Skip to content, skip to search, or skip to navigation

Using SpamAssassin to filter Spam

Setup
Configuration / Tuning
Configuration Examples (whitelisting, etc.)
Using Clamassassin
Forwarding Mail from .procmailrc
Resources

As of April 2006, SpamAssassin and clamassasin are enabled by default for all new accounts.

Note: We strongly recommend you read the following man pages: forward, procmail, procmailex, procmailrc, and spamassassin. Also, a note on configuration: please do not include large blacklists in your user_prefs file, it is far better and more efficient to whitelist the known okay users and lower your spam threshold to something really smallish (2.0 or so). Large blacklists create havoc on our mail server. Please do not use any versions of spamassassin other than the one in /apps2.

Setup 

  1. Create a .forward (dot forward) file in your home directory and add the following line, including the quotes (substitute your username for user_name in the string below).

    "|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 #user_name"

  2. Create a .procmailrc (dot procmailrc) with the following lines.

    PATH=$HOME/bin:/usr/bin:/usr/ucb:/bin:/apps2/perl-5.8.2/bin:/usr/local/bin:/apps2/spamassassin-3.1.0/bin
    MAILDIR=$HOME/mail # You'd better make sure it exists
    # Uncomment the next line (remove initial #) to start logging. Create the file with 'touch ~/procmail-log'.
    #LOGFILE=$HOME/procmail-log
    LOCKFILE=$HOME/.lockmail
    VERBOSE=yes


    # Only email less than 95k, send it through spamassassin
    :0fw: spamassassin.lock
    * < 95000
    | perl -T -w /apps2/spamassassin-3.1.0/bin/spamassassin
    # Anything that is marked as Spam, put the email into the 'spam' folder
    :0:
    * ^X-Spam-Status: Yes
    spam


  3. If you are logging procmail activity, be sure to create the file ~/procmail-log

Configuration / Tuning

Using SpamAssassin will automatically create a directory and a file in ~/.spamassassin/user_prefs.  By changing values in your user_prefs file, you can fine tune your spam filtering and tailor it to your specific needs.

You can uncomment any of the options in your user_prefs file and change the default values.   Here is the default user_prefs file:

# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
########################################################################

# How many hits before a mail is considered spam.
# required_hits 5

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com

# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn

# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
# definitely want to uncomment the following lines. They will switch off some
# rules that detect 8-bit characters, which commonly trigger on mails using CJK
# character sets, or that assume a western-style charset is in use.
#
# score HTML_COMMENT_8BITS 0
# score UPPERCASE_25_50 0
# score UPPERCASE_50_75 0
# score UPPERCASE_75_100 0


Examples

Example 1: Setting a new spam threshold

If you think that the threshold for marking an email as Spam is too high, you can uncomment (remove the #) and change the "required_hits" value to 7.

required_hits 7

The above line indicates that email will not be marked as Spam if its score is less than 7.   Most users lower the threshold below 5 in practice.

Example 2: Whitelisting

Whitelisting an address instructs SpamAssassin to never mark mail from that address as Spam.

whitelist_from *@astro.berkeley.edu

The above line tells SpamAssassin not to mark any email from within astro.berkeley.edu as Spam.

whitelist_from lisa@yahoo.com

The above line tells SpamAssassin not to mark any email from lisa@yahoo.com as Spam.

Example 3: Blacklisting

Blacklisting an address instructs SpamAssassin to always mark mail from that address as Spam.

blacklist_from *@annoying_domain.com

The above line tells SpamAssassin to mark any email from annoying_domain.com as Spam.

Using Clamassassin


Clamassassin is a spamassassin-like program that runs email passed through it through clamav's clamscan software.  Clamav is a free version of antivirus scanning software.  The effect of running clamassassin on all incoming email for your account is to test it for viruses in the database (which is updated on a daily if not more frequent basis) and to test it against an updated list of "phishing" scam email signatures.  To enable your account to use clamassassin, insert the following records in your .procmailrc file between where spamassassin is run and where procmail tries to folder spam email in your spam folder:

# Pass all email through clamassassin
:0fw: clamav.lock
| /usr/local/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
virus

This will put the infected files and phishing scam emails (paypal, bank emails, etc) into your virus folder, which you will delete at your leisure (it is not recommended to read virus-infected email, best just to delete this folder periodically).

Forwarding email


Users can forward email that makes it through spamasssassin and clamassassin simply by adding at the end of their .procmailrc file the following records (replace forwarding_email_address with the forwarding address):

:0
! forwarding_email_address

This will cause all email that doesn't get foldered by spamassassin or clamassassin to be forwarded to the forwarding_email_address.

As an alternative, Saurabh Jha suggests the following strategy to prevent mail forwarding loops:
:0
* ! ^X-Loop: username@astro.berkeley.edu
{
:0fwh
| formail -A"X-Loop: username@astro.berkeley.edu"
:0
! forwarding_email_address
}

where username is the user's astronomy department user name and forwarding_email_address is the address to which mail should be forwarded. A copy of the forwarded message can also be saved in the user's astro INBOX by changing the :0 within brackets to :0c




Useful Resources

$LastChangedDate:: 2012-06-29#$