Hack and / - Spam: the Ham Hack
I know plenty of people use whiz-bang graphical e-mail programs, and many of them also have fancy buttons and icons that flash when e-mail might be spam. Well, if you didn't already know from my prior columns, I'm a big fan of mutt, and I didn't want to be left out of all these fancy spam-managing techniques. Once again, mutt's powerful customization comes to the rescue.
Although I do have spam filters set up on my personal account, sometimes messages get through my defenses. It's always a delicate balancing act when you tweak your spam thresholds, so I not only wanted to see how close spam that made it through was to the threshold, but I also wanted to know if any of my legitimate e-mail was close.
I have SpamAssassin configured so that it adds the score to my e-mail headers via the custom X-Spam-Status header. Let's say that my spam threshold was a score of 6; I then set up two rules: one to color any messages with a score of 2 or 3 red and another to color messages with a score of 4 or 5 bright red. That way, both types of messages would stand out—especially the messages right on the tip of my threshold. Here are the folder-hook rules I added to my mutt config:
folder-hook . "color index red default '~h ↪\"X-Spam-Status:.*score=(2|3)\.\"'" folder-hook . "color index brightred default '~h ↪\"X-Spam-Status:.*score=(4|5)\.\"'"
Now, like many people, I have a special spam folder set aside so I can train SpamAssassin. I go in there from time to time to look for any false positives, so I also wanted to highlight any messages that were right above the threshold. The following rule colors any messages that have a score of 6, 7 or 8 magenta:
folder-hook . "color index magenta default '~h ↪\"X-Spam-Status:.*score=(6|7|8)\.\"'"
Now, whenever I go through my inbox and see a message with a suspicious Subject line, if I notice it's colored red or bright red, I might not even bother to open it. Because I know it's close to the threshold, I simply can move it to my spam folder. In mutt, you can do this with just a few keystrokes, but of course, that doesn't stop me from automating it a bit further. After all, why do a few keystrokes when I can bind the S key to save to my spam folder automatically? All I had to do was add the following to my mutt config:
# make S automatically save spam to the spam folder macro index S "simaps://mail.example.net/INBOX.spam" macro pager S "simaps://mail.example.net/INBOX.spam"
Of course, change imaps://mail.example.net/INBOX.spam so that it points to the spam folder on your IMAP server, but once you do, you either can press S to save an individual message to the spam folder or you can tag all of the spam in your inbox with the T key, and press ;S to save it all to the spam folder at once.
Sure, it would be great if we never had any spam to begin with, but although I can choose what canned food I buy at the grocery store, I may never fully get rid of spam in my inbox. After all, one man's hacked-up pork by-product is another man's tasty canned-ham substitute. If people didn't order those male-enhancement pills, they wouldn't advertise them. At least with a few extra steps, I can make managing spam take less time.
Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for O'Reilly Media. He is currently the president of the North Bay Linux Users' Group.
Kyle Rankin is VP of engineering operations at Final, Inc., the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin
- Machine Learning Everywhere
- Bash Shell Script: Building a Better March Madness Bracket
- Own Your DNS Data
- Understanding OpenStack's Success
- Simple Server Hardening
- Understanding Firewalld in Multi-Zone Configurations
- From vs. to + for Microsoft and Linux
- Natalie Rusk's Scratch Coding Cards (No Starch Press)
- Ensono M.O.
- The Weather Outside Is Frightful (Or Is It?)