Spam1 is a term given to unwanted or junk mail that is often broadcast by the originator to many recipients simultaneously. For example, mailing lists, get rich quick pyramid schemes, or for the purpose of advertising.
Furthermore, some spam originators can make use of other peoples' SMTP mail servers to redistribute their own messages, so that it appears that the message originated from that server; a technique known as mail spoofing. This technique of using a remote server to act as a mail relay for spam mail can result in serious inconvenience to the mail administrator.
![]() |
See page 5-15 for more details on spoofing techniques and how you can configure MAILsweeper to detect messages that may have been spoofed. |
MAILsweeper can be configured to detect and block spam mail using the following methods:
FROM listserver@company.com TO *@your_company.com DeleteJunk
Any message with the source address listserver@company.com can then be blocked and simply deleted, with no further action.
![]() |
Using the above rule, communication with the rest of company.com is still permitted. |
In the example, all messages from listserver@company.com are blocked and then deleted.
RESPONSE allow ...RESPONSE DeleteJunk PRIORITY 3
FROM *@* TO *@* allow ; Allow everythingFROM listserver@company.com TO *@your_company.com DeleteJunk
FINISH ; End of rules
If any message has a
source address of listserver@company.com and a
destination address of anyone at your company (*@your_company.com)
then the <Response> generated by AMUcheck is DeleteJunk
.
The DeleteJunk
<Response> is defined in the first section of the
file, using a RESPONSE
statement.
[Disposal]
DEFAULTDISPOSAL=Clean
...
DeleteJunk=JustDelete
...
LoadFailure=FailedLoad
The <Response>
DeleteJunk
has an entry in the [Disposal]
configuration section. This entry maps the <Response>
to a final disposition for the message. Assuming that DeleteJunk
is the highest priority <Response> generated by
validation, the final disposition for the message will be JustDelete
.
The JustDelete
disposition has a corresponding configuration section in the same
file. This configuration section controls the disposal actions
taken.
[JustDelete]
In this example the configuration section has no directives, so the message is deleted with no further action.
"bargain" 10 "act now" 5 "fabulous" 4 "once in a lifetime" 2 "not to be missed" 4
Depending on the number of expression found, and their considered importance, the message may or may not be deemed junk and can be dealt with accordingly.
The following example shows how junk mail can be detected and deleted by searching the incoming messages for certain expressions that commonly occur in junk mail.
[Validation] F-PROT=VALEXEFindJunk=VALLEX
ValidateAttributes=VALATTR[FindJunk] ExpressionList=C:\MSW\CONFIG\JUNK.LST 100=DeleteJunk
A new instance of the
VALLEX
validator is created, called FindJunk
.
It is defined it in the [Validation]
section and a
corresponding [FindJunk]
configuration section is
created in the body of the file.
The [FindJunk]
configuration section specifies the name of the ExpressionList
file containing the expressions to be searched for. In this
example the file is called JUNK.LST. It also maps
numeric values that may be obtained as a result of the search to <Response>
values. In this example there is only one mapping, that is, 100=DeleteJunk
.
This mapping has a numeric value of 100
and a <Response>
of DeleteJunk
.
The <Response> generated by lexical analysis is determined by a numeric score obtained as a result of the search. In this example:
0
and 99 then the <Response> generated is
the empty string, this equates to a <Response>
of DefaultDisposal
. 100
then the <Response>
generated is DeleteJunk
.[Disposal]
DEFAULTDISPOSAL=Clean
...
DeleteJunk=JustDelete
...
LoadFailure=FailedLoad
Assuming that DeleteJunk
is the highest priority <Response> generated by
validation, the final disposition for the message will be JustDelete
.
The JustDelete
disposition has a corresponding configuration section in the same
file. This configuration section controls the disposal actions
taken.
[JustDelete]
In JUNK.LST (the ExpressionList file):
"bargain" 10 "act now" 8 "fabulous" 5 "once in a lifetime" 5 "not to be missed" 4
This file lists, amongst other information, the expressions to be included in the search.
Each expression is
given a numeric value, depending on its considered importance. In
this example, the expression "bargain
" is
considered more important than any of the other expressions when
detecting junk mail. It is therefore given the highest value.
Each time an
expression is found in the data being searched the associated
numeric value is added to a score generated so far. At the end of
the validation a final numeric score is obtained.2 This score is used to determine
the <Response> generated, by comparing it with the
entries listed in the [Findjunk]
configuration
section, as explained on the previous page.
![]() |
See the VALLEX
section on page
7-86 and the Disposal section on page 7-22 for
more details. |
Copyright © 1998, Content Technologies Limited. All rights reserved.