Spamassassin (3.3)
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.
Initial
chown -R debian-spamd:debian-spamd /var/lib/spamassassin sa-update -v perl -MCPAN -e shell
I generally follow the defaults. Inside:
o conf prerequisites_policy ask o conf commit
Install desired extra modules. In Debian, most of these are covered via the package manager.
quit
/etc/default/spamassassin
This is largely the default file, we're just turning stuff on, namely spamassassin itself and its cronjob.
# /etc/default/spamassassin # Duncan Findlay
# WARNING: please read README.spamd before using. # There may be security risks.
# Change to one to enable spamd ENABLED=1
SAHOME="/var/lib/spamassassin/"
# Options # See man spamd for possible options. The -d option is automatically added.
# SpamAssassin uses a preforking model, so be careful! You need to # make sure --max-children is not set to anything higher than 5, # unless you know what you're doing.
OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd ${SAHOME} -s ${SAHOME}spamd.log"
# Pid file # Where should spamd write its PID to file? If you use the -u or # --username option above, this needs to be writable by that user. # Otherwise, the init script will not be able to shut spamd down. PIDFILE="/var/run/spamd.pid"
# Set nice level of spamd #NICE="--nicelevel 15"
# Cronjob # Set to anything but 0 to enable the cron job to automatically update # spamassassin's rules on a nightly basis CRON=1
/etc/spamassassin/local.cf
There's not too much special to this configuration, save for some of the special rules.
# This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject [?SPAM? (_SCORE_)]
# Whitelist rules all_spam_to abuse@example.com more_spam_to postmaster@example.com more_spam_to administrator@example.com
######## # Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago. ########
header EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i score EMPTY_SUBJECT 1 describe EMPTY_SUBJECT Sender simply does not know where to begin
score MISSING_SUBJECT 1
header __HAS_CC Cc =~ /./ header __HAS_BCC Bcc =~ /./ header __MULTI_TO_ADDRESSES To =~ /([^\@]+\@){2,}/ header __AUTO_RESPONSE Subject =~ /Auto Response/i
meta IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC)) score IM_NOT_SPECIAL 6 describe IM_NOT_SPECIAL Sending a message to multiple people without a subject
body ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i score ADVICE_YOU_TO_VISIT 1 describe ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website
meta AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT) score AUTOREPLY_ADVICE 1 describe AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account
######## # End custom adjustments ########
# Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0
# Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # trusted_networks 212.17.35.
dns_available yes
# Set file-locking method (flock is not safe over NFS, but is faster) # lock_method flock
# We get way too much foreign language spam ok_locales en
# Set the threshold at which a message is considered spam (default: 5.0) # required_score 5.0
# Use Bayesian classifier (default: 1) # # use_bayes 1
# Bayesian classifier auto-learning (default: 1) # # bayes_auto_learn 1
bayes_expiry_max_db_size 1048576
# Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Checker-Version
# Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on # shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU # shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on # shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too # # shortcircuit BAYES_99 spam # shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
Lint
spamassassin --lint
Double-check that everything is okay.