Spam Detection

PureMessage identifies spam by analyzing messages according to a set of anti-spam rules. Each rule has a test and a corresponding "weight". For each rule that matches the message, the weight is added to the message's total spam score. After all rules are applied, the spam score is converted to a percentage. The PureMessage policy performs actions (such as quarantining a message) based on the percentage that expresses the message's total spam score.

The PureMessage applications and configuration files used to configure spam detection from the command line are:

  • /opt/pmx6/bin/pmx-spam: An interface to the PureMessage anti-spam component.

    Anti-Spam Policy Related Configuration Files

    PureMessage spam detection uses a number of 'feature groups'. Each feature group implements a different method of message analysis. One or more feature groups can be enabled at the same time. Feature groups are enabled via the configuration files stored in the /opt/pmx6/etc/spam.d/compile.d directory.

    The spam.conf configuration file sets general message-scanning parameters for all feature groups. These general configuration options are combined with the feature-group-specific options in the other configuration files.

    After altering anti-spam configuration, enabling or disabling a feature group, or adding or modifying rules, you must re-start the PureMessage milter (using the command pmx-milter restart) in order for the changes to take effect.

    • /opt/pmx6/etc/spam.conf : Contains general anti-spam configuration items that apply regardless of which feature groups (methods of analysis) are enabled.
    • /opt/pmx6/etc/spam.d/compile.d/destination.conf : Enables the Known Spam Destination feature group.
    • /opt/pmx6/etc/spam.d/compile.d/heuristic.conf : Enables the Heuristic Analysis feature group.
    • /opt/pmx6/etc/spam.d/compile.d/sender.conf : Enables the Sender Reputation feature group.
    • /opt/pmx6/etc/spam.d/net.conf : Sets the parameters for DNS checks used by the Sender Reputation feature group.
    • /opt/pmx6/etc/spam.d/dnsbl.conf : Sets the parameters for DNSBL (DNS black list) checks used by the Sender Reputation feature group (the black lists in this group are disabled by default).
    • /opt/pmx6/etc/spam.d/compile.d/site.conf : Enables the Site Features feature group.
    • /opt/pmx6/etc/spam.d/sxl.conf : Enables real-time, DNS-based queries for Sophos anti-spam data.
    Rules and Custom Rules Configuration Files

    PureMessage is distributed with a set of pre-configured anti-spam rules. These rules are regularly updated as part of the PureMessage Anti-Spam heuristic update. Only the weight and probability delta can be altered for default rules; these alterations are done using the pmx-spam program (see the pmx-spam man page for more information).

    Custom rules are stored in the re.rules file, located in the etc/spam.d directory located beneath the default PureMessage installation directory. Custom rule files are never updated as part of the PureMessage Anti-Spam heuristic update.

    When rules are applied to messages, both default and custom rules are used.

    Rule status (enabled or disabled), weights and probabilities are stored in a database, rather than in the rule definition files. To adjust rule weights, use the pmx-spam program.

    • /opt/pmx6/etc/spam.d/re.rules : Stores custom rules.
    • /opt/pmx6/etc/spam.d/compile.d/compiler.conf : Sets a threshold number below which a spam identification rule is not used.