SPAM Filtering Service


Users who have a Bilkent e-mail account can use our Remote SPAM Filtering service to have all their incoming e-mail scanned and tagged "SPAM" if the detection criteria indicate so.

The Remote SPAM Filter will not delete or discard your e-mail. It compares various parameters of incoming mail to a huge set of rules (detection criteria)  that BCC maintains and adds the string *****SPAM***** to the subject field of the message if the tests indicate that the message "looks like a spam message".

We use "spamassassin" as the filtering tool. This tool examines each mail and grades certain mail attributes with varying points. For example, if a mail contains the string "viagra", this is worth, say, one point. A phrase mentioning "unsubscription" is worth 0.7 points; and so forth. If a mail collects 4.8 points or above then it is marked SPAM. Spamassassin is a "trainable" tool, which means we submit spam samples to it and spamassassin develops/adjusts its rules using Bayesian Filtering techniques.

Please note that there is a possibility that a decent mail might raise a "false positive" SPAM identification tag. Furthermore, some SPAM mail will get through the filters untagged. In other words;  this service is not a hundred percent cure to the spam problem.

After starting SPAM filtering for your e-mail account, you will still receive your e-mail including the SPAM ones. The subject lines of the tagged e-mail messages will look something like:
Subj: *****SPAM***** Do not have money, get software cds

If you like, you can configure your e-mail client software so that it automatically places those messages marked as SPAM to a special folder like "Spam" or "Trash".

Starting SPAM Filtering

To start using the remote filter, you need to login to the UNIX server hosting your "mailbox" using a telnet client software. All MS-Windows operating systems have a telnet client by default.

BCC and UG domain users will see a menu when they login to their servers using a telnet client software:


What do you want to do?

        1. Specify a forward address for your e-mail.
           (All e-mail you receive will be forwarded to this address.)
        2. Stop forwarding.
           (All e-mail you receive will be stored on this server.)
        3. Start the "vacation" service
           (An automated reply will be sent to people sending you e-mail.)
        4. Stop the "vacation" service
        5. Start SPAM filtering for this account.
           (The SPAM filter will mark spam messages, but they still will be delivered).
        6. Start SPAM BLOCKING for this account.
           (The SPAM filter will DELETE marked messages imediately and irrevocably).
        7. Stop SPAM filtering for this account.
        8. Edit the ".forward" file with vi.
           (For experienced UNIX users.)
        9. Edit the ".procmailrc" file with vi.
           (For experienced UNIX users.)
       10. Exit
Other domain users will need to type in a command as described below.

Please note that Remote Filtering Service can only be enabled for accounts which DO NOT have mail forwarding. For example, if you have two accounts at Bilkent; say "jdoe@ctp.bilkent.edu.tr" and "jdoe@bilkent.edu.tr" and "jdoe@ctp.bilkent.edu.tr" is forwarded to "jdoe@bilkent.edu.tr"; Remote Spam Filtering can be enabled for "jdoe@bilkent.edu.tr" and cannot be enabled for "jdoe@ctp.bilkent.edu.tr".

We recommend that you use option 5 first which only marks spam messages. If you feel that the filter is successful, you can switch to option 6 to BLOCK the messages. If you decide to switch from marking to blocking, you should first stop filtering for your account (option 7) and than start filtering again with option 6.


You can find the UNIX server which hosts your mailbox using the following table:
e-mail address format
 telnet to UNIX server host
xyz@bilkent.edu.tr
 turna.bcc.bilkent.edu.tr
xyz@ug.bilkent.edu.tr
 postaci.ug.bilkent.edu.tr
xyz@fen.bilkent.edu.tr
 century.fen.bilkent.edu.tr
xyz@ee.bilkent.edu.tr
 kilyos.ee.bilkent.edu.tr
xyz@ie.bilkent.edu.tr
 pascal.ie.bilkent.edu.tr
xyz@ctp.bilkent.edu.tr
 gunes.ctp.bilkent.edu.tr
xyz@tourism.bilkent.edu.tr
 pamukkale.tourism.bilkent.edu.tr
xyz@bups.bilkent.edu.tr
 beauty.bups.bilkent.edu.tr

To start filtering your incoming mail against SPAM, please locate your server in the above table and issue a telnet command to that server.

