Global settings g_spam

  1. Home
  2. Knowledge Base
  3. Settings
  4. Global settings g_spam

Table of Contents

g_spam_allow – IP wild card of sites to exempt from spam limits

Typically use this to allow known mailing list servers that use your system to send messages in without being tarpitted. e.g. “127.0.0.1,local.ip.number”. This same setting is an exception to the other spam rules. 

Syntax: g_spam_allow string

g_spam_allow_disable – Disable allow bounce messages

Normally when SurgeMail detects an SPF failure it will give the sending an opportunity to send an email to a special address, If the sender does this then their IP address is permitted in future, this saves a lot of hassle generally, in rare situations you may not want this system, this setting will just simply bounce the message instead.

Syntax: g_spam_allow_disable bool

g_spam_allow_rbl – Give unblock message to RBL bounces too

This setting extends the ‘allow’ email system used by SPF to the RBL style of failures. This makes it much safer to use RBL lists is block mode instead of stamping mode. You really must have g_spam_block enabled for this setting to work, otherwise the ‘allow’ mechanism lets everything through so this becomes pointless 🙂

Syntax: g_spam_allow_rbl bool

Spammers can trivially forge a reverse dns name, so it’s very unwise to use it for bypassing spam checking except for rare/local domain names that spammers won’t know to use

Syntax: g_spam_allow_rdns bool

g_spam_allow_msg – Template for unblock messages, use ||reason|| and ||allow|| and maybe a url

This lets you tailor the ‘allow’ bounce message given to incoming messages that fail the SPF checks. ||reason|| becomes the reason for the failure and ||allow|| is either the allow email to send to, or a link to use (if using g_spf_byweb “TRUE”).

Syntax: g_spam_allow_msg string

Example: g_spam_allow_msg “||reason||, to fix send an email to ||allow|| then resend original email.”

g_spam_block_msg – Template for spf blocked message if allow is disabled

This error is given for SPF failures when the allow system is disabled. You are probably looking for the setting g_spam_allow_msg, as it is the one that is normally used when a user is ‘blocked’ by spf.

Syntax: g_spam_block_msg string

g_spam_allow_known – Unblock IP address if we have received messages from it for 3 days (so it’s not a transient spammer)

This setting makes the SPF strict settings much softer, basically it says any IP address we’ve known about for 3 days, is considered safe. This will still stop most spammers, particularly when used in combination with RBL lists which will block the ‘repeat’ offenders.

Syntax: g_spam_allow_known bool

g_spam_allow_recent – Exempt recent POP from spam limits

Skip spam rules if recent POP IP number (see g_relay_window). 

Syntax: g_spam_allow_recent bool

g_spam_autotrain – Autotrain “good” filter

Auto train spam filter good messages based on first 1,000 outgoing emails.

Syntax: g_spam_autotrain bool

g_spam_block – Block spam (as decided by spf etc), if not set then user or domain can set

This setting is critical, without it, all the spam is let through to the user, with it set to true, 95% of spam is blocked before it enters your server. So, generally you want this turned on, it should result in very few false positives as messages are ‘grey list’ bounced.

Syntax: g_spam_block bool

g_spam_block_gateway – Block spam gatewayed messages too

Use this setting on incoming mail servers or servers that relay to servers that implement SPF. Without this SPF blocking will not work as the back end server cannot perform the SPF checks/blocking.

Syntax: g_spam_block_gateway bool

g_spam_check_auth – Enable spam rules for authenticated users

Normally authenticated users are exempt from spam rules when sending mail. This enables all spam checking rules for authenticated users.

