Awele Documentation Reap what you share

This page clarifies the technical means implemented on the Awele servers to fight spam and viruses.

The following applies for all incoming messages, whether personal or coming through a mailing list. Every message goes through 4 filters; each is apt to reject a message if it is detected as undesirable according to specific criteria.

Below is a recap of the checks performed by each filter in its order of application: if a message is rejected by any one filter it does not reach the following one(s).

If you run into a problem, please remember to transmit the full message, including (especially!) all the headers, so we can diagnose it.

Trivial eliminations

At this stage, messages are rejected when:

• they come from senders who grossly violate e-mail emission standards (which is only the case for spammers);
• they contain an attached file with an uncertain extension name (list provided by Microsoft, including in particular .bat, .exe, .pif, .reg. and .url)
• they contain an attached file and are addressed to a mailing list
• they attempt to be interpreted as a legitimate message sent from Outlook
• they contain more than 15 characters with accents (not French) and a variety of symbols in the Subject line (Asian and other spam)
• they are part of a number of other cases specific to such or such spam or worm.

If a message is rejected following one of these checks, it is not accepted by the system at all, and the sender will receive an error report.

Gray list

This filter implements very efficient anti-spam technology, although spammers do progressively adapt to bypass it.

When someone attempts to transmit a message to the Awele server, it is initially rejected with reply stating that if the sender complies with standards, it will allow the message to be sent again later.

In general, spammers do not comply with standards and, if they were not able to get the message through the first time, they will not try to do so again.

The inconvenience of this is that this generates a an extra time lapse in the delivery of desirable messages.

The system takes into account: the sender's e-mail address, the recipient's e-mail address, and the IP address of the server attempting to send the message. This is therefore a set of three data, or data triplet. For every new triplet, the message is therefore initially rejected for one hour. When the time lapse is over, the message is accepted, and the specific triplet is then automatically accepted for any subsequent message for 3 days.

This time lapse can be adjusted, and certain IP/recipient/sender-address triplets can be "white-listed" to accelerate transmissions.

For a normal sender (not a spammer), this filter is completely transparent, except for the initial extra time lapse for the successful transmission of the message. When a message successfully passes this filter, an "X-Greylist:" header is added, which shows how long the message was delayed.

Spamassassin

The third filter uses the "spamassassin" program, which performs numerous checks on the message, in both its form and its content.

It checks, for instance:

• that the message was not sent from an IP address known to be that of a spammer
• that the message does not contain certain words/sentences/addresses from Web sites known to be included in spam
• that the message is not similar to a message already considered as spam by other servers
• if the message is purely HTML (used more often by spammers)
• etc.

Spamassassin then gives a score, which is a weighted average of hundreds of tests performed. A score higher than 5 is very likely to be spam, but there can always be mistakes.

Spamassassin rejects a message with a score of 15 or more (and the sender is informed), but under that score, it allows messages to get through and adds the headers: X-Spam-Status, X-Spam-Level, X-Spam-Checker-Version, X-Spam-Flag, X-Spam-Report. That way, you can set up your e-mail software and/or webmail systems to filter incoming messages containing "X-Spam-Flag: YES" into a special file, or even to destroy them. This, however, would be your own responsibility, which is why the server only adds these headers and does not destroy the messages (unless the score is 15 or more, at which point there is no doubt that it is spam).

Please note that Spamassassin manages Bayesian probabilities, but the Awele server has disabled this option because it is only efficient on the individual-user level. Recent e-mail software, such as Thunderbird, has this technology incorporated; we therefore recommend that you enable it in your e-mail software.

Anti-virus

This filter puts the message, the attached files and possible archive contents in attached files through an anti-virus program (clamav) that is updated on an hourly basis.

If a virus is detected, the message is rejected and the sender is informed (for the very unlikely case where the sender is legitimate).

The messages that come through have the headers "X-Virus-Scanned" and "X-Virus-Status" added to them.

Regardless of this filtering, we recommended that you always have an updated anti-virus program on your computer.