Spam Blaze is WordPress plugin that makes it simple to make more effective use of Spam Assassin
What you get: The plugin and updates for 12 months.
- Easily add rules to block spam
- Simple to setup and configure
- Secured access to the services provided by the plugin
- Define trademark and product names that should never reject and email
- Define sender domains that should never be rejected
- No messing with Spam Assassin configuration files
- Block emails based on body content, header content or attachments
- Block emails based on the country of the sender
- Works with an existing Spam Assassin installation
- Log blocked emails to check rule effectiveness
- Review blocked email statistics to find out where spam originates
- Rules can apply to all email accounts or just named groups of users
- Creates a Spam Assassin update channel that can be used by sa-update
- Allow group managers to create and maintain their own rule sets
- Block emails from spam domains like .top or sent through servers in specific countries
The plugin requires PHP 5.4 or later. It is tested with Spam Assassin from version 3.3.1 and with WordPress up to 4.6
Your business already has an email server and uses, or may be considering the use of, Spam Assassin to help reduce the volume of spam reaching your inbox and those of your staff. Your mail server may be configured to use a DNS blacklist site like zen.spamhaus.org or a SURBL site like bl.surbl.org. You may have looked at grey listing. But even so, new spam email attacks are launched every hour from machines, often hacked, around the world filling inboxes especially those associated with email addresses you have to make public or that appear in marketing documentation. Third party services like Spamhaus can take hours or even days to catch up with campaigns by spammers because they rely upon reports by recipients.
Spam Blaze is a WordPress plugin that makes it simple to keep on top of ever changing unsolicited bulk emails by allowing you to create a dynamic, private update channel for your Spam Assassin installation. The plugin extends WordPress allowing you to define anti-spam rules in the WordPress environment you know. Spam Assassin is then automatically configured to use your rules.
Spam Assassin is a really powerful tool for combating spam but it is not simple to create reliable Spam Assassin configuration files. Normally configuration files are created by experienced Spam Assassin administrators. This makes Spam Assassin less effective than it should be at combating the ever changing attacks used to get emails past your defences and into user’s inboxes.
By using Spam Blaze you do not need to understand how to create robust Spam Assassin configuration files. Instead you enter the domains of senders you want to block or enter examples of the text that could appear in an email subject or body and let Spam Blaze do the rest. Spam Blaze will package the rules you create into Spam Assassin configuration files and make them available in the way Spam Assassin expects so it is able to download them automatically.
There are several common techniques used to combat spam: DNS blacklists, grey listing and third-party assessment of messages. These can have a place in combating spam and are well suited to handling spam sent to private email addresses. However, these techniques can poses challenges for businesses.
The problem with DNS blacklists
Relying on DNS blacklists is not a good idea for businesses where losing an email because of a false positive test may be throwing away a business opportunity. There are 4 billion potential IP addresses used by machines to send emails. There are some domains – those ending in ‘.top’ for example – that are used heavily to send unsolicited bulk email. Also, some domains should not be sending email directly and email should never be received from some IP addresses: for example, the domains and IP addresses of major domestic Internet Service Providers. However, most spam is sent by machines using other IP addresses that have been compromised by hackers and recruited to send unwanted emails. These machines may be potential customers, after all, any one can be hacked.
Blacklists operate by collecting domain names via anecdotal, third party, reports which assert they have been used to send unsolicited emails. However this is an unverified list and can contain domains from which you might like to receive emails. Using blacklists may be acceptable when operating a mail service for private users but is too restrictive for a business especially when there are better solutions.
Why businesses should not use grey listing
Grey listing is a technique to try to identify spam email based on the need for spammers to send email using only the most economical means. Grey listing works by initially rejecting emails and instructs the sender to re-send after an amount of time shown in the rejection message. The expectation is that well behaved email clients and servers will resend emails after the elapsed period of time but those sending spam emails will not act on the rejection because it adds expense.
Just to be clear, when grey listing is used all emails are rejected initially.
If an email server or email client sending emails we want to receive does not respond correctly to a rejection for any of several reasons the email will be lost. To paraphrase William Blackstone, it is better to receive 10 spam emails than to reject one sales lead. Because it is possible that the use of grey listing may result in unknown revenue opportunities, it is better that grey listing is not used by a commercial entity.
Why not use a 3rd party service?
Another option to help combat unsolicited emails is to use a third party service to review emails in order to assess whether they are likely to be spam or not. The challenge of this approach for a business is that all emails must be forwarded to the third party who cannot guarantee information in emails they receive will not be abused. Any email has the potential to contain proprietary or personal information that should be regarded as confidential. Sharing trade secrets contained in emails with a third party may breach corporate governance requirements while sharing personal information may breach data protection laws and be illegal.
Not all third party services require you to send the whole email. Rather than send the whole email, the Razor technique computes a hash from the contents of an email and checks a central database of hashes to see if the same hash has been encountered and reported as spam already. It sounds promising but this technique is easily thwarted by spammers. Hashes are highly specific to the content being hashed. Change just one character and the hash will (is intended by design) to be wildly different. Spammers take advantage of this characteristic of hashes by including in emails a few random characters such as “Hi Fred/Jo/123′. It looks innocent but the effect on the Razor technique is to render it ineffective because the central database must contain a hash for every conceivable alteration to the email and there are an infinite number of possible changes.
