How Spamassassin Works

How Spamassassin Works

Check out its feature on how it works.

There are several ways that SpamAssassin makes up its mind about a message:

The message headers can be checked for consistency and adherence to Internet standards (e.g., is the date formatted properly?).

The headers and body can be checked for phrases or message elements commonly found in spam (e.g., MAKE MONEY FAST or instructions on how to be removed from future mailings)-in several languages.

The headers and body can be looked up in several online databases that track message checksums of verified spam messages.

The sending systems IP address can be looked up in several online lists of sites that have been used by spammers or are otherwise suspicious.

Specific addresses, hosts, or domains can be blacklisted or whitelisted.

A whitelist can be automatically constructed based on the senders past history of messages.

SpamAssassin can be trained to recognize the types of spam that you receive by learning from a set of messages that you consider spam and a set that you consider non-spam. (SpamAssassin and the spam-filtering community often refer to non-spam messages as ham. )

The sending systems IP address can be compared to the senders domain name using the Sender Policy Framework (SPF) protocol (http://spf.pobox.com) to determine if that system is permitted to send messages from users at that domain. This feature requires SpamAssassin 3.0.

SpamAssassin can privilege senders who are willing to expend some extra computational power in the form of Hashcash (http://www.hashcash.org).

Spammers cannot do these computations and still send out huge amounts of mail rapidly. This feature requires SpamAssassin 3.0.

Most of SpamAssassins behavior is controlled through a systemwide configuration file and a set of per-user configuration files. The per-user configuration can also be stored in an SQL database.

How to Configure it?

You can easily customize how SpamAssassin tags and identifies spam by creating a spamassassin/user_prefs file. You can customize the number of spam points required to identify a message as spam, create new rules, and re-weight existing rules. Here is a sample user_prefs file. It raises the threshold for identifying spam from 5 to 6, disables including spam warnings in the subject and body, reweights a known rule, and adds several blacklist, whitelist, and header rules.

Listing 1. A typical user_prefs configuration file

================================================================

How many hits before a mail is considered spam?

required_hits 6

Don’t mangle the messages so badly

rewrite_subject 0

use_terse_report 1

whitelist and blacklist

whitelist_from *@www.webhosting.uk.com

blacklist_from [email protected]

reweight an existing rule

score BASE64_ENC_TEXT 3

add some new rules

header KNOWN_LIST List-Id =~ /a-mailing-list-i-like/

score KNOWN_LIST -3

body EVITE /This invitation was sent to you by .* using Evite/

describe EVITE Looks like an eVite

score EVITE -3

================================================================

Also Check: Spam Assassin Basics

Sharing

Pin It on Pinterest

Share This