SpamAssassin Installed in 10 minutes.

The easiest way to install third parties software on FreeBSD is to install from the ports. This can't be any easier: become root, go to the directory of the software you want to install and type make install. That's all! Your software is installed. The Makefile takes care of everything. From fetching the source and the patches, to installing it into the right place. You are then ready to use your new installed software.

Install


In our example, we are going to install SpamAssassin from the ports. This example is suitable for a small company with up to a few dozen mailboxes. 
# cd /usr/ports/mail/p5-Mail-SpamAssassin
# make config

# cd /usr/ports/mail/p5-Mail-SpamAssassin
# make config

The make config command will present you with a screen like below, where you can choose the SpamAssassin options you want to install.

Some of the options are already selected by default, leave them untouched. Just make sure to select the following ones.

  • SACOMPILE is used to improve SpamAssassin's performance.
  • GNUPG is used by sa-update to fetch the latest versions of the SpamAssassin's rules.

SACOMPILE is an important option to improve SA's performance. I ran quick tests on one of my servers. Without the rules compiled, SA takes an average of 5.4 seconds to process the messages. With compiled rules the messages are processed in an average of 3.6 seconds.

Your screen should now look like this:
http://fred.velvnet.com/sa-config.png


Now that you have configured the options you want for SpamAssassin, you can build and install the software. 

# make install
...

# make install
...

At this point, SpamAssassin should be installed, but check your terminal for any errors.

Configure


SpamAssassin's configuration files are all located in the directory /usr/local/etc/mail/spamassassin. The installation process creates a sample configuration file. Just use this file as a starting point for your configuration. 

# cd /usr/local/etc/mail/spamassassin
# cp local.cf.sample local.cf
# vi local.cf

# cd /usr/local/etc/mail/spamassassin
# cp local.cf.sample local.cf
# vi local.cf


Here are the lines you want to comment out of your configuration file. 
#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
trusted_networks 172.16.1.
...
#   Set the file-locking method (flock is not safe over NFS, but it is faster)
#
lock_method flock
...
#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
...

# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
trusted_networks 172.16.1.
...
# Set the file-locking method (flock is not safe over NFS, but it is faster)
#
lock_method flock
...
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
...


  • trusted_networks You indicate the IP address of your network. We suppose that you are not sending spam to your co-workers or friends. There is no need to process the mail you are sending.
  • lock_method flock The comment says it all. SpamAssassin is faster when not using NFS. If you are not using a remote file system you should consider commenting out this option.
  • bayes_ignore_header Use the keyword to ignore some of the headers in the bayesian filter. Some spammers include fake well-known headers to try to mislead the bayesian filters.


You are almost done with the configuration. Before you start your anti-spam software, you should get the latest version of the rules and compile them. As we describe it, compiled rules improve performance. The first time you start sa-update you can use the flag --nogpg. You have not installed the GPG key on your system yet. This will allow sa-update to get and install the new rules as well as the GPG key. Next time you run sa-update you will not need that flag since your system will have the keys installed. 
# sa-update -nogpg -D --channel updates.spamassassin.org
... 
# sa-compile
...

# sa-update -nogpg -D --channel updates.spamassassin.org
...
# sa-compile
...

You are now ready to run SpamAssassin

Start spamd


Your anti-spam software is now installed and configured. You just need to start its daemon.

The first thing is to tell BSD auto-reboot command script utility (rc) that it needs to start the daemon when it boots. For that, simply add the variable spamd_enable="YES" in your /etc/rc.conf file 
# vi /etc/rc.conf
...
spamd_enable="YES"
...

# vi /etc/rc.conf
...
spamd_enable="YES"
...


Next time your systems reboots, the SpamAssassin daemon spamd will be started automatically.

