[TriLUG] SpamAssassin is wonderful...

Jon Carnes jonc at haht.com
Sun Jun 2 01:15:48 EDT 2002 

I grabbed this off the Mandrake Forum a couple of weeks ago, and I've been 
using SpamAssassin ever since.  I have to say that it is quite awesome.  I 
still get a kick out of how well it ferrets out Spam!  It tags well over 
80% of my spam with absolutely no false positives (so far).

To install SpamAssassin, enter the MCPAN shell and execute the following 
commands:

  perl -MCPAN -e shell
    o conf prerequisites_policy ask
    install Mail::SpamAssassin
    install Net::DNS 
(optional, used to check the RBL, RSS, DUL etc. and perform MX checks)

    quit

======

SpamAssassin can act as a Procmail filter and can be added to an individual 
by editing (or creating) their .procmailrc file and adding the following 
lines:

   :0fw
   | spamassassin -P

======

We run the application on Mercury.srvr.haht.com (our corporate mailserver) 
It runs as a subprocess of procmail which in turn is a subprocess of 
Sendmail.

Sendmail runs on Mercury and accepts an incoming mail from the outside 
world.
  - Sendmail takes delivery of the message and discovers that the message
     is for a local user (employee of HAHT)
    - Sendmail invokes Procmail for the local delivery of the message.
      - Procmail takes delivery of the message and searches the local 
        users home directory (/home/users/<username>/) for a configuration
        file called .procmailrc.  Note: Procmail also uses a global
        configuration file (/etc/procmailrc)
        - Procmail sees that the local configuration file for the user is
          invoking a external mail filter called "spamassassin"
          - Spamassassin starts up as a subprocess and performs 224 tests
            on the message.  Each positive test results in a number being
            added to a running sum.  No one single test can condemn an 
            email as being tagged as Spam.  Normally a message must have
            three or more elements associated with spam before it is
            tagged.  

Currently the running value to tag a message as spam is set to "5".  The 
value is only adjustable by the root user of Mercury.  This value is 
adjustable on an individual basis, but "5" is the current system wide value 
and is defined in the local configuration file:
  /etc/mail/spamassassin/local.cf

Global changes can be made by editing this file.

Local or individual changes can be made by editing the users configuration 
file:
  /home/users/<username>/.spamassassin/user_prefs

Individual user preferences over-ride the global settings, so an individual 
can make themselves less sensitive to spam by raising the value for tagging 
a message as Spam from "5" to some higher number.

======

Below is a sample Spam email that was processed by Spamassassin...


Subject: *****SPAM***** Lose weight SAFELY, guaranteed!                     
                                aSGSpyl
Date: Thu, 30 May 2002 22:04:58 -0400 (EDT)
From: silenttears0106 at aol.com ()
To: <hahahahahahaha at hahahahahahaha.haha.ha>, 

SPAM: ------------------ Start SpamAssassin results -------------------- 
SPAM: This mail is probably spam.  The original message has been altered 
SPAM: so you can recognise or block similar unwanted mail in future. 
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details:   (16.7 hits, 5 required)
SPAM: Hit! (-0.0 points) To: contains similar domains at least 10 times
SPAM: Hit! (2.7 points)  Subject contains lots of white space
SPAM: Hit! (2.4 points)  To: contains similar usernames at least 10 times
SPAM: Hit! (1.0 point)   From: ends in numbers
SPAM: Hit! (0.5 points)  Subject has an exclamation mark
SPAM: Hit! (4.1 points)  BODY: Broken CGI script message
SPAM: Hit! (2.7 points)  BODY: Claims you can be removed from the list
SPAM: Hit! (1.5 points)  BODY: Asks you to click below
SPAM: Hit! (0.2 points)  URI: Uses a username in a URL
SPAM: Hit! (-0.4 points) BODY: Contains a line >=199 characters long
SPAM: Hit! (2.0 points)  Subject contains a unique ID number
SPAM:
SPAM: ------------------ End of SpamAssassin results -------------------

### <snip - actual spam email not included in this document> ###

======

I hope this is useful to folks looking to cut down on the amount of spam 
they have to process.  Take care,

Jon Carnes

More information about the TriLUG mailing list