Search Site:

About

Linux

Printers?

Programming

Windows?

Download

Skins

Edit - To Do - AllRecentChanges

EmailServer /
SpamAssassin
 Recent Changes Printable View Page History Edit Page

This page is part of the EmailServer article.

SpamAssassin

Spamassassin is a very versatile and complete spam fighting solution. It uses statistical techniques as well as external blacklist and can be configured to use add-on tools to make its detection more refined.

SpamAssassin uses a rating system whereby each email goes through a list of tests and the mail is flagged for every positive test, increasing the number of spam points it is allocated. Each test allocates a variable number points or fraction of a points depending on how useful and reliable it is at detecting spam.

Once the email has gone through all the tests have been performed an action is taken based on the total number of points: if the score is high enough, we're sure that this is spam, if not, we can let the message through.
There are a number of in-between actions that can be performed, and messages can be refused for deliver, dropped, deleted, quarantined, marked as SPAM in their subject line, etc.

To install SpamAssassin, just use yum:

# yum -t install spamassassin

Edit the /etc/mail/spamassassin/local.cf and add the following:

bayes_path /var/amavis/.spamassassin/bayes
auto_whitelist_path /var/amavis/.spamassassin/auto-whitelist
lock_method flock
trusted_networks 1.2.3.4
internal_networks 1.2.3.4

The last 2 lines are only necessary if your server is using NAT to hide being a firewall and has a local LAN address: you need to tell SpamAssassin about it or it might consider as trusted emails coming from the outside. Change the 1.2.3.4 with your real IP. If your machine receives mail from more than one interface, duplicate those lines for each outside IP.

Now we need to make some changes to ensure that what we do as root is repercuted and accessible to Amavisd-New:

# spamassassin --lint -D
# cp -ir /root/.spamassassin /var/amavis
# cd /root/.spamassassin/
# rm -f user_prefs
# ln -s /var/amavis/.spamassassin/user_prefs user_prefs
# chown -R amavis.amavis /var/amavis

Now, make sure SpamAssassin will run when we boot:

# chkconfig --levels 235 spamassassin on
# service spamassassin start

Initialise the Bayesian database:

# sa-learn --sync

Test our config by running:

# amavisd debug-sa

If what you did above was done properly, you should see debug: using "/var/amavis/.spamassassin/user_prefs" for user prefs file in the middle of all those spewed by Amavisd-New (scroll back or use Shift+PageUp keys).

Testing antispam

Just send an email with the following in the body:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

This is a standard fake spam signature used to test antispam software.

You should get the email with the [SPAM] in the message, unless you've opted for the other Amavisd-New configuration option of sending spam to quarantine in a dedicated separate user account.

Baysian filtering

Spamassassin includes a powerful statistical analysis that can help toward refining the score given to emails passing through it.
Instead of depending on other people's definition of what is spam, the baysian filter can be trained to recognise what you consider as being spam.

The only drawback with baysian analysis is that it needs a set of good (ham) and bad (spam) emails large enough to be accurate, and you need to sort these emails and manually train spamassassin.
Spamassassin is able to be trained against each user's preferences, but it creates a burden on the user, requiring her to think about and properly pick out any spam and save it in a separate location.
I generally prefer a hand-off approach where users don't have to worry too much about that. One of the reasons being that training spamassassin against an improperly categorised mailbox could actually be counter-productive and allow more spam to be delivered (you always have to think that some users will just delete spam or, worse, leave it in their mailbox).

To avoid any aggravation, I created a simple MissedSpam folder in one of the IMAP mail accounts that I use. I then simply have to move any spam that made its way to an inbox into that folder.
Users can forward their spam as attachments and I have then to manually open and drop the spam into the mailbox. This is a bit time-consuming, but it ensures that I have a chance to evaluate the email and ensure that the spam box is really accurate and does not contain legitimate emails that could later be falsely detected as spam.
As time progresses, less an less spam should be able to make its way into the system.

To train spamassassin as to what is spam and what is ham, make sure you have enough segregated emails (between 150-3000) in each mailbox being trained then issue the following:

# sa-learn --spam --sync /mail/postmaster/.MissedSpam/cur/

That would train spamassassin to recognise spam better.
To function properly (at all) you also need to train for ham. Make sure that each mailbox you train against has no spam in it!

# sa-learn --ham --sync /mail/emily/cur/
# sa-learn --ham --sync /mail/john/cur/
...

Make sure that the database ownership has not been reclaimed by root:

# chown amavis.amavis -R /var/amavis

If you do this regularly the amount of spam that managed to get through should reduce.

Resources

< AmavisdNew | EmailServer | SpamAssassinImproved >

Comments
johnson joySaturday 07 July 2007, at 12:38 GMT+8 [X]
pretty good tutorial
Enter your comment (no links allowed): Author:

Edit Page - Page History - Printable View - Recent Changes - WikiHelp - Search - RSS -
Page last modified on Wednesday 24 May 2006, at 19:05 GMT+8 - Viewed 911 times