Difference between revisions of "Spamassassin (3.4)"
Jump to navigation
Jump to search
(Created page with "__TOC__ I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or...") |
|||
| Line 10: | Line 10: | ||
should get you to where you want without needing to involve CPAN. | should get you to where you want without needing to involve CPAN. | ||
| − | In /etc/default/spamassassin, set CRON=1 | + | In /etc/default/spamassassin, set CRON=1, and set OPTIONS: |
| + | |||
| + | OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd /var/lib/spamassassin/ -s /var/log/spamd.log" | ||
| + | |||
| + | Then run | ||
update-rc.d spamassassin enable | update-rc.d spamassassin enable | ||
| Line 36: | Line 40: | ||
# | # | ||
rewrite_header Subject [?SPAM? (_SCORE_)] | rewrite_header Subject [?SPAM? (_SCORE_)] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
######## | ######## | ||
| Line 77: | Line 76: | ||
# modifying the original message (0: off, 2: use text/plain instead) | # modifying the original message (0: off, 2: use text/plain instead) | ||
# | # | ||
| − | report_safe | + | # report_safe 1 |
# Set which networks or hosts are considered 'trusted' by your mail | # Set which networks or hosts are considered 'trusted' by your mail | ||
Latest revision as of 09:13, 17 December 2020
I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.
Initial
Everything is in packages, so
apt-get install spamassassin libdigest-sha-perl libgeo-ip-perl libnet-ident-perl libencode-detect-perl
should get you to where you want without needing to involve CPAN.
In /etc/default/spamassassin, set CRON=1, and set OPTIONS:
OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd /var/lib/spamassassin/ -s /var/log/spamd.log"
Then run
update-rc.d spamassassin enable
I usually just run
/etc/cron.daily/spamassassin
to run the rules update.
/etc/spamassassin/local.cf
There's not too much special to this configuration, save for some of the special rules.
# This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject [?SPAM? (_SCORE_)]
######## # Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago. ########
header EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i score EMPTY_SUBJECT 1 describe EMPTY_SUBJECT Sender simply does not know where to begin
score MISSING_SUBJECT 1
header __HAS_CC Cc =~ /./
header __HAS_BCC Bcc =~ /./
header __MULTI_TO_ADDRESSES To =~ /([^\@]+\@){2,}/
header __AUTO_RESPONSE Subject =~ /Auto Response/i
meta IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC)) score IM_NOT_SPECIAL 6 describe IM_NOT_SPECIAL Sending a message to multiple people without a subject
body ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i
score ADVICE_YOU_TO_VISIT 1
describe ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website
meta AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT) score AUTOREPLY_ADVICE 1 describe AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account
######## # End custom adjustments ########
# Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # # report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # trusted_networks 212.17.35.
dns_available yes
# Set file-locking method (flock is not safe over NFS, but is faster) # lock_method flock
# We get way too much foreign language spam ok_locales en
# Set the threshold at which a message is considered spam (default: 5.0) # required_score 5.0
# Use Bayesian classifier (default: 1) # # use_bayes 1
# Bayesian classifier auto-learning (default: 1) # # bayes_auto_learn 1
bayes_expiry_max_db_size 1048576
# Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Checker-Version
# Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on # shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU # shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on # shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too # # shortcircuit BAYES_99 spam # shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
Lint
spamassassin --lint
Double-check that everything is okay.