Search Site:

About

Linux

Printers?

Programming

Windows?

Download

Skins

Edit - To Do - AllRecentChanges

Recent Changes Printable View Page History Edit Page

This page is part of the EmailServer article.

SpamAssassin

Spamassassin is a very versatile and complete spam fighting solution. It uses statistical techniques as well as external blacklist and can be configured to use add-on tools to make its detection more refined.

SpamAssassin uses a rating system whereby each email goes through a list of tests and the mail is flagged for every positive test, increasing the number of spam points it is allocated. Each test allocates a variable number points or fraction of a points depending on how useful and reliable it is at detecting spam.

Once the email has gone through all the tests have been performed an action is taken based on the total number of points: if the score is high enough, we're sure that this is spam, if not, we can let the message through.
There are a number of in-between actions that can be performed, and messages can be refused for deliver, dropped, deleted, quarantined, marked as SPAM in their subject line, etc.

To install SpamAssassin, just use yum:

# yum -t install spamassassin

Edit the /etc/mail/spamassassin/local.cf and add the following:

bayes_path /var/amavis/.spamassassin/bayes
auto_whitelist_path /var/amavis/.spamassassin/auto-whitelist
lock_method flock
trusted_networks 192.168.0.

The last line tells your server which local network it can trust. This should be set to the IP range of your internal network.

Now, make sure SpamAssassin will run when we boot:

# chkconfig --levels 235 spamassassin on
# service spamassassin start

Initialise the Bayesian database:

# sa-learn --sync

Test our config by running:

# amavisd debug-sa

If what you did above was done properly, you should see debug: using "/var/amavis/.spamassassin/user_prefs" for user prefs file in the middle of all those spewed by Amavisd-New (scroll back or use Shift+PageUp keys).

Testing antispam

Just send an email with the following in the body:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

This is a standard fake spam signature used to test antispam software.

Your /var/log/maillog file should show something similar to:

Jan 23 15:23:12 white amavis[28345]: (28345-01) Blocked SPAM, MYNETS LOCAL [192.168.0.101] [192.168.0.101] <nkadesign@nkadesign.com> -> <test@nkadesign.com>, Message-ID: <4979704E.3020906@nkadesign.com>, mail_id: RKeqXrbI1RJJ, Hits: 998.56, size: 649, 273 ms

The email should be marked with such a high spam score that it will never reach its destination and it gets discarded.
What actually happens to such mail depends on the settings you chose in the configuration of Amavisd-New.

Baysian filtering

Spamassassin includes a powerful statistical analysis that can help toward refining the score given to emails passing through it.
Instead of depending on other people's definition of what is spam, the baysian filter can be trained to recognise what you consider as being spam.

The only drawback with baysian analysis is that it needs a set of good (ham) and bad (spam) emails large enough to be accurate, and you need to sort these emails and manually train spamassassin.
Spamassassin is able to be trained against each user's preferences, but it creates a burden on the user, requiring her to think about and properly pick out any spam and save it in a separate location.
I generally prefer a hand-off approach where users don't have to worry too much about that. One of the reasons being that training spamassassin against an improperly categorised mailbox could actually be counter-productive and allow more spam to be delivered (you always have to think that some users will just delete spam or, worse, leave it in their mailbox).

To avoid any aggravation, I created a simple MissedSpam folder in one of the IMAP mail accounts that I use. I then simply have to move any spam that made its way to an inbox into that folder.
Users can forward their spam as attachments and I have then to manually open and drop the spam into the mailbox. This is a bit time-consuming, but it ensures that I have a chance to evaluate the email and ensure that the spam box is really accurate and does not contain legitimate emails that could later be falsely detected as spam.
As time progresses, less an less spam should be able to make its way into the system.

To train spamassassin as to what is spam and what is ham, make sure you have enough segregated emails (between 150-3000) in each mailbox being trained then issue the following:

# sa-learn --spam --sync /mail/postmaster/.MissedSpam/cur/

That would train spamassassin to recognise spam better.
To function properly (at all) you also need to train for ham. Make sure that each mailbox you train against has no spam in it!

# sa-learn --ham --sync /mail/emily/cur/
# sa-learn --ham --sync /mail/john/cur/
...

Make sure that the database ownership has not been reclaimed by root:

# chown amavis.amavis -R /var/amavis

If you do this regularly the amount of spam that managed to get through should reduce.

Resources

< ClamAV Antivirus | EmailServer | PostGrey>

Comments
johnson joySaturday 07 July 2007, at 04:38 GMT+8 [X]
pretty good tutorial
Enter your comment (no links allowed): Author:

Edit Page - Page History - Printable View - Recent Changes - WikiHelp - Search - RSS -
Page last modified on Sunday 08 March 2009, at 04:13 GMT+8 - Viewed 2526 times