SpamAssassin and Sanitizer
(for admmail, ist and watserv1 mail)

IST has implemented two changes to the admmail and ist mail servers in the ongoing struggle with junk mail (spam) and viruses. If you have an email account on either of these servers, you will be affected by the changes. Please note that although your email address may be known as userid@uwaterloo.ca, you should still check your mail program settings as to whether you are using one of these mail servers. If you have an account on watserv1, please note that SpamAssassin and Sanitizer cannot run because of the machine's current configuration. Perhaps in the future, watserv1 will be upgraded.

***notation on September 29/04. Mail is now processed through SpamAssassin on the uwaterloo.ca cluster and not through SpamAssassin on admmail, ist, and watserv1 servers. The information is still valid below. Do not manually edit your SpamAssassin user preferences file on the admmail, ist or watserv1 servers --- use the SpamAssassin Configuration Form, as noted below****

Change #1 - SpamAssassin for junk mail, and SpamAssassin Configuration Form

Change #2 - Sanitizer for viruses (defanging your dangerous attachments)

If you require assistance, please contact your department's computer support representative or the IST CHIP Helpdesk at x4357.

Change #1 - SpamAssassin for junk mail

Most junk mail will be flagged with *****SPAM***** prefixing its email subject. Although you can manually delete the spam that arrives in your IN mailbox, you may want to create a filter that transfers the flagged *****SPAM***** email into another mailbox. Please note these tips before creating the filter.

Tips:

• You probably want to create a new mailbox in your email program for the spam to be filtered. Perhaps call the mailbox "junkmail" or "spam". Then use this mailbox when setting up your filter.
• Do not automatically filter your spam to the trash. A legitimate email may be flagged as spam.
• Frequently check the mailbox where your filtered spam is collected. Make sure there's no legitimate email and then delete the contents of the mailbox.
• Once you create a filter, make sure you do a test!
• To prevent email from being flagged as spam, make sure the maximum number of recipients on the same domain (e.g. admmail.uwaterloo.ca) in your email To: and Cc: is no more than 8. If you need to send more than 8, then you have various options. You can use the Bcc: option (which will suppress the list of email addresses) or submit a request@rt for a majordomo mailing list.

SpamAssassin Configuration Form

You can make changes to your own SpamAssassin configuration by modifying your web form. For example, if you are receiving email that should not be flagged as spam, then add the email address to the Current Value box after the whitelist_from option. If you are receiving junk mail that should be flagged as spam, then add the email address to the Current Value box after the blacklist_from option. Multiple email addresses can be entered by separating each address by a space or by pressing the Enter key.

Access to the above web page requires your email userid and password. Once you make your changes, then click the submit changes button. You will be prompted again to enter your email userid and password.

If you require assistance with the form, please contact your local computer support person or the IST CHIP Helpdesk at x34357.

URLs of interest:

• Filtering Your Email by Marj Kohli, IST
• Technical information (includes the Rule Base) by Dawn Keenan, IST
• Reducing Spam at UW by Dawn Keenan, IST
• Fighting Spam on the Internet

Change #2 - Sanitizer for viruses (defanging your dangerous attachments)

Many viruses arrive as email attachments that infect your system when they are executed (when you click on the attachment to open it). The sanitizer changes the extension of the dangerous filetypes to prevent this from happening. You cannot automatically open the file. You can tell the sanitizer has intervened because the filename contains a four or five-digit code and the word DEFANGED followed by a hyphen. For example, transcript.exe becomes transcript23654DEFANGED-exe

What to do? For the attachment that is "defanged", you will need to decide whether or not you need the file. Most often these files contain viruses or junk mail and are not needed. Delete them.

If you do need this file, then you have to rename and save the file before it can be opened. For example, with the attachment transcript23654DEFANGED-exe, a Eudora PC user needs to:

1. right-click on the filename
2. choose "Save Attachment As"
3. save the file with a new name and the appropriate file extension. For this example, you could rename the file as transcript.exe (notice the hyphen is replaced with the period).
4. you will not be able to open the file from within Eudora but will need to navigate to where it is stored before trying to open it.

If you use other email programs such as Outlook, Outlook Express or Netscape, then you will also need to rename before opening the "defanged" file.

Files not affected include: Word (.doc .dot), Excel (.xls .xlt .xlw), PowerPoint (.ppt .pps), Access (.mdb .mdw), WordPerfect (.wpd), text (.txt), Adobe Acrobat (.pdf), FileMaker (.fp3 .fp5), Rich-text format (.rtf), vCard file (.vcf), Graphics (.jpg .gif .bmp)

Files affected and defanged include: executable (.exe .cmd .com .bat), Visual Basic (.vbs .vbe), .html or .htm.

Tips

• Check this web page for email attachment restrictions at UW
• When sending an attachment, make sure the name of the file contains only one period. For example, report2.doc and NOT report.2.doc If the file has multiple periods in its name, the file won't be delivered properly and an email with a security warning will be returned to the sender.
• Unfortunately, html-type files may become unusable even when they are renamed. Best to upload the html file to your web server and then send the URL to the recipient, or use a diskette or network drive to transfer the file.
• If you really need to email an executable file, then send as a zip file. Please note this list of restricted zip filenames.
  A utility called WinZip to create a zip file is available on many PCs (Start menu-> Programs -> Accessories). The recipient will require the same or similar utility to unzip the file.
• Mac users will notice a filename change. Usually the many viruses received via email attachments are aimed at the PC world and can't be executed on the Mac. That doesn't mean you should be less cautious. Keep your virus protection up-to-date.

Last updated by Pat Lafranier (pllafran at uwaterloo.ca) on March 18, 2007.

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

Contact Us | Give Us Feedback | Privacy Statement