Use Spamassassin for better SPAM detection

The Linux operating system is typically immune to viruses attached to email. But it is not immune to SPAM. Left unfiltered your inbox would quickly fill up with more SPAM than you care to delete. What is worse is owning a mail server and not protecting your users from a barrage of SPAM.

By employing Spamassassin you can set up an outstanding SPAM  filter system that will protect your users. It's not as simple as double clicking an .exe file to install, but the end results will be worth the time and effort.

Installing the tool

This portion of the task is simple. Open up your Add/Remove utility, do a search for "spamassassin" (no quotes), select the results, and apply the changes. After you have installed the package you need to take a few steps to finish up the installation.

Now you are going to need a local.rc file. You can open up the /etc/mail/spamassassin/local.rc file for hand editing, or you can use this handy web-based tool to set it up for you. This tool was written by Michael Moncur and makes the setup of Spamassassin much easier. Once you have selected all your options click the Generate button and then click the Download button. You will need to place this file in /etc/mail/spamassassin in order for it to be used.

It's time to start the daemon. Issue the command /etc/init.d/spamassassin start (or /etc/rc.d/init.d/spamassassin start - depending upon your distribution.)

Test the install

Spamassassin comes with a sample file you can run through the filter for testing. In modern installations this file is located in /usr/share/doc/spamassassin-*/sample-spam.txt. To test this issue the command:

spamc -R </usr/share/doc/spamassassin-3.2.5/sample-spam.txt

You should see results like this:

Content analysis details:   (1000.0 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
1000 GTUBE                  BODY: Generic Test for Unsolicited Bulk Email
-0.0 NO_RECEIVED            Informational: message has no Received headers

As you can see, this sample scored 1000 points. Only 5 points are required for an email to be considered SPAM. It's safe to say this is SPAM and safe to say Spamassassin is working.

Using Spamassassin with Procmail

You will need to set up Procmail (or another MTA) in order to deliver mail. What we want to do is set this up globally so you don't have to deal with each users ~/.procmailrc file. To do this you will edit the /etc/procmailrc file. All you need to do is add the following lines:

DROPPRIVS=yes

:0fw

| /usr/bin/spamc

Spamassassin should now be working.

Training spamassassin

At first you might not notice much of a drop in SPAM. This is because Spamassassin has to have a period of training.  There is a built-in tool for this called sa-learn. What you need to do is create two folders, one for SPAM and one for HAM. In the SPAM folder collect 100 or so emails that are definately SPAM. In the HAM folder collect 100 or so valid emails. Once you have those folders collected issue the following commands:

sa-learn --spam /PATH/TO/SPAM/FOLDER

sa-learn --ham /PATH/TO/HAM/FOLDER

Where /PATH/TO/SPAM/FOLDER and /PATH/TO/HAM/FOLDER are the explicit paths to these folders.

You can also set up a cron job to help Spamassassin train frequently if you need.

Final Thoughts

If SPAM is clogging up your Linux mail server you will be wise to employ a tool like Spamassassin. Your users and your IT staff will thank you for it.

Advertisement