SpamAssassin identifies spam email with a set of rules and a combination of unique features to mark email as spam. Plug-ins can be added to extend the number of checks on the email. Spammers tune the content of their email to pass through anti-spam filters, so using as many different checks as possible is critical.
SpamAssassin processes both the email headers and the body. Be aware that when multiple features are enabled and a complex set of rules are used, SpamAssassin can require a lot of system resources. If you receive lots of emails, you can get a separate machine dedicated to filter email coming in your local network. You should also spend time tuning your rules to reduce their number without reducing the accuracy of your filtering.
SpamAssassin configuration files are found in three places:
This directory contains predefined rules for SpamAssassin. These files have a .cf extension.
This directory contains the global configuration for SpamAssassin. The main configuration file is local.cf; the other .cf files contain rules.
Optionally, users can create their own rules if allowed in /etc/mail/spamassassin/local.cf. The configuration is done in user_prefs. The template /usr/share/spamassassin/user_prefs.template can be moved to this folder and renamed user_prefs. The rules are contained in .cf files, like for /etc/mail/spamassassin. The rule files can be copied from /usr/share/spamassassin.
The first step to configure SpamAssassin is to enable or disable features in /etc/mail/spamassassin/local.cf at the global system level. Some of the features are similar to what was done in procmailrc for SpamProbe:
require_scoren.mThe minimum score to classify an email as spam. The default score is 5.0. To avoid false positives, the minimum score can be set to 7.0 or 8.0. Most spam should have a score between 8 and 10 with the default rule. For exceptions, the score can get higher than 15.
rewrite_header HeaderStringIf the email is classified as spam, SpamAssassin can rewrite the header subject, From and/or To. The rule rewrite_header subject[SPAM] will add [SPAM] at the beginning of the subject.
add_headerCase HeaderName StringA new header, X-Spam-HeaderName: String, can be added to spam, ham (good email), or all: add_header all Score _SCORE_ add X-Spam-Score: x.y can be added to all emails. _SCORE_ is a SpamAssassin variable explained in the next section.
report_safenIf SpamAssassin classifies an email as spam, the content of this email can be modified:
0Indicates no modification of the body.
1Means that spams are sent as new email attachments. This is the default value. The email's new body is set with the report option. The headers X-Spam-Status: Yes score =m.n tests=TEST1,TEST2,etc. and X-Spam-Flag: YES are added.
2Causes spam to be sent as attachment with the content type text/plain. Body and headers are treated similar to 1.
If spamassassin is used to train spamprobe (see Spam Filtering with Bayesian Filters), report_safe should be set to 0 in order to prevent artificial alteration of the body of spam email.
reportAdds a line to the new body of the email when report_safe is set to 1 or 2. The option clear_report_template can be used to remove the previous report lines. An example can be seen in /usr/share/spamassassin/10_misc.cf.
These options can also be used in other .cf files. For example, /usr/share/spamassassin/10_misc.cf defines the headers to add to an email, the required score, etc.
SpamAssassin provides several variables to be used with .cf files. The most frequently used are:
_YESNO_Yes if it is a spam, No if it is not.
_SCORE_SpamAssassin score. For example, to pad the score with zeros, use _SCORE(00)_ _. This prints 002.3, 012.3, or 112.3.
_VERSION_SpamAssassin version number.
_BAYES_Bayesian filter score.
_TESTSCORES(,)_List all positive tests on the email with the associated score.
_STAR(*)_Adds one star for each point score. This is often used to make the Procmail rules simpler.
There are additional variables to get the score of the different SpamAssassin plug-ins installed on the server. These variables are very useful to help tune the rules and scores. Record the score of each test to all messages during the first few months of a new SpamAssassin installation to understand how SpamAssassin scored each email and to understand what needs to be improved:
add_header all Score _SCORE_ add_header all Bayes _BAYES_ add_header all Tests _TESTSCORES(,)_ add_header all Level _START(*)_
By default, SpamAssassin uses folded headers to avoid long lines.add_header all Tests _TESTSCORES_ will likely create a header split over several lines. To force all headers added by SpamAssassin to be on one line, use the option fold_headers 0.
All the configuration options available in /etc/mail/spamassassin/local.cf can be used in $HOME/.spamassassin/user_prefs, except for the administrator settings.
allow_user rulesIf set to 1, this option allows users to add rules in user_prefs when spamd is used in place of spamassassin (see the section "SpamAssassin As a Daemon or Server" later in this chapter).
loadplugin Name PathAdditional plug-ins can be loaded. A plug-in is a Perl module. If the module cannot be located by Perl, an optional path to the module must be added.
Options for the Bayesian filter and the SpamAssassin plug-ins are only available in local.cf.