Configure Spamassassin
Once spamassassin is installed and running with your mail server, you need to configure the settings so it runs smoothly for your network setup.Just Tag the Subject Line
By default, when spamassassin processes an email that it thinks is spam (it spam score is above the required_score
, it creates a new message, attaching the spammy message as an attachment, explaining why it thinks the message is spam. Unfortunately not all users understand this, and if you don't want your phone to be constantly ringing with queries, it is easier, to just deliver the spammy email as normal, but with the subject line starting with the tag *****SPAM*****
. Users seem to understand this much more, and the more IT literate can easily create an inbox rule/filter to move them to a spam folder automatically.
To get spamassassin to just tag the subject line of a spammy message, you need to edit your local.cf
configuration file, usually found at /etc/mail/spamassassin/local.cf
. Change the first two settings from
# Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject *****SPAM*****# Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # # report_safe 1
to
# Add *****SPAM***** to the Subject header of spam e-mails rewrite_header Subject *****SPAM*****# Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0
Don't Scan Outgoing Email
If you are an ISP, then you may want to scan both incoming and outgoing email for spam, but most companies don't need to do that, and it can cause embarrassment if your mail server should tag any of your outgoing email as spam before delivering them to your customers or clients.
To safest solution is to only scan incoming email for spam, and let outgoing email go out without scanning. How you do this depends on how your network is setup
If your mailserver is multi-honed, i.e. has one network card connected to the internal network, and one network card connected to the internet (or one networj card has 2 IP addresses), then the easiest solution is to tell your mailserver to only scan email connecting to the internet side.
For the Postfix mailserver, you do this by a simple edit to your master.cf configuration file. In this example 10.0.0.1 is the IP address of your mailserver on the internal network, and 123.456.78.90 is the IP address of its internet connected network card.
Change the smtp
line you edited in your master.cf
from
smtp inet n - n - - smtpd -o content_filter=spamassassin
to
123.456.78.90:smtp inet n - n - - smtpd -o content_filter=spamassassin 10.0.0.1:smtp inet n - n - - smtpd
which tells Postfix to only filter the email through spamassassin if it arrives through the network card connected to the internet.
If your mail server lives in a DMZ and only has one network card (and only 1 IP address) then you can either use seperate port numbers for incoming and outgoing mail. If your mailserver is in a DMZ then your router/firewall is probably using port-forwarding to allow the mailserver to receive internet mail. If you change your router's configuration so that connections to your internet address and port 25 are delivered to your mailserver port 26 (instead of port 25).
For Postfix, you would alter the master.cf config file from
smtp inet n - n - - smtpd -o content_filter=spamassassin
to
26 inet n - n - - smtpd -o content_filter=spamassassin smtp inet n - n - - smtpd
Which tells post fix to scan email that arrives on port 26, but not on port 25.
Turn off some DNSBL checks
Using DNSBL (dns black list) checks to determine if the message is spam is very useful, but some DNSBL lists can be a little too quick to list large ISPs or email providers. To prevent these over eager DNSBL lists from causing spamassassin to mis-identify email as spam, the easiest solution is to turn off those DNSBL checks you don't want to use.
To find out the names of all the DNSBL checks, you need to read the the dnsbl config file, which is usually at /usr/share/spamassassin/20_dnsbl_tests.cf
So if you want to turn off the rfc-ignorant tests then add to your local.cf config file /etc/mail/spamassassin/local.cf
the following lines
score __RFC_IGNORANT_ENVFROM 0.0 score DNS_FROM_RFC_DSN 0.0 score DNS_FROM_RFC_POST 0.0 score DNS_FROM_RFC_ABUSE 0.0 score DNS_FROM_RFC_WHOIS 0.0 score DNS_FROM_RFC_BOGUSMX 0.0
which turns off all the rfc-ignorant dnsbl tests. For different DNSBL, find the matching entries in the 20_dnsbl_tests.cf
file, and score then to 0.0 in your local.cf
For more details on customizing your spamassassin setup, visit the Spamassassin Wiki at http://wiki.apache.org/spamassassin/