< ClamAV Antivirus | EmailServer | PostGrey>

Your /var/log/maillog file should show something similar to: (:source lang=:) Jan 23 15:23:12 white amavis[28345]: (28345-01) Blocked SPAM, MYNETS LOCAL [192.168.0.101] [192.168.0.101] <nkadesign@nkadesign.com> -> <test@nkadesign.com>, Message-ID: <4979704E.3020906@nkadesign.com>, mail_id: RKeqXrbI1RJJ, Hits: 998.56, size: 649, 273 ms (:sourcend:)

The email should be marked with such a high spam score that it will never reach its destination and it gets discarded.
What actually happens to such mail depends on the settings you chose in the configuration of Amavisd-New.

< ClamAV Antivirus | EmailServer | SpamAssassinImproved >

The last line tells your server which local network it can trust. This should be set to the IP range of your internal network.

Now we need to make some changes to ensure that what we do as root is accessible to Amavisd-New:

trusted_networks 192.168.0.

The last 2 lines are only necessary if your server is using NAT to hide being a firewall and has a local LAN address: you need to tell SpamAssassin about it or it might consider as trusted emails coming from the outside. Change the 1.2.3.4 with the IP. If your machine receives mail from more than one interface, duplicate those lines for each outside IP.

< SpamAssassin | EmailServer | SpamAssassinImproved >

(:description Spamassassin is a very versatile and complete spam fighting solution. It uses statistical techniques as well as external blacklist and can be configured to use add-on tools to make its detection more refined :)

Baysian filtering

Spamassassin includes a powerful statistical analysis that can help toward refining the score given to emails passing through it.
Instead of depending on other people's definition of what is spam, the baysian filter can be trained to recognise what you consider as being spam.

The only drawback with baysian analysis is that it needs a set of good (ham) and bad (spam) emails large enough to be accurate, and you need to sort these emails and manually train spamassassin.
Spamassassin is able to be trained against each user's preferences, but it creates a burden on the user, requiring her to think about and properly pick out any spam and save it in a separate location.
I generally prefer a hand-off approach where users don't have to worry too much about that. One of the reasons being that training spamassassin against an improperly categorised mailbox could actually be counter-productive and allow more spam to be delivered (you always have to think that some users will just delete spam or, worse, leave it in their mailbox).

To avoid any aggravation, I created a simple MissedSpam folder in one of the IMAP mail accounts that I use. I then simply have to move any spam that made its way to an inbox into that folder.
Users can forward their spam as attachments and I have then to manually open and drop the spam into the mailbox. This is a bit time-consuming, but it ensures that I have a chance to evaluate the email and ensure that the spam box is really accurate and does not contain legitimate emails that could later be falsely detected as spam.
As time progresses, less an less spam should be able to make its way into the system.

To train spamassassin as to what is spam and what is ham, make sure you have enough segregated emails (between 150-3000) in each mailbox being trained then issue the following:

(:source lang=:)

1. sa-learn --spam --sync /mail/postmaster/.MissedSpam/cur/

(:sourcend:) That would train spamassassin to recognise spam better.
To function properly (at all) you also need to train for ham. Make sure that each mailbox you train against has no spam in it! (:source lang=:)

1. sa-learn --ham --sync /mail/emily/cur/
2. sa-learn --ham --sync /mail/john/cur/

... (:sourcend:)

Make sure that the database ownership has not been reclaimed by root: (:source lang=:)

1. chown amavis.amavis -R /var/amavis

(:sourcend:)

If you do this regularly the amount of spam that managed to get through should reduce.

< AmavisdNew | EmailServer | SpamAssassinImproved >

Resources

• SpamAssassin Project

Testing antispam

Just send an email with the following in the body:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X This is a standard fake spam signature used to test antispam software.

You should get the email with the [SPAM] in the message, unless you've opted for the other Amavisd-New configuration option of sending spam to quarantine in a dedicated separate user account.

Spamassassin is a very versatile and complete spam fighting solution. It uses statistical techniques as well as external blacklist and can be configured to use add-on tools to make its detection more refined.

SpamAssassin uses a rating system whereby each email goes through a list of tests and the mail is flagged for every positive test, increasing the number of spam points it is allocated. Each test allocates a variable number points or fraction of a points depending on how useful and reliable it is at detecting spam.

Once the email has gone through all the tests have been performed an action is taken based on the total number of points: if the score is high enough, we're sure that this is spam, if not, we can let the message through.
There are a number of in-between actions that can be performed, and messages can be refused for deliver, dropped, deleted, quarantined, marked as SPAM in their subject line, etc.

To install SpamAssassin, just use yum: (:source lang=:)

1. yum -t install spamassassin

(:sourcend:)

Edit the /etc/mail/spamassassin/local.cf and add the following: (:source lang=:) bayes_path /var/amavis/.spamassassin/bayes auto_whitelist_path /var/amavis/.spamassassin/auto-whitelist lock_method flock

trusted_networks 1.2.3.4 internal_networks 1.2.3.4 (:sourcend:) The last 2 lines are only necessary if your server is using NAT to hide being a firewall and has a local LAN address: you need to tell SpamAssassin about it or it might consider as trusted emails coming from the outside. Change the 1.2.3.4 with your real IP. If your machine receives mail from more than one interface, duplicate those lines for each outside IP.

Now we need to make some changes to ensure that what we do as root is repercuted and accessible to Amavisd-New: (:source lang=:)

1. spamassassin --lint -D
2. cp -ir /root/.spamassassin /var/amavis
3. cd /root/.spamassassin/
4. rm -f user_prefs
5. ln -s /var/amavis/.spamassassin/user_prefs user_prefs
6. chown -R amavis.amavis /var/amavis

(:sourcend:)

Now, make sure SpamAssassin will run when we boot: (:source lang=:)

1. chkconfig --levels 235 spamassassin on
2. service spamassassin start

(:sourcend:)

Initialise the Bayesian database: (:source lang=:)

1. sa-learn --sync

(:sourcend:)

Test our config by running: (:source lang=:)

1. amavisd debug-sa

(:sourcend:) If what you did above was done properly, you should see debug: using "/var/amavis/.spamassassin/user_prefs" for user prefs file in the middle of all those spewed by Amavisd-New (scroll back or use Shift+PageUp keys).

< AmavisdNew | EmailServer | ClamAV Antivirus >

< AmavisdNew | EmailServer | ClamAv Antivirus? >

This page is part of the EmailServer article.

SpamAssassin

...ToDo...

< AmavisdNew | EmailServer | ClamAv Antivirus? >

(:comments:)