Difference between revisions of "SpamAssassin Configuration"

Introduction

For an overview of how we use Spamassassin in our department, please, first visit our wiki article: [Spamassassin: Overview And Use In The Dept]

We use SpamAssassin to tag e-mails' Subject lines with ** SPAM ** if they are found to be spam.

SpamAssassin uses several rule sets in determining what is spam and what is non-spam. Points or "hits" are given to e-mails for various levels of "spammedness." The more hits your email gets, the better chance it will be tagged as spam. Once the email reaches the globally define required_hits level, the mail is tagged as spam. By default, CS requires a hit level of 7.0 or above for a mail message to be considered spam.

If you receive mail tagged as ** SPAM **, look for an X-Spam-Status: line in your mail headers to see the various tests your e-mail passed for being spam. Sometimes your mail can pass several of the spam tests and yet still doesn't get tagged as spam, as many normal, legitimate e-mails have characteristics of spam within them. The more tests that are passed as spam, the higher the hit level, the more chance of the e-mail getting tagged as spam.

To filter out spam email (using your favorite mail-filtering program), it's probably best to look for a X-Spam-Flag: YES header in the message, but you can also just look for ** SPAM ** in the subject line. In any case, we recommend you do not simply delete such mail, but move spam-tagged mail to a folder to review later, in case there are some legitimate mails that were tagged as spam.

Customizing How SpamAssassin Works For You

SpamAssassin use both global and user parameters for custom tagging configurations. As a user, you can adjust the user settings. To do so, you'll need to first create a .spamassassin directory (don't forget the dot at the beginning):

mkdir .spamassassin

Then, create the configuration file called user_prefs:

touch user_prefs

(The touch command merely creates an empty file.)

In your .spamassassin/user_prefs file, there are many parameters you can change. The most popular one here is the required_score parameter. (In older versions of SpamAssassin, this was called required_hits.) This will allow you to decide how many SpamAssassin test hits your incoming email message needs to have before being tagged as ** SPAM **. The lower the required_score number, the easier it is for mail (legimate or spam) to be tagged as spam (this could lead to false positives). The higher the number, the fewer items tagged as spam. (More spam will be untagged.) As mentioned earlier, CS uses a required_score level of 7.0 by default. You can change this to a different level by adding the required_score parameter to user_prefs (the numbers can be decimals).

required_score 5.4

(more messages will be tagged as spam, however, some may be legitimate e-mails.)

or

required_score 9.2

(fewer messages will be tagged as spam.)

Other user_prefs file options can be found in the Mail::SpamAssassin::Conf man page or at Mail::SpamAssassin::Conf on the SpamAssassin website.

Whitelists (or how to prevent some real mail from being tagged as spam.)

When you receive ** SPAM **-tagged mail from someone you know, you'll probably want to put that person's e-mail address on a whitelist, so that that person's e-mail doesn't get tagged as ** SPAM ** again.

To do that, add a whitelist_from line to your user_prefs file.

For example, say that email from your colleague mike@yahoo.com gets tagged as ** SPAM **.

Add:

whitelist_from mike@yahoo.com

to your user_prefs file. (It shouldn't matter where in the file you put it.)

Now email from mike@yahoo.com will not be tagged as spam when you receive it.

(You'll also notice that now, the X-Spam-Status: line in the mail headers from mike@yahoo.com includes "USER_IN_WHITELIST")

You can also whitelist an entire domain. For example, if you want all your incoming mail from blah.com to never be tagged as spam, add the following whitelist entry to user_prefs:

whitelist_from blah.com

If that does't work for you, try:

whitelist_from *@blah.com

For more information, please read ManualWhitelist on the SpamAssassin website.