]> Tweaking SpamAssassin 🌐:aligrant.com

Tweaking SpamAssassin

Alastair Grant | Tuesday 5 November 2013

A long time ago I moved my e-mail to my home-server instead of with my hosting provider. One of the objectives of this move was to have centralised spam-filtering. I started thinking of clever ways I could filter mail and such - and then promptly forgot about it.

The truth of the matter was the junk filtering in Thunderbird was pretty hot and actually I was receiving a lot less spam than when I initially thought about moving my mail. Alas, whilst I've had a few years of peace, this week something has changed and I'm getting an increased level of spam.

I went back to have a look at my spam filtering. At some point I did setup amavisd-new to perform virus-scanning and the like on received e-mails. By default amavis also includes SpamAssassin support out of the box. And, as it turns out SpamAssassin supports a whole range of spam tackling technologies out of the box.

As I was still receiving spam even with these default technologies, clearly something had to be tweaked. SpamAssassin when called from amavisd-new is run as a plugin and not via the command-line, nor via a daemon. So ignore anything on the net talking about things specific to those.

The main things that interested me were Spamhaus, as this is a real-time lookup of dodgy domains and source IP addresses. Again, this is all supported out of the box, and whilst these services were marking the messages as spam, there just wasn't enough weighting to push the messages over the threshold.

Personally, I have taken the approach that these lists are fairly accurate - especially when combined. So the weighting should be increased. To make these tweaks you just need to override the defaults by editing the file /etc/mail/spamassassin/local.cf (your installation may vary). For example:

score URIBL_BLACK 2.5
score URIBL_DBL_SPAM 2.5
ok_locals en
all_spam_to xxxxx@xxxx

In this example I have pushed up a couple of DNS lists, the codes in capitals are the settings and are detailed extensively on the SpamAssassin web-site. The next line addresses language - I don't think anybody has ever e-mailed me in anything apart from English and even if they did, I wouldn't understand it.

This appears to work well but I immediately saw some legitimate mail from my bank get marked as spam (not as a result of the above settings). The all_spam_to will skip all spamming checks against TO addresses. So I have setup an unique e-mail address to be used exclusively by my bank, and I allow this through. There is a still a chance of phising, but it's less likely on an account that only my bank is aware of.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.