Everything is now ready. Just type the following command to start the daemon 
# /usr/local/etc/rc.d/sa-spamd start

# /usr/local/etc/rc.d/sa-spamd start


You can test if everything works fine by sending an email to the daemon. You can use the command spamc for that. 
$ cat ~fred/mailtest.eml | spamc
From akstcadsourcemediamnsdgs@adsourcemedia.com Sun Mar 23 10:00:47 2008
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on pspec.kascorp.com
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.4 required=5.0 tests=INVALID_DATE,
	RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,
	RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SPF_SOFTFAIL,URIBL_AB_SURBL,
	URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB,URIBL_SC_SURBL
	autolearn=failed version=3.2.4
X-Spam-Report: 
	*  1.7 INVALID_DATE Invalid Date: header (not RFC 2822)
	*  2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
	*      [Blocked - see <http://www.spamcop.net/bl.shtml?78.191.143.59>]
...

$ cat ~fred/mailtest.eml | spamc
From akstcadsourcemediamnsdgs@adsourcemedia.com Sun Mar 23 10:00:47 2008
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on pspec.kascorp.com
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.4 required=5.0 tests=INVALID_DATE,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,
RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,SPF_SOFTFAIL,URIBL_AB_SURBL,
URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB,URIBL_SC_SURBL
autolearn=failed version=3.2.4
X-Spam-Report:
* 1.7 INVALID_DATE Invalid Date: header (not RFC 2822)
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?78.191.143.59>]
...


As you can see, SpamAssassin adds a few headers in your mail as a result of processing. The fields X-Spam-Flag, X-Spam-Level are the ones you are going to use to filter the spam either in your Mail Transfer Agent (MTA) or in the mail software you are using every day to read your email.

Using SpamAssassin


Now that you have SpanAssassin installed, you need to send your incoming email through it. You can configure your MTA (Mail Transfer Agent) to use SpamAssassin as a filter, or use the procmail program to tag the email before it is saved into your INBOX.

Using your MTA to filter the spam

You can add the following rule to your exim configuration file. This rule will tag all the emails as spam or not spam. 

acl_check_data:

  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = mailnull:true
  warn  message = X-Spam-Report: $spam_report
        spam = mailnull:true

  deny message = Spam score too high ($spam_score)
        spam = mailnull:true
        condition = ${if >{$spam_score_int}{150}{1}{0}}

acl_check_data:

warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = mailnull:true
warn message = X-Spam-Report: $spam_report
spam = mailnull:true

deny message = Spam score too high ($spam_score)
spam = mailnull:true
condition = ${if >{$spam_score_int}{150}{1}{0}}


With this exim rule, all the messages with a spam_score higher than 15.0 will be automatically rejected. But all other emails will go thru with their tags spam or not spam. You can use your mail software to filter these potential spams. Here is an example of a rule you can use in the Mac OS Mail.app. This rule will send all the emails tagged as spam to your Junk folder.

http://fred.velvnet.com/SpamRule.png


Using procmail to filter your mail

You need to create a .forward into your home directory as shows below. This will tell your MTA to filter your mail using procmail. 
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"

"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"


Add the following rules to your .procmailrc file, located in your home directory. 

:0fw: spamc.lock
| /path/to/spamc

:0:
* ^X-Spam-Status: Yes
spambox

:0fw: spamc.lock
| /path/to/spamc

:0:
* ^X-Spam-Status: Yes
spambox


The first rule will send the mail thru SpamAssassin, The second rule will catch all the messages with the field X-Spam-Status set to YES, and save them into the folder spambox.

Administration


There is not a lot to do to administer SpamAssassin. You just need to watch once in a while the log files to check if everything goes as expected. You also need to update the rules. Once every week seems reasonable. You can write a simple shell script to do the updates and compile. 
#!/usr/bin/sh
#
sa-update --channel updates.spamassassin.org
sa-compile

#!/usr/bin/sh
#
sa-update --channel updates.spamassassin.org
sa-compile

You can configure cron to call this script once a week. Call crontab -e and add the following line. 
@weekly       /path/to/your/script

@weekly /path/to/your/script


References



 
This article has been posted on Mar 23, 2008 by Fred Cirera @ 09:33. This article has been registered in the categories spam, exim,

Leave a message

(Required)
(Required and not displayed)
(Optional)
obfuscated letters Enter the text shown in the image