Filtering e-mail with Mac OSX 10.2 Mail

We are adding headers to mail messages which we think are spam:

For reliably detected spam:
X-CU-Spam: by clyde: reason it is spam
For spam detected by a new program under test:
X-CU-Test-Spam: by clyde: reason it is spam
For spam score calculated by SpamAssasin:
X-CU-Score-Spam: by clyde: spamassassin: 13 (*************)
For spam source listed by a DNSBL:
X-CU-DNSBL: by clyde: DNSBL: (some-IP-address by some-list)

You can filter messages tagged with with any of the above-mentioned headers out of your regular mail stream, using the filter capability in your e-mail software. Anti-spam guinea-pigs should filter on X-CU-Test-Spam, in particular.

Here's how to set up mail filters on our special headers, in Mac OSX 10.2 Mail.

From within the "Mail" application":
Create a new mailbox:
- Use the "Mailbox" pulldown from the main menu.
- Select "New Mailbox".
- Type in the name of the desired new mailbox (e.g.: "Spam").
- Click "OK".
- If you are an anti-spam guinea-pig, repeat the above procedure to create another new mailbox, called "Test Spam". Also, repeat the above procedure to create other new mailboxes, "Score Spam", "DNSBL", should you wish to filter on the corresponding headers.
Now get ready to create four new filter rules:
Use the leftmost pulldown menu ("Mail").
Select "Preferences".
Select "Rules".
FIRST RULE (to catch X-CU-Spam):
- Click on the "Add rule" button (this starts a new window).
- Type in a description for the new rule, for example:
  "spam detected by Concordia anti-spam filters"
- Set criteria: if [any] [x-cu-spam] [contains] "by"
  Note: in order to get the header "x-cu-spam" into the list, use that pulldown menu and:
  - Select "Edit header list" (at the bottom of the list).
  - Type in "x-cu-spam" to add it to the list of available headers.
  - Click "Add Header".
- Set action: [transfer] (to mailbox) "Spam"
- Click "ok" (which returns you to the "Rules Preferences" window).
- Make sure that the "activate the rule" radio button is checked next to the rule that you have just created; this should already be the case.
SECOND RULE (to catch X-CU-Test-Spam) (Guinea-pigs only!):
- Click on the "Add rule" button (this starts a new window).
- Type in a description for the new rule, for example:
  "spam detected by the TEST VERSION of the Concordia anti-spam filters"
- Set criteria: if [any] [x-cu-test-spam] [contains] "by"
  Note: in order to get the header "x-cu-test-spam" into the list, use that pulldown menu and:
  - Select "Edit header list" (at the bottom of the list).
  - Type in "x-cu-test-spam" to add it to the list of available headers.
  - Click "Add Header".
- Set action: [transfer] (to mailbox) "Test Spam"
- Click "ok" (which returns you to the "Rules Preferences" window).
- Make sure that the "activate the rule" radio button is checked next to the rule that you have just created; this should already be the case.
THIRD RULE (to catch X-CU-Score-Spam):
- Click on the "Add rule" button (this starts a new window).
- Type in a description for the new rule, for example:
  "spam socre by SpamAssassin"
- Set criteria: if [any] [x-cu-score-spam] [contains] "by"
  Note: in order to get the header "x-cu-score-spam" into the list, use that pulldown menu and:
  - Select "Edit header list" (at the bottom of the list).
  - Type in "x-cu-score-spam" to add it to the list of available headers.
  - Click "Add Header".
- Set action: [transfer] (to mailbox) "Score Spam"
- Click "ok" (which returns you to the "Rules Preferences" window).
- Make sure that the "activate the rule" radio button is checked next to the rule that you have just created; this should already be the case.
FOURTH RULE (to catch X-CU-DNSBL):
- Click on the "Add rule" button (this starts a new window).
- Type in a description for the new rule, for example:
  "spam source listed by a DNSBL"
- Set criteria: if [any] [x-cu-dnsbl] [contains] "by"
  Note: in order to get the header "x-cu-dnsbl" into the list, use that pulldown menu and:
  - Select "Edit header list" (at the bottom of the list).
  - Type in "x-cu-dnsbl" to add it to the list of available headers.
  - Click "Add Header".
- Set action: [transfer] (to mailbox) "DNSBL"
- Click "ok" (which returns you to the "Rules Preferences" window).
- Make sure that the "activate the rule" radio button is checked next to the rule that you have just created; this should already be the case.

Technical notes: we were unable to find out how to do wildcard matches, so I don't know whether it is possible to match on the empty header. However, "by" will be in all of our generated headers, so we can match on that.

Once you have set up the above filters, please check your "Spam" mailbox folder regularly and empty it out, after checking whether any legitimate e-mail accidentally got caught.

If you are an anti-spam guinea-pig, please check your "Test Spam" mailbox folder daily, and be sure to report any legitimate mail that got caught.