-------------------------------------------------------------
05-03-2004, 02:39 PM Source: http://www.surmunity.com
--------------------------------------------------------------------------------
DEL 1
I figured I'd pop in here and provide a little 'Spam Assassin' micro tutorial.
Spam assassin is a very powerful tool, and if you use it to the fullest, you'll find that it can eliminate a very significant number of the spam emails, even the ones that are currently running around out there with tons of <worthless tags> and garbage text.
In fact, this morning I woke up and there were ZERO spams in my inbox.
This is a multi step / multi day process, however. If you're interested, read on.
(also, I don't take all the credit for this. A guy from my old host wrote the script that you'll see at the bottom of this message. Props to he who is known as 'freeranger')
STEP ONE:
click the spam assassin icon
click enable spam assassin
When the screen refreshes, you should see the bold black and red text:
Spam Assassin is currently: enabled DO NOT enable 'spambox'.
Click 'configure spam assassin' now.
STEP TWO: Configuring Spam Assassin basic
The screen for configuring spam assassin looks complicated, but it's not.
At this time we'll only worry about 'whitelist' and a few other options.
The whitelist is a list of email domains or accounts that you always want to get mail from. I don't recommend putting entire domains in if you have certain addresses that you know and want. This helps prevent address-spoofing spam.
First, let's have spam asssassin flag messages that it thinks are spam for us.
Find the box that says rewrite-subject.
delete any value in that box, and enter the number 1.
Second, find the box that says subject_tag.
This is where you enter the 'flag' message that will be put at the beginning of any suspected spams subject line. Enter (without the quotes) "**Possible-Spam**" here.
Third, find the box marked required_hits.
Here you enter the minimum score that a message must have to trigger the flagging you just set up above. Mine is set to 4.5, but initially - to prevent a bunch of false positives, I would set it to 5 or 6.
Fourth, find the whitelist_from box. You'll see 4 boxes to enter whitelist_from addresses. You're not limited to four, by the way. Enter up to four here, then scroll down to the bottom of the screen and hit SAVE. Cpanel will now add 4 more blank lines for whitelist_from addresses. Continue here until all of your necessary whitelist names are her. NOTE you don't need to whitelist everyone. This is helpful however to whitelist people who are in AOL, Hotmail, or Yahoo - or any other domain that is often seen as SPAM. My personal whitelist is only 12 entries.
Don't forget to hit SAVE at the bottom of the Spam Assassin configuration page, or all your work is lost. When you save, it refreshes the page - so you can then click the 'home' icon to return to Cpanel.
Congratulations You've just completed basic spam-assassin configuration.
From this moment on, email that comes to your domain will be examined by Spam Assassin. If Spam Assassin determines, through various rules tests, that it thinks you have a spam - (each test adds 'points) and it reaches the point threshold that you've set, the email subjects will be flagged "**POSSIBLE-SPAM**buy c;all'is today = know doctorz needed"
--------------------------------------
DEL 2
Alright. You've followed the instructions so far, and you've got Spam Assassin flagging your email.
I mentioned earlier that you can also have messages that have a certain SPAM score (or higher) automatically tossed into the great bit-bucket. We'll learn how to do this now.
First, have a look inside a flagged spam message:
Content preview: chemotherapy communion furrier hinterland switzer snapshot stronghold kenneth cavern choose carboloy stood crane armament cathedra laze kaleidoscope sanatorium armillaria textural memorandum juggle URI:http://www.hotgle.info/ URI:http://www.hotgle.info/images/oobb.gif [...] Content analysis details: (7.8 points, 4.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9999] 0.2 HTML_MESSAGE BODY: HTML included in message 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?68.95.20.248>] 0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [<http://dsbl.org/listing?ip=68.95.20.248>] The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
Notice - this message scored 7.8 points, which is above my flagging threshold of 4.5. The breakdown of which Spam Assassin rules played in the scoring of this message is also shown in messages that score above your threshold.
Note also that this one had a BAYES score. That's what we're working toward. Getting spam assassin to learn the spammers tricks and toss them! Without the BAYES score this message would have scored only 2.4 points and would have been delivered to my inbox. But more on that later.
If you look at the message header you'll see:
Subject: Notice_from_mailserver--Possible_SPAM Your eBay auct1on payment Date: Tue, 04 May 2004 14:48:35 +0200 Message-Id: <DAE095E7499CEBD[at]12move.nl> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on pass5.dizinc.com X-Spam-Level: ******* X-Spam-Status: Yes, hits=7.8 required=4.5 tests=BAYES_99,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL autolearn=no version=2.63
(though I do wish that Surpass would set up the RDNS to resolve to my domain, it shows Pass5.dizinc.com here...)
Note the line: X-Spam-Level: *******.
We're going to use that to our advantage. The number of stars is the value of WHOLE POINTS that the message scored. There are 7 here. We want to create a rule that will automatically TOSS any message that scores 8 points or higher.
To do this, we'll move back to Cpanel and click on the MAIL icon.
In the list of options, choose E-mail filtering
If you have previously input filters, they'll show here, and below them you'll see:
[ Add Filter ] | [ Go Back ] Select Add Filter
The Add filter dialog is pretty simple. The Filter drop down defaults to subject. Change this to "Any Header".
The next box over is where you enter your test criteria. You can cut and paste the line below:
X-Spam-Level: ********
If you want a higher threshold, add a star. If you want a lower one (not recommended at the beginning - some email's that I get from PCWeek score as high as 7.9!) subtract a star.
Leave the Destination as 'discard'.
Now click ACTIVATE.
There. You've done it. If you followed the examples literally, you'll now flag all messages that score over 4.5 points, and automatically trash messages scoring over 8 points.
-----------------------------------------------