There are many email service providers. Examples include Google (GMail) and Microsoft (Hotmail, Office 365). Email service providers look after all aspects of email management but there are some downsides.
Email service providers charge by the mailbox. This means that if it will be helpful to have an extra email account there will be an extra charge. For example, a new employee or a marketing campaign that will benefit from a dedicated email address. If a business uses several domains, perhaps a domain per product line or sales region, it’s more expense.
Email is an important channel of communications for anyone especially a commercial entity. Running your own email server is not difficult and allows a business the flexibility to create any number of email addresses for any number of domains.
Nor is it expensive. A mail server does not do that much work. The number of times an email server must process emails in a day is not great. Our email server which handles the needs of a business with 20 email addresses runs on a very small server. The server is hosted on Amazon’s Web Services and costs just $60/year.
Running our own email server also allows us to make sure we are processing all emails and that they are not filtered by a 3rd party keen to protect its own servers. Like many organizations that operate their own mail servers we use Spam Assassin to review emails and give them a score to rate the likelihood they are ham or spam.
Email servers do not analyse inbound emails to determine if the email may be unsolicited bulk email. Instead they pass emails to a service dedicated to assessing emails. Spam Assassin is a widely used tool for this purpose. Spam Assassin runs as a separate process – potentially on different hardware – listening for requests from email servers to analyse emails and respond with information indicating whether or not the email is likely to be spam.
Spam Assassin is a process that by default will not take any action when it processes an email. The strength of Spam Assassin is that how it analyses emails is guided by rules defined by one or more configuration files. In practice, out of the box Spam Assassin does process and classify emails because it is configured to download a default set of remote configuration files provided by the authors of Spam Assassin at spamassassin.apache.org. A set of remote configurations files that Spam Assassin can download is known as a ‘channel’.
Outlook, like many email clients, allows a user to define rules so that emails containing specific text are deleted automatically when they appear in an inbox so why not just use this feature?
Rules defined within an email client may be sufficient in some cases. However, spammers try to address emails to as many valid emails addresses as possible. This means it is necessary for each targeted user to define their own copy of the rule. By using Spam Blaze it becomes possible for a rule to be defined once, centrally, so it affects all inbound emails.
We find it is not unusual for a spam email to be received several thousand times – usually with an attachment. Not all users are great at emptying there trash/deleted items/junk folder which means even if users do create a rule, the email still exists within your email system consuming space. By managing spam centrally, spam emails never reach user inboxes so the issue of accumulating spam email does not arise.
Spam emails on just one day in August
Spam Assassin is a process that by default will not take any action when it processes an email. The strength of Spam Assassin is that how it analyses emails is guided by rules defined by one or more configuration files. In practice, out of the box Spam Assassin does process emails because it is configured to download a default set of remote configuration files provided by the authors of Spam Assassin at spamassassin.apache.org.
Sets of configuration files that can be downloaded from a remote server are known by Spam Assassin as ‘channels’. Its a key feature of Spam Assassin that remote channels can be updated. Anyone is able to create a channel and Spam Blaze creates such a channel so rules created using Spam Blaze can automatically update the Spam Assassin configuration files.
Spam Assassin uses a process to discover channel update files. The process begins when the Spam Assassin script ‘sa-update’ is run. This script takes as an argument the name of the channel to update. More than one channel can be updated at the same time by using the option to use a file containing a list of channel names. This is an example of the update command to run:
sa-update -v --nogpg --allowplugins --channel spamassassin.yourdomain.tld
See the section on installing and configuring Spam Blaze for information about the switches uses in this command.
This section assumes both WordPress and Spam Assassin are installed and functioning. For information about installing Spam Assassin on Linux visit spamassassin.apache.org. For information about installing Spam Assassin on Windows visit JAM Software
Spam Blaze plugin
The Spam Blaze plugin is installed like any other plugin: use the WordPress plugin manager to upload and install the plugin zip file.
Configure Spam Blaze
The main task required to configure Spam Blaze is to add rules but there are three important settings to configure. See the section on configuring Spam Blaze for more information.
Spam Assassin plugin
Spam Blaze includes a plugin for Spam Assassin. See the section about the Spam Assassin plugin for instructions on how to add the plugin to Spam Assassin.
Create a scheduled task to generate a channel file
When at least one rule has been created using Spam Blaze the update (Spam Assassin configuration) files can be generated. These can be generated manually using the button on the Spam Assassin tab shown by the plugin or they can be generated automatically by creating a scheduled task that access the page:
A sample script to be used in a Linux ‘cron’ job and a sample Powershell script for use on Windows are included with the plugin. They can be found in the sub-folder ‘./assets/cron’
It’s recommended that the task is scheduled to run frequently, say every 5 minutes so rule changes are converted to channel update files shortly after they are made. If rules have not been changed then the channel files will not be re-generated.
