Advanced SpamAssassin Configuration



SpamAssassin can be a very powerful tool in combating spam, especially when customized properly. While SpamAssassin will work to prevent blatant spam as soon as it’s enabled, trickier spam may require custom rules and filters to be configured.

In most cases people deal with Spam retroactively, by blacklisting and white listing domains. However SpamAssassin (SA) is much more flexible than this. Spam Assassin will read your mail and 'test' it for various 'spam like' characteristics. The sum of all the test scores becomes the Spam Score for the message. You then set your maximum allowed Spam Score and anything that is higher than your set Spam Score will be marked as Spam and delivered to the appropriate destination (either the Trash or the Spam directory).

 

Your Spam Assassin Configuration is directly controlled by a file named 'user_prefs'.


If you use cPanel, you can find this file at;

/home/<user>/.spamassassin/user_prefs


If you use Plesk, you can find this file at;
/var/qmail/mailnames/<domain>/<mailbox>/.spamassassin/user_prefs

By default, this file contains your Spam Score, as well as any custom Whitelists / Blacklists that you've setup within Spam Assassin's configuration within cPanel.

  

The White List and Black List rules are quite apparent, when looking at the file, however the Default Spam Assassin rule set can be greatly improved by adding a few custom filters. I generally begin by adding these following rules, which change the weights a scoring of different Spam Flags within the Spam Assassin Configuration;

 

score HTML_IMAGE_RATIO_02 1.2

score RDNS_NONE 2

score T_REMOTE_IMAGE 1.2

score URIBL_DBL_SPAM 3

score MIME_HTML_ONLY 1.2

score HTML_IMAGE_ONLY_32 1.5

score HTML_IMAGE_ONLY_28 1.5

score RCVD_IN_BRBL_LASTEXT 3

score HTTP_ESCAPED_HOST 3

score RP_MATCHES_RCVD 0

score BAYES_00 BODY 0

score SPF_FAIL 3.0

score SPF_FAIL 3

score SPF_HARDFAIL 5.0

score SPF_SOFTFAIL 2.0

score TVD_RCVD_IP 2.0

score T_DKIM_INVALID 3.0

score T_END_FUTURE_EMAILS 2.5

score T_FSL_HELO_BARE_IP_2 1.5

score T_REMOTE_IMAGE 1.0

score URIBL_DBL_SPAM 5.0

score URIBL_JP_SURBL 5.0

score URIBL_RHS_DOB 2.5

score URIBL_SC_SURBL 5.0

score URIBL_WS_SURBL 5.0

 

Adding these lines of coding below any rules that you already have would help to weed out any spoofed emails, as well as unauthenticated emails sent from PHP scripts or compromised websites, which is how most spam is sent out. You'll also want to set your Spam Score to 4 or 5, though I personally recommend 4. The normal default Spam Score that SpamAssassin uses is 5, though it can go down to 0 and up to 10. Its advised to remember that the lower the score the more restrictive the filter will be so a 0 will mark practically everything as spam and a 10 means that any message with 10 or less will not be marked as spam. I'd also strongly advise turning off Auto Delete and configuring a Spam Folder, as this may flag legitimate emails as spam if the sender does not properly authenticate their emails.

More information on what the lines added to the user_perfs can be found here.

 

Posted in
Last update:
2016-08-19 09:02
Average rating:0 (0 Votes)