If you are an MS-Windows user, you can
  1. Click the "Start" button
  2. Choose "Run"
  3. Type in "telnet your_server.bilkent.edu.tr"
  4. Login using your account and regular e-mail password
  5. Issue the command "start_filtering"
  6. Send an e-mail to yourself and make sure you receive it in at most 30 seconds. If you do not receive your own mail in 30 seconds, issuse the "stop_filtering" command and respond with a "y" to confirm removal of remote scanning related files. If you send the test message from a non-Bilkent service, it might take 5-10 minutes for you to receive it.
If you're a UNIX user, we guess it is safe to assume you already know how to telnet to a server. All you need to do is go through steps 4-6 in the list above.

After you issue the " start_filtering" command, you should see a message that reports a successful operation. If the filtering is started for your account successfully, all your incoming mail will be forwarded to a remote computer called "nospam.bilkent.edu.tr" where it will be scanned against spamassassin rules.

All mail,  whether it is spam or not, will be resent to your address after scanning. Those e-mail messages that our scanner decides to be spam will be tagged with the string "*****SPAM***** " in their subject fields. That is to say; if someone sends you a spam promoting Viagra, you'll still receive this e-mail but the subject will modified to be be something like "*****SPAM***** Cheap Viagra ".

We recommend you to observe the SPAM detection performance of our filters for a week or so; and if you're happy with the results; then set your e-mail client (Outlook, Eudora, Netscape Mail, Thunderbird, etc.) so that it discards messages whose subject lines start with the literals "*****SPAM*****".  This can usually be done using the "Tools" or "Settings" menu items of your e-mail client software. In case you want to switch your e-mail client to a very good, safe, easy to use software, we would strongly recommend Thunderbird. You can visit www.mozilla.org to download Thunderbird.  It is an open source sofware and free.

Stopping SPAM Filtering

If for, some reason, you decide to stop using the Remote SPAM Filtering service, all you need to do is to login to your domain server host (see table above), and issue the command "stop_filtering".

Some Anti-SPAM Advice

  • Do not try to unsubscribe yourself from spammers' address databases. This sort of effort only verifies your e-mail address and causes it to be placed in more expensive, so called "reliable" e-mail distribution databases.
  • Remove all e-mail addresses from your web pages. Spammers harvest e-mail addresses by web robot software. If you need to publish an e-mail address on a web page, inscribe it in an image file or break it into weird strings like "cayfer -at- bilkent-edu+tr". You can use an online "mail address to image" converter service located at http://chxo.com/labelgen/
  • Do not use e-mail clients that compose fancy looking e-mail messages, like placing a background image,  adding animated  icons, etc. The chances are that such e-mail will get caught by the spam filters at the recipient side.

For the more technically inclined users

The "start_filtering" command created two files; namely ".forward" and ".procmailrc" in the users' home directories.

These files contain the lines
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"

and
:0
* ^X-Filter.*Bilkent
$DEFAULT

:0
* < 256000
! filter@nospam.bilkent.edu.tr

:0
$DEFAULT

respectively. The "stop_filtering" command simply removes these files.

The above .procmailrc file reads : "If a mail's headers contain the string "X-Start..." (the mail has been processed by the filter), deliver it to the default mail box. Otherwise, if the size of the mail is less than 256000 bytes, forward it to the remote filter (spammers tend to keep their e-mail small for their own sake). Otherwise deliver it to the default mailbox."

You might want to modify the .procmailrc so that it gets rid of e-mail that are tagged as SPAM mail without placing them in your mailbox at all. This will keep your mailboxes small in size. On the other hand, there is a risk of trashing mail that are tagged SPAM although they are not.

Should you decide to delete the tagged e-mail automatically, you should add the red lines to the top your .procmailrc file so that it reads:
:0
* ^X-Spam-Status: Yes
/dev/null

:0
* ^X-Filter.*Bilkent
$DEFAULT

:0
* < 256000
! filter@nospam.bilkent.edu.tr

:0
$DEFAULT