book

SpamAssassin

by Alan Schwartz

July 2004

Intermediate to advanced

224 pages

6h 13m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Scope of This BookVersions Covered in This BookConventions Used in This BookUsing Code ExamplesComments and QuestionsAcknowledgments
1.1. How SpamAssassin Works1.2. Organization of SpamAssassin1.3. Mailers and SpamAssassin1.3.1. Scanning at the MTA1.3.2. Scanning at the MDA1.3.3. Scanning with a POP Proxy1.3.4. Scanning at Multiple Places1.4. The Politics of Scanning
2.1. Prerequisites2.2. Building SpamAssassin2.2.1. What Gets Installed2.2.2. Basic Configuration2.2.3. Testing SpamAssassin2.2.4. SpamAssassin Options2.2.4.1. Locating configuration files2.2.4.2. Scripting and testing options2.2.4.3. Untagging2.2.4.4. Reporting2.3. Invoking SpamAssassin with procmail2.4. Using spamc/spamd2.4.1. Setting up spamd2.4.1.1. Connection type2.4.1.2. Running as a non-root user2.4.1.3. Other security features2.4.1.4. Locating configuration files2.4.2. Testing spamc2.4.3. spamc Options2.4.3.1. Connection type2.4.3.2. Handling problems2.4.4. Invoking spamc with procmail2.4.5. Changing SpamAssassin Configuration Files2.5. Invoking SpamAssassin in a Perl Script2.6. SpamAssassin and the End User2.6.1. True Negatives (ham)2.6.2. True Positives (spam)2.6.3. False Positives2.6.4. False Negatives
3.1. The Anatomy of a Test3.2. Modifying the Score of a Test3.2.1. Modifying Scores Systemwide3.2.2. Modifying Scores on a Per-User Basis3.2.3. Storing Scores in an SQL Database3.2.4. Storing Scores in an LDAP Database3.3. Writing Your Own Tests3.3.1. Header Tests3.3.1.1. Configurable header tests (SpamAssassin 3.0)3.3.1.2. check_rbl( )3.3.1.3. check_rbl_txt( )3.3.1.4. check_rbl_sub( )3.3.2. Body Tests3.3.3. URI Tests3.3.4. Meta Tests3.4. The Built-in Tests3.4.1. 10_misc.cf3.4.2. 20_fake_helo_tests.cf3.4.3. 20_body_tests.cf3.5. Whitelists and Blacklists3.5.1. Systemwide Whitelists3.5.1.1. Whitelisting senders3.5.1.2. Whitelisting senders by relay3.5.1.3. Whitelisting recipients3.5.2. Systemwide Blacklists3.5.3. Per-User Whitelists and Blacklists
4.1. Autowhitelisting4.1.1. Principles4.1.2. Configuration4.1.2.1. Configuring per-user autowhitelists4.1.2.2. Configuring a system-wide autowhitelist4.1.3. Using an Autowhitelist4.2. Bayesian Filtering4.2.1. Principles4.2.2. Configuration4.2.3. Training4.2.4. Daily Use4.2.4.1. Ongoing training4.2.4.2. Expiration and importing4.2.5. Storing Bayesian Data in SQL4.2.6. A Sitewide Bayesian Classifier
5.1. Spam-Checking at Delivery5.2. Spam-Checking During SMTP5.2.1. The Milter Interface5.2.2. MIMEDefang5.2.2.1. Installing MIMEDefang5.2.2.2. Starting the MIMEDefang multiplexor5.2.2.3. Checking multiplexor status5.2.2.4. Starting the MIMEDefang milter5.2.2.5. Verifying the MIMEDefang processes5.2.2.6. Customizing MIMEDefang5.2.3. SpamAssassin Integration5.2.3.1. Adding sitewide Bayesian filtering5.2.3.2. Adding sitewide autowhitelisting5.2.3.3. Adding per-domain or per-user streaming5.3. Building a Spam-Checking Gateway5.3.1. sendmail Configuration5.3.2. SpamAssassin Configuration5.3.3. MIMEDefang Configuration5.3.4. Routing Email5.3.5. Internal Server Configuration5.3.6. Testing
6.1. Postfix Architecture6.2. Spam-Checking During Local Delivery6.3. Spam-Checking All Incoming Mail6.3.1. Using a Program as a Content Filter6.3.2. Using a Daemon as a Content Filter6.3.3. Filtering Before Address-Rewriting6.4. Building a Spam-Checking Gateway6.4.1. Installing amavisd-new6.4.2. Configuring amavisd-new6.4.2.1. Essential options6.4.2.2. MTA options6.4.2.3. Daemon process options6.4.2.4. Distinguishing local domains6.4.2.5. Postfix-specific options6.4.2.6. Logging options6.4.2.7. Spam-handling options6.4.2.8. Recipient whitelists6.4.2.9. Sender whitelists and blacklists6.4.2.10. SpamAssassin settings6.4.2.11. Storing recipient preferences in external databases6.4.3. Basic Operations6.4.4. Adding Sitewide Bayesian Filtering6.4.5. Adding Sitewide Autowhitelisting6.4.6. Routing Email Through the Gateway6.4.6.1. Postfix changes6.4.6.2. Routing changes6.4.6.3. Internal server configuration
7.1. qmail Architecture7.2. Spam-Checking During Local Delivery7.3. Spam-Checking All Incoming Mail7.4. Building a Spam-Checking Gateway7.4.1. Installation7.4.2. Initialization7.4.3. Basic Operations7.4.4. Per-User Spam Preferences7.4.5. Sitewide Bayesian Filtering7.4.6. Sitewide Autowhitelisting7.4.7. Routing Email Through the Gateway7.4.7.1. qmail changes7.4.7.2. Routing changes7.4.7.3. Internal server configuration
8.1. Spam-Checking via procmail8.2. Spam-Checking All Incoming Mail8.3. Using Routers and Transports8.3.1. Configuring the Transport8.3.2. Configuring the Router8.3.3. Using Per-User Spam-Checking Preferences8.4. Using exiscan8.4.1. Installing exiscan8.4.2. Writing acl_smtp_data8.4.3. Using Per-User Preferences8.5. Using sa-exim8.5.1. Buiding sa-exim for Static Integration8.5.2. Building sa-exim for Dynamic Integration8.5.3. Configuring SpamAssassin for sa-exim8.5.4. Configuring sa-exim8.5.4.1. Choosing messages on which to run SpamAssassin8.5.4.2. Choosing messages on which to take antispam actions8.5.4.3. Limiting how much of the message is fed to SpamAssassin8.5.4.4. Allowing SpamAssassin to rewrite message bodies8.5.4.5. Archiving messages when actions are taken8.5.4.6. Passing SMTP senders and recipients to SpamAssassin8.5.4.7. Setting a timeout on spamc8.5.4.8. Handling messages that cause sa-exim errors8.5.4.9. Teergrubing8.5.4.10. Accepting and discarding spam8.5.4.11. Rejecting spam8.5.4.12. Temporarily failing spam8.5.4.13. Archiving accepted spam8.5.4.14. Archiving non-spam messages8.5.4.15. Debugging sa-exim8.5.5. Using Per-User Preferences8.6. Building a Spam-Checking Gateway8.6.1. Routing Email Through the Gateway8.6.1.1. Exim domain lists8.6.1.2. Routing changes8.6.1.3. Internal server configuration8.6.2. Adding Sitewide Bayesian Filtering8.6.3. Adding Sitewide Autowhitelisting

