Recently a friend called to say she had received 6000 emails in 6 hours and most of it was spam. She was getting very frustrated because of the time wasted deleting the spam.
Have you ever experienced the same frustration?
Of course…me too!
Well, here is one highly effective method how to stop spam email using SpamAssassin
Requirements
1. SpamAssassin software (usually included with your hosting account)
SpamAssassin itself will not delete any emails. It’s only a filter which reads email in, and passes that same email out, modified in
some way. If you want to delete emails, or redirect emails, you need to set up rules in your email software to automatically filter out the email that SpamAssassin has labeled as spam.
2. Web Host that has SpamAssassin installed on the server.
3. Access to your web host ie user name and password for login.
Steps to configure SpamAssassin
These steps will filter the spam at the server level.
1. Login to your web host (access the cpanel with user name and password)
2. Email Management Tools
3. Click on SpamAssassin
4. Enable SpamAssassin
5. Configure SpamAssassin
6. Set “required_score” to 5 (this is the default setting)
7. For “rewrite_header subject” type “Spam Assassin Spam Header” in the box.
(this is for the text added to the Subject: line of mails that are considered spam)
8. In “whitelist_from” type any addresses that may get labeled as spam.
9. Click “save” to save your settings.
Steps to configure Outlook Express
These steps will automatically delete the email that has been filtered by SpamAssassin
1. At the top of Outlook Express go to tools – message rules – mail – new mail rule
2. For Rule 1. check the box “where the subject line contains specific words”
3. For Rule 2. check the box “delete it”
4. For Rule 3. click on the link called “specific words” in this sentence:
5. A window will pop up called “Type Specific Words”
6. Type “Spam Assassin Spam Header”
7. Click Add-Ok
8. Name the New Rule ie “New Mail Rule #1”
9. Click Ok.
Now all your email will be filtered by SpamAssassin.
Any email identified as spam will be labeled “Spam Assassin Spam Header” in the subject line and automatically deleted by Outlook Express.
This will reduce most of the spam you receive to a small trickle.
If you still get too much email spam then just increase the “required_score” in SpamAssassin.
Interesting, but a few things that you want to be aware of. There’s no need really to re-write the subject (I find it annoying to have the same text in every message). When SpamAssassin parses messages, it adds a few headers [X-Spam-Status, X-Spam-Level] with its search results. If SpamAssAssin determines that the message is spam, the X-Spam-Status flag begins yes. The X-Spam-Level header has a number of asterisks to denote the badness of the spam. For example, if a spam is scored 3.5, it will be ***.
You can use this, for example, to filter all spam with more than 6 stars right to the trash but with 3 stars to a separate “possibly spam” folder. This is also good if your host uses SpamAssassin and you can’t change the threshold.
By “increase the ‘required_score'”, you mean lower it presumably, making the threshold lower.
You will never completely stop Spam emails – what about when Spam is sent using spoofed email addresses of people that you actually receive legitimate mail from who are in your whitelist.
After 16 years with email and spam, the most effective solution has been to get a service or email service provider with server based spam filtering. Those offering postini have been excellent in my experience. Gmail has also been quite excellent in spam filtering.
Here’s an article I wrote for the web hosting company I host with to teach users how to *train* SpamAssassin. I wrote a Perl script and a tutorial for copying ham/spam messages back to the server via IMAP which launches the “sa-learn” utility for training.
Just installing it and using it is usually very effective on its own, but if you *train* SpamAssassin as to what you consider spam/ham, it performs FAR better.
I also set my spam threshold score to 3.5, so anything that SpamAssassin thinks is 99%-100% spam will automagically get moved into my spam mailbox. My subject re-write is this:
{SPAM _SCORE(0)_}
This way, when I look at my spam mailbox for false-positives, I can just sort by subject, and only need to scan anything with a score less than 10.
I also have a mail filter set up through cpanel for matching the subject with a regexp value of:
“^{SPAM ([2-9][0-9])”
… so the only spam messages I get in my spam mailbox are messages with a spam score of 19 or lower – no need to peek at or re-train on spam messages over that value.
And Paul is correct – if you whitelist addresses, or whitelist entire domains like *@hotmail.com, you open yourself to getting far more spam, so the only things I change in the cpanel SpamAssassin config is the minimum score from 5 to 3.5, and the subject line rewrite.
My training script right now assumes you’re using cpanel and mbox storage – I’ll have a maildir version of the script out by the end of this weekend since our hosting provider is now using both types of mail storage.
You can use greylisting to filter out a lot of the spoofed mail. On my mail servers it eliminates over 50% of all spam before it even hits spamassassin.
http://www.greylisting.org/
Interesting, albeit very basic, guide. However, the configuration of SA can be improved by doing a couple things if you’re the administrator of the box:
1. Keep SA up to date. Run sa-update about once a month. New algorithms take a while to make, so there isn’t any point to running it daily or weekly.
