Flagging and filtering spam email using Spamassassin

Warning! The following description is oriented to users who are familiar with using the Sun Unix system to create and edit text files. If you are unclear about any of the steps in the instructions which follow, you should contact one of the computer staff for assistance instead of proceeding on your own. Mistakes in setup can result in lost email!

Spamassassin (see www.spamassassin.org) is an email screening program which applies a number of heuristic rules to incoming email messages to attempt to determine if they are spam or not. The rules generate a "hit" count for each message, and the higher the hit count, the more likely it is that the message is spam. The "hit level" which causes a message to be marked as spam can be adjusted by each user.

If a message is determined to be spam, it is encapsulated in an attachment and flagged with headers which identify it as spam. The purpose of this encapsulation is to prevent the message from being immediately viewed, an action which with some email programs can result in the spammer being notified that their email has been read. This encapsulation feature can be turned off, and it is also possible to have Spamassassin flag spam by adding the string "****SPAM****" to the "Subject:" line.

To use Spamassassin, do the following:

Create a file named ".procmailrc" in your home directory by copying the file "/usr/local/lib/spamassassin/procmailrc":
```
cp /usr/local/lib/spamassassin/procmailrc ~/.procmailrc
```
This file contains the following three lines:
```
:0fw: spamassassin.lock
* < 256000
| /usr/local/perl5/bin/spamc
```
Create a file named ".forward" in your home directory by copying the file "/usr/local/lib/spamassassin/forward":
```
cp /usr/local/lib/spamassassin/forward ~/.forward
```
This file contains the following line:
```
| /usr/local/bin/procmail
```

IMPORTANT WARNING! Immediately after creating the ".procmailrc" and ".forward" files, send yourself an email message. If you don't receive this message within 15 seconds, DELETE THE ".forward" FILE. Something is wrong, and your mail is not being delivered correctly. A typographical error is the most likely explanation, but check with one of the computer staff if you cannot find the problem.

Once Spamassassin is activated, your email messages will have some additional header lines. (Depending upon what email program you are using, you may need to invoke a "verbose headers" option to see these.)

X-Spam-Flag: YES. This will be present if Spamassassin considers the email to be spam.
X-Spam-Status. Contains details of the tests made by Spamassassin, including the number of "hits", and the required "hit" level for spam.
X-Spam-Level. A string of asterisks, with the number of asterisks being equal to the number of "hits".
X-Spam-Checker-Version. The Spamassassin version being used.

You may want to have messages which have been marked as spam automatically moved to a special folder for later review, so that they don't clutter your inbox. NOTE: This option is not available to users who use the POP protocol to download email to a personal computer. To activate automatic filtering, add the following lines to the end of the ".procmailrc" file you created:

:0:
* ^X-Spam-Flag: YES
MAILDIRECTORY/SPAMFOLDER

You can copy these from the file "/usr/local/lib/spamassassin/spamfolder".

Replace "MAILDIRECTORY" with the name of the directory where your email folders are stored, and "SPAMFOLDER" with the name of the folder which you wish to use for mail flagged as spam. "MAILDIRECTORY" should be the name of a sub-directory in your home directory. Just use the name of the sub-directory, not the complete file specification.

After modifying ".procmailrc", it is always a good idea to send yourself a test message, to make certain mail is still being delivered correctly.

Remember that Spamassassin is not perfect, and there is a small but non-zero chance that it will classify a legitimate email as spam. Thus, you should review the messages in SPAMFOLDER before deleting them.

Modifying configuration settings

Configuration can be controlled by modifying the file ".spamassassin/user_prefs" in your home directory. This file is created automatically by Spamassassin when it is first invoked. Here is documentation on the contents of this file:

Documentation on Spamassassin "user_prefs", HTML format

Documentation on Spamassassin "user_prefs", PS format

Some common options:

required_hits N.NN
Set the required "hit" level for a message to be considered spam. The default for N.NN is 5.00. A smaller setting will catch more spam, but also increases the chance that a legitimate email will be flagged as spam.
rewrite_subject 1
Add the string "****SPAM****" to the "Subject:" line of spam messages.
report_safe 0
Turn off the feature which encapsulates spam in an attachment.

Using the "vacation" program with Spamassassin

Using the vacation program to send an automated response to email while on vacation normally requires creation of a ".forward" file which "pipes" email messages to the vacation program, and this conflicts with the use of the .forward file to process email with Spamassassin. An alternative way to invoke the vacation program that is compatible with Spamassassin is to add the following three lines to your ".procmailrc" file:

:0c
* !^X-Spam-Flag: YES
|/usr/bin/vacation USERNAME

You can copy these from the file "/usr/local/lib/spamassassin/vacation".

Replace "USERNAME" with your Sun username. These three lines should be placed immediately following the "| /usr/local/perl5/bin/spamc" line in the ".procmailrc" file.

This will invoke the vacation program only for email which is not flagged as spam by Spamassassin.