Spamassassin is free software that tags spam mail. It is very powerful, using fuzzy checks that can rely upon other spam tagging systems. Its documentation is not perfecty clear, so I set up a this page explaining my experience with it, which may be useful to other people using it. References are made to spamassassin version 2.42.
Keep in mind that:
The algorithm works using a database of entries. Each entry has a key formed by the From: address and the IP address (which IP?), and contains a TOTAL score and a COUNT number. The MEAN score is TOTAL/COUNT. The current algorithm works as follows:
NOTE for version 2.42 only: in 2.42 the third step is in fact:
Versions 2.41 and 2.43 do not exhibit this problem. So do not use 2.42 with auto-whitelist enabled for a centralised autowhitelist, or just go to AutoWhitelist.pm and delete the offending line (the one with the 5 multiplier) end the relative comment.
Apart from this bug, I am not yet able to tell whether auto whitelisting is desirable or not. I am currently keeping it disabled both for my personal spamassassin and for the centralised one I installed.
printf "% 8.1f %15s -- %s\n",$t/$v,(sprintf "(%.1f/%d)",$t/$v,$v),$key;
dialup_codes { "domain1" => "127.0.x.y", "domain2" => "127.0.a.b" Default: { "dialups.mail-abuse.org." => "127.0.0.3", # For DUL + other codes, we ignore that it's on DUL "rbl-plus.mail-abuse.org." => "127.0.0.2", "relays.osirusoft.com." => "127.0.0.3" }; WARNING!!! When passing a reference to a hash, you need to put the whole hash in one line for the parser to read it correctly (you can check with "spamassassin -D < mesg") Set this to what your RBLs return for dialup IPs It is used by dialup-firsthop and relay-firsthop rules so that you can match DUL codes and compensate DUL checks with a negative score if the IP is a dialup IP the mail originated from and it was properly relayed by a hop before reaching you (hopefully not your secondary MX :-) The trailing "-firsthop" is magic, it's what triggers the RBL to only be run on the originating hop The idea is to not penalize (or penalize less) people who properly relayed through their ISP's mail server Here's an example showing the use of Osirusoft and MAPS DUL, as well as the use of check_two_rbl_results to compensate for a match in both RBLs header RCVD_IN_DUL rbleval:check_rbl('dialup', 'dialups.mail-abuse.org.') describe RCVD_IN_DUL Received from dialup, see http://www.mail-abuse.org/dul/ score RCVD_IN_DUL 4 header X_RCVD_IN_DUL_FH rbleval:check_rbl('dialup-firsthop', 'dialups.mail-abuse.org.') describe X_RCVD_IN_DUL_FH Received from first hop dialup, see http://www.mail-abuse.org/dul/ score X_RCVD_IN_DUL_FH -3 header RCVD_IN_OSIRUSOFT_COM rbleval:check_rbl('osirusoft', 'relays.osirusoft.com.') describe RCVD_IN_OSIRUSOFT_COM Received via an IP flagged in relays.osirusoft.com header X_OSIRU_SPAM_SRC rbleval:check_rbl_results_for('osirusoft', '127.0.0.4') describe X_OSIRU_SPAM_SRC DNSBL: sender is Confirmed Spam Source, penalizing further score X_OSIRU_SPAM_SRC 3.0 header X_OSIRU_SPAMWARE_SITE rbleval:check_rbl_results_for('osirusoft', '127.0.0.6') describe X_OSIRU_SPAMWARE_SITE DNSBL: sender is a Spamware site or vendor, penalizing furthe score X_OSIRU_SPAMWARE_SITE 5.0 header X_OSIRU_DUL_FH rbleval:check_rbl('osirusoft-dul-firsthop', 'relays.osirusoft.com.') describe X_OSIRU_DUL_FH Received from first hop dialup listed in relays.osirusoft.com score X_OSIRU_DUL_FH -1.5 header Z_FUDGE_DUL_MAPS_OSIRU rblreseval:check_two_rbl_results('osirusoft', "127.0.0.3", 'dialup', "127.0.0.3") describe Z_FUDGE_DUL_MAPS_OSIRU Do not double penalize for MAPS DUL and Osirusoft DUL score Z_FUDGE_DUL_MAPS_OSIRU -2 header Z_FUDGE_RELAY_OSIRU rblreseval:check_two_rbl_results('osirusoft', "127.0.0.2", 'relay', "127.0.0.2") describe Z_FUDGE_RELAY_OSIRU Do not double penalize for being an open relay on Osirusoft and another DNSBL score Z_FUDGE_RELAY_OSIRU -2 header Z_FUDGE_DUL_OSIRU_FH rblreseval:check_two_rbl_results('osirusoft-dul-firsthop', "127.0.0.3", 'dialup-firsthop', "127.0.0.3") describe Z_FUDGE_DUL_OSIRU_FH Do not double compensate for MAPS DUL and Osirusoft DUL first hop dialup score Z_FUDGE_DUL_OSIRU_FH 1.5