Difference between revisions of "SpamAssassin Configuration"

(Created page with ' == Introduction == We use Spamassassin to tag e-mails with ** SPAM ** if they are found to be spam. Spamassassin uses several rule sets in determining what is spam and what i...')
 
 
(19 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
 
== Introduction ==
 
== Introduction ==
  
 +
For an overview of how we use SpamAssassin in our department, please first read our [[SpamAssassin]] article.
  
We use Spamassassin to tag e-mails with ** SPAM ** if they are found to be spam.
+
SpamAssassin uses a set of rules that control how it scores each message. It considers each rule in turn and if it determines that a rule applies to or matches the message, then that rule's score is added to the message's overall scoreSome rules have negative scores, indicating that messages with those features are probably not spam.  SpamAssassin's default rule scores have been chosen based on experience with large quantities of both spam and non-spam messages.
 
 
Spamassassin uses several rule sets in determining what is spam and what is non-spam.  Points or "hits" are given to e-mails for various levels of "spammedness."  The more hits your e-mail gets, the better chance it will be tagged as spam.  Once the e-mail reaches the globally define required_hits level, the mail is tagged as spam.  By default, CS requires a hit level of 7.0 or above for a mail message to be considered spam.
 
 
 
If you receive mail tagged as ** SPAM **, look for an X-Spam-Status line in your mail headers to see the various tests your e-mail passed for being spamSometimes your mail can pass several of the spam tests and yet still doesn't get tagged as spam, as many normal,  legitimate e-mails have characteristics of spam within them.  The more tests that are passed as spam, the higher the hit level, the more chance of the e-mail getting tagged as spam.
 
 
 
You can use your favorite mail-filtering program to filter mail tagged as ** SPAM **However, we recommend you do not simply delete such mail, but move spam-tagged mail to a folder to review later, in case there are some legitimate mails that were tagged as spam.
 
 
 
 
 
== Customizing How Spamassassin Works For You ==
 
 
 
  
Spamassassin use both global and user parameters for custom tagging configurationsAs a user, you can adjust the user settings.   To do so, you'll need to first create a .spamassassin directory (don't forget the dot at the beginning)
+
By default, the CS Department uses a threshold of 7 for its spam classification.  Any message whose overall score is equal to or greater than 7 is flagged as spamThe [[SpamAssassin]] page describes what is done by default to spam-flagged messages. The [[Filtering Spam with Procmail]] page describes how to automatically filter messages that have been flagged as spam.
  
mkdir .spamassassin
+
== Create a user_prefs File ==
  
Then, create the configuration file called user_prefs
+
SpamAssassin uses a configuration file in your home directory (on our [[:Category:Linux Clients|Linux clients]]) to supplement its Department-wide configuration.  You can use that file to customize SpamAssassin's behavior for your messages.
  
touch user_prefs
+
To create an empty config file, from a command prompt on one of our Linux clients, run the following commands:
(the touch command merely creates an empty file.)
 
  
In your .spamassassin file/user_prefs file, there are many parameters you can change.  The most popular one here is the required_hits level. This will allow you to decide how many spamassassin test hits your incoming e-mail message needs to have before being tagged as ** SPAM **.  The lower the required_hits number, the easier it is for mail (legimate or spam) to be  tagged as spam (this could lead to false positives).  The higher the number, the less items tagged as spam.  (More spam will be untagged.)  As mentioned earlier, CS uses a required_hits level 7.0 by default  You can change this to a different level with by adding the required_hits parameter to user_prefs (the numbers can be decimals).
+
mkdir ~/.spamassassin
 +
touch ~/.spamassassin/user_prefs
  
required_hits 5.4
+
== Change Your Spam Score Threshold ==
  
(more messages will be tagged as spam, however, some may be legitimate e-mails.)
+
The most common thing to customize is your spam score threshold.  The default value for the CS mailserver is 7, which is a very conservative setting--it's pretty unlikely to flag something as spam when it's not, but it also lets a fair amount of spam in untagged.
  
or
+
The most common threshold for SpamAssassin is 5.  Some people have good results with thresholds as low as 2.  Thresholds can be decimal numbers, so you can use, say, 5.3 if you want.
  
required hits, 9.2
+
To set your threshold to 5.3, put the following in your <tt>~/.spamassassin/user_prefs</tt> file:
  
(less messages will be tagged as spam.)
+
<pre>
 +
required_score 5.3
 +
</pre>
  
 +
== Prevent Certain Email Addresses from Being Considered Spam ==
  
 +
Sometimes SpamAssassin will flag a message as spam even if it's not.  If that happens frequently to the same sender, you can ''whitelist'' that sender's email address to tell SpamAssassin that email from that person or organization should never be considered spam.  You do this with the <tt>whitelist_from</tt> configuration directive.
  
