Managed Services - Guide to SpamAssassin

Last Updated: 05/06/2014

Overview

This document contains the directions necessary to use SpamAssassin to remove spam from your inbox on Managed Services & Consulting maintained machines. The following steps should be performed on your mailhome system. You may use the text-editor of your preference to create the following files.

This tutorial applies to the following operating system(s):
  • MAC
  • WINDOWS
  • LINUX

Sections

1. Creating your .forward file

Open a terminal and make sure that you are located in your home directory, then check for an existing .forward file by typing the following commands at your shell prompt. Your prompt may look something like username@machine:~> . Press return after each line.

Visual representation of step above

If you already have a file named .forward (note the dot), you probably know what you are doing already. However, you may need to edit it as shown below. If you don't have a .forward file, use a text editor to create the new .forward. Enter the following line exactly. You may copy this by highlighting the line below and pasting it into your terminal by clicking the middle mouse button.

"|IFS=' '&&exec /usr/local/procmail/bin/procmail -f-||exit 75 #USERNAME"

Visual representation of step above

Replace USERNAME with your current username and keep the #. Save the .forward file and exit your editor.

Enter the command below to make sure your .forward is correct. For example, if the username is buffalor running this command:

Visual representation of step above

would get this output:

Visual representation of step above

Make sure to keep the # and quotes around the line.

To give .forward the proper file permissions, run this command:

Visual representation of step above

Now you have a correct and functional .forward.

Make sure your home directory is not group writable by running this command:

Visual representation of step above

2. Checking for spamd

To determine how SpamAssassin is run, you'll need to know if spamd is running on your mailhome machine. Check to see if spamd is running by executing this command:

Visual representation of step above

Note: If the above command gives you output like

Visual representation of step above

use this command instead:

Visual representation of step above

If you see a line similar to the one below, you have spamd running.

Visual representation of step above

If you don't see a line like the one above, SpamAssassin is not running on your system. Contact Managed Services & Consulting if you would like SpamAssassin to be set up on your system. Now that you know whether or not you have spamd, you may proceed to configuring procmail.

3. Creating your .procmailrc

The .procmailrc file will filter your e-mail through SpamAssassin and distribute your spam to a separate folder instead of your inbox.

In your terminal window, open a new file named .procmailrc using your text-editor. Copy these next lines exactly into your file by highlighting the text in your browser and clicking the middle mouse button in your editor.

Visual representation of step above

If in the previous step you did have spamd running, enter this on the next line of your .procmailrc file.

Visual representation of step above

If you did not have spamd, insert this line instead:

Visual representation of step above

Leave one blank line and then paste the following:

:0
* ^X-(Barracuda-Spam-Flag|Spam-Flag): YES

 

Visual representation of step above

This checks if SpamAssassin thinks your message is spam. If it is, we can file it accordingly. Where you need to store your spam depends on what e-mail client you use. The following paths are the most common default settings. Choose one of the following directories and insert it directly below "*^X-(Barracuda-Spam-Status|Spam-Flag): Yes" line.

  • If you use the CDE Mail Tool, elm, mutt, or KMail insert the following line:

    Visual representation of step abovez

and create the file by issuing this command in a separate terminal window.

Visual representation of step above
 

  • If you use Pine, do the above steps using this file instead (note the lack of capitalization):

    Visual representation of step above

  • If you use Netscape Mail use this file:

Finally, leave one blank line and paste this in to finish your .procmailrc:

:0:
$DEFAULT

Visual representation of step above

Now, set the correct permissions on .procmailrc with:

Visual representation of step above

Below is an example of a finished .procmailrc for someone who does not have spamd running and reads their mail with Pine.

Visual representation of the step above.

4. Configuration

After SpamAssassin has been running for awhile and received spam, you can further configure its settings. For special configuration options in SpamAssassin, edit the file:

Visual representation of step above

If you don't have this directory, run:

Visual representation of step above

and download the generic user_prefs from here.

The top line that says:

Visual representation of step above

determines how sensitive SpamAssassin is to spam. By increasing the number, SpamAssassin will give you fewer false positives but may let more spam through. Decreasing the number will make SpamAssassin more sensitive to spam. This will virtually eliminate any spam in your inbox, but it may result in false positives in your spam folder. Either way you should periodically check your spam folder for mislabeled messages. If you don't know what to do here, leave the required hits at 5.

This file also lets you whitelist or blacklist specific e-mail addresses and entire domains.

To whitelist someone, add a line with their e-mail address as shown below (use a tab to separate the fields). This will ensure that messages from that person are never tagged as spam.

Visual representation of step above

To blacklist someone, so that all messages from them are classified as spam, add a line like this:

Visual representation of step above

You can also use the wildcard character "*" to specify more than one address. For example, to block all messages from people with hotmail accounts, add:

Visual representation of step above

Other options such as custom test weighting and support for Asian language sets can also be set in user_prefs. For more information, see the comments in user_prefs, go to SpamAssassin's Website, or contact IT Service Center.

5. Training

In order for SpamAssassin to be accurate, you must train it on your specific mail patterns. You can do this by explicitly telling it what is spam and what is ham (not spam). It is a good idea to train SpamAssassin on a variety of your mail folders.

First, make sure /usr/local/perl/bin is in your path. If it is not, you will need to add it for the rest of this section to work.

You can train SpamAssassin to recognize good mail by having it scan a directory that contains good mail using the following command:

Visual representation of step above

You should also save your spam (you may have to file it manually at first) to train SpamAssassin on the kind of spam you receive. Run this command to classify mail as spam:

Visual representation of step above

This command may take some time since SpamAssassin must rebuild its database. Be patient.

Later on, when a spam message mistakenly gets sent to your inbox, you can tag the single message as spam with the command:

Visual representation of step above

If a message is mistakenly put in your spam folder, you can whitelist that address as shown above, or have SpamAssassin learn that it is ham.

Visual representation of step above

If your e-mail client stores messages in the mbox format--that is, multiple messages within one file (not directory)--you will need to use the "--mbox" switch. (Such clients include the Unix mail program, Netscape Mail, and KMail). For example:

Visual representation of step above

Where ~/mail/spam and ~/mail/inbox are files containing multiple messages.

SpamAssassin should be fully trained after seeing about 1000 messages of spam and ham. It should work fine before this, but will be much better after decent training. For more information, visit SpamAssassin's Website or run:

Visual representation of step above

for the manual page.

SpamAssassin should now be fully functional.