Please note that this is a technical description of some of the filtering practices we have employed at UVic. For a less techinical description or to change your spam filtering settings, please see http://www.uvic.ca/spam.
Filtering strategies have been implemented at UVic to block as much 'bad' email as possible. Bad email can contain viruses, phishing, or spam (unwanted and/or unsolicited e-mail).
This document outlines some of the current set of filtering mechanisms at work. Specific rules for each mechanism are also listed.
Note that blocked e-mail is returned to the sender with an explanatory message. Unfortunately, the originating site (and some email client programs) may choose to ignore our explanatory message and not pass it on to the sender, so the sender may not understand why the e-mail was returned.
If you have comments or suggestions about the filtering, please contact helpdesk@uvic.ca
1.1 Virus checking/blocking
Each e-mail is checked by several virus scanner. If a virus is found, the e-mail is rejected back to the sender with a message like:
Your mail was rejected as it contains the W32/Klez-H virus. Please check your system. Refer to http://web.uvic.ca/sysprog/tn2001004.html for information.E-mail which passes the virus scan will have a header line added which says:
X-UVic-Virus-Scanned: OK - Passed virus scan by Sophos (sophie) on cascaraE-mail that has incorrectly formed or password protected attachments may not be able to be scanned for viruses. In these cases, a header line is added to the email that says:
X-UVic-Virus-Scanned: TEMPFAIL - Could not virus scan by Sophos (sophie) on cascara
1.2 Attachment checking/blocking
Each e-mail is checked for attachment types we do not allow. If the e-mail contains such an attachment it is rejected and returned to the sender with a message like:
Your mail was rejected as it contains an attachment type that we do not allow (.pif). Refer to http://web.uvic.ca/sysprog/tn2001004.html for information.An example list of non-allowed attachments is:
If you need to send a file with one of these types, you will need to zip or otherwise encode the file for transmission. Please remember that the UVic e-mail system does not accept e-mail messages that are over 50 MB in size.
.ade, .adp, .app, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .dll, .exe, .fxp, .hlp, .hta, .inf, .ini, .ins, .isp, .jse, .lib, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd, .pif, .prg, .reg, .scr, .sct, .sh, .shb, .shs, .sys, .vb, .vbe, .vbs, .vxd, .wmd, .wms, .wmv, .wmz, .wsc, .wsf, .wsh
1.3 Dynamic IP Address ranges
E-mail messages coming from dynamic address ranges are rejected back to the sender. People using a dynamic address (such as Shaw or Telus home users) should be using their service provider's email server to send email.
1.4 Filtering E-mail attempting to be relayed via UVic
E-mail messages going through the UVic server must be from, or destined to, a valid UVic user/server. A message that does not fit these conditions is rejected back to the sender.
NOTE that UVic users who connect to the UVic mail server to read their email, may also use the UVic mail server to send email.
1.5 Filtering by the domain of the envelope address
UVic will ensure that the mail from: address within the SMTP envelope has a valid domain. E-mail from fraudulent domains will be rejected back to the sender.
1.6 Filtering by the IP address of the envelope HELO
UVic will ensure that an email connection from a non-UVic host does not announce that it is a UVic host (i.e., the helo command within the SMTP envelope is not 142.104.xxx.xxx). E-mail with a fraudulent HELO will be rejected back to the sender.
2.1 Spam Assassin
Most email going through the server is scanned by Spam Assassin that runs a bunch of heuristic tests on the email and calculates a score. The score indicates the likelihood of the email being spam - the higher the score, the higher likelihood of it being spam. Headers are then added to the email that detail the results, i.e.:
X-UVic-Spam-Status: Noor:
X-UVic-Spam-Score: 2.5 HTML_10_20,MAILER_DAEMON,MICROSOFT_EXECUTABLE,UPPERCASE_25_50
X-UVic-Spam-Level: Spam-Level SSX-UVic-Spam-Status: Yes
X-UVic-Spam-Score: 23.3 MIME_HTML_ONLY,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,
ONLINE_PHARMACY,REMOVE_PAGE,SUBJ_BUY,UPPERCASE_25_50,USERPASS,VIAGRA...
X-UVic-Spam-Level: Spam-Level SSSSSSSSSSSSSSSSSSSSSSSThe current settings for X-UVic-Spam-Status and their corresponding UVic definitions are:
Spam Assassin Classification Spam Assassin Score UVic Classification * Yes Spam Assassin score >= 15 definitely Spam Probably Spam Assassin score >= 10 Spam is highly suspected Suspected Spam Assassin score >= 6 Spam is suspected No Spam Assassin score <= 5 (* If specifying spam filtering rules using the advanced settings, please note the UVic Classification (shown in the above table) and its correspondence to the Spam Assassin scoring.)
Some email is not scanned by Spam Assassin so those emails will not have X-UVic-Spam- headers added. For example, email from UVic hosts will not be scanned.
Although the goal is to mark/block spam, please note that this marks/blocks ALL e-mail above the selected value. Some valid email may be marked/blocked.
To mark/block email based upon the SpamAssassin score, go here
The other option is to add filters to your email client to mark/block email that has a high SpamAssassin score (see the Help Desk page for information on how to do this).
2.2 Open Relays/Spam Sources
UVic can block e-mail from any server that is considered a spam source or an open relay/proxy. In order to do this, we use the DNS Black Lists (for example Spamhaus Zen and Barracuda). E-mail originating from any site on these lists will be rejected back to the sender.
Because several domains important to UVic users are occasionally on these lists, we have developed a list of exceptions. If you learn of a site having problems sending you email, you may contact helpdesk@uvic.ca and we will attempt to get that site to fix their problem. We may also add the site to our exception list.
Although the goal is to block spam, please note that this blocks ALL e-mail from servers considered to be 'spam friendly'. This means that e-mail from valid users on those systems will also be blocked.
To reject email based upon these lists, go here.
| Stay Informed! Browse to http://helpdesk.uvic.ca and click System Messages for current System Status information. If you would like to receive status messages by email, subscribe by clicking the Mail Subscription link on the Status Messages page. |