Spam Filtering

To enable spam filtering, follow these steps:

  1. Create a ‘spam’ folder. 
    One way to do this is to go to, log in with your Andrew ID and password, click ‘Folders’, create a folder called ‘spam’ as a subfolder of ‘INBOX’ and click Create.
  2. Enable spam filtering.
    Visit the page  On the left under ‘E-mail Options’ click ‘Mail Filtering and Vacation’.  Check the ‘Enable Spam Filtering’ box and click the ‘Save’ button further down the page.

Potential spam will now be re-routed to your INBOX.spam folder.  You’ll still need to periodically check this folder for legitimate email that was accidentally marked as spam, and delete the other messages to keep them from filling your quota.  The spam filter doesn’t catch all spam, but catches most.


Technical details on Carnegie Mellon’s spam filtering


Carnegie Mellon runs a commercial spam filter called ‘Spam Assassin’.  This filter uses a variety of heuristics to determine the likelihood that a message is spam, and marks likely spam with the extra header ‘X-Spam-Warning’.  When you enable spam filtering, a Sieve scrip is created that looks for that header and re-routes such messages to INBOX.spam.  Sieve is a scripting language that runs on the mail server itself and processes messages as they arrive at the mail server, as opposed to a ‘client-side’ script solution that runs only when you check mail.  For additional information on Sieve scripting, see this general link from Cyrusoft or the actual RFC specification.


You can use the MyAndrew web site to edit the sieve script directly to, for example, delete spam outright (rather than file it into a folder) or introduce additional layers of filtering.  Sieve can also generate automatic replies for when you’re on vacation.  In my personal script I have a ‘whitelist’ of addresses that go to my INBOX, a ‘blacklist’ (spam) that gets deleted automatically, and a ‘greylist’ of everything else that goes to a folder INBOX.Greylist.  This keeps my INBOX very clean, and I then check INBOX.Greylist daily for extra legitimate items.


Below is a template version of the script Drew used.  Do not copy this script directly- make the appropriate changes for your account, and only attempt this if you’re familiar with script writing.  I don’t provide support for writing scripts- this one is only provided as an example for those interested in pursuing script writing on their own.




require ["fileinto","vacation"];


# <- this symbol is for a single line comment


# the ‘require’ line has to be the first line, and tells the server which

# scripting modules are being used.


# scripts ignore whitespace, so you can insert blank lines for readability

# wherever you want.


/* <- this begins a comment region.  Delete both ends to activate vacation script

# This section generates the auto-replies that are sent when I’m on vacation:

if header :contains "from" "" {vacation

   :addresses ["","",""]




(this is an automated reply sent to any email from a * address)


I'm out of the office until Monday 5/2.  In the case of a computing emergency please contact Ken Pesanka (, x84535).






# ^- the above line marks the end of the comment region.  Delete both ends

# to uncomment the region.



# When I BCC myself, the below section automatically puts it in a BCC folder.

# Mulberry and other programs can file BCCs into a folder for you, but I do it

# server-side via this script so that the BCCs get filed regardless of which

# mail program I’m using (Mulberry, Outlook, webmail.andrew, etc.) and without

# having to configure each program separately.


if header :contains "from" "ap2a" {

  fileinto "INBOX.BCCs";





# The below is part of my ‘white list’ to go directly to my INBOX

# It searches the whole ‘From’ header and can thus contain a name, a domain,

# or a specific address.


if header :contains "from" [


        "", "",

        "", "",

        ] {

  fileinto "INBOX";




# The below is part of my ‘black list’ to be deleted automatically as it

# comes in using the ‘discard’ command.  There’s no way to recover discarded

# messages, so be careful with your search clause if you use discard.


if header :contains "from" ["Cron Daemon", "root@chem", "root@afs", "root@kerberos", ""] {





# This is way to do white lists specifically by email domain.

# For me, all mail from a domain goes to my Inbox, even if

# its marked as spam, since the script works sequentially and this

# part of the script appears before the check for the ‘X-spam-warning’ header.


if address :domain :contains "from" ["", ""] {

  fileinto "INBOX";




# Here I have some domain-specific blacklists.


if address :domain :contains "From" ["","","","","","","","","","", ""] {





# Here is the part that checks for the header added by Spam Assassin.

# The MyAndrew default is to file spam into an INBOX.spam folder. 

# Instead, I’ve set this to discard, but kept the original fileinto

# command in a comment so I can more easily turn spam filing back on

# in case I suspect a legitimate email is inappropriately getting

# marked as spam and thrown away.


if exists "X-Spam-Warning" {



  fileinto "INBOX.spam";





# Since all the ‘if’ statements above had a ‘stop’ in them to terminate

# the script if any ‘if’ was true, then once the script gets here we

# know that none of the above ‘if’s applied, so its not whitelist, blacklist,

# or known spam, so I put it in the greylist folder where I can check it

# without it cluttering the regular Inbox.


fileinto "INBOX._GreyList";