Spamassassin (3.4)
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.
Initial
Everything is in packages, so
apt-get install spamassassin libdigest-sha-perl libgeo-ip-perl libnet-ident-perl libencode-detect-perl
should get you to where you want without needing to involve CPAN.
In /etc/default/spamassassin, set CRON=1, and set OPTIONS:
OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd /var/lib/spamassassin/ -s /var/log/spamd.log"
Then run
update-rc.d spamassassin enable
I usually just run
/etc/cron.daily/spamassassin
to run the rules update.
/etc/spamassassin/local.cf
There's not too much special to this configuration, save for some of the special rules.
# This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject [?SPAM? (_SCORE_)]
######## # Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago. ########
header EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i score EMPTY_SUBJECT 1 describe EMPTY_SUBJECT Sender simply does not know where to begin
score MISSING_SUBJECT 1
header __HAS_CC Cc =~ /./ header __HAS_BCC Bcc =~ /./ header __MULTI_TO_ADDRESSES To =~ /([^\@]+\@){2,}/ header __AUTO_RESPONSE Subject =~ /Auto Response/i
meta IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC)) score IM_NOT_SPECIAL 6 describe IM_NOT_SPECIAL Sending a message to multiple people without a subject
body ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i score ADVICE_YOU_TO_VISIT 1 describe ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website
meta AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT) score AUTOREPLY_ADVICE 1 describe AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account
######## # End custom adjustments ########
# Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # # report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # trusted_networks 212.17.35.
dns_available yes
# Set file-locking method (flock is not safe over NFS, but is faster) # lock_method flock
# We get way too much foreign language spam ok_locales en
# Set the threshold at which a message is considered spam (default: 5.0) # required_score 5.0
# Use Bayesian classifier (default: 1) # # use_bayes 1
# Bayesian classifier auto-learning (default: 1) # # bayes_auto_learn 1
bayes_expiry_max_db_size 1048576
# Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Checker-Version
# Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on # shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU # shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on # shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too # # shortcircuit BAYES_99 spam # shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
Lint
spamassassin --lint
Double-check that everything is okay.