Anti-spam

From DreamHost
(Redirected from Junk Mail)
Jump to: navigation, search

Overview

Hate spam? So does DreamHost! DreamHost has an anti-spam feature you can turn on from the panel at (Panel > 'Mail' > 'Anti-spam') page. Enabling the settings there will set up filters which will allow you to block incoming spam.

How anti-spam filtering works

The filters scan incoming emails and compare them against a set of rules or characteristics shared by spam emails. For each item matched, that rule's score is added to the email and listed in the message headers as the message’s ‘X-Spam-Score’. If this score is greater than the quarantine value set for that user, the email will be quarantined as junk instead of being delivered to the inbox.

Enabling anti-spam filtering

Filtering can be turned on for a domain and all email addresses on the domain in the panel at (Panel > ‘Mail’ > ‘Anti-Spam’).

Domains that have a catch-all address or use a non-DreamHost mail service cannot use this filtering. Individual email addresses can have their own settings, but filtering can only be turned on and off completely for an entire domain.

Accessing quarantined emails

Emails are quarantined in the special 'Junk Mail' folder by default. This folder is not stored as part of the regular mail account. It can only be accessed from the mailboxes interface and the SquirrelMail Webmail interface.

You can read more about the Webmail interface in the following wiki article:

  • The mailboxes interface is linked from the panel's Manage Email page at (Panel > ‘Mail’ > Manage Email’). It’s shown as a link under the email address as ‘mailbox manager’.
  • The RoundCube alternate Webmail option does not have access.

Inside the Junk Mail quarantine

The four columns are From, Subject, Score, and Date. Each can be sorted in ascending or descending order using the small up and down black triangle arrows. Use the column of checkboxes on the left to select one or more emails to work with. After the emails are checked, you can use these four buttons above the columns to control what happens to those Junk emails:

Move to Inbox
Moves email that are legitimate (not spam) to the Inbox.
Whitelist/Inbox
Moves email to the Inbox as well as whitelisting the sender so they are not marked as spam in the future.
Blacklist/Delete
Deletes email and also blacklists the sender address.
Delete
Deletes the current email.

Emails will be automatically deleted from the Junk Mail quarantine folder after 30 days. It is a good idea to delete spam emails when you see them so that there are less emails in the folder to sort through.

Customizing the settings

All mail filter settings can be controlled from the panel's Anti-spam page. Individual mail account users can control their own settings in the mailboxes interface in case they cannot access the panel.

Domain-wide settings vs. individual account settings

Filtering is enabled for an entire domain at a time. Each fully-hosted mail account has its own filter settings, including quarantine score and whitelist/blacklist entries. The domain as a whole has a separate set of filter settings that are used by all forward-only addresses on the domain.

To view your filter settings, visit the Anti-Spam page in your panel at (Panel > ‘Mail’ > ‘Anti-Spam’).

On that page, click the Edit Filter button in the far right of the page for the specific domain.

This page shows you the current settings for the domain and users:

01 antispam.fw.png
  • There is a button for the current domain-wide settings at the top, and the current individual user settings are found at the bottom.
  • Domain-wide settings can only be managed through this page in the account panel.
  • These settings cannot be done through the mailbox interface for a user.
Note2 icon.png Note: A ‘forward-only’ address will not be listed on the screenshot above since there is no mailbox for those users to edit.


Adjusting the quarantine score

The default Quarantine email with a spam score above setting is 4 (as shown in the above image). Emails must have a spam score lower than that to be delivered to the inbox.

  • A higher score requires emails to look more like spam before being quarantined, so less emails are quarantined and more emails are delivered directly to the inbox.
  • A lower score allows emails that look less like spam to be quarantined, so more emails are quarantined and less emails are delivered directly to the inbox.
  • If you are having too many spam emails delivered to the inbox, lower the quarantine score to have more emails quarantined.
  • If you are having too many legitimate emails quarantined, raise the quarantine score to have fewer emails quarantined.