 +
If sally@example.com often gets flagged as spam, you can whitelist her with the following line in your <tt>~/.spamassassin/user_prefs</tt> file:
  
 +
<pre>
 +
whitelist_from sally@example.com
 +
</pre>
  
 +
You can whitelist entire domains, if you want.  Let's say that you receive several newsletters from a company whose email addresses all end with "@company.com".  You can whitelist all of those at once with the following directive:
  
 +
<pre>
 +
whitelist_from *@company.com
 +
</pre>
  
 +
== Our Default Settings ==
  
 +
For reference, here are the default settings we use for the Department:
  
 +
<pre>
 +
required_score 7
  
 +
rewrite_header Subject **SPAM**
 +
clear_headers
 +
add_header spam Flag _YESNOCAPS_
 +
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
  
 +
fold_headers 0
 +
</pre>
  
 +
== More Information ==
  
 +
Other <tt>user_prefs</tt> file options can be found in the <tt>Mail::SpamAssassin::Conf</tt> man page or at [http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html Mail::SpamAssassin::Conf] on the SpamAssassin website.
  
  
[[category:Mail]]
+
[[Category:Spam Filtering At CS]]

Latest revision as of 14:53, 30 November 2018

Introduction

For an overview of how we use SpamAssassin in our department, please first read our SpamAssassin article.

SpamAssassin uses a set of rules that control how it scores each message. It considers each rule in turn and if it determines that a rule applies to or matches the message, then that rule's score is added to the message's overall score. Some rules have negative scores, indicating that messages with those features are probably not spam. SpamAssassin's default rule scores have been chosen based on experience with large quantities of both spam and non-spam messages.

By default, the CS Department uses a threshold of 7 for its spam classification. Any message whose overall score is equal to or greater than 7 is flagged as spam. The SpamAssassin page describes what is done by default to spam-flagged messages. The Filtering Spam with Procmail page describes how to automatically filter messages that have been flagged as spam.

Create a user_prefs File

SpamAssassin uses a configuration file in your home directory (on our Linux clients) to supplement its Department-wide configuration. You can use that file to customize SpamAssassin's behavior for your messages.

To create an empty config file, from a command prompt on one of our Linux clients, run the following commands: 

mkdir ~/.spamassassin
touch ~/.spamassassin/user_prefs

Change Your Spam Score Threshold

The most common thing to customize is your spam score threshold. The default value for the CS mailserver is 7, which is a very conservative setting--it's pretty unlikely to flag something as spam when it's not, but it also lets a fair amount of spam in untagged.

The most common threshold for SpamAssassin is 5. Some people have good results with thresholds as low as 2. Thresholds can be decimal numbers, so you can use, say, 5.3 if you want.

To set your threshold to 5.3, put the following in your ~/.spamassassin/user_prefs file: 

required_score 5.3

Prevent Certain Email Addresses from Being Considered Spam

Sometimes SpamAssassin will flag a message as spam even if it's not. If that happens frequently to the same sender, you can whitelist that sender's email address to tell SpamAssassin that email from that person or organization should never be considered spam. You do this with the whitelist_from configuration directive.

If sally@example.com often gets flagged as spam, you can whitelist her with the following line in your ~/.spamassassin/user_prefs file: 

whitelist_from sally@example.com

You can whitelist entire domains, if you want. Let's say that you receive several newsletters from a company whose email addresses all end with "@company.com". You can whitelist all of those at once with the following directive: 

whitelist_from *@company.com

Our Default Settings

For reference, here are the default settings we use for the Department: 

required_score 7

rewrite_header Subject **SPAM**
clear_headers
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_

fold_headers 0

More Information

Other user_prefs file options can be found in the Mail::SpamAssassin::Conf man page or at Mail::SpamAssassin::Conf on the SpamAssassin website.