ISDS uses Spamassassin to scan incoming mail for spam and procmail recipes to filter them out of the way. This page is a quick howto on setting up SpamAssassin with automatically updated rulesets so you don't have to do it manually.
Assumptions
- You are setting up on a Red Hat-esque box: RHEL, CentOS, Fedora, etc.
- You are familiar with installing software from tar.gz and RPM files, and Perl modules from CPAN.
Howto
Install Vipul's Razor. This is a collaborative spam reporting and checking system. SA has a plugin to check incoming messages against the razor distributed database of known spam messages.
- Install the following "Optional" Perl modules installed, as they make SA MUCH MUCH better at identifying spam:
- MIME::Base64
- DB_File
- Net::DNS - This one enables all the DNS-based checks, a real MUST HAVE.
Mail::SPF::Query - Be careful of this one. I ended up disabling this plugin because it was incorrectly identifying mail from ISDS users sending messages via the A&S Webmail service from their home computers on Road Runner as SPAM. Bad bad bad.
- IP::Country::Fast
Time::HiRes
Mail::DomainKeys
Install SpamAssassin using RPM from distro. This gets you a nice base configuration to work with, including init.d scripts, etc.
Update SpamAssassin from CPAN if your distro doesn't have the latest version.
Get the rules_du_jour script from the Rules Du Jour webpage and put it in /etc/mail/spamassassin. Make it executable by root.
Go to the SpamAssassin Rules Emporium and familiarize yourself with it. This website hosts a constantly updated collection of SA rulesets that make your job much easier. Spammers are constantly tweaking their messages to get through the spam filters. The rulesets on SARE are constantly updated to keep up with the changing spam so you don't have to!
Read the rules_du_jour script and configure it according to your preference. I put my configuration changes in /etc/sysconfig/rulesdujour:
# SA_DIR - where to find spamassassin configs SA_DIR=/etc/mail/spamassassin # Who to send notifications to MAIL_ADDRESS=root # Send only one email per run SINGLE_EMAIL_ONLY=true # Send notification only when something interesting happens #EMAIL_RDJ_UPDATE_ONLY=true ## Trusted Rulesets. see http://www.rulesemporium.com/rules.htm for details TRUSTED_RULESETS="SARE_REDIRECT_POST300 SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_BAYES_POISON_NXM SARE_HTML SARE_HEADER SARE_SPECIFIC SARE_RATWARE SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ SARE_HIGHRISK SARE_UNSUB SARE_URI SARE_WHITELIST SARE_OBFU"
This is a very aggressive set of rulesets, but I've found it to be accurate with a very small false-positive rate.
Run the rules_du_jour script for the first time. It should download all the rulesets, run the SpamAssassin lint on them, and report all is well.
- Create a cron job to run rules_du_jour no more than once/day. The SARE will block computers that try to download rulesets too often. Once/day is a good compromise.
Test your SA setup using known spam message, if you have them, and check the output:
$ spamassassin -t < spam.txt
This will output the filtered message and include a report at the end of the output on the score of the message. Be sure that the DNS black lists, and Razor checks are happening. Otherwise, SA will pass a lot of message through as legit when they are really spam.Configure your mail system to send incoming messages through SpamAssassin. See the SA documentation for the best way to do that. Here in ISDS, we use procmail and have a system-wide /etc/procmailrc that sends all incoming mail to SpamAssassin for IDing and marking. Then, individuals' .procmailrc files are set to put spam-tagged messages into a 'spam' folder.