Mail filtering with spam-assassin

In this recipe, we will learn how to install and set up a well-known e-mail filtering program, spam-assassin.

Getting ready

You will need access to a root account or an account with sudo privileges.

You need to have Postfix installed and working.

How to do it…

Follow these steps to filter mail with spam-assassin:

1. Install spam-assassin with the following command:

   $ sudo apt-get update
   $ sudo apt-get install spamassassin spamc
   

2. Create a user account and group for spam-assassin:

   $ sudo groupadd spamd
   $ sudo useradd -g spamd -s /usr/bin/nologin \
   -d /var/log/spamassassin -m spamd
   

3. Change the default settings for the spam daemon. Open /etc/default/spamassassin and update the following lines:

   ENABLED=1
   SAHOME="/var/log/spamassassin/"
   OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"
   PIDFILE="${SAHOME}spamd.pid"
   CRON=1

4. Optionally, configure spam rules by changing values in /etc/spamassassin/local.cf:

   trusted_networks 10.0.2.  # set your trusted network
   required_score 3.0    # 3 + will be marked as spam

5. Next, we need to change the Postfix settings to pass e-mails through spam-assassin. Open /etc/postfix/master.cf and find the following line:

   smtp      inet  n       -       -       -       -       smtpd

6. Add the content filtering option:

   -o content_filter=spamassassin
   

   
7. Define the content filter block by adding the following lines to the end of the file:

   spamassassin unix -     n       n       -       -       pipe
           user=spamd argv=/usr/bin/spamc -f -e
           /usr/sbin/sendmail -oi -f ${sender} ${recipient}

   
8. Finally, restart spam-assassin and Postfix:

   $ sudo service spamassassin start
   $ sudo service postfix reload
   

9. You can check spam-assassin and mail logs to verify that spam-assassin is working properly:

   $ less /var/log/spamassassin/spamd.log
   $ less /var/log/mail.log
   

How it works…

Spam filtering works with the help of a piping mechanism provided by Postfix. We have created a new Unix pipe which will be used to filter e-mails. Postfix will pass all e-mails through this pipe, which will be then scanned through spam-assassin to determine the spam score. If given e-mail scores below the configured threshold, then it passes the filter without any modification; otherwise, spam-assassin adds a spam header to the e-mail.

Spam-assassin works with a Bayesian classifier to classify e-mails as spam or not spam. Basically, it checks the content of the e-mail and determines the score based on content.

There's more…

You can train spam-assassin's Bayesian classifier to get more accurate spam detections.

The following command will train spam-assassin with spam contents (--spam):

$ sudo sa-learn --spam -u spamd --dir ~/Maildir/.Junk/* -D

To train with non-spam content, use the following command (--ham):

$ sudo sa-learn --ham -u spamd --dir ~/Maildir/.INBOX/* -D

If you are using the mbox format, replace --dir ~/Maildir/.Junk/* with the option --mbox.

See also

• Sa-learn - train SpamAssassin's Bayesian classifier at https://spamassassin.apache.org/full/3.2.x/doc/sa-learn.html and https://wiki.apache.org/spamassassin/BayesInSpamAssassin
• Learn about Bayesian classification at https://en.wikipedia.org/wiki/Naive_Bayes_classifier