Installing spam assassin

Spam Assassin uses a heuristic to determine whether a message is spam. It adds the word "SPAM" to the subject, which can then be used to process it with procmail.

Installation

  1. Build and install the scripts
       cd Mail-SpamAssassin-*
       perl Makefile.PL
       make
       make install  
    [as root]

    If the perl command gives any warnings about missing requirements, don't proceed further until you have installed the needed files from CPAN . If the modules cannot be installed from within perl, download them as tar.gz files and compile and install them manually before proceeding. Then run "make clean" before running "make" in the spamassassin directory again.

  2. Add to /etc/rc.d/local
       /usr/bin/spamd -d -u nobody
    (or "/usr/sbin/spamd -d -u nobody", depending on which spamd you want).
  3. Add to /etc/procmailrc
       DROPPRIVS=yes
       :0fw
       * < 256000
       | spamc
  4. Edit /etc/mail/spamassassin/local.cf and change the sensitivity to 10. Set report_safe to 0 to prevent it from trashing the message, in case it turns out to be a legitimate email. Set rewrite_subject to 1 so it puts "****SPAM****" in the subject line.
    required_hits 10.0
    rewrite_subject 1
    report_safe 0

    NOTE: Version 3.x of spamassassin uses different syntax. The new local.cf should be:
    required_hits           4.0
    rewrite_header Subject  *****SPAM*****
    report_safe             1
    use_bayes               1
    skip_rbl_checks         1
    use_pyzor               1
    rewrite_subject no longer works.

    See man Mail::SpamAssassin::Conf for the man page that describes configuring spamassassin.

  5. Edit /usr/share/spamassassin/20_head_tests.cf and /usr/share/spamassassin/20_dnsbl_tests.cf and comment out all lines that refer to relays.osirusoft.com, bl.spamcop.net, orbs.dorkslayers.com, and ipwhois.rfc-ignorant.org. These are known to be corrupt spam databases (see below).
  6. (Optional) Edit /usr/share/spamassassin/50_scores.cf and change the weightings for spam features if desired. For example, we increased the weight of SUBJ_FREE_CAP and set all the entries starting with RCVD_IN_OSIRU to 0.
  7. Start the spamd daemon
    /usr/bin/spamd -d -u nobody

    If it says
    Can't locate HTML/Parser.pm in @INC (@INC contains: ../lib /usr/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/5.8.3/i686-linux-64int-ld /usr/local/lib/perl5/5.8.3 /usr/local/lib/perl5/site_perl/5.8.3/i686-linux-64int-ld /usr/local/lib/perl5/site_perl/5.8.3 /usr/local/lib/perl5/site_perl) at /usr/lib/perl5/site_perl/5.6.0/Mail/SpamAssassin/HTML.pm line 7.
    ... more error messages ...
    it means your version of HTML::Parser is too old. Install HTML::Parser from CPAN , delete the Spamassassin source tree, and re-extract it from the .tar.gz file. (Running "make clean" doesn't work).
  8. Test spamassassin
    spamassassin -t < sample-nonspam.txt > nonspam.out
    spamassassin -t < sample-spam.txt > spam.out
    Check X-Spam-Status: should say "No" for the nonspam and "Yes" for the spam.
  9. Check for errors in the .cf files by typing
    spamassassin -d --lint

If user doesn't want spam checking, they should edit ~/.spamassassin/user_prefs and change
# required_hits 5
to
required_hits 100
For man page
perldoc Mail::SpamAssassin::Conf
perldoc Mail::SpamAssassin
Leave it like this for a week, so you can tell if it's working. Then add a line to ~/.procmailrc for each user to drop the spam
:0:
* ^X-Spam-Status: Yes
spam
Now just sit back and wait for the complaints to roll in. You may have to tweak the sensitivity value in /etc/mail/spamassasin/local.cf. The best balance is achieved when 50% of your users complain that too much is being blocked and 50% complain that too little is being blocked.

PROBLEMS

Sample /etc/mail/local.cf file

We white-listed MCI, our service provider, because they frequently send mail in HTML format starting with "Dear Beloved Customer", which gets marked as spam. Messages from Comcast users were also erroneously being marked as spam.
rewrite_subject 1
required_hits 4.2
report_safe 0 
whitelist_from *mci.com
whitelist_from *@mci.com
Or, for version 3.x, substitute the following:
rewrite_header Subject  *****SPAM*****


Back