HowTo.Gumph.Org

Step by step solutions to IT problems

Site

• Homepage
• Contribute
• Suggest an Article
• Complete Archive
• 

Popular

• Remove Local Folders from Thunderbird
• Join Movie Clips together
• Customize the Firefox Installer

Recent Articles

• Setup Virtual Users and Directories in VSFTPD
• Send SMS messages from Linux
• Poweroff an old PC in Debian
• Use an SMB printer in Xubuntu
• Build your own PC
• PXE Booting a Laptop
• Get Started with User-Mode-Linux
• Make a Video DVD
• Reduce Webserver Bandwidth
• Measure your Websites Performance
• Configure Spamassassin
• Run MPlayer on Windows
• Build a Lightweight Browser Appliance
• Run SpamAssassin with Postfix
• Initialize Roving Profiles
• Install a PNP modem in Linux
• Join Movie Clips together
• Remove Local Folders from Thunderbird
• Customize the Firefox Installer
• Get Thunderbird to hangup on exit
• XP Direct Cable to Linux

Configure Spamassassin

Once spamassassin is installed and running with your mail server, you need to configure the settings so it runs smoothly for your network setup.

Just Tag the Subject Line

By default, when spamassassin processes an email that it thinks is spam (it spam score is above the required_score, it creates a new message, attaching the spammy message as an attachment, explaining why it thinks the message is spam. Unfortunately not all users understand this, and if you don't want your phone to be constantly ringing with queries, it is easier, to just deliver the spammy email as normal, but with the subject line starting with the tag *****SPAM***** . Users seem to understand this much more, and the more IT literate can easily create an inbox rule/filter to move them to a spam folder automatically.

To get spamassassin to just tag the subject line of a spammy message, you need to edit your local.cf configuration file, usually found at /etc/mail/spamassassin/local.cf. Change the first two settings from

#   Add *****SPAM***** to the Subject header of spam e-mails
# rewrite_header Subject *****SPAM*****
#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1

to

#   Add *****SPAM***** to the Subject header of spam e-mails
rewrite_header Subject *****SPAM*****
#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0

Don't Scan Outgoing Email

If you are an ISP, then you may want to scan both incoming and outgoing email for spam, but most companies don't need to do that, and it can cause embarrassment if your mail server should tag any of your outgoing email as spam before delivering them to your customers or clients.

To safest solution is to only scan incoming email for spam, and let outgoing email go out without scanning. How you do this depends on how your network is setup

If your mailserver is multi-honed, i.e. has one network card connected to the internal network, and one network card connected to the internet (or one networj card has 2 IP addresses), then the easiest solution is to tell your mailserver to only scan email connecting to the internet side.

For the Postfix mailserver, you do this by a simple edit to your master.cf configuration file. In this example 10.0.0.1 is the IP address of your mailserver on the internal network, and 123.456.78.90 is the IP address of its internet connected network card.

Change the smtp line you edited in your master.cf from

smtp   inet  n   -   n   -   -   smtpd -o content_filter=spamassassin

to

123.456.78.90:smtp   inet  n   -   n   -   -   smtpd -o content_filter=spamassassin
10.0.0.1:smtp   inet  n   -   n   -   -   smtpd

which tells Postfix to only filter the email through spamassassin if it arrives through the network card connected to the internet.

If your mail server lives in a DMZ and only has one network card (and only 1 IP address) then you can either use seperate port numbers for incoming and outgoing mail. If your mailserver is in a DMZ then your router/firewall is probably using port-forwarding to allow the mailserver to receive internet mail. If you change your router's configuration so that connections to your internet address and port 25 are delivered to your mailserver port 26 (instead of port 25).

For Postfix, you would alter the master.cf config file from

smtp   inet  n   -   n   -   -   smtpd -o content_filter=spamassassin

to

26   inet  n   -   n   -   -   smtpd -o content_filter=spamassassin
smtp   inet  n   -   n   -   -   smtpd

Which tells post fix to scan email that arrives on port 26, but not on port 25.

Turn off some DNSBL checks

Using DNSBL (dns black list) checks to determine if the message is spam is very useful, but some DNSBL lists can be a little too quick to list large ISPs or email providers. To prevent these over eager DNSBL lists from causing spamassassin to mis-identify email as spam, the easiest solution is to turn off those DNSBL checks you don't want to use.

To find out the names of all the DNSBL checks, you need to read the the dnsbl config file, which is usually at /usr/share/spamassassin/20_dnsbl_tests.cf

So if you want to turn off the rfc-ignorant tests then add to your local.cf config file /etc/mail/spamassassin/local.cf the following lines

score __RFC_IGNORANT_ENVFROM 0.0
score DNS_FROM_RFC_DSN 0.0
score DNS_FROM_RFC_POST 0.0
score DNS_FROM_RFC_ABUSE 0.0
score DNS_FROM_RFC_WHOIS 0.0
score DNS_FROM_RFC_BOGUSMX 0.0

which turns off all the rfc-ignorant dnsbl tests. For different DNSBL, find the matching entries in the 20_dnsbl_tests.cf file, and score then to 0.0 in your local.cf

For more details on customizing your spamassassin setup, visit the Spamassassin Wiki at http://wiki.apache.org/spamassassin/

© 2004-2010 howto.gumph.org.
All rights reserved.