Spamassassin (3.4)

From Hexwiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.

Initial

Everything is in packages, so 

apt-get install spamassassin libdigest-sha-perl libgeo-ip-perl libnet-ident-perl libencode-detect-perl

should get you to where you want without needing to involve CPAN.

In /etc/default/spamassassin, set CRON=1, and set OPTIONS: 

OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd /var/lib/spamassassin/ -s /var/log/spamd.log"

Then run 

update-rc.d spamassassin enable

I usually just run 

/etc/cron.daily/spamassassin

to run the rules update.

/etc/spamassassin/local.cf

There's not too much special to this configuration, save for some of the special rules. 

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

#   Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject [?SPAM? (_SCORE_)]

########
# Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago.
########

header    EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i
score     EMPTY_SUBJECT 1
describe  EMPTY_SUBJECT Sender simply does not know where to begin 

score     MISSING_SUBJECT 1

header    __HAS_CC Cc =~ /./
header    __HAS_BCC Bcc =~ /./
header    __MULTI_TO_ADDRESSES  To =~ /([^\@]+\@){2,}/
header    __AUTO_RESPONSE Subject =~ /Auto Response/i

meta      IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC))
score     IM_NOT_SPECIAL 6
describe  IM_NOT_SPECIAL Sending a message to multiple people without a subject

body      ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i
score     ADVICE_YOU_TO_VISIT 1
describe  ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website

meta      AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT)
score     AUTOREPLY_ADVICE 1
describe  AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account

########
# End custom adjustments
########



#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1

#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.

dns_available yes

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
lock_method flock

# We get way too much foreign language spam
ok_locales en

#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0

#   Use Bayesian classifier (default: 1)
#
# use_bayes 1

#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1

bayes_expiry_max_db_size 1048576

#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
bayes_ignore_header X-Spam-Report
bayes_ignore_header X-Spam-Level
bayes_ignore_header X-Spam-Checker-Version

#   Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
shortcircuit USER_IN_BLACKLIST       on
shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

Lint

spamassassin --lint

Double-check that everything is okay.

Debian Buster
Initial: Designing a Server - IPMI Installation - Second Steps

Core: Network - OpenSSH - Packages - sysctl.conf - Iptables - Security - User Management

Stack: Unbound - MariaDB - Nginx - PHP (7)

Mail

Mail Setup - Mail Tables - OpenDKIM - Mail and DNS - Spamassassin - ClamAV - Postfix - Dovecot - Reputation Management

Logs and Security: RKHunter - Logging - Logcheck - Backups - AppArmor
Retrieved from "http://hexwiki.com/w/index.php?title=Spamassassin_(3.4)&oldid=365"