Quarantine settings page as seen in the panel:
02 Anti-Spam11115.4.fw.png
Quaranting settings page as seen on the mailboxes interface page:
03 Anti-Spam11115.5.fw.png

To choose a quarantine score, look at the scores on emails you are receiving. You can find information about the header details of the message to see how the message was scored in the following wiki:

Look at both spam emails and legitimate emails and pick a score between them. You want to select a quarantine score that is lower than spam and higher than your legitimate email. The score can be fine-tuned to one decimal point at most; for example: 3.7.

When anti-spam filters are enabled, they will apply an extra set of details to the headers with the spam scoring of that message. The specific details will appear on the header as seen in the image below:

04 Anti-Spam11215.1.fw.png

The ‘X-Spam-Score’ shows the score for this message, which is 4.59. With the default quarantine value set at 4, the message was scored above that value and filtered into the ‘Junk Mail’ folder as spam.

Whitelist and blacklist

Blacklist entries are email addresses or domains you know you never want to receive mail from. Emails from blacklisted senders will be quarantined regardless of the email's spam score. These emails will always be quarantined in the 'Junk Mail' folder, not in the IMAP quarantine folder. As stated above, the Junk Mail folder is only accessible through SquirrelMail or the mailboxes interface.

Whitelist entries are email addresses or domains you know you always want to receive mail from. Emails from whitelisted senders will be delivered to the inbox regardless of the email's spam score.

05 Anti-Spam11115.2.fw.png
  • You can either edit the settings for the entire domain’s filter settings or each individual user listed.

List entries can be individual email addresses user@SPAMDOMAIN.com or one entry to cover an entire domain @SPAMDOMAIN.com.

The limit is 1000 blacklist entries and 7500 whitelist entries. If you are getting close to that limit, consolidate multiple email addresses on a single domain with just one entry for for entire domain.

Adjusting the quarantine score can improve the effectiveness of spam score based sorting and also reduce the need for individual whitelist and blacklist entries.

Note2 icon.png Note: Whitelist and blacklist entries apply to the envelope or SMTP sender, which does not always match the information in the From details of the header. The envelope sender is often recorded in an email's full headers as the original sender or the return path.


Priority

The priority of a whitelist or blacklist entry is generally ignored, and only used when an incoming email could match more than one entry.

All whitelist and blacklist entries are stored together, and any incoming email is potentially compared against all of them. If there is only one black/white list entry for sender@SPAMDOMAIN.com, and no entry for @SPAMDOMAIN.com (meaning all senders on that domain), then the priority doesn't matter. The entry for sender@SPAMDOMAIN.com will simply be used.

The priority comes in to play when there are multiple entries. The priority informs which entry will take precedence. If there is a tie, it is randomly chosen which entry will be selected to route the email.

Example
All mail you get from AOL is spam or chain letters; mail you don't ever want to read. But, there are plenty of important emails you do need to read from trusted mail senders that may be using AOL as well. For example, let's say trustedsender@aol.com needs to get through. In this case, you would create a blacklist entry for @aol.com with the priority set to 'Low', and a separate whitelist entry for trustedsender@aol.com with a higher priority. With that combination, emails from trustedsender@aol.com will be handled by the higher priority whitelist entry, and all other emails from other senders using @aol.com will be handled by the lower priority blacklist entry.
06 Anti-Spam11115.6.fw.png

The image above illustrates the set up that we discussed in the previous example. The messages from ‘trustedsender@aol.com’ will be delivered to the inbox despite the ‘@aol.com’ domain being blacklisted due to priority settings.

Changing the quarantine location

The default quarantine location is the 'Junk Mail' folder, accessible from the mailboxes website and SquirrelMail interface.