Create a scheduled task to run sa-update
sa-update is a utility script provided with Spam Assassin so update configuration files from channel providers. It will be necessary to create a scheduled task to run the sa-update script to access updates to the channel file. This is the command you will run as a cron job (Linux) or scheduled task (Windows):
sa-update --nogpg --allowplugins --channel spamassassin.yourdomain.tld
where ‘spamassassin.yourdomain.tld’ is the domain you specified as the value for the ‘DNS Domain’ option on the ‘Spam Assassin’ tab of the Spam Blaze plugin.
|−−nogpg||The channel files are not signed using a PGP key so do not try to check the key|
|−−allowplugins||Spam Assassin can be extended by implementing plugins to perform new actions. Spam Blaze provides such a plugin to support logging blocked emails. However, for sa-update to accept configuration files that attempt to use a plugin it must be explicitly permitted.|
|−−channel||This is the name of the channel. It is the name specified in the ‘DNS Domain’ option in the Spam Assassin tab presented by the Spam Blaze plugin|
The Spam Blaze rules rely on access to a plugin for Spam Assassin. Spam Assassin is developed using a language called Perl. The Spam Blaze plugin for Spam Assassin is, like all Spam Assassin plugins, a Perl module. It can be found in a folder of the Spam Blaze plugin:
If the Spam Assassin installation is on the same machine as the web site, making the Spam Blaze plugin available in Spam Assassin only requires that the path to the folder ‘./assets/SpamAssassin Plugins’ which is part of the path above is added to the ‘PERL5LIB’ environment variable.
If the Spam Assassin installation is on a different machine, the ‘Lyquidity’ folder (above) containing the Spam Blaze plugin for Spam Assassin file should be copied and saved into one of the folders of the machine hosting Spam Assassin referenced by the Perl ‘@INC’ variable.
If your Spam Assassin installation is on Linux, find the location of the Perl @INC running the command:
perl -e "print \"@INC\""
This is likely list more than one location and it doesn’t matter which you choose. On our installation on Linux (CentOS) the location is:
If ‘Spam Assassin for Windows’ from JAM Software is being used then the Lyquidity folder should be copied into a sub-folder of the JAM Software install folder:
./SpamAssassin for Windows/runtime/lib
Checking it works
Then it will be possible to run sa-update script to test that the channel update files can be accessed, downloaded and installed. See the section on Installing and Configuring for an example of running the sa-update script.
Important Help is available for each tab of settings presented by Spam Blaze. Be sure to check the help to understand the implications of each option.
Spam Blaze adds two WordPress roles (Spam Assassin Administrator/Spam Assassin Group Manager) and one capability (manage_spam). By default the WordPress site administrator is assigned both roles. Anyone who needs to be able to update settings will need to be assigned the Spam Blaze Administrator role. Anyone who needs to be able to add, remove and modify rules will need to be assigned the Spam Assassin Group Manager role.
General tab – Valid caller IP addresses
The most important option on the General tab is the one that allows you to enter the IP addresses of machines that are permitted to access Spam Blaze function. When a remote machine running Spam Assassin attempts to access the WordPress server to log data about blocked emails or lookup an IP address for a sender’s IP address it is not signed in as a WordPress user. As a result, there is no WordPress security that can be applied to the request to make sure only those requests from valid machines are allowed. This option allows an administrator to limit the machines able to successfully access Spam Blaze functions while not signed in.
General tab – Notify email address(es)
The email addresses added to this box will be notified when rules change.
Spam Assassin – Enable
Maybe an obvious point but for Spam Blaze to be able to generate channel files for Spam Assassin this option must be checked.
Spam Assassin – Score options
The values entered in to the ‘Block score’, ‘Non-block score’, ‘Allowed text or domains score’ and ‘Required score’ control the scores assigned by Spam Assassin to emails. These scores should align with the spam rejection value defined for your email server. Spam Assassin does not reject emails. Instead is computes a score which is returned to the emails server and the email server rejects email based the score computed by Spam Assassin. If these scores do not align with the settings in your email server, emails could be rejected incorrectly.
Spam Assassin – Service address
The service address is the location of the Spam Blaze web site that Spam Assassin will contact to log emails that have been assigned a blocking spam score. Spam Blaze will offer an intelligent default address based on the address of the current site. However if the suggested address is not valid, it is important that the correct address is entered.
Spam Assassin – DNS Domain
For Spam Assassin to be able to discover the channel files generated by Spam Blaze it has a process. That process begins by looking for a TXT DNS record based on the name entered in the ‘DNS Domain’ field. It is important that DNS records exist and they can be added manually.
Spam Assassin – Route 53
If your domain DNS records are hosted on Amazon Web Services Route 53 then Spam Blaze can add the required DNS records automatically. All you need to do is provide an AWS access key and corresponding secret that is able to update Route 53 then Spam Blaze will take care of adding the records.
Spam Assassin – Use another DNS service
At the moment, only AWS Route 53 is supported to update DNS records automatically. If your DNS records are managed by a different DNS service such as Cloudflare or Go Daddy you can implement a WordPress ‘action’ that will perform all the calls to your DNS service to add the required records.