Anti-Spam and anti-virus on RIBF mail front-end server

(Last updated on 25 March 2008) 

(2008.03.21) Sophos Pure Message (PMX) software has been installed on new RIBF mail front-end servers (ribfsmtp1/ribfsmtp2) to identify and tag spam mails and isolate virus-infected mails. This PMS software protects against inbound and outbound threats with unrivaled effectiveness and simplicity, delivering high-capacity, high-availability security against spam, phishing, viruses, spyware and malware.

(2004.06.21) Spam-Assassin-3.1.7 and Sophos Sweep have been installed on RARF mail front-end servers (rarfsmtp/rarfsmtp2) to identify and tag spam mails and isolate virus-infected mails.

The spam-identification tactics used include:

  • header analysis: spammers use a number of tricks to mask their identities, fool you into thinking they've sent a valid mail, or fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.
  • text analysis: again, spam mails often have a characteristic style (to put it politely), and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.
  • blacklists: SpamAssassin supports many useful existing blacklists, such as mail-abuse.org, ordb.org or others.
  • Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.

    Once identified, the mail is then tagged as ***SPAM*** for later filtering using the user's own mail user-agent application.

    How to filter SPAM on RIBF mail server
    You can automatically filter the SPAM (tagged as ***SPAM***) on RIBF00.RIKEN.JP by setting file .procmailrc at your home directory. Following script will setup this environment. Login to ribf00.riken.jp and type

    /usr/local/spamfilter/setup (return)

    and answer yes. (The existing file .forward and .procmailrc will be renamed on the same directory) Then the mail tagged as ***SPAM*** will be automatically sorted and stored at the directory ~/Maildir/.spam/new as a sequence number file. This setup can be canceled by removing the file .procmailrc on your home directory.
    (2008.03.25)  Contact