Quarantined emails can also be put in a custom IMAP folder, accessible from any mail client program using IMAP, instead of the 'Junk Mail' quarantine folder. Three settings are involved:

  1. Set the Quarantine email with a spam score above setting to '999' so no emails are sent to the 'Junk Mail' folder.
  2. Enter the quarantine score (default is 4) for the Tag as spam if the score is above setting.
  3. Select an existing IMAP folder or create a new one in your mail client. Enter the name of that IMAP folder into 'Quarantine to IMAP folder'.

Once completed, click the blue ‘Set Quarantine Policy’ button to apply those settings. You can refresh your mailbox for the new custom IMAP junk folder to appear.

You can make this change at any time and it can be done both through the panel’s (Panel > 'Mail' > ‘Anti-Spam’) page as well as the mailboxes interface for the individual users that do not have panel access to the account.

Note2 icon.png Note: Emails from blacklisted senders will still go to the Junk Mail folder, accessible through SquirrelMail.


Domain-wide settings can only be managed through the account panel. These settings cannot be done through the mailbox interface for a user.

Quarantined Report notification

Quarantined reports are emails containing a summary of all emails currently in the mail account's Junk Mail folder. This quarantined report email is set by default to send every Friday. The other schedule options are ‘Daily’, ‘Monthly’, and ‘Never’. This setting can be adjusted on the 'Quarantine Settings' page mentioned above.

Troubleshooting

In case there are issues with the spam filters set up for your users, there are some basic troubleshooting steps that you can take. Below are some common problems that can occur and what you can do to resolve them.

Too much spam is still showing up in the inbox

  • Try lowering the quarantine score to catch more junk emails.
  • Set up blacklists for the entire domain instead of just the specific email sending the message. This way you’ll block all emails from that domain.
  • The anti-spam filter may not catch all of the incoming junk messages due to how the message was sent or created. We offer the option of setting up custom message filters, and you can refer to the Message Filters wiki (for advanced users) for further information.

Emails are not being quarantined

  • Make sure filtering is enabled for the domain on the panel's Anti-Spam page.
  • When enabling the anti-spam filters for a domain, it will change the MX records for the domain’s mail service to the filter records. This will require up to 6 hours to resolve before the anti-spam filters are enabled and properly scoring/quarantining messages. Messages will still be delivered, but will not be scored/quarantined until the DNS resolves.
  • If the domain is not using our nameservers, make sure you manually update your domain's DNS with the new anti-spam filtering MX records.

Email from a whitelisted address is still quarantined

  • The email's From address may not match where the email was actually sent from. Try using the Junk Mail folder's 'Whitelist/Inbox' button to whitelist the sender of the quarantined email along with moving the message from the ‘Junk Mail’ folder to the inbox.

Email sent to multiple DreamHost addresses only received by one email's quarantine

This is by design. If the original email is quarantined by any recipient, only one copy is stored in that particular Junk Mail folder. No additional copies will be delivered, even to the other recipients that would have not quarantined it.

Technical details

This portion of the article includes additional technical details with regards to how the anti-spam filters function.

MX Records

Anti-spam filtering is enabled by changing the domain's MX records to route incoming emails to the filtering servers first before passing the message off to the MX machines for delivery. Domains using non-DreamHost nameservers will need to manually update their MX records to reflect the change. The filter records are:

  • MX 0 fltr-in1.mail.dreamhost.com.
  • MX 0 fltr-in2.mail.dreamhost.com.

Special considerations for forwarding addresses

There are certain things to remember with filtering in relation to forwarding email addresses. The details for the four combinations with this setup are outlined below.

  • If the domain is being filtered, and the address is being forwarded to another DreamHost email address that is also filtered, email gets sorted based on the junk mail settings of the receiving mailbox address. You don't need to set separate settings for the forwarding addresses, as the receiving mailbox will use its own settings.
  • If the domain is being filtered, and the address is being forwarded to another DreamHost email address that is not filtered or is being forwarded to an outside address only (like @gmail), then the settings for the forwarding address's domain will be used. The quarantined spam emails will not be stored, they will be discarded.
  • If the domain is not being filtered and it forwards to a DreamHost email address that is on a filtered domain, the mail will not get filtered.

