Spasm Tips & Tricks

Spasm's real power lies in the Custom Settings, where users can dictate which filters scan incoming email and what those filters do with messages. These instructions refer to settings and filters discussed in the Custom Settings portion of the Spasm documentation.

Tagging Messages

Some of Spasm's filters are exceptionally aggressive and, while they block a lot of spam, they can also block valid email. The most aggressive filters are SF_HELO and SF_MAIL_HOST; followed by SF_ABUSERFC, SF_POSTMASTERRFC, SF_DSNRFC, SF_WHOISRFC, and SF_RDNS. Equally aggressive but more predictable are the various BLACKHOLES filters.

Any of Spasm's filters can be set to "tag" a message to show that Spasm would have caught the message had the filters been set differently. This allows some mail clients to filter messages that might be spam in the mail program for immediate consideration instead of quarantining the message.

When the USE_SUBJECT_TAGGING filter is enabled, any filters set to TAG will modify the Subject line of an email message, preceding the original Subject text with *** X-SPASM ***, making it easier to find suspected spam messages without dredging through hundreds of quarantined messages.

Rejecting Messages

Any Spasm filter can be set to REJECT, bouncing mail caught by that filter back to the sender. This feature is especially useful for the SF_VIRUS_SCAN and SF_PERSONAL_BLACKLIST filters. Setting SF_PERSONAL_BLACKLIST will bounce messages matching blacklist entries back to the sender. Setting SF_VIRUS_SCAN to Reject will prevent viruses from being included in Spasm's quarantine.

Be cautious when using the REJECT setting, as mail bounced back to the sender is permanently gone.

Blackholes lists

The BLACKHOLES filters are some of the most powerful filters available. All are found at the bottom of the Custom list and are enabled only at the highest filter setting (All).

Each filter blocks all mail coming from the IP space mentioned in the filter name. Thus, enabling the SF_KOREABLACKHOLES filter will block all mail from servers in Korea. If you aren't planning on receiving any mail from Korea, setting SF_KOREABLACKHOLES to REJECT will block a huge amount of spam, as will SF_JAPANBLACKHOLES, SF_CHINABLACKHOLES, and SF_TAIWANBLACKHOLES.

The BLACKHOLES filters containing the names of countries are easy enough to understand, but the other Blackholes filters, such as SF_XOBLACKHOLES, and SF_RACKSPACEBLACKHOLES, contain the IP spaces of some large hosting companies, and can easily block legitimate mail. While these filters are powerful, they can easily block legitimate email. Use the BLACKHOLES filters with care.

Blacklisting your own address

Since spammers frequently send mail using the same address for both the sender and recipient, placing your own email address in the Blacklist can be an effective way to block spam. If you do this, you will still be able to send email to yourself, but only if you are using our outgoing mail server.

The "Anti-Zombie" Blacklist

A vast majority of modern spam comes from zombies, personal computers infected with trojans. These computers are then remote-controlled by a spammer and used to send spam across the Internet. Luckily, since many of these zombies are on broadband connections unattached to business networks, there are certain characteristics of the hostnames that we can take advantage of to block many of the zombies.

As with any Blacklist entry, bear in mind that some people on the Internet are running horribly misconfigured mail servers, and so valid mail coming from these servers can be inadvertently caught by this particular set of Blacklist entries:

/.*([0-9]+[-\.]){4}.*[a-z0-9-]+\.[a-z]+/
/.*(cable).*\.[a-z0-9-]+\.[a-z]+/
/.*(client).*\.[a-z0-9-]+\.[a-z]+/
/.*(dhcp).*\.[a-z0-9-]+\.[a-z]+/
/.*(dsl).*\.[a-z0-9-]+\.[a-z]+/
/.*(pool).*\.[a-z0-9-]+\.[a-z]+/
/.*(ppp).*\.[a-z0-9-]+\.[a-z]+/
/.*(user).*\.[a-z0-9-]+\.[a-z]+/