Spamassassin
SpamAssassin is a spam detection software intended to be run on your mail server. It rank mail using several criteria criteria that can be put in the following families
- DNS Whitelist/Blacklist: does the server that sent you the email sent spam before?
- URI Blacklist: does the body of the message contain links to some bad sites?
- Distributed Spam Hashes: does someone reported the same message as spam already?
- Bayesian Filter: compare email to your past spam and ham
- SPF/DKIM: check is the from email address that you see is legitimate
- Static Rules: a lot of manually crafted rules by SpamAssassin contributors
Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
# apt install spamassassin
Configure
After changing config in /etc/spamassassin/
, don't forget tell SpamAssassin to reload config
# service spamassassin reload
Report Headers
SpamAssassin can had headers in the messages it scan. It will help you investigate things in case you get false-positive are false-negative.
Add the following lines to /etc/spamassassin/local.cf
# The status header is used by other programs to read the spam status. Don't modify the part before tests=...
add_header all Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTSSCORES(,)_ autolearn=_AUTOLEARN_
add_header all Details version=_VERSION_ _REPORT_
add_header all Pyzor _PYZOR
Bayesian filter
To reach a good efficiency, SpamAssassin Bayesian filter need to be trained with both spam and ham messages. You can use your actual mailbox for that but note the following points:
- Be sure that the folders you use for training contain only spam or ham. If a folder contain a mix of them, SpamAssassin will learn wrong info and produce bad quality results
- To be effective you need between 1000 and 5000 messages each of both spam and ham.
- You need to have more ham than spam to train. Otherwise, SpamAssassin might become biased toward spam.
# su vmail -s /bin/sh -c "sa-learn --spam --progress --dir /var/maildir/<username>/Maildir/.Spam/cur/"
# su vmail -s /bin/sh -c "sa-learn --ham --progress --dir /var/maildir/<username>/Maildir/cur/"
To check the status of the database, you can run
# su vmail -s /bin/sh -c "sa-learn --dump magic"
Pyzor
# apt install pyzor
# su vmail -s /bin/sh -c "pyzor discover"
downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
# su vmail -s /bin/sh -c "pyzor ping"
public.pyzor.org:24441 (200, 'OK')
Integrate with exim
# apt install sa-exim
Configuration is stored in /etc/exim4/sa-exim.conf
.
Edit the following setting
SAspamcUser: vmail
By defauld sa-exim is disabled. Remove the following lines to enable it
#----------------------------------------------------------------------
# Remove or comment out the following line to enable sa-exim
SAEximRunCond: 0
#----------------------------------------------------------------------
You can now restart exim to take you settings into account
# service exim4 restart
Integrate with dovecot
# apt install dovecot-antispam
In file /etc/dovecot/conf.d/20-imap.conf
, modify the option mail_plugins and add antispam to the list
protocol imap {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins antispam
}
Edit file /etc/dovecot/conf.d/90-antispam.conf
and set or edit the following options
antispam_backend = pipe
antispam_trash_pattern_ignorecase = trash;Deleted Items;Deleted Messages
antispam_spam_pattern_ignorecase = Spam;Junk
antispam_pipe_program_spam_arg = -r
antispam_pipe_program_notspam_arg = -k
antispam_pipe_program = /usr/bin/spamassassin