LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-25-2003, 09:38 PM   #1
dcexplorer
LQ Newbie
 
Registered: Nov 2003
Distribution: Slackware
Posts: 6

Rep: Reputation: 0
SpamAssassin 2.6 -- truly amazing


I've been wrestling with a huge amount of spam coming through Linux mail servers that I manage, and I was stuck every morning entering new keywords into a keyword-based anti-spam filter, and it was just getting worse and worse.

Today I saw a review for SpamAssassin 2.6 on Slashdot and I decided to try it out. After some messing with some required libraries that I had to hunt down and install and messing with the procmail rules, I have SpamAssassin 2.6 running on three mail servers I administer, and it's like a miracle.

I have the email identified as spam going into a "spam" mail account, and after SpamAssassin catches some email, it puts in comments that explain why the email was tagged:

Content analysis details: (11.5 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.5 X_MSMAIL_PRIORITY_HIGH Sent with 'X-Msmail-Priority' set to high
0.5 X_PRIORITY_HIGH Sent with 'X-Priority' set to high
2.8 CHINA_HEADER Involves 'china.com'
0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.3 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
0.5 HTML_40_50 BODY: Message is 40% to 50% HTML
0.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 600-800 bytes of words
0.5 HTML_TITLE_EMPTY BODY: HTML title contains no text
1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
2.7 FORGED_MUA_OIMO Forged mail pretending to be from MS Outlook IMO
1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

Each "weirdness" it finds has a score; if all the scores add up to more than five, then the email is tagged as spam and you can have procmail put it wherever you want.

It does such a good job, all I have to do is to sit back and watch the logs. Truly amazing
 
Old 11-26-2003, 02:13 AM   #2
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
SpamAssassin is really great.

I myself did a little tweak: setup a procmail rule that discards spam getting more than 9 points from spamassassin. This rule never stopped anything but spam, though I use it for months now.

For me, spamassassin is set to allow all mails through, but mark spams. However, I reduced the default spam sensitivity from 5 to 3 points. This could result in more false positives, so I prepared a little script that scans the maillog and puts on the whitelist every single mail address to whom our users sent mail.

It would be also reasonable to put the from address of each received mail on the whitelist: since most of the spammers continuously change the from address in their mails, their addresses would never match an existing whitelist rule. However, if a spammer does not change the from address from time to time, that address could be easily denied with e.g. a separate sendmail rule. This seems logical.

The accummulated whitelist might give you the possibility to further increase the sensitivity of spamassassin.

Last edited by J_Szucs; 11-26-2003 at 02:26 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
spamassassin w/ procmail vs. spamassassin w/sendmail bleunuit Linux - Networking 1 08-01-2004 07:12 AM
The Amazing Database I Can't Use... Can I? supes Linux - Software 6 06-30-2004 10:53 AM
Linux = Amazing ooagentbender LinuxQuestions.org Member Success Stories 2 11-13-2003 08:02 AM
Slack (9.0) is truly amazing! PapaNoHair Slackware 26 05-07-2003 04:22 PM
amazing! CtrlAltDel Linux - Distributions 8 10-03-2002 06:55 PM


All times are GMT -5. The time now is 10:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration