[COLUG] SpamAssassin examples

Duane duane at e164.org
Sat Oct 20 19:22:25 EDT 2007 

Rick Troth wrote:
> folks ...
> 
> I have put off using SpamAssassin and other tools
> being overly idealistic about what I want to do about spam.
> But now, the spammers have become so aggressive that I can
> barely cope.  So I am revisitting the popular tools.
> I repent of my stubborn pride!
> 
> Can someone shoot me example hooks for both sendmail and Postfix?
> (I run both in one way or another.)  I am guessing that what I
> need to do is download SA, install it into a place reachable by the
> MTA daemon (either Postfix or sendmail), and then call the API
> via the config files of the respective MTA.  Is that correct?

I run postfix and have been fairly successful in reducing spam for most
mailboxes to almost 0.

Regardless what others say greylisting (postgrey) works, and works well
for very little overhead (cpu/ram/whatever), this manages to snag a good
50-90% on it's own.

I then enabled as many RFC checks as possible in postfix, this prevents
another 50-90% of whatever gets past postgrey, however some people don't
know how to configure mail servers and just like postgrey this can have
some false positives (ie people leaving their hostname set to localhost).

After this I also have postfix check that the account exists or reject,
and then anything left over is fed into amavis-new which can run
numerous checks such as spamassassin, dspam, clamav and even blocking
attachments by extension.

I've set spamassassin up to look at a database for user preferences, set
via squirrelmail plugin, that hooks into MySQL. This lets the user set
some additional criteria and a points score for common things, and what
point score to reject or filter in the junk folder.

A lot of people say it's bad to pre-filter with Amavis, but this way the
 server rejects rather then firing off bounce messages later which is
considered spam by some and I find them almost as annoying as the spam
in the first place.

Anything spam that actually gets past all this, I have an imap folder I
dump it into and once an hour a shell script feeds it back into
spamassassin, and you should every so often feed ham into spamassassin
as well, especially when starting out, this increases the accuracy a lot.

Spam filtering is about layers these days, no one true way etc, and what
ever you do, don't do RBL only rejections, too many RBL lists are run by
zealots that need to be knocked down a few pegs.

Most of this stuff is already documented on the intar-web, but can
supply examples.

-- 

Best regards,
 Duane

http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP

"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."

More information about the colug432 mailing list