A number of plug-ins for SpamAssassin add new test types. The standard plug-ins can be configured in local.cf and user_prefs.
SpamAssassin is written in Perl, and the plug-ins are Perl modules. The plug-ins are named Mail:SpamAssassin::Plugin::Name. Comprehensive Perl Archive Network (CPAN) is a web site that references most of the Perl modules. A search for "Mail:SpamAssassin::Plugin" at http://search.cpan.org lists plug-ins available for SpamAssassin.
All plug-ins are enabled by default. The line:
if Mail:SpamAssassin::Plugin::Namemust be present in each .cf file that defines rules for the plug-in Name in order to check that the module is installed on the system.
The same spam is sent all over the world to millions of computers. When spam reaches your server, it is very likely to have been seen by other computers that have already flagged it as spam. Razor, Pyzor, and Distributed Checksum Clearinghouse (DCC) allow users to share a worldwide spam database.
Pyzor started as a clone of Razor, with an open source server. Since Razor2 was released, both use different protocols. Razor, Pyzor, and DCC are made of a central spam database and an agent that queries the database and reports new spam. The database stores a signature of all spam reported and a count of how many times it was reported.
The three plug-ins have very similar configuration options in SpamAssassin:
use_dccEnables DCC with the value 1; disables it with 0.
dcc_timeout nSkips the DCC query if the reply is not received within n seconds. The default value for all plug-ins is 10 seconds. If the mail server processes many email messages, it is recommended to lower this value to 5 or 7 seconds.
dcc_body_max nSets how many times the spam must be reported to consider it as a match. The default value for DCC is 999,999 and 5 for Pyzor. Razor2 does not offer such option.
These plug-ins are very useful to quickly identify known spams. But they require more time to process each email. The Pyzor server can be installed on networks to serve as a local database for a corporation. Connections to the local server are much faster, but the amount of spam stored in the local database is lower. This can be useful if several servers are filtering spam on a common network.
SpamCop is also a collaborative plug-in, but it does not contain spam signatures. SpamCop lists the IP addresses of servers that send spams. Several users can make use of one IP address, and one spammer can comprise legitimate email sent from the same address. SpamCop should not be used alone.
The only official SpamCop web site is http://ww.spamcop.net. http://www.spamcop.com or other similar domain names are not linked to http://spamcop.net SpamCop.net.
SpamAssassin contains its own network checks. Like the SpamCop plug-in, it can test the IP address of the originating server against several online DNS blacklists. This is done by default. The list of DNS tests is located in /usr/share/spamassassin/20_dnsbl_tests.cf. Some of these tests ensure that the DNS server respects the RFC. A lot of legitimate DNS servers are not configured correctly; it is recommended to disable this category of tests:
skip_rbl_checks 0
rbl_timeout 15
score RFC_IGNORANT_ENVFROM 0.0
score DNS_FROM_RFC_DSN 0.0
score DNS_FROM_RFC_POST 0.0
score DNS_FROM_RFC_ABUSE 0.0
score DNS_FROM_RFC_WHOIS 0.0
score DNS_FROM_RFC_BOGUSMX 0.0By default, SpamAssassin ensures that it has access to a valid DNS server by querying default hosts. This can be turned off on a reliable Internet connection:
dns_available yes
Trusted and internal hosts should be specified to avoid spending time doing a DNS blacklist test on them. A trusted host is a host that is not an open relay and that is not used directly by spammers. The IP address of these hosts or subnets can be added to the SpamAssassin configuration files:
trusted_networksa.b.c.d/24trusted_networksw.x.y.ztrusted_networkm.ninternal_networks192.168internal_networks10.0.0.1/24
All these network tests take much more time than matching regular expressions or than a Bayesian filter. They should be enabled if SpamAssassin has difficulties in classifying spam and good email.