Spamassassin

From wiki
Revision as of 22:02, 12 June 2016 by Vincent (talk | contribs) (typo)

SpamAssassin is a spam detection software intended to be run on your mail server. It rank mail using several criteria criteria that can be put in the following families

  • DNS Whitelist/Blacklist: does the server that sent you the email sent spam before?
  • URI Blacklist: does the body of the message contain links to some bad sites?
  • Distributed Spam Hashes: does someone reported the same message as spam already?
  • Bayesian Filter: compare email to your past spam and ham
  • SPF/DKIM: check is the from email address that you see is legitimate
  • Static Rules: a lot of manually crafted rules by SpamAssassin contributors


Warning Warning: This page is a work in progress and is not completed. Important informations might be missing or wrong.

Install

# apt install spamassassin

Configure

After changing config in /etc/spamassassin/, don't forget tell SpamAssassin to reload config

# service spamassassin reload

Report Headers

SpamAssassin can had headers in the messages it scan. It will help you investigate things in case you get false-positive are false-negative.

Add the following lines to /etc/spamassassin/local.cf

# The status header is used by other programs to read the spam status. Don't modify the part before tests=...
add_header all Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTSSCORES(,)_ autolearn=_AUTOLEARN_
add_header all Details version=_VERSION_ _REPORT_
add_header all Pyzor _PYZOR

Bayesian filter

To reach a good efficiency, SpamAssassin Bayesian filter need to be trained with both spam and ham messages. You can use your actual mailbox for that but note the following points:

  • Be sure that the folders you use for training contain only spam or ham. If a folder contain a mix of them, SpamAssassin will learn wrong info and produce bad quality results
  • To be effective you need between 1000 and 5000 messages each of both spam and ham.
  • You need to have more ham than spam to train. Otherwise, SpamAssassin might become biased toward spam.
# sudo -u vmail sa-learn --spam --progress --dir /var/maildir/<username>/Maildir/.Spam/cur/
# sudo -u vmail sa-learn --ham --progress --dir /var/maildir/<username>/Maildir/cur/

To check the status of the database, you can run

# sudo -u vmail sa-learn --dump magic

Pyzor

Install

# apt install pyzor

Firewall

Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf and add

# Pyzor (Spamassassin)
add element  inet main  tcp_port_out { 24441 }
add element  inet main  udp_port_out { 24441 }

and activate it using

$ sudo /etc/nftables/reload_main.conf

Configure

# sudo -u vmail pyzor discover
downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
# sudo -u vmail pyzor ping
public.pyzor.org:24441  (200, 'OK')

Razor

Install

# apt install razor

Firewall

Assuming that you configured nftables as described, you can edit file /etc/nftables/main_config.conf and add

# Razor (Spamassassin)
add element  inet main  tcp_port_out { 2703 }

and activate it using

$ sudo /etc/nftables/reload_main.conf

Configure

# sudo -u vmail razor-admin -create
# sudo -u vmail razor-admin -register
Register successful.  Identity stored in /var/maildir/.razor/identity-xo4OkrHieL

Configure service

Edit file /etc/default/spamassassin and change the following line

OPTIONS="--create-prefs --max-children 5 -u vmail --listen /run/spamd.socket"

Create file /etc/spamassassin/spamc.conf with the following content

--socket /run/spamd.socket

It's now time to enable the Spamassassin service

# systemctl enable spamassassin.service
# systemctl start spamassassin.service

Cron

Spamassassin authors publish updated rules on a daily basis. To stay up-to-date, edit file /etc/default/spamassassin and set option

CRON=1

Integrate with exim

# apt install sa-exim

Configuration is stored in /etc/exim4/sa-exim.conf.

Edit the following setting

SAspamcUser: vmail

By defauld sa-exim is disabled. Remove the following lines to enable it

#----------------------------------------------------------------------
# Remove or comment out the following line to enable sa-exim
SAEximRunCond: 0
#----------------------------------------------------------------------

Other parameter that I change

SApermreject: 10.0

You can now restart exim to take you settings into account

# service exim4 restart

Integrate with dovecot

SpamAssassin is able to learn from it's mistakes. By using the plugin dovecot-antispam, we train SpamAssassin by just moving email in or out of the spam folder.

First install it with this command

# apt install dovecot-antispam

Then in file /etc/dovecot/conf.d/20-imap.conf, modify the option mail_plugins and add antispam to the list

protocol imap {
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = $mail_plugins antispam
}

Edit file /etc/dovecot/conf.d/90-antispam.conf and set or edit the following options

  antispam_backend = pipe
  antispam_trash_pattern_ignorecase = trash;Deleted Items;Deleted Messages
  antispam_spam_pattern_ignorecase = Spam;Junk
  antispam_pipe_program_spam_arg = -r
  antispam_pipe_program_notspam_arg = -k
  antispam_pipe_program = /usr/bin/spamassassin

And finally, reload Dovecot

# service dovecot restart