9.1. Using Pop3proxy9.1.1. Installing Pop3proxy9.1.2. Starting Pop3proxy9.1.3. Configuring the POP Client9.2. Using SAproxy Pro9.2.1. Installing SAproxy Pro9.2.2. Starting SAproxy Pro9.2.3. Configuring the POP Client9.2.4. Configuring SAproxy Pro
A.1. General Spam ResourcesA.2. Spam-FilteringA.3. SpamAssassinA.4. Mail Transport AgentsA.4.1. SendmailA.4.2. PostfixA.4.3. qmailA.4.4. EximA.5. Related Mail ToolsA.5.1. procmailA.5.2. MIMEDefangA.5.3. amavisd-newA.5.4. sa-eximA.5.5. exiscan-aclA.5.6. qmail-scanner

Overview

The annoyance factor for individual users whose email is crammedwith pitches for pornography, absurd moneymaking schemes, anddubious health products is fierce. But for organizations, the costof spam in lost productivity and burned bandwidth is astronomical.While society is grappling with a solution to the burgeoning crisisof spam proliferation, the pressure is on system administrators tofind a solution to this massive problem in-house. And fast. Sysadmins can field scores of complaints and spend months testingsoftware suites that turn out to be too aggressive, too passive, ortoo complicated to setup only to discover that SpamAssassin (SA),the leading open source spam-fighting tool, is free, flexible,powerful, highly-regarded, and remarkably effective. The drawback?SpamAssassin's lack of published documentation. SpamAssassinby Alan Schwartz, is the only published resource devoted toSpamAssassin and how to integrate it effectively into yournetworks. This clear, concise guide clarifies the installation,configuration, and use of the SpamAssassin spam-checking system(versions 2.63 and 3.0) for Unix system administrators using thePostfix, Sendmail, Exim, or qmail mail servers, helpingadministrators make the right integration decision for theirparticular environments. It covers concrete advice on how to:

Customize SpamAssassin's rules, and even create new ones TrainSpamAssassin's Bayesian classifier, a statistical engine fordetecting spam, to optimize it for the sort of email that youtypically receive

Block specific addresses, hosts, and domains using third-partyblacklists like the one maintained by Spamcop.net.

Whitelist known good sources of email, so that messages fromclients, coworkers, and friends aren't inadvertently lost.

Configure SpamAssassin to work with newer spam-filteringmethods such as Hashcash (www.hashcash.org) and Sender PolicyFramework (SPF).

Sys admins, network administrators, and ISPs pay for spam withhours of experimentation and tedious junk email management, frayeduser tempers, and their sanity. SpamAssassin, together with thisessential book, give you the tools you need to take back yourorganization's inboxes. "Detailed, accurate andinformative--recommended for spam-filtering beginners and expertsalike." --Justin Mason, SpamAssassin development team