Aspam Overview

Aspam is a more efficient and more accurate spam recognition system to replace the SmiteCRC spam recognition system. For end users it is functionally equivalent to SmiteCRC spam recognition (each message gets a score and administrators and end users can filter email based on this score).

Rather than reading this page you should probably be reading Spam Prevention Guide - spam.htm

Aspam uses the following mechanisms to recognise spam.

  • MFilter rule set - rules which recognise most common spam, about 60% effective on untrained data. Updated automatically from our web site.
  • Aspam auto generated rules, about 99.5% effective on trained data, about 40% effective on untrained data
  • Poly, multi symbol statistical matching, about 95% effective on untrained data.
  • Aspam and Poly are both 'auto trained' by users submitting to two special local addresses (one for spam that was not recognized - isspam@mydomain.com, and one for non spam that was incorrectly identified as spam - notspam@mydomain.com) This training feature should not be over emphasized, it allows easy fine tuning for localized spam, but don't go over board trying to train it with thousands of messages, that isn't neccessary..
  • In addition network checks are made to confirm the identity of sending users, these are also very effective.
  • Aspam and Poly 'base' knowledge bases are automatically downloaded from NetWin so you don't need to get thousands of training messages before the rules start working. (But matching improves of course as local users send training messages)
  • Catcher addresses - Which are local addresses which are 'hidden' on your web pages and in other public forums any emails to these addresses (that you list) are recorded as spam and used to train the system. This defeats people who send emails using robots to every address on your web pages.

Files used by system

     aspam_bad (directory of training messages, collected from isspam@local.domain address)<>
     aspam_bad.rul (aspam rule file automatically generated from messages in aspam_bad directory)
     aspam_good (directory of training messages of 'good' non spam messages)
     aspam_good.rul (aspam rule file automatically generated from messages in aspam_good directory)
     aspam_rules.txt (Base aspam rule set from Netwin - auto downloaded)
     aspam_mfilter.txt (Base mfilter rule set from netwin - auto downloaded and auto updated)
     local.rul (Your place to add mfilter rules to adjust scoring)
     aspam_pgood.dat, pbad.dat (Base poly word matching rules, auto downloaded from Netwin)
     aspam_words.txt (English dictionary used by aspam when choosing which words are rare)
     poly_good.dat (Poly word knowledge base (binary file) created from aspam_pgood.dat and local sample messages)
     poly_bad.dat (as above)
  

Tellmail commands:

tellmail aspam_retrain = Rebuilds the rule and poly information based on the aspam_good, aspam_bad directories

Aspam details

  • Aspam-URL database (collected via the training addresses) of known 'bad' URLs, if these are found in messages the message is very likely spam. Any URL found in the 'notspam' database is 'whitelisted' automatically.
  • Aspam-known External IP addresses - these are also recorded from the training messages and remembered and used for scoring
  • Known words - a list of rare words are found in each spam message, if the same list of words is found in a new message it gets a high match (for spam or not spam depending on the original)

How to turn on aspam

In surgemail.ini add g_spam_internal "true" and remove the line g_virus_filter cmd="smitecrc.exe" type=""

You can also do it with the web admin tool, eg:

Open the web admin,
upgrade to 1.8
click on 'SmiteSpam' down the left hand side,
set "Enable SmiteSpam" to 'false',
press 'Save'
click on Aspam on the left hand side,
set 'enable aspam' true
set 'Verify sender is in MX record' true
set 'Check from user exists' true
set 'If score is above this, add spam rating to subject (Spam: ****) e.g. 5' to 5
set 'Allow users to specify specific spam features' TRUE
Fill in 'Addresses on web pages that shouldn't get any email (robot bait)' if you have any.
press 'SAVE"
(Restart SurgeMail)

Recommended Settings for ASpam

Check senders are valid (optional, does help but also slows down incoming SMTP)
g_badfrom_check "TRUE"
g_badfrom_stamp "TRUE"
g_badfrom_from "postmaster@YOUR.DOMAIN.NAME"

Check sender is sending from the right mx host if possible. (this is the best rule!)
g_verify_mx "true"

Mark spam messsages in the subject (optional, some people like this some don't)
g_spam_subject "6"

Auto train addresses that spammers send to (replace with your addresses)
g_spam_catcher "user1@domain.com,user2@comain.com"

Known faults - gotcha's etc

  • In 1.8b2 the auto train feature will get confused and auto train messages sent to the isspam address, we recommend not using the auto train setting.