Running SpamAssassin from Procmail
You can also use SpamAssasssin from webmail. The interface is easier for many people to use, but you have slightly less ability to fine tune your settings. You should not run SpamAssassin from both webmail and procmail.
Contents
- General SpamAssassin information
- How to see if you're running SpamAssassin from Procmail
- Setting up SpamAssassin from procmail
- Your spam box and the $TRASH variable
- Tweaking your user_prefs file
- Filtering foreign-language mail with SpamAssassin (under procmail)
- Allowing addresses
- Blocking addresses
How to see if you're running SpamAssassin from Procmail
- Login to webmail.
- Go to Options->Mail Forwarding Options and see what,
if any, forwarding instructions you have in place.
If your instructions do not include the word "procmail" you are not running procmail at all, so you aren't running Spamassassin from procmail.
If your instructions do include the word "procmail" you are probably (but not necessarily) running procmail, and you may be running Spamassassin from procmail. In this case you will need to log into your shell account and look at your procmail setup files or ask staff to check for you.
Setting up SpamAssassin from Procmail
Procmail is a full-featured UNIX mail filtering system, based on "filter recipes" that you can write and call from a .procmailrc file in your home directory.- If you are already running procmail, you can
turn on SpamAssassin by placing the following line in your
.procmailrc:
INCLUDERC=/net/local/filters/rc.spamassassin
This uses spamc, a version of SpamAssassin that works as a client with a daemon running on the server. Please do not use /usr/local/bin/spamassassin with procmail. - If you are not yet running procmail, and
switching to New Mail or using Squirrelmail's interface is not
possible or preferable, you can activate Procmail for your account
by typing the following command at a UNIX shell prompt:
install-procmail
The Procmail installer will ask you if you'd like to use SpamAssassin, among other things. Say yes. :) - It's advisable to check the procmail help pages for complete information.
Your spam box and the $TRASH variable
When you call SpamAssassin from Procmail, it looks at the value of the TRASH variable. This is set by default to /dev/null (i.e. immediate discard). You can set it in your .procmailrc for the location of your spambox. If you unset the TRASH variable, your suspected spam will be marked as spam and handed off to the next procmail rule. In practice, this usually means that it's delivered to your inbox.If you want to use a spambox, just set TRASH equal to the place where you want your spambox. For example, if you use Pine and you want your spambox to be a plain Pine folder called "spam", you'd add (or change) the $TRASH line in your .procmailrc to:
TRASH=$HOME/mail/spam
If you're using Procmail in conjunction with the New Mail system, you can set your TRASH equal to your New Mail "Trash" folder, thusly:
TRASH=$HOME/.maildir/.Trash/
(That ending slash tells Procmail that it's a New Mail folder, so don't forget it!)
Important: If you are adding or moving the $TRASH line, make sure you put it before any of the INCLUDERC lines that need that setting.
(In case you're wondering why it's sometimes "TRASH" and sometimes "$TRASH": using the $ means "figure out the value of this variable and use that", and without the $ it's just the name of the variable.)
Tweaking your user_prefs file
The user_prefs file is where procmail-based SpamAssassin can be set to filter foreign spam.
When you call SpamAssassin from Procmail, you can set up a user_prefs file to control your settings. This file lives in a dot-directory (".spamassassin") (hidden unless you do a full list of your files) in your home directory. You use this file to change the point-value threshold for spam, specify allowlists and Blocklists, and assign custom values to particular "hit types". Here's how to get started:The quick way:
- Log into the shell, and go to your home directory.
- If you use the menu interface, type ! to get to a standard command line.
- Enter the command allowlist at the command line.
You will see these messages:
Created directory /net/u/17/f/fff/.spamassassin.
Created file /net/u/17/f/fff/.spamassassin/user_prefs.
and nothing further will happen. - Enter ^C (hold the control key while typing c).
- If you use the menu interface, type exit to return to the menu.
- That's it.
- Log into the shell, and go to your home directory.
- Type the following command to create a .spamassassin directory:
mkdir .spamassassin - "cd" to your new .spamassassin directory.
- Make a copy of the Panix user_prefs template:
cp /usr/local/share/spamassassin/user_prefs.template ./user_prefs - This sample user_prefs file contains some settings to get you started, and some good pointers to more info on tweaking SpamAssassin.
Now that you've created your user_prefs files, you can customize it to make Spamassassin more effective in general, allow or block addresses, or change the scores of specific filtering rules.