2. Use Bayes. Turn autolearn on. Use sa-learn to train your bayes filter to be even more effective.
3. Install an image OCR mod to read those dumb gif images for stock promotion. Don’t even let images get through!
SA is fantastic and there are a large number of tweaks available, however if your administrator isn’t keeping SA in good condition, it will become less effective over time.
This guide does not work for every host / mail client. I find Thunderbird to be a lot better than OE.
Why go through the trouble when you can get it for free with a quick mx record change? Hit http://www.mailfoundry.com and sign up for their hosted anti spam deal – you get the first 10 mailboxes free! No charge! I wasn’t sure at first because they required a credit card on file, but its been months and i’ve had no bill or charges to my card. Sweetness!
As a hosting providor I run into spam everyday on a massive scale. SA will certainly do the job but you should discuss additions to SA’s own engine like razor, pyzor, DCC, etc. From my own expirence, when spam gets through one or more of these pulg-ins timed out. these also help with SA’s auto train feature.
>3. For Rule 2. check the box “delete itâ€
This will only move it to your deleted folder. To kill it at the sever you’ll need to scroll down to the bottom of the 2nd large box and choose ‘delete it from server’.
It will then first download a list, delete any marked and send only those left. Works in OE and Thunderbird, not in MS Outlook
I’ve implimented SpamAssassin and I found it really didn’t help even though it worked reasonably well. Here is the problem with SpamAssassin (and any other JunkMail filter). Before your junk filter is installed you go to your inbox and delete the spam, keeping the good stuff. After you install the junk filter you open your junk box and recover the good stuff back into your inbox. Either way you still have to go through all the junk, because occaisionally, no matter how much you train it, you’re still going to have important mail get a false positive and end up in the junk mail box. These filter tools really don’t solve the problem.
I wrote an article on alternative solutions that I have found much more effective and I discussed this issue a bit more in depth. If you are interested in what I found to be more effective, feel free to Visit my blog.
David
Surf safely!
Sadly, I find that this does not work. Most of the spam I get is scored somewhere between 0.3 and -2.5. The problem is that the authors os SpamAssassin posted on their website exactly what to do improve the score of a given message, and the spammers have read it. I have my threshold set at 1.7 and it only catches 2 or 3 a month of the hundred or so a day. I’v ehad to implement BoxTrapper.
May somebody tell me how to make spamassasin to keep emails containing certain words in subject to not be filtered as spam?
Most of the legitimate mails I get shares some similar words in subject.
My hosting has spamassasin but just see some fields to fill there, besides blacklist or whitelist, there are one thay says “score”…
Can I enter something there?
I’d like to tell: if subject contains the word “bla” then is NOT spam
That way I might lower the requiered_score value to 5 or 4 instead using 8, without fear of loosing good emails.
This is really fresh idea of the design of the site! I seldom met such in Internet… Good Work dude!
We use SA on all our servers and we can accurately mark 90-95% of spam… with very few false positives.
The only problem is still the image spam issue… and even OCR doesn’t get them as they tweak the images to avoid that as well…
Still very happy with SA – even though it takes constant rule writing to stay on top of things…
Can get lots of rules for SA from rulesemporium – just google it…
Nice site. Very useful contents. I’ve been looking for information for a long time, and I’ve found it exactly here. Thank you
How to configure SpamAssassin to delete a spam email?
Please help me find a way to block spam from my e-mail.
Thank You
Perry Matlock
Perry..does spam assassin come with your hosting account? If so activate it.
Other things you can do:
Don’t use live email links on your web pages
Make sure your contact forms are secure
Create spam filters in your email client
Ask your web host what tools they have to combat spam on the server.
Cheers
It is not possible to stop spam mails completely, but using SpamAssassin will only reduce the number of spam mails that will come to your mail box.
Regards
I am sick of spam as well. How can I set spamassassin to simply delete all the messages on the server directly without them being downloaded to my computer at all
Do you guys have a recommendation section, i’d like to suggest some stuff
I have added some words for example PFIZER , if found in the subject header , email should be treated as spam, score is 5 , but it does not work, still goes to the user mailbox, anybody can help or advise how to use effectively Spam Assassin?
I found your blog by chance . but i have to say that it’s great blog very useful information and very interesting subjects just greetings and good luck
i’m not going i will be always checking for updates.I’m very interested in CMS and all its related subjects.
Hey, i came across your website on youtube and i think it’s great!
Recently I published my personal e-mail address on a discussion board and began to receive numerous phishing emails I report them to the phishtrackers website this can help other people identify the scams.
Check out this article on how to detect spam passively with perl and spamassassin.
http://www.devconsec.com/2011/04/perl-spam-sniffer/