Syntax: g_spam_check_auth bool

g_spam_content_disable – Disable aspam_content.txt rules

The file aspam_content.txt is fetched from netwinsite and used to identify certain common spam messages based on content. Each line in the file gives a list of words or phrases, if most of the words are found, then the rule matches. You can add your own rules to aspam_content_local.txt. In a message that matches a rule you will see in the spamdetect header, Content: cid=NNN cid=NNN, you can then match the NNN with the unique id of each rule in aspam_content.txt

Syntax: g_spam_content_disable bool

g_spam_body – Add SpamDetect header in body

If spamdetect score is above this, add spamdetect header at top of message body (in addition to the header). This allows mail clients that are not able to filter mail based on headers to filter out spam email. This can be set on a per user basis too. A value of 3 or 4 would be reasonable. The only real reason for this setting is some common mail clients are unable to scan non standard headers so cannot automatically file spam in a folder unless this is used. My recommendation is for such users to use the web interface to set actions individually.

Syntax: g_spam_body int

g_spam_body_url – Text part of info to add to body, usually a url to your site

On this page you should explain to your users why this tag was added to their message, and how they can adjust their spam settings etc.

Syntax: g_spam_body_url string

g_spam_body_more – Add more info to spam body (ip address, ptr address, reply to and bounce address)

This can help the user decide if the message really is spam

Syntax: g_spam_body_more bool

g_spam_folders – Train on any message dropped into the relevant folders

This allows a user to create two folders ‘-Train Is Spam-‘ and ‘-Train Not Spam-‘ and then run the aspam training mechanism by dropping messages into those folders, items are expired ffrom train is spam folder after 30 days if G_EXPIRE_TRASH is TRUE

Syntax: g_spam_folders bool

g_spam_folders_show – List the special folders for all users

Without this setting the user must create the folder name correctly for training to work from imap folders

Syntax: g_spam_folders_show bool

g_spam_flag – Add X-SPAM-FLAG: Yes header if smite score is above this level

Some filters and servers like to see this header, a good value for this might be 7. Valid range would be 1-15, with 1 marking almost everything as spam, and 15 marking almost nothing.

Syntax: g_spam_flag int

This feature fetches the file http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current and then uses it efficiently to block senders, it is a huge file (26mb). Not currently recommended, we don’t think the hit rate of this filter method is high enough to be useful. url used is http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current

Syntax: g_spam_from_blacklist string

g_spam_grey – OBSOLETE DO NOT USE, Enable old greylisting for spf mechanism

The grey listing mechanism relies on the principle that spammers are not using real mail servers but using dumb robots that won’t ‘retry’. So if all incoming messages are asked to ‘retry’ then the spam will not be received but the non spam will get in eventually. This does create a delay on all incoming mail, and may stop some stupid mail servers from successfully delivering. I would tend not to use this setting myself.

Syntax: g_spam_grey bool

g_spam_grey_classc – Apply grey listing to x.x.x.*

In theory this broadens slightly what grey listing will accept.

Syntax: g_spam_grey_classc bool

If a message is going to be accepted due to the spf default rule (so there was no real spf record), then this comes into play. If the message is not from a trusted person, or a domain that we have previously checked using grey listings. Then the message is bounced. If the sender then tries again to send the same message (from/to pair) within a few hours, but not within 1 minute, then that ip address is marked as ‘good’ and future messages from them are accepted. This setting will result in some real email bouncing but slightly reduce spam, we no longer recommend this setting.

Syntax: g_spam_grey_dflt bool

This setting enables grey listing for spf default failure events only, and only if it’s the first message from that ip address if more arrive before the grey listing succeeds then allow bounces are sent instead

Syntax: g_spam_grey_dflt_bad bool

g_spam_grey_verify – Skip grey listing if host was not listening

Skips the grey listing if the host didn’t resond to the g_smtp_verify probe for g_spam_grey_dflt_bad

Syntax: g_spam_grey_verify bool

g_spam_grey_size – Size of grey listing table, default is 3000

On busy servers set this to a larger figure, e.g. 9000 so it can remember more grey listing events

Syntax: g_spam_grey_size int

g_spam_grey_bounce – Bounce if message was allowed due to grey listing, and spam score is above this, default 8 (was 4)

Since messages which are allowed in due to grey listing generally can’t accept friends bounces (as the sender is unverified) it’s important to bounce them with an allow message instead if they look like spam

