Spamassassin

SpamAssassin is a spam detection software intended to be run on your mail server. It rank mail using several criteria criteria that can be put in the following families
 * DNS Whitelist/Blacklist: does the server that sent you the email sent spam before?
 * URI Blacklist: does the body of the message contain links to some bad sites?
 * Distributed Spam Hashes: does someone reported the same message as spam already?
 * Bayesian Filter: compare email to your past spam and ham
 * SPF/DKIM: check is the from email address that you see is legitimate
 * Static Rules: a lot of manually crafted rules by SpamAssassin contributors

Prerequisites
This article is part of the emails series. It is assumed that you already covered Dovecot and Exim.

Optional prerequisites:
 * nftables is used as a firewall here. You can however replace it by any firewall you use.
 * Munin allows you to monitor the spam/ham ratio of your installation.

Configure
After changing config in, don't forget tell SpamAssassin to reload config

Bayesian filter
To reach a good efficiency, SpamAssassin Bayesian filter need to be trained with both spam and ham messages. You can use your actual mailbox for that but note the following points:
 * Be sure that the folders you use for training contain only spam or ham. If a folder contain a mix of them, SpamAssassin will learn wrong info and produce bad quality results
 * To be effective you need between 1000 and 5000 messages each of both spam and ham.
 * You need to have more ham than spam to train. Otherwise, SpamAssassin might become biased toward spam.

To check the status of the database, you can run

Firewall
Configure

Report Headers
SpamAssassin can had headers in the messages it scan. It will help you investigate things in case you get false-positive are false-negative.

Add the following lines to

Configure service
Edit file  and change the following line Create file   with the following content It's now time to enable the Spamassassin service

Cron
Spamassassin authors publish updated rules on a daily basis. To stay up-to-date, edit file  and set option

Integrate with exim
Configuration is stored in.

Edit the following setting

By defauld sa-exim is disabled. Remove the following lines to enable it Other parameter that I change You can now restart exim to take you settings into account

Integrate with dovecot
SpamAssassin is able to learn from it's mistakes. By using the plugin dovecot-antispam, we train SpamAssassin by just moving email in or out of the spam folder.

First install it with this command

Then in file, modify the option mail_plugins and add antispam to the list

Create file

And finally, reload Dovecot

Integrate in Munin
There is a plugin in Munin to get statistics on the ham/spam values from Spamassassin. To activate it, run the following command Then create file  Finally, restart the Munin node After 5 minutes, you should see your new graph in Munin.