Difference between revisions of "Spamassassin (3.3)"

I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.

Initial

chown -R debian-spamd:debian-spamd /var/lib/spamassassin
sa-update -v
perl -MCPAN -e shell

I generally follow the defaults. Inside:

o conf prerequisites_policy ask
o conf commit

Install desired extra modules. In Debian, most of these are covered via the package manager.

quit

/etc/default/spamassassin

This is largely the default file, we're just turning stuff on, namely spamassassin itself and its cronjob.

# /etc/default/spamassassin
# Duncan Findlay

# WARNING: please read README.spamd before using.
# There may be security risks.

# Change to one to enable spamd
ENABLED=1

SAHOME="/var/lib/spamassassin/"

# Options
# See man spamd for possible options. The -d option is automatically added.

# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.

OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd ${SAHOME} -s ${SAHOME}spamd.log"

# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="/var/run/spamd.pid"

# Set nice level of spamd
#NICE="--nicelevel 15"

# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
CRON=1

/etc/spamassassin/local.cf

There's not too much special to this configuration, save for some of the special rules.

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

#   Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject [?SPAM? (_SCORE_)]

# Whitelist rules
all_spam_to abuse@example.com
more_spam_to postmaster@example.com
more_spam_to administrator@example.com

########
# Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago.
########

header    EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i
score     EMPTY_SUBJECT 1
describe  EMPTY_SUBJECT Sender simply does not know where to begin 

score     MISSING_SUBJECT 1

header    __HAS_CC Cc =~ /./
header    __HAS_BCC Bcc =~ /./
header    __MULTI_TO_ADDRESSES  To =~ /([^\@]+\@){2,}/
header    __AUTO_RESPONSE Subject =~ /Auto Response/i

meta      IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC))
score     IM_NOT_SPECIAL 6
describe  IM_NOT_SPECIAL Sending a message to multiple people without a subject

body      ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i
score     ADVICE_YOU_TO_VISIT 1
describe  ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website

meta      AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT)
score     AUTOREPLY_ADVICE 1
describe  AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account

########
# End custom adjustments
########

#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0

#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.

dns_available yes

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
lock_method flock

# We get way too much foreign language spam
ok_locales en

#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0

#   Use Bayesian classifier (default: 1)
#
# use_bayes 1

#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1

bayes_expiry_max_db_size 1048576

#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
bayes_ignore_header X-Spam-Report
bayes_ignore_header X-Spam-Level
bayes_ignore_header X-Spam-Checker-Version

#   Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
shortcircuit USER_IN_BLACKLIST       on
shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

Lint

spamassassin --lint

Double-check that everything is okay.