Syntax: g_spam_grey_bounce string

g_spam_grey_window – Window to block bad messages, typically 60 seconds

This prevents a fast retry by a stupid robot, some robots now wait 5-6 minutes but some mail servers may retry that fast too 🙂

Syntax: g_spam_grey_window int

g_spam_grey_nofive – Skip 5-6 minute black window for these domains

Use this for domains that retry at 5 minute intervals, e.g. (*@cs.com,*@xyz.com), this skips a test used to detect a particularly virrulent spammer who uses a robot that retries at exactly 5 minute intervals

Syntax: g_spam_grey_nofive string

g_spam_grey_nseen – Number of messages from an unknown host, default is 6

When a host is unknown if it sends more than this many messages before the grey listing resend occurs then it’s considered to be a spammer.

Syntax: g_spam_grey_nseen int

g_spam_grey_nohard – Avoid hard spf bounces always try and do a grey list instead

This avoids the hard bounce you would normally get for failed real spf records.

Syntax: g_spam_grey_nohard bool

g_spam_nolang – Don’t add header with a guess at body language

This adds a header which makes a best guess at the contents of the message, it should not be assumed to be 100 percent reliable! Also note that empty messages or messages containing only images may be classified as ‘Unknown (English)’

Syntax: g_spam_nolang bool

g_spam_phrase – Enable auto spam phrase filter

Enables a Bayesian word and phrase filter to enhance spam filtering. The filter auto trains based on the train folders each night

Syntax: g_spam_phrase bool

g_spam_probe_enable – Probe suspect urls to find spammers – can cause RBL

This setting searches email messagse from dodgy/unknown sources for urls, then looks at the page those urls refer to to see if those pages in turn point to a listed SURBL. Only domains matching a specific list of rules are scanned so there is almost no risk of this feature clicking on a page that might do something bad.

Syntax: g_spam_probe_enable bool

g_spam_probe_unknown – Probe any unknown url (dangerous)

This setting increases the remote chance of probing a web page that might have some action (like a confirmation signup request, unsubscribe etc…), in practice there are a bunch of tests we perform so it would be most unusual for this problem to occur but it’s safer not to use this option.

Syntax: g_spam_probe_unknown bool

g_spam_probe_more – Probe even if email is from a known ip address

Generally not advised

Syntax: g_spam_probe_more bool

g_spam_probe_friends – Probe even if email is from a friend

Generally not advised

Syntax: g_spam_probe_friends bool

g_spam_probe_whois – Do whois lookups on web pages found in probe

Some spammers register new domains each day, this probe checks the whois data to find if the new web site is owned by a known spammer

Syntax: g_spam_probe_whois bool

g_spam_subject – Modify message subject line based on spam rating

If spamdetect score is above this add spam rating Spam:**** to subject.

Syntax: g_spam_subject int

g_spam_subject_dom – Destination domains to tag subject for

Note that g_spam_subject_gateway and G_SMITE_GATEWAY or G_SMITE_ALL must also be set to true for this to work. If this setting is blank then all gatewayed domains would get tagged. Tagging won’t occur if the message is not sent through a g_gateway rule or redirect rule

Syntax: g_spam_subject_dom string

g_spam_subject_gateway – Modify message subject lime based on spam rating for gatewayed messages

If true then spam_subject setting applies to gatewayed messages too

Syntax: g_spam_subject_gateway bool

g_spam_subject_word – Allow arbitrary modification of message subject line

This is a string that is prefixed to the subject of incoming mail caught by g_spam_subject. You can use ||score|| and ||stars|| which will contain the actual spam rating. Good examples might be: “[SPAM]” or “SPAM(||score||), “

Syntax: g_spam_subject_word string

g_spam_userconfig – Enable per user spam settings

Allow users to opt in / out of specific anti spam features. If this is enabled this will add a “Spam” button on the users account self management pages.

The most useful antispam feature is that user’s mail that is suspected spam, can be stored on the server so that these messages do not need to be downloaded to your normail email client over what could well be a low bandwidth connection.