The most important setting is required_hits. This determines the threshold above which the cumulative score of all rules matched by a message will get the message marked as spam. Higher values will cause less mail to get filtered, while lower settings are more likely to catch spam (though at an increasing risk of false positives).
To set your own required_hits level, uncomment the line by removing the "#" and replace the default score of 5. Note that this doesn't need to be a whole number; decimal scores (e.g. 3.5) allow more incremental changes to the overall strength of Spamassassin's filtering.
To set your own score for a rule, add a line with the following format:
score [RULE NAME] [SCORE]
Scores may have whole, decimal, or negative values. The higher a rule is scored, the more likely it will be to cause a message to be marked as spam, and vice-versa.
You can find a list of rules and a Wiki describing them on the Spamassassin website at spamassassin.apache.org/ (please note that it is not all-inclusive, and there may not be entries for several rules). On the list, the second number is the default score.
You can find out which of Spamassassin's rules matched a given message by looking at the message's "X-Spam-Status:" header.
We've identified a few rules which we've seen to be particularly indicative of spam, and have increased their default scores. These are:
| Rule Name | Default Score |
| URIBL_DBL_SPAM | 3.4 |
| RDNS_NONE | 2.0 |
| RCVD_IN_BRBL_LASTEXT | 3.2 |
| URIBL_RHS_DOB | 1 |
| URIBL_WS_SURBL | 3.4 |
| URIBL_JP_SURBL | 3.7 |
| RCVD_IN_BL_SPAMCOP_NET | 2.4 |
| RCVD_IN_RP_RNBL | 2.6 |
| RCVD_IN_XBL | 1.5 |
| RCVD_IN_SBL | 3.5 |
| MIME_HTML_ONLY | 2.2 |
| RP_MATCHES_RCVD | 0 |
Checking your Procmail installation
If you're using Procmail but it doesn't seem to be filtering your mail properly, here's what you can do to check your Procmail setup.- 1. Your mail forwarding entry
- From the shell prompt, type forward -l to "look" at
your mail forwarding record. The last line of this record should
look like:
|IFS=' ';exec /usr/local/bin/procmail||exit 75
It might also have a number sign and your username at the end; that's okay. But if it doesn't include this line, then you probably need to run "install-procmail" again. - 2. Your .procmailrc
- If you have doubts about your .procmailrc file, here is a simple
.procmailrc that will call spamassassin and put the suspected spam
in a standard Pine folder called "spam". It also puts logfiles in
your .procmail directory, so make sure that directory exists.
VERBOSE=no #Set VERBOSE to yes for advanced debugging
PMDIR=$HOME/.procmail
MAILDIR=$HOME/mail
LOGFILE=$PMDIR/log
TRASH=$MAILDIR/spam
INCLUDERC=/net/local/filters/rc.spamassassin
You can also change the TRASH line to TRASH=/dev/null if you'd rather have SpamAssassin delete all suspected spam as soon as it's received. It's best not to do this until you are confident of your settings.
Allowlisting addresses
- SpamAssassin Allowlisting
You don't have to construct special procmail rules; you can allowlist directly from SpamAssassin. - [If you use the Panix text menu, type "!" to get to a full shell.]
- From the shell, enter
allowlist <address>
where <address> is the address you want to protect. - [If you use the menu, type exit to return to it.]
- Allowlisting from Procmail
- Allowlisting from procmail gives you more flexibility than allowlisting from SpamAssassin. You can create rules that look for any characteristic of a message, not just the address, and save it to your inbox or any other folder.
- Construct a procmail rule to match the characteristic you're
looking for. This rule
:0:
*^Subject:.*mortgage rates
$DEFAULT
will match any item with a subject line containing "mortgage rates" and save it to your regular mailbox. - Make sure that the rule is invoked before SpamAssassin is called.
Blocking spam addresses
Blocking addresses is not a good way to deal with spam. In particular, it's a bad idea to use SpamAssassin for blocking spam addresses because it's very expensive. Address blocking is effective if you want to avoid receiving mail from a particular correspondent who uses a consistent address.
As you're running procmail, you might find it useful to skip SpamAssasssin and do your blocking from Procmail. As for allowing, this gives you the flexibility of matching on more than just the address.
- Construct a procmail rule to match the characteristic
you're
looking for. This rule
:0:
*^Subject:.*mortgage rates
$TRASH
will match any item with a subject line containing "mortgage rates" and put it in your TRASH folder. - It's a good idea to invoke this rule before SpamAssassin is called.
Last Modified:Tuesday, 22-Feb-2022 08:47:30 EST
© Copyright 2006-2021
Public Access Networks Corporation