Running SpamAssassin from Procmail

You can also use SpamAssasssin from webmail. The interface is easier for many people to use, but you have slightly less ability to fine tune your settings. You should not run SpamAssassin from both webmail and procmail.

Contents


How to see if you're running SpamAssassin from Procmail
  1. Login to webmail.
  2. Go to Options->Mail Forwarding Options and see what, if any, forwarding instructions you have in place.
    If your instructions do not include the word "procmail" you are not running procmail at all, so you aren't running Spamassassin from procmail.
    If your instructions do include the word "procmail" you are probably (but not necessarily) running procmail, and you may be running Spamassassin from procmail. In this case you will need to log into your shell account and look at your procmail setup files or ask staff to check for you.


Setting up SpamAssassin from Procmail
Procmail is a full-featured UNIX mail filtering system, based on "filter recipes" that you can write and call from a .procmailrc file in your home directory.
Your spam box and the $TRASH variable
When you call SpamAssassin from Procmail, it looks at the value of the TRASH variable. This is set by default to /dev/null (i.e. immediate discard). You can set it in your .procmailrc for the location of your spambox. If you unset the TRASH variable, your suspected spam will be marked as spam and handed off to the next procmail rule. In practice, this usually means that it's delivered to your inbox.
If you want to use a spambox, just set TRASH equal to the place where you want your spambox. For example, if you use Pine and you want your spambox to be a plain Pine folder called "spam", you'd add (or change) the $TRASH line in your .procmailrc to:
TRASH=$HOME/mail/spam
If you're using Procmail in conjunction with the New Mail system, you can set your TRASH equal to your New Mail "Trash" folder, thusly:
TRASH=$HOME/.maildir/.Trash/
(That ending slash tells Procmail that it's a New Mail folder, so don't forget it!)
Important: If you are adding or moving the $TRASH line, make sure you put it before any of the INCLUDERC lines that need that setting.
(In case you're wondering why it's sometimes "TRASH" and sometimes "$TRASH": using the $ means "figure out the value of this variable and use that", and without the $ it's just the name of the variable.)
Tweaking your user_prefs file

The user_prefs file is where procmail-based SpamAssassin can be set to filter foreign spam.

When you call SpamAssassin from Procmail, you can set up a user_prefs file to control your settings. This file lives in a dot-directory (".spamassassin") (hidden unless you do a full list of your files) in your home directory. You use this file to change the point-value threshold for spam, specify whitelists and blacklists, and assign custom values to particular "hit types". Here's how to get started:
The quick way:
  1. Log into the shell, and go to your home directory.
  2. If you use the menu interface, type ! to get to a standard command line.
  3. Enter the command whitelist at the command line.
    You will see these messages:
    Created directory /net/u/17/f/fff/.spamassassin.
    Created file /net/u/17/f/fff/.spamassassin/user_prefs.
    and nothing further will happen.
  4. Enter ^C (hold the control key while typing c).
  5. If you use the menu interface, type exit to return to the menu.
  6. That's it.
If you want to build it from scratch:
  1. Log into the shell, and go to your home directory.
  2. Type the following command to create a .spamassassin directory:
    mkdir .spamassassin
  3. "cd" to your new .spamassassin directory.
  4. Make a copy of the Panix user_prefs template:
    cp /usr/local/share/spamassassin/user_prefs.template ./user_prefs
  5. This sample user_prefs file contains some settings to get you started, and some good pointers to more info on tweaking SpamAssassin.
Customizing user_prefs

Now that you've created your user_prefs files, you can customize it to make Spamassassin more effective in general, whitelist or blacklist addresses, or change the scores of specific filtering rules.

The most important setting is required_hits. This determines the threshold above which the cumulative score of all rules matched by a message will get the message marked as spam. Higher values will cause less mail to get filtered, while lower settings are more likely to catch spam (though at an increasing risk of false positives).

To set your own required_hits level, uncomment the line by removing the "#" and replace the default score of 5. Note that this doesn't need to be a whole number; decimal scores (e.g. 3.5) allow more incremental changes to the overall strength of Spamassassin's filtering.