Syntax: g_spam_userconfig bool

g_spam_user_max – Max messages for authenticated users

Max messages an authenticated user can send per 30 minutes, eg: 5000

Syntax: g_spam_user_max int

g_spam_user_warn – Alert user when they send this many messages in one day, .8 to alert at 80% of max

This setting has no further documentation currently available

Syntax: g_spam_user_warn string

g_spam_user_warn_msg – Message when user approaches send limit

This setting has no further documentation currently available

Syntax: g_spam_user_warn_msg string

g_spam_user_badto – Max bad recipients from authenticated user per 30 minutes, e.g. 50

Whitelist using G_SPAM_USER_SKIP, limits bad recipients for an authenticated user, if exceeded then sending is paused for 30 minutes.  A value of 50 might be reasonable as normal users would never exceed that.  A value as low as 10 might be workable.  Whitelist accounts using: G_SPAM_USER_SKIP. An email is sent to the manager account when this limit is hit

Syntax: g_spam_user_badto int

g_spam_from_max – Max outgoing messages per ipaddress/return path pair, 30 minutes, e.g. 5000

This limit is useful where a local machine is sending on behalf of many users without authentication and you want to limit potential abuse

Syntax: g_spam_from_max int

g_spam_user_skip – Users to skip g_spam_user_max limit for

Set this for special known users who send lots of email

Syntax: g_spam_user_skip string

g_spam_bounce – Bounce local delivery based on spamdetect score

If spamdetect score (number of ‘*’s) is above this, bounce message if local delivery. 14 is a reasonable value, never set below 10.

Syntax: g_spam_bounce int

g_spam_bounce_store – If true store rejected spam in Spam_Rejected folder

This setting enables rejected spam to be saved in the spam_rejected folder, this makes it safe to use the spam rejection level again.

Syntax: g_spam_bounce_store bool

g_spam_bounce_text – Error text when message is bounced due to g_spam_bounce setting

As per description. Default is: “554 Failure Message looks like spam, sorry not wanted here q=311”, where q is the message queue id.

Syntax: g_spam_bounce_text string

g_spam_bounce_all – Bounce local and remote delivery based on spamdetect score

If spamdetect score (number of ‘*’s) is above this, bounce message, this applies to all messages regardless of user settings. e.g. 7 or 8 would be reasonable, 3 would be very strict, and less than 3 would certainly bounce real emails. I recommend you don’t set this below 5. This rule is applied as soon as the message is submitted, user spam settings do not override it.

Syntax: g_spam_bounce_all int

g_spam_bounce_trusted – If spamdetect score is above this, bounce message if trusted (spam_allow or authenticated)

Normally trusted users (spam_allow or smtp authenticated users) are never bounced due to spam content, this setting forces those users to also be checked for spam content.

Syntax: g_spam_bounce_trusted int

g_spam_cmd – Command line spam checker, use $FILE$ in cmd parameters

This allows you to run a simple external spam filter the return value is added as a header, X-SpamCmd: r=N, Is Spam/Not Spam, use local.rul file to translate this return value to a spam score. e.g. G_SPAM_CMD “snfrv2r3.exe xnk05x5vmipeaof7 $FILE$” if used with http://www.armresearch.com/message-sniffer/. If the program returns 0 then the words Not Spam are added, if the value is non zero then Is Spam is added, this makes filtering rules easier to add to local.rul, see http://netwinsite.com/surgemail/help/spam.htm#external

Syntax: g_spam_cmd string

g_spam_cmd_if – If internal spam rating is below this number, then run external filter

This allows you to only scan messages with an external filter if the message is not obviously spam

Syntax: g_spam_cmd_if int

g_spam_cmd_skip – If internal spam rating is below this number, then skip external filter

This allows whitelisting to work

Syntax: g_spam_cmd_skip int

g_spam_cmd_reject – If external filter returns number larger than this reject

Filters based on return code of external spam filter program

Syntax: g_spam_cmd_reject int

g_spam_vanish – Vanish local delivery based on spamdetect score

If spamdetect score (number of ‘*’s) is above this, vanish message if local delivery. eg: 12 would be reasonable.

