Spamassassin (3.3)
Jump to navigation
Jump to search
I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.
Initial
chown -R debian-spamd:debian-spamd /var/lib/spamassassin sa-update -v perl -MCPAN -e shell
I generally follow the defaults. Inside:
o conf prerequisites_policy ask o conf commit
Install desired extra modules. In Debian, most of these are covered via the package manager.
quit
/etc/default/spamassassin
This is largely the default file, we're just turning stuff on, namely spamassassin itself and its cronjob.
# /etc/default/spamassassin # Duncan Findlay
# WARNING: please read README.spamd before using. # There may be security risks.
# Change to one to enable spamd ENABLED=1
SAHOME="/var/lib/spamassassin/"
# Options # See man spamd for possible options. The -d option is automatically added.
# SpamAssassin uses a preforking model, so be careful! You need to # make sure --max-children is not set to anything higher than 5, # unless you know what you're doing.
OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd ${SAHOME} -s ${SAHOME}spamd.log"
# Pid file # Where should spamd write its PID to file? If you use the -u or # --username option above, this needs to be writable by that user. # Otherwise, the init script will not be able to shut spamd down. PIDFILE="/var/run/spamd.pid"
# Set nice level of spamd #NICE="--nicelevel 15"
# Cronjob # Set to anything but 0 to enable the cron job to automatically update # spamassassin's rules on a nightly basis CRON=1
/etc/spamassassin/local.cf
There's not too much special to this configuration, save for some of the special rules.
# This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject [?SPAM? (_SCORE_)]
# Whitelist rules all_spam_to abuse@example.com more_spam_to postmaster@example.com more_spam_to administrator@example.com
######## # Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago. ########
header EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i score EMPTY_SUBJECT 1 describe EMPTY_SUBJECT Sender simply does not know where to begin
score MISSING_SUBJECT 1
header __HAS_CC Cc =~ /./ header __HAS_BCC Bcc =~ /./ header __MULTI_TO_ADDRESSES To =~ /([^\@]+\@){2,}/ header __AUTO_RESPONSE Subject =~ /Auto Response/i
meta IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC)) score IM_NOT_SPECIAL 6 describe IM_NOT_SPECIAL Sending a message to multiple people without a subject
body ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i score ADVICE_YOU_TO_VISIT 1 describe ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website
meta AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT) score AUTOREPLY_ADVICE 1 describe AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account
######## # End custom adjustments ########
# Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0
# Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # trusted_networks 212.17.35.
dns_available yes
# Set file-locking method (flock is not safe over NFS, but is faster) # lock_method flock
# We get way too much foreign language spam ok_locales en
# Set the threshold at which a message is considered spam (default: 5.0) # required_score 5.0
# Use Bayesian classifier (default: 1) # # use_bayes 1
# Bayesian classifier auto-learning (default: 1) # # bayes_auto_learn 1
bayes_expiry_max_db_size 1048576
# Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Checker-Version
# Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on # shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU # shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on # shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too # # shortcircuit BAYES_99 spam # shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
Lint
spamassassin --lint
Double-check that everything is okay.