Network Administration: SpamAssassin Basics

SpamAssassin is a spam-blocking tool that uses a variety of techniques to weed the spam out of your users’ mailboxes. SpamAssassin uses a combination of rule filters that scan for suspicious message content and other telltale signs of spam, as well as blacklists from known spammers. The following sections explain how to install and use it.

Installing SpamAssassin

To configure SpamAssassin for basic spam filtering, follow these steps:

  1. Ensure that Procmail is installed as your MDA.

    In Fedora, Procmail is installed by default. To make sure it’s enabled, open the file /etc/mail/sendmail.mc and make sure it includes the following line:

    FEATURE(local_procmail,`’,`procmail -t -Y -a $h -d $u’)dnl

    If this line is missing, add it and then restart Sendmail.

  2. Ensure that the spamassassin daemon is running.

    You can do that by choosing Applications→System Settings→Server Settings→Services and looking for spamassassin in the services list. Or, at a console prompt, enter this command:

    service spamassassin status

    If SpamAssassin isn’t running, enter this command:

    chkconfig --level 35 spamassassin on

    Whenever you make a configuration change, you should stop and restart the service with this command:

    service spamassassin restart
  3. Create a file named procmailrc in the /etc directory.

    Use gedit or your favorite text editor. The file should contain these two lines:

    :0fw
    | /usr/bin/spamc

    These lines cause Procmail to run all incoming mail through the SpamAssassin client program.

  4. Restart Sendmail and SpamAssassin.

    You can do this from Applications→System Settings→Server Settings→Services, or you can enter these commands at a console prompt:

service sendmail restart
service spamassassin restart

SpamAssassin should now be checking for spam. To make sure it’s working, send some e-mail to one of the mailboxes on your system and then open the mailbox file for that user in varmail and examine the message that was sent. If the message headers include several lines that begin with X-Spam, SpamAssassin is doing its job.

Customizing SpamAssassin

You can configure SpamAssassin by editing the configuration file /etc/mail/spamassassin/local.cf. This file contains SpamAssassin rules that are applied system wide, though you can override these rules for individual users by creating a user_prefs file in each user’s $HOME/.spamassassin directory.

In Fedora, the default local.cf file contains the following lines:

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

These lines cause SpamAssassin to add the word [SPAM] to the start of the subject line for any message that scores 5 or higher on SpamAssassin’s spam scoring algorithm.

Although you can configure SpamAssassin to automatically delete messages that score above a specified value, most antispam experts recommend against it. Instead, adding a word such as [SPAM] to the header lets each user decide how he or she wants to handle spam by using a message filter on his or her e-mail client that either deletes the marked messages or moves them to a Spam folder.

No matter how you configure SpamAssassin, you will inevitably get some false positives. For example, a long-lost friend who moved to Nigeria will e-mail you a joke about Viagra using a Hotmail account. Odds are good that SpamAssassin will mark this message as spam.

That’s why arbitrarily deleting messages marked as spam isn’t such a great idea, especially on a system-wide basis. Better to simply mark the messages and then let your users decide how to deal with the spam.