Functionality and features
TU.it provides a spam marking service on the central mail servers for incoming mail traffic (mail bastion computers tuvok, neelix, as well as the incoming mail routers mri1, mri2 and mri3). This evaluates all incoming emails with a score (quasi a kind of spam factor, also called spam level), adds header lines to the mail or changes them; but only under very special circumstances.
The core of the software used is the open source package SpamAssassin, opens an external URL in a new window. This determines the score on the basis of a comprehensive and flexible (adaptable and regularly updated) rule base. Not only specific anomalies in the mail header are analysed, but also spam suspicious structures and keywords are examined in the mail body.
Furthermore, various DNS-based checks are also included (e.g. SORBS, opens an external URL in a new window u.v.m), which check the IP address of the incoming mail connection, but also test any URLs occurring in the mail for a negative listing (the advertised target).
- The mail remains unchanged in its structure (attachments) and remains readable in any case.
- Depending on a determined "score value", some header lines are always added, others are added if they are classified accordingly, see below "mail header marking".
- Mails are forwarded under all circumstances, i.e. not blocked or not (significantly) delayed or temporarily stored. The actual discarding or filtering of the mail is to be carried out on the institute's mail server or by the mail client.
- With the introduction of user-specific mail options more or less strict blocking or ignoring depending on an individual spam level is also possible.
- In the event of technical problems with spam marking or if emails meet certain parameters with regard to scope, it is possible that emails may pass unweighted, see below "affected emails".
- SpamAssassins rules, marking limits and general behavior cannot be customized. However, some user-specific mail options can be set, which can handle a rated email differently.
- Global rules adapted to the TU Wien conditions or corrections and adjustments from current events can be viewed under TU Wien specific spam tagging rules.
Depending on the score value determined, where reference is made to a certain LIMIT (= 6.0), some header lines are always added, others are added if they are classified accordingly. The LIMIT value serves primarily to classify mails as spam (or to suspect a mail with a certain probability as spam). If the score value reaches or exceeds the LIMIT value, extended information is added to the message in the mail header in addition to the always available information.
All score values (header lines that always exist):
An organization-specific tag that indicates that the mail has gone through the spam tagging process.
Score value in graphical notation: "*" correspond to one, "+" tenths. In this example, this corresponds to the score of 4,3. Only positive values are displayed, negative values or 0 indicate a minus "-". Before 16.5.2003 the entry remained empty in this case, which could be problematic with various email programs or email-processing scripts.
X-Spam-Status: STATUS ; SCORE
The SCORE value specified here is the value that SpamAssassin actually calculates multiplied by a factor of 10.
SCORE STATUS -------------- <60 LOW >=60 <100 MEDIUM >=100 HIGH
Score >= LIMIT (extended headers):
Subject: [SPAM?] ...
Added subject prefix to give Outlook (Express) users the ability to filter.
Under certain conditions, this selection can be suppressed using the user-specific mail options.
Note that there is no counterpart in the form of a "NO". In such a case the header line is not generated at all.
X-Spam-Report: 15.50/6.0 * -0.1 -- Forwarded email (Outlook style) * 0.9 -- From: ends in numbers * 0.2 -- To: repeats address as real name * 0.3 -- BODY: Asks you to click below * 0.2 -- BODY: Tells you how to stop further spam * 1.6 -- BODY: Spam phrases score is 05 to 08 (medium) [score: 5] * 0.9 -- BODY: Message is 70-90% HTML tags * 2.1 -- BODY: HTML comments which obfuscate text * 0.3 -- RAW: Message contains a lot of ^M characters * 0.1 -- 'Message-Id' was added by a relay (2) * 3.2 -- RBL: Received via a relay in list.dsbl.org [RBL check: found 184.108.40.206.list.dsbl.org] * 0.4 -- RBL: Received via a relay in relays.osirusoft.com [RBL check: found 220.127.116.11.relays.osirusoft.com.] * 2.3 -- RBL: Received via a relay in ipwhois.rfc-ignorant.org [RBL check: found 18.104.22.168.ipwhois.rfc-ignorant.org., type: 127.0.0.6] * 2.7 -- RBL: DNSBL: sender is Confirmed Open Relay * 0.4 -- HTML-only mail, with no text version
This report contains all the components that make up the score evaluation (additive) and begins with a line that contains the achieved score of the message and the system-wide limit separated by "/". Note that at this point the real SpamAssassin scores (i.e. not scaled by a factor of 10, as with X-Spam status) occur.
Details can generally be found at SpamAssassin, opens an external URL in a new window (extensive page!).
In addition, there are TU Wien specific spam tagging rules, opens an external URL, which consider current spam attacks and TU specialties only.
|only outside TUnet||*@*.tuwien.ac.at||mailbastion|
|only outside TUnet||(Fremddomains der TU)||mailbastion|
Mails with a size of more than 500,000 bytes are always forwarded unmarked (these are also not marked otherwise).
Messages whose analysis exceeds a time limit (just think of the DNS-based checks) are ultimately forwarded without further checking.
© TU Wien
Ticketsystem Online Portal, opens an external URL in a new window
Hotline 01 588 01 42002
1040 Wien, Operngasse 11, EG
The Service Center can be reached digitally from 8 a.m. to 4 p.m.