Spamassassin

From Edgar BV Wiki
Jump to navigation Jump to search

Spamassassin

install the packages. Also install pyzor and razor

create a user "spamfilter"

adduser --system spamfilter

mkdir /var/spool/spamassassin

touch /var/log/mail/spamd.log

/etc/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
# Debian standard stuff
#
# rewrite_header Subject *****SPAM*****
rewrite_header Subject **We says: SPAM**

# report_safe 1
 report_safe 1

# trusted_networks 212.17.35.
# lock_method flock
lock_method flock

# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

# How many hits before a message is considered spam.
 required_score           7.0

# Enable the Bayes system
 use_bayes               1
 use_bayes_rules        1
#        bayes_path        /var/spool/spamassassin/bayes
#        bayes_file_mode   0666

# Enable Bayes auto-learning
 bayes_auto_learn              1

# Enable or disable network checks
 skip_rbl_checks         0
 use_razor2              1
 use_dcc                 1
 use_pyzor               1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
 ok_languages            all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
 ok_locales              all

# Autowhitelist feature turned off because creates a large file
   use_auto_whitelist 0

in /etc/postfix/master.cf change

smtp      inet  n       -       -       -       -       smtpd

to

smtp      inet  n       -       -       -       -       smtpd
        -o content_filter=spamassassin

At the bottom of master.cf add

spamassassin unix -     n       n       -       -       pipe
        user=spamfilter argv=/usr/bin/spamc -s 15000000 -f -e /usr/sbin/sendmail -oi -f $(sender) $(recipient)

This way we throw the mail through spamc, which then filters it through spamd before delivery to the mailbox, instead of sending it through spamassassin itself, which has no control over the amount of process forks it spawns etc. Spamd spawns a certain amount of processes and sticks to them, so it doesn't bring the machine to it's knees.

Edit v310.pre to enable TextCat and DCC and DWL

To check a configuration, use

spamassassin --lint

Per user preferences can be adjusted in ~/.spamassassin/user_prefs (eg. they can turn it off!)

then set /etc/default/spamassassin

ENABLED = 1

and in the OPTIONS add

-s /var/log/mail/spamd.log touch /var/log/mail/spamd.log vi /etc/logrotate.d/rsyslog

to add the logfile for rotation

Then

/etc/init.d/spamassassin start 

to start spamd.

check /var/log/mail/spamd.log to see what's going on.

Razor

To start razor you have to

        $ razor-client           [creates symbolic links] - NB Depreciated
        $ razor-admin --create   [creates the razor home]
        $ razor-admin --register [registers an account]

To get dcc working you have to edit v310.pre and uncomment it.

There's a few options to be found in /etc/default/spamassassin (such as that the logfile is in /var/log/mail/spamd.log

NB. Spamassassin doesn't do any deleting in and of itself - it needs another filter (procmail) to do this. So filters in /etc/procmailrc are still run.

Language Filtering

first /etc/spamassassin/v310.pre needs the TextCat plugin enabled (uncomment it in v310.pre)

Then the ok_languages and ok_locales (charactersets) can be used to specify which languages and locales are considered allright to use. If an email contains mail from a different locale / language the spam score is raised.

List of charactersets: en - Western character sets in general ja - Japanese character sets ko - Korean character sets ru - Cyrillic character sets th - Thai character sets zh - Chinese (both simplified and traditional) character sets

List of languages:

   * af - Afrikaans
   * sq - Albanian
   * am - Amharic
   * ar - Arabic
   * hy - Armenian
   * eu - Basque
   * bs - Bosnian
   * bg - Bulgarian
   * be - Belorussian
   * ca - Catalan
   * zh - Chinese
   * hr - Croatian
   * cs - Czech
   * da - Danish
   * nl - Dutch
   * en - English
   * eo - Esperanto
   * et - Estonian
   * fi - Finnish
   * fr - French
   * fy - Frisian
   * ka - Georgian
   * de - German
   * el - Greek
   * he - Hebrew
   * hu - Hungarian
   * hi - Hindi
   * is - Icelandic
   * id - Indonesian
   * ga - Irish Gaelic
   * it - Italian
   * ja - Japanese
   * ko - Korean
   * la - Latin
   * lv - Latvian
   * lt - Lithuanian
   * ms - Malay
   * mr - Marathi
   * ne - Nepali
   * no - Norwegian
   * fa - Persian
   * pl - Polish
   * pt - Portuguese
   * qu - Quechua
   * rm - Rhaeto-Romance
   * ro - Romanian
   * ru - Russian
   * sa - Sanskrit
   * sco - Scots
   * gd - Scottish Gaelic
   * sr - Serbian
   * sk - Slovak
   * sl - Slovenian
   * es - Spanish
   * sw - Swahili
   * sv - Swedish
   * tl - Tagalog
   * ta - Tamil
   * th - Thai
   * tr - Turkish
   * uk - Ukrainian
   * vi - Vietnamese
   * cy - Welsh
   * yi - Yiddish 

eg:

  1. - dutch english french german

ok_languages nl en fr de ok_locales en

Per User Settings

If you need a personal filter for a single user, you need a

~/.procmailrc

file.

To simply delete all the spamassassin tagged spam, fill the file with

:0 HB
* We says: SPAM
/dev/null

If you get "Suspicious rcfile" messages in mail.err for a user check the following:

- is the .procmailrc file owned by the user or world writeable

- is the userdirectory owned by the user or world writeable

- apparently the sticky bit (+s or +t) shouldn't be set

The directory / file permissions should be 740 or 744.


If you need per user spamassassin settings (such as changing the score or filtering on language) you need a

~/.spamassassin/

directory containing a file:

user_prefs

You can put any of the spamassassin directives from /etc/spamassassin/local.cf in there.

spam / ham learning

Spam / Ham learning script http://faisal.com/docs/salearn.html

ham is not spam!

run the following from the command line (for Maildir):

sa-learn --ham ~/Maildir/cur/

to say everything in your inbox is ham

sa-learn --spam ~/Maildir/.Junk\ E-mail/

to say everything in there is spam

You can also use:

sa-learn --ham ~/Maildir/.Leveranciers*/