SpamAssassin can process email from the standard output or from files, but it cannot grab email from an SMTP server. A Local Delivery Agent (LDA) such as Procmail must be used to run SpamAssassin on every incoming email. The rules used in Procmail are similar to what was used for SpamProbe. But some actions, such as modifying the subject name for adding a header with the score, can be done directly in SpamAssassin. If report_safe is set to 1 or 2, Procmail can inspect the header X-Spam-Status automatically added by SpamAssassin:
:0 fw | /usr/bin/spamassassin :0: * ^X-Spam-Status: Yes Spam.mail
If report_safe is set to 0, Procmail can use the X-Spam-Level header to delete all spams that have a score of 10 or higher:
:0 fw | /usr/bin/spamassassin :0: * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* /dev/nulll
Similar to ClamAV, SpamAssassin provides a client, spamc, and daemon/server, spamd. spamd is written in Perl as is spamassassin, but spamc is written in C to maximize speed and minimize the memory size.
spamd can run as a daemon with this command:
[root@asus ˜]$ spamd -d -pidfile=/var/run/spamd.pidspamd loads the configuration files from $HOME/.spamassassin for every new connection, but not from /etc/mail/spamassassin, which is only loaded at startup. To make spamd reload the global configuration file after an update, the signal SIGHUP must be sent to the daemon:
[root@asus ˜]$ pkill -SIGHUP spamdspamd can also run as a server and listen for connections on an IP address. spamd listens to port 783 by default. spamd can be run as root or as any other user with the -u switch:
[root@asus ˜]$spamd -d -pidfile=/var/run/spamd.pid-ip-address=a.b.c.d-port=2048-ujulien
If spamd is not run as root, it is recommended to change the default port to a nonprivileged port number (> 1024); otherwise, spamd is not able to reload its configuration file.
The communication protocol between spamc and spamd is similar to what ClamAV uses. But the communication can be encrypted with SSL using the -S option on the client and -ssl on the server.
It is recommended to use spamc and spamd in place of SpamAssassin on a mail server to save computer resources. To do so, simply replace /usr/bin/spamassassin by /usr/bin/spamc(with -s if spamd is run on a different server) in procmailrc.
ClamAV, SpamProbe, and SpamAssassin can be integrated within Procmail to have a complete email scanning system. SpamAssassin offers the same Bayesian filter as SpamProbe, but SpamProbe is much faster. It is better to run SpamProbe on email first, and then SpamAssassin if the score is low. SpamAssassin can also be used to feed spam to SpamProbe during the learning period and to keep the SpamProbe spam database up to date.
In addition, we can first exclude all email that has attachments with a file extension that is a virus 99.99 percent of the time (.pif, .i386, .scr, .bhx, .vbs):
SHELL=/bin/sh PATH=:/bin:/usr/bin # define a whitespace: a space or a tabulation, the equivalent of [ \t] in a Perl regular expression WS=[ ] SUBJ='formail -xSubject: ' # If the email is too big, send it to a quarantine server :0 fhw * > 10485760 | formail -i "To:equarantine@domain.net" # Remove emails with attachments with "bad" extensions :0 HB * ^Content-[^:]:.*(file)?name${WS}*=.+\.(pif|i386|src|bhx|vbs) /dev/null # Run clamav if there is an attachment :0 * ^Content-Type:.*(attachment|multipart) { CLAMAV= 'clamdscan --no-summary --stdout -' EXIT_CODE=$? #any issue? :0: * −1^0 * $EXIT_CODE^0 !clamav-error@domain.net# any virus? :0 fwh * CLAMAV ?? : \/.* FOUND | formail -I "X-ClamAV: $MATCH" -I"Subject: virus ${MATCH} found - ${SUBJ}" } # Check if spamprobe classifies the mail as spam at 98% or more :0 afwh: * ^X-SpamProbe: SPAM 0.9[8-9] | formail -I"Subject:***SPAM***${SUBJ}" # If not a spam, or if the score is low, check with spamassassin :0 fw | spamc :0: * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* { #Train spamprobe with this email :0 |spamprobe spam # modify the subject and sent it :0 fwh | formail -I"Subject:***SPAM***${SUBJ}" }
In this configuration, report_safe must be set to 0 and rewrite_header cannot be used in SpamAssassin configuration files to ensure that the email is not altered before it is sent to SpamProbe. Otherwise, the SpamProbe will be skewed by the words introduced systematically in spams by SpamAssassin.