Syntax: g_spam_vanish int

g_spam_vanish_all – Vanish local and remote delivery based on spamdetect score

If spamdetect score (number of ‘*’s) is above this, drop message, applies to all messages regardless of user settings. e.g. 14. This rule is applied as soon as the message is submitted, user spam settings do not override it.

Syntax: g_spam_vanish_all int

g_spam_info_hide – Remove x-spamdetect-info header line

Removes the x-spamdetect-info header line.

Syntax: g_spam_info_hide bool

g_spam_info – Info line explaning aspam system

Info line and url to explain aspam system.

Syntax: g_spam_info string

g_spam_internal – Enable internal Aspam spam processing system

Enable new ‘internal’ spam processing system, note this disables SmiteCRC too!

Syntax: g_spam_internal bool

g_spam_noupdate – Disable aspam updates

Disable fetch of aspam filter rules etc from netwinsite.

Syntax: g_spam_noupdate bool

g_spam_notrain – Disable isspam and notspam addresses

Disable isspam and notspam addresses for user training.

Syntax: g_spam_notrain bool

g_spam_isspam_kind – Allow isspam from recent pop, gateway to etc

Allow ASPAM training messages to (isspam) from any trusted source (e.g. any source that would be allowed to relay/send outgoing email). This setting is recommended.

Syntax: g_spam_isspam_kind bool

g_spam_isspam_ignore – Don’t block messages from ip addresses recorded as a spam source

This bounces all email from an address recorded as a spam source until it is recorded as a ‘notspam’ source, the blocking message allows the sender to bypass the block.

Syntax: g_spam_isspam_ignore bool

g_spam_aspam – Aspam rating

Scale for Aspam default is 1.0. Valid range is zero to two.

The aspam matching based on it’s database of known spam and non spam produces a score in the range -5 –> 5. Tthe g_spam_aspam setting lets you ‘scale’ this score to increase/decrease the importance of the aspam rating. The result is then applied (added to) the spamdetect header.

Syntax: g_spam_aspam string

g_spam_poly – Scale for poly word matching

Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable.

Syntax: g_spam_poly string

g_spam_poly_disable – Disable poly code.

Disables the poly statistical scoring feature which is part of Aspam. Poly tries to analyze the frequency of word combinations in spam and not spam to identify if a message is likely to be spam or not. We don’t consider the poly system to be very useful, it has two faults, it’s behaviour is not ‘understandable’ and it is ‘content based’, SPF is a much superior system!

Syntax: g_spam_poly_disable bool

g_spam_private – Enable private email addresses for users to avoid spam

Note: The user will define these settings, after turning on this global setting the user can use the Web Self administration interface, press the ‘Spam’ button and the private email address is defined on that page.

This setting adds the ability for each user to create a private email address to bypass SPF/ Spam filters. The user would then typically increase the spam settings for their non private account to ‘friends mode’ and enable SPF. So only known friends will be able to contact them via the old address.

This allows the user to live ‘spam free’ without the risk of blocking email from real people.

The user must be careful with their new private address, it should only be used with humans, when entering an address in a web form or mailing list a special variant should be used e.g. user–from-WEBDOMAINNAME@users.domain

The user defines their private address, in the form user–PRIVATE@domain.com, e.g. if the users public address is joe@cool.com, and the user defines a private extension of “juggle” then the private address would be:

joe–juggle@cool.com

Email addressed to joe–juggle@cool.com is delivered without SPF or SPAM filtering / tagging.

In addition the user can enable ‘from’ matching which must look like this: username–KEYWORD-STRING@cool.com, the user specifies a keyword e.g. “match”. Then anything addressed to the user in this form:

joe–match-STRING@cool.com

Will only be delivered if ‘STRING’ is found in the ‘from’ envelope address, otherwise it will bounce. So when entering an email address in a web page called “toys.com” the user would enter:

joe–match-toys@cool.com

Any — extension that is not recognized will return a bounce suggesting they remove the extension and try again.

