Spamassassin (3.3)

I've tried a number of solutions over the years, and it basically comes back to either tweaking Postfix or tweaking a Spamassassin rule, maybe adding one every year or so.

Initial
chown -R debian-spamd:debian-spamd /var/lib/spamassassin sa-update -v perl -MCPAN -e shell

I generally follow the defaults. Inside:

o conf prerequisites_policy ask o conf commit Install desired extra modules. In Debian, most of these are covered via the package manager.

quit

/etc/default/spamassassin
This is largely the default file, we're just turning stuff on, namely spamassassin itself and its cronjob.


 * 1) /etc/default/spamassassin
 * 2) Duncan Findlay


 * 1) WARNING: please read README.spamd before using.
 * 2) There may be security risks.

ENABLED=1
 * 1) Change to one to enable spamd

SAHOME="/var/lib/spamassassin/"


 * 1) Options
 * 2) See man spamd for possible options. The -d option is automatically added.


 * 1) SpamAssassin uses a preforking model, so be careful! You need to
 * 2) make sure --max-children is not set to anything higher than 5,
 * 3) unless you know what you're doing.

OPTIONS="--create-prefs --max-children 5 --helper-home-dir --username debian-spamd ${SAHOME} -s ${SAHOME}spamd.log"

PIDFILE="/var/run/spamd.pid"
 * 1) Pid file
 * 2) Where should spamd write its PID to file? If you use the -u or
 * 3) --username option above, this needs to be writable by that user.
 * 4) Otherwise, the init script will not be able to shut spamd down.


 * 1) Set nice level of spamd
 * 2) NICE="--nicelevel 15"

CRON=1
 * 1) Cronjob
 * 2) Set to anything but 0 to enable the cron job to automatically update
 * 3) spamassassin's rules on a nightly basis

/etc/spamassassin/local.cf
There's not too much special to this configuration, save for some of the special rules.

# # #
 * 1) This is the right place to customize your installation of SpamAssassin.
 * 1) See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
 * 2) tweaked.
 * 1) Only a small subset of options are listed below

# rewrite_header Subject [?SPAM? (_SCORE_)]
 * 1)   Add *****SPAM***** to the Subject header of spam e-mails

all_spam_to abuse@example.com more_spam_to postmaster@example.com more_spam_to administrator@example.com
 * 1) Whitelist rules


 * 1) Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago.
 * 1) Custom rules and adjustments. Most of these deal with the plague of hijacked account spam a couple years ago.

header   EMPTY_SUBJECT Subject =~ /^\s*(Re:\s*)*$/i score    EMPTY_SUBJECT 1 describe EMPTY_SUBJECT Sender simply does not know where to begin

score    MISSING_SUBJECT 1

header   __HAS_CC Cc =~ /./ header   __HAS_BCC Bcc =~ /./ header   __MULTI_TO_ADDRESSES  To =~ /([^\@]+\@){2,}/ header   __AUTO_RESPONSE Subject =~ /Auto Response/i

meta     IM_NOT_SPECIAL ((EMPTY_SUBJECT || MISSING_SUBJECT) && (__HAS_CC || __MULTI_TO_ADDRESSES || __HAS_BCC)) score    IM_NOT_SPECIAL 6 describe IM_NOT_SPECIAL Sending a message to multiple people without a subject

body     ADVICE_YOU_TO_VISIT /advice you to visit https?:\/\/([a-z0-9-]+\.)+[a-z]{2,7}(\/[^\s]*)?/i score    ADVICE_YOU_TO_VISIT 1 describe ADVICE_YOU_TO_VISIT I would suggest you visit this suspicious website

meta     AUTOREPLY_ADVICE (__AUTO_RESPONSE && ADVICE_YOU_TO_VISIT) score    AUTOREPLY_ADVICE 1 describe AUTOREPLY_ADVICE Spammy autoreply suggestive of a hijacked account


 * 1) End custom adjustments
 * 1) End custom adjustments

# report_safe 0
 * 1)   Save spam messages as a message/rfc822 MIME attachment instead of
 * 2)   modifying the original message (0: off, 2: use text/plain instead)

#
 * 1)   Set which networks or hosts are considered 'trusted' by your mail
 * 2)   server (i.e. not spammers)
 * 1) trusted_networks 212.17.35.

dns_available yes

# lock_method flock
 * 1)   Set file-locking method (flock is not safe over NFS, but is faster)

ok_locales en
 * 1) We get way too much foreign language spam

# required_score 5.0
 * 1)   Set the threshold at which a message is considered spam (default: 5.0)

#
 * 1)   Use Bayesian classifier (default: 1)
 * 1) use_bayes 1

#
 * 1)   Bayesian classifier auto-learning (default: 1)
 * 1) bayes_auto_learn 1

bayes_expiry_max_db_size 1048576

# bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Checker-Version
 * 1)   Set headers which may provide inappropriate cues to the Bayesian
 * 2)   classifier

# ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # shortcircuit USER_IN_WHITELIST      on shortcircuit USER_IN_DEF_WHITELIST   on shortcircuit USER_IN_ALL_SPAM_TO     on
 * 1)   Some shortcircuiting, if the plugin is enabled
 * 1)   default: strongly-whitelisted mails are *really* whitelisted now, if the
 * 2)   shortcircuiting plugin is active, causing early exit to save CPU load.
 * 3)   Uncomment to turn this on
 * 1) shortcircuit SUBJECT_IN_WHITELIST    on

# shortcircuit USER_IN_BLACKLIST      on shortcircuit USER_IN_BLACKLIST_TO    on
 * 1)   the opposite; blacklisted mails can also save CPU
 * 1) shortcircuit SUBJECT_IN_BLACKLIST    on

# shortcircuit ALL_TRUSTED            on
 * 1)   if you have taken the time to correctly specify your "trusted_networks",
 * 2)   this is another good way to save CPU

#
 * 1)   and a well-trained bayes DB can save running rules, too
 * 1) shortcircuit BAYES_99                spam
 * 2) shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

Lint
spamassassin --lint

Double-check that everything is okay.