Tweaking SpamAssassin

I just changed my SpamAssassin user_prefs file to have score ALL_TRUSTED 0 and it’s been helping a lot with the spam that’s been getting through.

8 thoughts on “Tweaking SpamAssassin

  1. More details, please… I’ve seen a dramatic upsurge in spam getting past SA and would definitely like to get it dialed back down.

  2. Look at the headers for the spam messages, they should have the SA rules that were triggered in them. Then you can use the rules and look at the SpamAssassin website to see what they are and what their default values are. Finally check out the .spamassassin/user_prefs file to see some customizable settings, including custom scores for different rules. For example I crank up the score for BAYES_99 to 6, which is above my spam threshold. You can also lower your spam threshold.

  3. In general, if you feel that you need to set the score for ALL_TRUSTED to 0 then you’ve probably got something misconfigured. It also means that just turning off the ALL_TRUSTED test won’t help, because the misconfiguration will cause other tests to have problems. Please read this wiki page for more information:
    http://wiki.apache.org/spamassassin/TrustPath

    Michael

  4. My spamassassin installation has had no trouble catching all but a very few of my spam emails over the years. The key for me was to setup procmail to move flagged spam to a separate mbox folder, and run a nightly cron to of sa-learn on that folder to train SA on what is and isn’t spam. Any emails that escape the net I simply move manually into that folder, and over time my spam hit-and-miss rate has become quite impressive.

    I agree with Michael, however, that setting ALL_TRUSTED to 0 is not really an ideal solution.

    Another good idea is to filter your emails for viruses using clamav while you are at it. These tools combined on a moderately busy server can be configured into a symphany of email-filtering goodness that will not eat too many system resources on all but the but the very busiest of email servers.

    Spamassassin + ClamAV + Procmail + IMAPS = Email happiness 🙂

  5. I agree with Michael and Adam. Setting ALL_TRUSTED to 0 should be a last resort, not a first resort, because it just masks the symptoms of a configuration problem that affects a lot of other things that SpamAssassin does. The link Michael posted should clarify things.

    Disabling ALL_TRUSTED is kind of like treating a broken leg by taking painkillers. You might not notice the pain, but if you don’t set the bone, you’ll still have trouble walking.

  6. Unless I’m missing something, trusted_networks is useless unless your trusted hosts are picky about who they accept mail from. If you have DNS blacklists turned off (as I do, because turning them on reduces the weight on my well-trained Bayesian filter, and because they have historically been unreliable and dishonest), the default setting for ALL_TRUSTED will cause you to get flooded with spam. You really do want to set ALL_TRUSTED to zero unless you’re going to do something with the trusted Received: lines.

SHARE YOUR THOUGHTS