Spamassassin

From YobiWiki
Jump to navigation Jump to search

Très facile à intégrer à exim4

Installation

apt-get install spamassassin sa-exim

Activer le démon spamassassin
Dans /etc/default/spamassassin mettre ENABLED à 1

sa-exim

Dans /etc/exim4/sa-exim.conf chercher SAEximRunCond et soit l'activer toujours (=1) ou seulement s'il n'y a pas déjà de headers sa-exim dans le message (commenter alors la ligne avec =0)

Option: Greylisting


/etc/spamassassmin/local.cf: recopier les 4 lignes mentionées dans /usr/share/doc/sa-exim/README.greylisting.gz à partir de loadplugin...
/etc/exim4/sa-exim.conf: mettre 

SAtempreject: 9.0 (ou 3.0 pour un greylisting plus aggressif)
SAgreylistraisetempreject: 3.0 (or 9.0)

Le total doit être <= SAPermreject!
Apparemment il faut mettre SAmaxrcptlistlength à 8000
Problème: mon fetchmail subit aussi le greylisting. Solution: rendre la valeur du threshold dépendante de l'IP d'origine, fetchmail tournant en local. Rem: la seconde IP est l'IP du vserveur mx 

SAtempreject: ${if and { {!eq {$sender_host_address}{127.0.0.1}} {!eq {$sender_host_address}{85.234.207.100}} } {3.0}{10000.0}}

On peut ajouter d'autres IPs mais il faut veiller à ce que tout tienne sur la même ligne

Option: DNS Sender Policy Framework (SPF)

apt-get install libmail-spf-query-perl

À tester davantage...

Learning new spam

Here is a script to save in e.g. /usr/local/sbin/sa-learn-from-md 

#! /bin/sh

[ -x /usr/bin/sa-learn ] || exit 0

# For every existing user who has his homedir under /home and has a Maildir
for i in $(cut -f6 -d: /etc/passwd|grep /home);
do 
    if [ -d $i/Maildir/.*SPAM.learn/cur ];
    then 
        # Get the mails to train spamassassin
        for f in $i/Maildir/.*SPAM.learn/cur/*; do
                if [ -e $f ]; then
                       # Debian-exim does not have read access to the mails so we pipe them
                        cat $f|su - -s /bin/bash Debian-exim -c "sa-learn --spam" |grep -v "Learned tokens from"
                        # Move files to the Spam dir
                        mv $f $i/Maildir/.*SPAM/cur/
                fi
        done
    fi;
done

exit 0

And you can schedule cron to call it e.g. hourly: 

mx:/etc/cron.hourly# ln -s /usr/local/sbin/sa-learn-from-md

So, what does it do?
To use it, create a "SPAM" directory with a "learn" sub-dir in your Maildir via e.g. IMAP.
Drop the non-filtered spam you got into the SPAM/learn.
Every hour the mails will be used to train the global spamassassin DB and will be moved to the SPAM dir.

Retrieved from "https://wiki.yobi.be/index.php?title=Spamassassin&oldid=1552"