Filter Definitions

Filter Settings

Each filter has one of four settings:Off, Tag, Quarantine, and Reject. Because a message may be caught by multiple filters, the filter with the "highest" setting determines the action taken by Spasm:

  • Off:the filter is not checked.
  • Tag:the message is stored for the current recipient, "X-spasm" headers are added to notify the user of the filter[s] which caught the message, and the entire message is remailed directly to the user. The stored message file is then deleted. A log entry gets appended to the user's Spasm log.
  • Quarantine:the message is stored for the current recipient, and "X-spasm" headers are added to notify the user of the filter[s] which caught the message. A log entry gets appended to the user's Spasm log.
  • Reject:the message is immediately rejected. A log entry gets appended to the user's Spasm log.
  • Each filter also has a Log check box. Selecting this check box when Logging is enabled in the Preferences screen will cause Spasm to add messages matching that filter to the Log.

Spasm Filters

Following are the filters included in Spasm. In each filter, "reject" may mean any of the above three cases wherein the filter has been turned on (Tag, Quarantine, or Reject).

  • SF_VIRUS_SCAN: This runs the message through Spasm's virus scanner.
  • SF_WHITELIST_ONLY: This will reject, quarantine, or tag all messages from email addresses or mail servers which have not been explicitly listed in the user's whitelist. The user's whitelist is checked prior to any filter checks, so any message matching the whitelist will automatically bypass all filters. If the SF_WHITELIST_ONLY filter is configured to Reject or Quarantine messages, then only mail from authorized senders will ever land in your inbox.
  • SF_PERSONAL_BLACKLIST: This turns on the user's personal blacklist. Setting this filter to Reject bounces mail matching blacklist entries back to the sender.
  • SF_SPAMTRAP: This filter checks the message against the system's spamtrap blacklist. Mail servers are automatically added to this blacklist by Spasm if they have attempted to send email to a "spamtrap" email address:that is, an email address which has been set up by the Systems Administrator specifically to catch spammers. Such an email address is not advertised openly, and should never receive valid email. Any email sent to such an address, therefore, is assumed to be spam.
  • SF_LOCALFILTER: This is nearly identical to SF_PERSONAL_BLACKLIST, except it is system-wide and is maintained by the Systems Administrator.
  • SF_RDNS: This is a very aggressive filter, and will often catch legitimate email. This filter checks the IP address of the server trying to send a message. If the IP address does not resolve to a hostname (ie, it does not have a proper DNS entry), it is rejected. A large percentage of spammers use IP addresses that have no DNS entry, but likewise, there are many legitimate mail servers whose Systems Administrators have not set up proper DNS, so use this with caution.
  • SF_RDNS_APNIC: This filter is similar to SF_RDNS above, but only checks servers in the Asia Pacific region.
  • SF_RDNS_RIPE: This filter is similar to SF_RDNS, but restricted to servers in Europe.
  • SF_HELO: This is a moderately aggressive filter, and may catch legitimate email. When one mail server connects to another, it should (but is not always required to) send what is called a "HELO/EHLO" command. This command allows the first mail server to identify itself to the second mail server, by sending its hostname. This filter checks the hostname given during the HELO/EHLO command against the server's actual hostname (by looking up its IP address). If they do not share at least the second-level domain portion, it is rejected (ie, with the hostname "my.mail.domain.com," it only checks the "domain.com" portion). This filter will stop a considerable amount of forged spam. If no HELO/EHLO command is given, this filter will also reject the message.
  • SF_MAIL_HOST: This is a very aggressive filter, and will often catch legitimate email. This checks the second-level domain portion of the sender's email address against the second-level domain portion of the sending server's hostname. If they do not match, the message is rejected. This filter will stop messages which have been relayed through other servers. However, this means it will also stop messages that are legitimately being relayed (e.g. virtual domain email).
  • SF_DSPAM: This runs DSPAM, a content-based Statistical Hybrid filter, against the message. More information on DSPAM can be found on the DSPAM home page.
  • SF_SPAMASSASSIN: This runs SpamAssassin, a content-based filter, against the message. More information on SpamAssassin can be found here.
    • SA_REQUIRED_HITS: When SpamAssassin scans a message, it returns a numeric score based on its own scoring system. The value of SA_REQUIRED_HITS is checked against the score, and if the score is greater than or equal to the value set here, the message is rejected. A good moderate value is 5, but can be reduced, increasing the chance of catching messages with words like "viagra." Setting SA_REQUIRED_HITS to 0 effectively disables SpamAssassin.
  • SF_ORDB: This checks the sending server's IP address against the ORDB database. For more information, see http://www.ordb.org
  • SF_DSBL: This checks the sending server's IP address against the DSBL database. For more information, see http://www.dsbl.org
  • SF_SPAMCOP: This checks the sending server's IP address against the SpamCop database. For more information, see http://www.spamcop.net
  • SF_SBL: This checks the sending server's IP address against the Spamhaus database. For more information, see http://www.spamhaus.org
  • SF_SPEWS: This checks the sending server's IP address against the Level 2 Spews list. For more information, see http://www.spews.org
  • SF_SORBS: This checks the sending server's IP address against the SORBS database. For more information, see http://www.dnsbl.us.sorbs.net
  • SF_*RFC: The RFC filters check the sending server's IP address or hostname against the rfc-ignorant.org databases. For more information on any of these four filters, see http://www.rfc-ignorant.org
    • SF_POSTMASTERRFC:
    • SF_DSNRFC:
    • SF_ABUSERFC:
    • SF_WHOISRFC:
  • SF_*BLACKHOLES: The BLACKHOLES filters check the sending server's IP address against the blackholes.us databases. These databases do not imply that the server has ever sent spam or is prone to abuse. These databases simply describe networks that belong to each respective descriptor (e.g. "SF_KOREABLACKHOLES" is a list of Korea's IP address space, "SF_LEVEL3BLACKHOLES" is a list of Level3's IP address space. For more information, see http://www.blackholes.us
    • SF_KOREABLACKHOLES:
    • SF_CHINABLACKHOLES:
    • SF_BRAZILBLACKHOLES:
    • SF_JAPANBLACKHOLES:
    • SF_TAIWANBLACKHOLES:
    • SF_VERIOBLACKHOLES:
    • SF_VALUEWEBBLACKHOLES:
    • SF_RACKSPACEBLACKHOLES:
    • SF_INFLOWBLACKHOLES:
    • SF_BROADWINGBLACKHOLES:
    • SF_XOBLACKHOLES:
    • SF_ELIBLACKHOLES:
    • SF_ARGENTINABLACKHOLES:
    • SF_NIGERIABLACKHOLES:
    • SF_RUSSIABLACKHOLES:
    • SF_SINGAPOREBLACKHOLES:
    • SF_THAILANDBLACKHOLES:
    • SF_CIBERLYNXBLACKHOLES:
    • SF_CWBLACKHOLES:
    • SF_EPOCHBLACKHOLES:
    • SF_HEBLACKHOLES:
    • SF_INTERNAPBLACKHOLES:
    • SF_LEVEL3BLACKHOLES:
    • SF_RRBLACKHOLES:
    • SF_SKYNETWEBBLACKHOLES:
    • SF_WANADOOFRBLACKHOLES:

What are People Saying about SpiritOne?

"I appreciate the respectful, highly qualified people that have responded to our needs. We've had great uninterrupted service. When we call for technical help, we are never treated like we are incompetent."