Security

Lock IT Down: Simplify spam filtering with SpamAssassin

Learn how to install and configure one of the best Linux/UNIX spam filtering systems available.


One drawback to Internet access is the amount of spam, or unsolicited e-mail, that your users receive. Besides being a nuisance to users and administrators, spam can also be a security threat. I’ll describe how to install and configure one of the best Linux/UNIX spam filtering systems available, SpamAssassin. SpamAssassin attempts to identify spam by running a series of tests on e-mail headers and body text. Once identified as spam, messages can be tagged and filtered by the user's mail application. Several users I’ve talked to report SpamAssassin has been over 99 percent successful in filtering spam.

Downloading and installing SpamAssassin
SpamAssassin is available in a variety of formats, including tar.gz, ZIP, and RPM. Mac folks can get instructions for installing SpamAssassin on the Mac OS X at the Stupid Fool Web site. You can also download and install SpamAssassin from CPAN by running the following command as root:
perl MCPAN -e shell

When the CPAN shell is opened, run the following commands:
o conf prerequisites_policy ask
install Mail::Spam Assassin
install Net::DNS
quit

If Zip or g'zipped archives are employed, you can use the following series of commands to build and install SpamAssassin:
tar -zxvf Mail-Spam Assassin-2.31.tar.gz
perl Makefile.PL
make
make install

SpamAssassin also requires some additional modules to run. For instance, it requires the Pod::Usage module, but this module is included with Perl 5.6 and later releases. If your system runs an earlier version of Perl, install the Pod::Usage module with the following series of commands:
perl -MCPAN -e shell
-o conf prerequisites_policy ask
install Pod::Usage

To add functionality to SpamAssassin, install the Net::DNS module. This module isn't absolutely necessary, but it allows SpamAssassin to run a more complete series of checks against incoming e-mail. Run this series of commands as root to install the Net::DNS module:
perl -MCPAN -e shell
o conf prerequisites_policy ask
install Net::DNS
quit


Configuring SpamAssassin
SpamAssassin includes several configuration files that make it easier to customize your installation. Table A lists these files and their functions.
Table A
File Function
/usr/share/spamassasin This directory contains several configuration files. Do not make changes to any of the files in this directory. Instead, copy any files requiring changes to /etc/mail/spamassassin. When running Spam Assassin, any changes made to the configuration files in /etc/mail/spamassassin will be appended to the configuration loaded from the configuration files located at /usr/share/spamassassin.
/usr/share/spamassassin/
user_prefs.template
The user_prefs file defines the define user preferences for Spam Assassin. This file should never be modified. Copy user_prefs.template to /home/user/spamassassin and rename the file to user_prefs. Save any changes made and these preferences will be in effect the next time the user runs Spam Assassin.
SpamAssassin configuration files

After SpamAssassin has run, there are some settings that users can change to fit their own needs. Here are the settings most often changed:
  • Required_hits: A "false-positive" is any e-mail message that SpamAssassin incorrectly identifies as spam. False-positives are normally generated when the user preferences for SpamAssassin are too sensitive. To make SpamAssassin less sensitive, assign a higher value to this setting.
  • Rewrite-subject: Disable this feature to prevent SpamAssassin from rewriting subject lines.
  • Subject_tag: The default subject tag is *****SPAM*****. Use this setting to change the subject line.
  • Defang_mime: SpamAssassin will turn MIME messages into content-type text/plain by default. Use this setting to disable that function.

Optional modules
In addition to Perl modules, SpamAssassin can also access other mail filtering systems.

Razor
One of these is Vipul's Razor. Razor uses two source packages, razor-agents-sdk-2.03 and razor-agents-2.14. Once installed, Razor uses an elaborate system to check the headers and contents of e-mail for spam. To install Razor, download and install the razor-agents and razor-agents-sdk archives. You can install the razor-agents-sdk package with the following commands:
tar -zxvf razor-agents-sdk-2.03.tar.gz
perl Makefile.PL
make
make test
make install

Next, install the razor-agents archive with these commands:
tar -zxvf razor-agents-2.14.tar.gz
perl Makefile.PL
make
make test
make install

Then, run the following command to create the correct symbolic links:
razor-client

Now run the following command as a regular user to create a configuration file in the user's home directory under ~/.razor:
razor-admin create

The next step is to register users with Razor. This registration process allows users to build a reputation with Razor so they're able to use the Razor-revoke utility to remove addresses that are incorrectly labeled as spam distributors. In this example, the user jim is registered with the password "NewPass":
razor-admin -register -user=jim -pass=Newpass

To register the e-mail address for the same user, use the following command:
razor-admin -register -user=jim@some-domain-name.com -pass=password

Distributed Checksum Clearinghouse
The Distributed Checksum Clearinghouse (DCC) is similar to Razor, but DCC supports fuzzy checksums, enabling more complete checking than Razor. DCC is available from Rhyolite Software.Once you’ve downloaded DCC, run the following commands as root to perform the installation:
tar -zxvf dccd.tar.Z
./configure
make
make install
cdcc 'new map'
cdcc 'add dcc.rhyolite.com'
cdcc info

The output from the cdcc info command should look similar to Figure A.

Figure A
This graphic displays typical output from the "cdcc info" command.


If all goes well, there should be a line at the end of the output that looks like this:
dcc.rhyolite.com,-         RTT+0 ms    anon

Running SpamAssassin with Kmail
Setting up a Kmail filter to work with SpamAssassin takes only a few minutes. Under Settings, simply select Configure Filters. Figure B shows how to set up a filter to match a regular expression in a message header. Once the regular expression is matched, the message is piped through SpamAssassin, and the "From" line is stripped from the report generated by SpamAssassin.

Figure B
Setting up SpamAssassin with Kmail


Never underestimate the power of a good e-mail policy
A good e-mail filtering policy can deal with the problems unsolicited e-mail creates for users and network administrators. SpamAssassin can help you enforce that policy. By starting out with a well-defined and easy-to-understand e-mail policy, your users won't be harassed by excessive spam, and you won't have to deal with the problems it can cause. After your e-mail policy is in place, SpamAssassin should be one of the first spam filtering programs you try.

 

Editor's Picks