Syntax: g_spam_private bool

g_spam_alias_any – User aliase string e.g. “++” if defined then strip suffix from emails – not advised!

This allows each user an infinite number of aliases of the form user+extension@domain.name, this can cause problems so only enable with caution. Usually set to “++” but can be set to a single plus, but this will break any email address that contains a plus so not normally recommended. If used avoid defining it as a single character at least!

Syntax: g_spam_alias_any string

g_spam_url – Scale for url word matching

Scale for URL word matching, default is 0.3, Valid range is zero to two (recommend 1.0)

Syntax: g_spam_url string

g_spam_catcher – Spam catcher addresses

Addresses on web pages that shouldn’t get any email (robot bait), only for use with Aspam.
Any email going to the specified address will be sent to the isspam address for processing and the message will also be dropped. If the message has multiple rctp’s and some are valid users, but one matches the catcher address, it is not delivered to anyone. If you need to enter a lot of spam catcher addresses then the best way is to just setup a single spam catcher address and then use g_redirect to redirect other addresses to the spam catcher address.

eg
g_spam_catcher “johnsmith@mydomain.com”

Syntax: g_spam_catcher string

g_spam_char – Character to use instead of ‘*’ for smitespam headers (best left alone if possible)

Changing this will cause no end of problems, so only do this when initially installing SurgeMail

Syntax: g_spam_char string

g_spam_notspam – Spam collection address

Address that non authenticated users can send non spam to.

Example: g_spam_notspam “notspam@domain.com”

Syntax: g_spam_notspam string

g_spam_hold_keep – Spam hold timeout

How many days to store users spam hold messages before deleting them.
Default is 14 days.
eg. g_spam_hold “14”

Syntax: g_spam_hold_keep int

g_spam_hold_hide – Hide spam hold settings for end users and other held2pend user.cgi tweaks

This setting has no further documentation currently available

Syntax: g_spam_hold_hide bool

g_spam_header_trust_ip – List of IP addresses from which to trust/accept existing X-SpamDetect headers in emails

Use this setting to specify the filter machines which perform spam scanning for this machine. Use this on the filter machine, to specify itself so that mailing list messages do not get scanning/tagged twice. Ensure your users are sending messages via the filter machine.

Syntax: g_spam_header_trust_ip string

g_spam_share – Use and share some spam/aspam information with central server (netwin) experimental

This setting enables some features which let surgemail share information about spam and non spamming ip addresses with a central netwin server.

Syntax: g_spam_share bool

g_spam_status_hour – Process all spam status messages at this time (disk io intensive)

Normally the spam status emails are sent in response to incoming messages at undefined times, this allows all spam status emails to be sent at a predefined time.

Syntax: g_spam_status_hour int

g_spam_status_monthly – Send monthly spam status even if no messages pending

This is good to make sure all users know about their spam settings and how to change them.

Syntax: g_spam_status_monthly bool

g_spam_phishing – Download list of known phishing addresses and block outgoing email to them

Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/

Syntax: g_spam_phishing bool

g_spam_phishing_ok – Allow to these addresses even if phishing database blocks them

Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/

Syntax: g_spam_phishing_ok string

g_spam_nobounce – Remove old user held/vanish but after 5.2 will allow bounce

This removes the old spam settings that should never be used. In version 5 this disabled hold/vanish/bounce, now it only disables hold/vanish but allows ‘bounce’, the bounce behaviour has been made considerably safer by tuning the spam filter and changing the actual bounce to allow the sender to bypass via captcha

Syntax: g_spam_nobounce bool

g_spam_black_auto – Auto blacklist for user when isspam pressed

Changes blacklist handling to only place in spam folder (not auto reject) and to automatically blacklist when isspam button pressed

Syntax: g_spam_black_auto bool

g_spam_black_tospam – Put blacklist matches in spam folder

Place in spam rather than bouncing hard.

Syntax: g_spam_black_tospam bool

g_spam_allbad – Auto blacklist from/ip/to combinations

Makes blacklisting automatic

Syntax: g_spam_allbad bool

Was this article helpful?

Related Articles