Difference between revisions of "Spamassassin (3.4)"

From Hexwiki
Jump to navigation Jump to search
(Created page with "__TOC__ I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or...")
 
 
Line 10: Line 10:
 
should get you to where you want without needing to involve CPAN.
 
should get you to where you want without needing to involve CPAN.
  
In /etc/default/spamassassin, set CRON=1
+
In /etc/default/spamassassin, set CRON=1, and set OPTIONS:
 +
 
 +
OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd /var/lib/spamassassin/ -s /var/log/spamd.log"
 +
 
 +
Then run
  
 
  update-rc.d spamassassin enable
 
  update-rc.d spamassassin enable
Line 36: Line 40:
 
  #
 
  #
 
  rewrite_header Subject [?SPAM? (_SCORE_)]
 
  rewrite_header Subject [?SPAM? (_SCORE_)]
 
# Whitelist rules
 
all_spam_to abuse@example.com
 
more_spam_to postmaster@example.com
 
more_spam_to administrator@example.com
 
  
 
  ########
 
  ########
Line 77: Line 76:
 
  #  modifying the original message (0: off, 2: use text/plain instead)
 
  #  modifying the original message (0: off, 2: use text/plain instead)
 
  #
 
  #
  report_safe 0
+
  # report_safe 1
  
 
  #  Set which networks or hosts are considered 'trusted' by your mail
 
  #  Set which networks or hosts are considered 'trusted' by your mail

Latest revision as of 09:13, 17 December 2020

I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.

Initial

Everything is in packages, so

apt-get install spamassassin libdigest-sha-perl libgeo-ip-perl libnet-ident-perl libencode-detect-perl 

should get you to where you want without needing to involve CPAN.

In /etc/default/spamassassin, set CRON=1, and set OPTIONS:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd /var/lib/spamassassin/ -s /var/log/spamd.log"

Then run

update-rc.d spamassassin enable

I usually just run

/etc/cron.daily/spamassassin 

to run the rules update.

/etc/spamassassin/local.cf

There's not too much special to this configuration, save for some of the special rules.

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
#   Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject [?SPAM? (_SCORE_)]
########
# Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago.
########
header    EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i
score     EMPTY_SUBJECT 1
describe  EMPTY_SUBJECT Sender simply does not know where to begin 
score     MISSING_SUBJECT 1
header    __HAS_CC Cc =~ /./
header    __HAS_BCC Bcc =~ /./
header    __MULTI_TO_ADDRESSES  To =~ /([^\@]+\@){2,}/
header    __AUTO_RESPONSE Subject =~ /Auto Response/i
meta      IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC))
score     IM_NOT_SPECIAL 6
describe  IM_NOT_SPECIAL Sending a message to multiple people without a subject
body      ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i
score     ADVICE_YOU_TO_VISIT 1
describe  ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website
meta      AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT)
score     AUTOREPLY_ADVICE 1
describe  AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account
########
# End custom adjustments
########


#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1
#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.
dns_available yes
#   Set file-locking method (flock is not safe over NFS, but is faster)
#
lock_method flock
# We get way too much foreign language spam
ok_locales en
#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
#   Use Bayesian classifier (default: 1)
#
# use_bayes 1
#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1
bayes_expiry_max_db_size 1048576
#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
bayes_ignore_header X-Spam-Report
bayes_ignore_header X-Spam-Level
bayes_ignore_header X-Spam-Checker-Version
#   Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on
#   the opposite; blacklisted mails can also save CPU
#
shortcircuit USER_IN_BLACKLIST       on
shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on
#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
shortcircuit ALL_TRUSTED             on
#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit

Lint

spamassassin --lint

Double-check that everything is okay.