It would seem that today, SpamAssassin has become a driving force in Spam Detection. There are definitely a few tips that can make your spam filtering much more effective. The first thing to know is this will NOT work if you are using Amavis as it handles Spamassassin directly and doesn’t give you the fine-grained control you will need.
The key here is to actually configure SpamAssassin to actually reject the spams it detects as SPAM before reaching your mailbox.
Everybody talks about just simply raising the score, but that is only one part of it. There are many features in Spamassassin that actually make a huge difference.
If you use Postfix (Highly-Recommended), here are some tips on tuning SpamAssassin in Postfix to actually prevent much of the SPAM from even reaching your mailboxes.
1. Use Whitelisting and Blacklisting. Whitelist the people / domains you want and know are known good non-spammers. This is done in the local.cf file for spamassassin.
Simply adding the line whitelist_from *@knowngooddomain.com makes a huge difference. You can use wildcards or simply input a users known email address. I have about 70-80 entries in my file and it automatically keeps your friends from being targeted as spam.
Blacklisting is just as easy: in the local.cf file, just enter the line:
blacklist_from *@whateverdomain.com or (an email address)
So these are some of the basics of Spamassassin, but the real power of it is when you use it with pyzor, razor, and of course, regex.
Observe the following (and this is where you get the most bang for the buck).
We know there are definitely quite a few spams that still get through today. The only problem is they’re definitely bulk email in one way or another. So how do we combat this? We use pyzor or razor in conjunction with the Spam reporting.
Don’t even let it get into your mailbox. An accidently tagged spam will still get to you, but it’ll be marked Spam (this can be resolved with a whitelist entry), but a Bulk Spam can easily be fought by checking it against Pyzor or Razor.
If you turn on headers, you’re going to see that it will actually list “Listed in Pyzor”
So we get postfix to apply a filter to just outright reject the spam. How? Go to your postfix /main.cf file and add the following line:
body_checks = regexp:/etc/postfix/body_checks
then create or edit the body_checks file with stuff like:
/Razor2 gives confidence level above 50/ DISCARD
/RBL: Received via a relay in Spamhaus XBL/ DISCARD
or whatever Regular Expression you want to use followed by how you want to handle it. I like DISCARD personally. Seems to do the job silently.
Well, your imagination can now run wild! Enjoy and watch the amount of spam on your server and in your mailboxes go down significantly.