There are two strategies typically used in filtering unwanted mail. There is the brute-force approach that eliminates all mail coming from certain domains know to host spam. This filtering eliminates mail from specific domain names and/or IP blocks from certain ISPs. The lists generated are huge, very difficult to keep up to date, and quite slow to process. While not ruling out their use in the future, the Sambar Server does not presently support this form of filtering.

The second approach, implemented in the Sambar Server, is to filter mail that contain characteristics that distingiush it from "regular" mail. The spam filters are fairly aggressive and are comprised of three elements:

• Built-in filtering rules.
• External rules-based header filtering.
• Whitelist rules that over-ride overly aggressive built-in and external rules.

Built-in Filtering
If spam filtering is enabled, the first routing rules enforced are the built-in rules that perform the following tests:

• Message does not contain a From: line.
• Message does not contain a To: line.
• Recipient not found in To: or Cc: header. Important! This will typically result in blocking mailing lists; mailing lists, except those from a Local Domain must be placed in the whitelist.flt or be handled by a preceeding routing rule.

External Rules
The mail/mbox/spam.flt file (if present) is used to identify spam using regex pattern matching (Note: the pattern matching rules differ from the pattern matching wildcarding used in routing rules. Traditional regex pattern matching is used to allow the use of anti-spam rules from other mail systems.) The default rules specified are common filters used by several systems to block known spamming products. This file is cached at startup by the mail server. The following is a sample mail/mbox/spam.flt rules file:

# The famous 'Comments: Authenticated sender' line
#
Comments?: Authenticated send.?
# cyberpromo
#
cyberpr.?
savetrees.?
^Message-Id:.Mach.10
^X-Mailer:.*(Aristotle Mail|WorldMerge|Extractor Pro|Floodgate Pro|Emailer Platinum.*Internet Marketing)
^X-Advertise?ment:.*
^Message-Id:.*>.*>
^Received:.*(-(0600|6000|0400) \(EST\)|-0700 \(EDT\))
^Received:.*\<with .*\<with\>
^Received:.*000\.000\.000\.000
^X-Sender:.*Yourdora
# look for empty message IDs
#
^Message-Id: *<[^@]*>
# some added insurance against cyberpromo sneaking through
#
^(Received|X-).*\<cyberpromo\>
^(Received|X).*\<infowatch\.net\>
^X-Distribution:.*(bulk|mass|moderate)
# too many $$$ on the subject is probably spam
#
^Subject.*\$\$
^Subject.*FREE
^X.*(cyberp|Cyber-Bomber|cybertize-email.com)
^X-PMFLAGS
^Message-ID: <>
^X.*(iemmc.org|name removal)
^Message-ID:( +|     +)<.* (.*)?>
one.time(.only)? (mailing|message)|reply.*remove|(e-?)?mail.*remove
relay.comanche.denmark
^To:.Friend@public.com

Because of the variety of spam subjects, Subject header parsing is difficult to filter on. Basic filtering on money, free, $$ and a few other common subject lines are provided in the default list, but Subject filters will tend to only catch a few messages.

Whitelist Rules
The mail/mbox/whitelist.flt file (if present) is used to identify mail that should not be blocked by the spam filter. This file is only evaluated if the message has been flagged as spam. Important! There is a built-in rule that flags mail as "whitelist" messages if the mail is From a user in the Local Domain; the assumption is that anti-spam message relaying is enabled and, hopefully, Require AUTH is enabled. This file is cached at startup by the mail server.