One drawback to Internet access is the amount of spam, or unsolicited e-mail, that your users receive. Besides being a nuisance to users and administrators, spam can also be a security threat. I’ll describe how to install and configure one of the best Linux/UNIX spam filtering systems available, SpamAssassin. SpamAssassin attempts to identify spam by running a series of tests on e-mail headers and body text. Once identified as spam, messages can be tagged and filtered by the user’s mail application. Several users I’ve talked to report SpamAssassin has been over 99 percent successful in filtering spam.
Downloading and installing SpamAssassin
SpamAssassin is available in a variety of formats, including tar.gz, ZIP, and RPM. Mac folks can get instructions for installing SpamAssassin on the Mac OS X at the Stupid Fool Web site. You can also download and install SpamAssassin from CPAN by running the following command as root:
perl MCPAN -e shell
When the CPAN shell is opened, run the following commands:
o conf prerequisites_policy ask
install Mail::Spam Assassin
If Zip or g’zipped archives are employed, you can use the following series of commands to build and install SpamAssassin:
tar -zxvf Mail-Spam Assassin-2.31.tar.gz
SpamAssassin also requires some additional modules to run. For instance, it requires the Pod::Usage module, but this module is included with Perl 5.6 and later releases. If your system runs an earlier version of Perl, install the Pod::Usage module with the following series of commands:
perl -MCPAN -e shell
-o conf prerequisites_policy ask
To add functionality to SpamAssassin, install the Net::DNS module. This module isn’t absolutely necessary, but it allows SpamAssassin to run a more complete series of checks against incoming e-mail. Run this series of commands as root to install the Net::DNS module:
perl -MCPAN -e shell
o conf prerequisites_policy ask
SpamAssassin includes several configuration files that make it easier to customize your installation. Table A lists these files and their functions.
After SpamAssassin has run, there are some settings that users can change to fit their own needs. Here are the settings most often changed:
- Required_hits: A “false-positive” is any e-mail message that SpamAssassin incorrectly identifies as spam. False-positives are normally generated when the user preferences for SpamAssassin are too sensitive. To make SpamAssassin less sensitive, assign a higher value to this setting.
- Rewrite-subject: Disable this feature to prevent SpamAssassin from rewriting subject lines.
- Subject_tag: The default subject tag is *****SPAM*****. Use this setting to change the subject line.
- Defang_mime: SpamAssassin will turn MIME messages into content-type text/plain by default. Use this setting to disable that function.
In addition to Perl modules, SpamAssassin can also access other mail filtering systems.
One of these is Vipul’s Razor. Razor uses two source packages, razor-agents-sdk-2.03 and razor-agents-2.14. Once installed, Razor uses an elaborate system to check the headers and contents of e-mail for spam. To install Razor, download and install the razor-agents and razor-agents-sdk archives. You can install the razor-agents-sdk package with the following commands:
tar -zxvf razor-agents-sdk-2.03.tar.gz
Next, install the razor-agents archive with these commands:
tar -zxvf razor-agents-2.14.tar.gz
Then, run the following command to create the correct symbolic links:
Now run the following command as a regular user to create a configuration file in the user’s home directory under ~/.razor:
The next step is to register users with Razor. This registration process allows users to build a reputation with Razor so they’re able to use the Razor-revoke utility to remove addresses that are incorrectly labeled as spam distributors. In this example, the user jim is registered with the password “NewPass”:
razor-admin -register -user=jim -pass=Newpass
To register the e-mail address for the same user, use the following command:
razor-admin -register -firstname.lastname@example.org -pass=password
Distributed Checksum Clearinghouse
The Distributed Checksum Clearinghouse (DCC) is similar to Razor, but DCC supports fuzzy checksums, enabling more complete checking than Razor. DCC is available from Rhyolite Software.Once you’ve downloaded DCC, run the following commands as root to perform the installation:
tar -zxvf dccd.tar.Z
cdcc ‘new map’
cdcc ‘add dcc.rhyolite.com’
The output from the cdcc info command should look similar to Figure A.
|This graphic displays typical output from the “cdcc info” command.|
If all goes well, there should be a line at the end of the output that looks like this:
dcc.rhyolite.com,- RTT+0 ms anon
Running SpamAssassin with Kmail
Setting up a Kmail filter to work with SpamAssassin takes only a few minutes. Under Settings, simply select Configure Filters. Figure B shows how to set up a filter to match a regular expression in a message header. Once the regular expression is matched, the message is piped through SpamAssassin, and the “From” line is stripped from the report generated by SpamAssassin.
Never underestimate the power of a good e-mail policy
A good e-mail filtering policy can deal with the problems unsolicited e-mail creates for users and network administrators. SpamAssassin can help you enforce that policy. By starting out with a well-defined and easy-to-understand e-mail policy, your users won’t be harassed by excessive spam, and you won’t have to deal with the problems it can cause. After your e-mail policy is in place, SpamAssassin should be one of the first spam filtering programs you try.