facilities

We use Clam-AV to block viruses. Mail containing viruses is rejected with a message sent back to the sender specifying the infecting virus.

Clam-AV won’t catch all viruses. Between the time a virus is released into the wild and the time it is detected, analyzed, and a signature created, that virus is undetectable. We recommend that you install an anti-virus program on your computer, especially if using Windows.

Message which clear Clam-AV are then scored by SpamAssassin according to the likelihood they are spam.

If you do not have Procmail rules, system rules will place mail scored as spam in your “spam” folder.

If you have Procmail rules, then your rules to decide what to do with mail scored as spam. Please see System Procmail Rules.

Bayesian Filtering – Training

SpamAssassin includes Bayesian filtering. Bayesian filters learn from examples of what is spam and what is ham (non-spam).

Please send spam to spamtrap@eskimo.com.

Please send non-spam (ham) to hamtrap@eskimo.com. Mail sent to hamtrap must be sent from an eskimo address.

Bayesian filters work best if they have lots of material to compare. Please help with effective training by sending non-spam to hamtrap even if it is not misclassified. Without some ham to compare to spam, the filters can not distinguish between spam and ham.

It is best to use Pine or other mail programs which contain a “bounce” facility that will send the message without adding additional headers. Otherwise, SpamAssasin’s Bayesian filtering may decide that anything you originate and send to other users here is spam.

It is best to send ham (non-spam) to hamtrap after sending spam to spamtrap, as it will allow the Bayesian filters to “unlearn” anything incorrectly learned as spam.

SpamAssassin Preferences

SpamAssassin can be tailored to your preferences. In your “$HOME” directory, there is a hidden directory called “.spamassassin” that will contain a file called “user_prefs“.

The “user_prefs” file is where you can override any system defaults, set the scoring for the spam threshold as low or high as you like, change the scoring of any individual rules, and white_list or black_list any addresses or domains you wish.

The “user_prefs” file is an text file. You can edit it with any text editor, pico, nano, ex, vi, emacs, etc. Anything after a ‘”#” is a comment. There are commented examples in the file of how to do most things.

Examples

Whitelist From

   whitelist_from address@domain.com   a specific address.
whitelist_from *@domain.com         an entire domain.

Blacklist From

   blacklist_from address@domain.com   a specific address.
blacklist_from *@domain.com         an entire domain.

Blacklist To

By default, customers can receive mail at four addresses, user@eskimo.com, user@eskimo.net, user@eskimonorth.com, and user@eskimonorth.net. Ola Grande customers can also receive e-mail at user@olagrande.net.

Because eskimo.com has been around the longest, it is more prone to receiving spam than the other addresses. Some customers use eskimo.net for their primary e-mail address. If you wanted to block all e-mail except your eskimo.net address, you could so so with the following rules:

   blacklist_to *@eskimo.com
blacklist_to *@eskimonorth.com
blacklist_to *@eskimonorth.net

Required Score

You can adjust the score required for mail to be considered spam. Higher scores increase the likelihood spam will end up in your INBOX. Lower scores increase the likelihood legitimate mail will be placed in your spam folder. “5” is the default value.

   required_score 5

Individual Rules

You can set how much a rule contributes to the spam score. A score of zero disables that test. Negative scores reduce the likelihood mail will be considered spam.

Speakers of Asian languages, like Chinese, Japanese, and Korean, will want to add or uncomment the following:

score HTML_COMMENT_BBITS 0
score UPPERCASE_25_50    0
score UPPERCASE_50_75    0
score UPPERCASE_75_100   0
score OBSCURED_EMAIL     0

Speakers of any language that uses non-English accented characters may wish to add or uncomment the following line. These turn off rules that fire on misformatted messages generated by common mail apps in contravention of the email RFCs.

   score SUBJ_ILLEGAL_CHARS   0

For a complete list of SpamAssassin tests, please see http://spamassassin.apache.org/tests_3_3_x.html.