To set your own score for a rule, add a line with the following format:

score [RULE NAME] [SCORE]

Scores may have whole, decimal, or negative values. The higher a rule is scored, the more likely it will be to cause a message to be marked as spam, and vice-versa.

You can find a list of rules and a Wiki describing them on the Spamassassin website at http://spamassassin.apache.org/ (please note that it is not all-inclusive, and there may not be entries for several rules). On the list, the second number is the default score.

You can find out which of Spamassassin's rules matched a given message by looking at the message's "X-Spam-Status:" header.

We've identified a few rules which we've seen to be particularly indicative of spam, and have increased their default scores. These are:

Rule NameDefault Score
URIBL_DBL_SPAM3.4
RDNS_NONE2.0
RCVD_IN_BRBL_LASTEXT3.2
URIBL_RHS_DOB1
URIBL_WS_SURBL3.4
URIBL_JP_SURBL3.7
RCVD_IN_BL_SPAMCOP_NET2.4
RCVD_IN_RP_RNBL2.6
RCVD_IN_XBL1.5
RCVD_IN_SBL3.5
MIME_HTML_ONLY2.2
RP_MATCHES_RCVD0
Checking your Procmail installation
If you're using Procmail but it doesn't seem to be filtering your mail properly, here's what you can do to check your Procmail setup.
1. Your mail forwarding entry
From the shell prompt, type forward -l to "look" at your mail forwarding record. The last line of this record should look like:
|IFS=' ';exec /usr/local/bin/procmail||exit 75
It might also have a number sign and your username at the end; that's okay. But if it doesn't include this line, then you probably need to run "install-procmail" again.
2. Your .procmailrc
If you have doubts about your .procmailrc file, here is a simple .procmailrc that will call spamassassin and put the suspected spam in a standard Pine folder called "spam". It also puts logfiles in your .procmail directory, so make sure that directory exists.
VERBOSE=no #Set VERBOSE to yes for advanced debugging
PMDIR=$HOME/.procmail
MAILDIR=$HOME/mail
LOGFILE=$PMDIR/log
TRASH=$MAILDIR/spam
INCLUDERC=/net/local/filters/rc.spamassassin
You can also change the TRASH line to TRASH=/dev/null if you'd rather have SpamAssassin delete all suspected spam as soon as it's received. It's best not to do this until you are confident of your settings.

Whitelisting addresses
SpamAssassin whitelisting
You don't have to construct special procmail rules; you can whitelist directly from SpamAssassin.
[If you use the Panix text menu, type "!" to get to a full shell.]
From the shell, enter
whitelist <address>
where <address> is the address you want to protect.
[If you use the menu, type exit to return to it.]
Whitelisting from Procmail
Whitelisting from procmail gives you more flexibility than whitelisting from SpamAssassin. You can create rules that look for any characteristic of a message, not just the address, and save it to your inbox or any other folder.
Construct a procmail rule to match the characteristic you're looking for. This rule
:0:
*^Subject:.*mortgage rates
$DEFAULT
will match any item with a subject line containing "mortgage rates" and save it to your regular mailbox.
Make sure that the rule is invoked before SpamAssassin is called.
Blacklisting addresses

Blacklisting is not a good way to deal with spam. In particular, it's a bad idea to use SpamAssassin for blacklisting because it's very expensive. Blacklisting is effective if you want to avoid receiving mail from a particular correspondent who uses a consistent address.

As you're running procmail, you might find it useful to skip SpamAssasssin and do your blacklisting from Procmail. As for whitelisting, this gives you the flexibility of matching on more than just the address.

Construct a procmail rule to match the characteristic you're looking for. This rule
:0:
*^Subject:.*mortgage rates
$TRASH
will match any item with a subject line containing "mortgage rates" and put it in your TRASH folder.
It's a good idea to invoke this rule before SpamAssassin is called.


Last Modified:Monday, 29-Apr-2013 14:52:26 EDT
© Copyright 2006-2011 Public Access Networks Corporation