This table shows how Anti-spam filtering works for/with forward-only addresses. A@example.com is forward-only and sends emails to B@example.net which is a fully hosted mail account.

A@example.com uses filtering B@example.net uses filtering Is filtering done on incoming mail? What score is used?
Yes Yes Yes B@example.net
Yes No Yes, but filtered spam emails are discarded. A@example.com
No Yes No filtering done N/A
No No No filtering done N/A

Headers related to filtering

All emails that pass through the filtering servers have some extra headers added.

Let's take another look at the following screenshot which was used in a previous example:

07 Anti-Spam11215.1.fw.png

Below are details on what each field in the filter details above means:

X-Spam-Flag: YES
This info will either show a ‘YES’ or a ‘NO’. If the total spam score exceeds the quarantine value that’s set for the user, that message will be quarantined and the status here will show as ‘YES’. In this case, the message was caught and filtered as spam since it shows the flag as ‘YES’.
X-Spam-Score: 4.59
The score listed here is the total spam score of this message. After the message went through the filters, based on the contents and the way it was sent, the message was tagged at the score of 4.59. As we already know from the details above, it was not flagged for spam.
X-Spam-Level: ****
This field contains a number of asterix (*) that describes the spam score. The number of asterixis shown is based on the digits to the left of the decimal point for the spam score. In this example, the number of asterix shown is 4 since the score is 4.59.
X-Spam-Status:
The details for this part of the header has two slightly different ways it can look. The example details below are from a different set of headers than the information listed above:
> X-Spam-Status: No, score=2.4 tagged_above=-999 required=999 tests=[HTML_MESSAGE=0.001, MIME_HTML_ONLY=2.299, RDNS_DYNAMIC=0.1]

> X-Spam-Status: Yes, score=2.09 tag=-999 tag2=999 kill=2 tests=[HTML_IMAGE_RATIO_04=2.089, HTML_MESSAGE=0.001, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01]

Here is a description of the fields in the above example:

  • No/Yes: This shows whether the email was flagged as spam or not.
  • score: This shows the spam score; same as the ‘X-Spam-Score’ details.
  • tagged_above or tag: The emails with spam scores above this tag get additional headers details added.
  • required or tag2: This is the score required to add 'spam detected' headers.
  • kill: This is the score required to quarantine the message to the ‘Junk Mail’ quarantine folder.
  • tests: This shows the rules the email matched on along with each rule's score.

Filtering and what it does

We have two services currently set up on the anti-spam filters. Below is a description of each:

SpamAssassin
This is the filter service that scores the incoming messages for spam. Depending on how the message was sent and the contents within it, the message will be applied with a spam score to determine whether the message should be filtered as junk or delivered as a valid email to the user’s inbox.
You can read more about this service through their site here: http://spamassassin.apache.org/
Clam AntiVirus (or ClamAV)
This service will scan the incoming messages for malicious threats such as Trojans, viruses, and other forms of malware within that message. If this filter catches anything threatening, the message caught will be discarded, so the user will never see it.
For more details about this application, check their site here: http://www.clamav.net/index.html

Setting up alternative filters

If you do not wish to use the anti-spam filtering feature we offer through the panel, you have a few alternatives for filtering incoming mail before it's delivered to your hosted user with DreamHost.

Below is a description of alternative junk-message filters:

Message filters
These are available through your account panel at (Panel > ‘Mail’ > ‘Message Filters’). This feature allows you to customize and create your own set of filter rules for each user. You can refer to the following wiki for details with this feature:
    Note2 icon.png Note: You cannot set up these custom message filters on a domain-wide basis. They must be created for each user you want them applied to.


Third-party Filtering Providers
You can set up third-party mail filtering services for your domain as well and have those filtering services deliver the mail to our mail servers once the filtering is complete. This can be setup through your account panel at (Panel > ‘Mail’ > ‘Custom MX’).
You can read more about how to set this up in the following wiki: