Versions Compared

Old Version 20

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version Current

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: converted to 1.6 markup

...

In general, no. While SpamAssassin is very good at picking out a large proportion of spam, it's impossible for a computer to do this job perfectly. Legimate mail incorrectly marked as spam is known as FalsePositives or FPs (see AvoidingFpsForAdmins and AvoidingFpsForSenders). You should only delete mail if you (and your users/customers) would find it acceptable to lose mail that might be legitimateare FPs. A much better idea is to filter possible spam into a separate folder that can be checked less frequently than the normal mailbox.

It is possible to reject the mail at the smtp level, generating a delivery error, so the sender is notified that their message is rejected. This works well imo. You need to use a mail server that supports this(I use , such as mimedefang+sendmail). Many more are listed in IntegratedInMta. Mimedefang also allows me you to save the mail to a central archive that I you can extract from if I you get a an FP. If you do reject mail at the 5xx delivery level you need to set your spam threshold higher than the default of 5.

If you have so much spam that manually reviewing all messages isn't practical, you can reduce the risk from automatic deletion by implementing through rules an "email password"; email that includes the email password in the subject (or body) could be ranked as much less likely to be spam. Then, make sure that those who might legitimately contact you can learn the email password, e.g., by placing a shrouded graphic of the email password on your website. Make sure you can change your email password later (e.g., by changing rules), in case spammers start including your old email password. You can see more about email passwords at http://www.dwheeler.com/essays/spam-email-password.html You can also implement a whitelist, so that messages claiming to come from certain addresses is less likely to be deleted.

Wiki Markup
(EditHint: I log in into a shell account, so I wrote a perl script that checks my spam mailbox for new messages \[i.e. those missing a Status field in the header\] and included it in my .bashrc.  This script, with the -r option, also marks all those messages as read so I don't see those same headers popping up next time I log in.)

But I really really want to do it anyway!

Don't say we didn't warn you (wink)

This page – "So you want to delete all your spam!" http://www.exit0.us/index.php/So%20you%20want%20to%20%27delete%27%20all%20your%20spam%21 tells how to configure procmail + SpamAssassin to delete email that looks like spam.

(EditHint: should we merge these 2 wiki pages, reducing one to merely a pointer to the other ?)

If you do want to delete mail tagged as spam, you really need to consider where you put the borderline. By default, SpamAssassin will call all messages scoring over 5.0 spam. If you set the "delete" threshold at 5.0, there's a real risk that you'll delete legitimate mail that happened to score slightly over 5.0. You should consider setting a deletion threshold at something considerably higher than 5.0 – maybe as high as 10 or 15 points.

It's not too difficult to write a non-spam message that scores 6.0. But it's quite hard to accidentally write a message that scores over 15! On the other hand, spammers seem quite capable of writing messages that score 30 or more points.

You really do need to make sure your users are aware of any policy that will result in messages being deleted without them knowing about them. You might possibly need to be sure that doing this is permissible under the laws that apply in your jurisdiction.

If you're working in an organisation that might get upset if legitimate messages "go missing", you might need to get an auto-delete policy signed off by management, just to ensure you are covered when the mail that clinches a multi-million deal gets auto-deleted because it scored 5.1 when the auto-delete threshold was set at 5.0.

How can I configure procmail to bounce messages flagged as spam?

Don't bounce to the 'From:' addresses. They are almost always forged in spam messages. The innocent people at those addresses don't need thousands of bounce messages. If your own address has been forged by spammers as From-address, you know what I'm talking about.

(EditHint: Are you saying don't bounce at all ? Or is there an envelope-from that's different from the "From:" in the subject line that I *can* bounce to ?) Reply: don't bounce spams at all. You can't trust any portion of the message, including the envelope info. If you bounce spam, you're just contributing to the effectiveness of Joe Jobs. The rest of this page is in error. The only way to block spam is to deny it before your mailer accepts it for delivery. Once you've accepted it, all you can do is delete it.

Here's a recipe that I use with qmail and maildrop (if you use e.g. sendmail and procmail instead, it will not work) to delete and bounce all spam messages:

{{{$ cat .qmail

/var/qmail/bin/preline /usr/local/bin/maildrop
$ cat .mailfilter exception {
xfilter "/usr/bin/spamassassin"
}
if (/^X-Spam-Flag: *YES/)
{
echo "This message has been blocked as spam."
EXITCODE=100
exit
} }}}

...

But I really really want to do it anyway!

Don't say we didn't warn you (wink)

SpamAssassin itself will not delete any emails. It's only a filter which reads email in, and passes that same email out, modified in some way. If you want to delete emails, or redirect emails, you need to do it in whatever program calls SpamAssassin.

The following procmail script will delete mail with a score of 15 or higher. By moving the # (comment) mark up one line, it will save all mail with a score of 15 or higher in a separate folder rather than deleting. The general implementation then, is that mail with a score of less than 5 goes into the inbox, a client side rule triggering on "X-Spam-Status: YES" will cause mail scoring between 5 and 15 to go into a Junk Mail folder where it can regularly be checked, and mail of 15 or higher will be stored on the server or dropped on the floor.

No Format

Uncomment the following 3 lines and use tail -f procmail.log to debug
#LOGFILE=$HOME/procmail.log
#VERBOSE=yes
#LOGABSTRACT=all

# Send all mail through SpamAssassin

:0fw: spamassassin.lock
* < 256000
| spamassassin


# Mail that is very likely spam (>15) can be dropped on the floor.
# Move the # up one line to save it on the server instead.
# Note that dropping mail on the floor is a *bad*
# idea unless you really, really believe no false positives will
# have a score greater than 15.

:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null
#almost-certainly-spam

A more feature-filled version of this script than supports learning and forwarding is at ProcmailToForwardMail.

How can I configure procmail to bounce messages flagged as spam?

Don't do this. Most spam forge the From line. If you bounce to it, you'll likely just be contributing to the Joe Job of some innocent soul. If you want to bounce messages (so that senders know it didn't reach you), you need to do it at the MTA level as described above.

Qmail

If you're using qmail (see IntegratedInMta), you can set up SpamAssassin through Qmail-Scanner, which has a patched version able to delete spam at a given threshold. Alternatively, you can configure the patched version of Qmail-Scanner to reject spam at a given threshold during the smtp session. Rejecting spam is a better approach than silently deleting or bouncing it because the sender (assuming its a real person) will know the message wasn't delivered and the sending mail server will have to handle the bounce which prevents back scatter from being sent by your mail server. Here's the patched version and the original.

If you don't want the full Qmail-Scanner you can try Mailparser by Eric Bambach. Originally a very lightweight C program but now (9/14/2007) re-implemented in perl it will drop any message that has X-Spam-Flag: YES in the header.

Rename /var/qmail/bin/qmail-queue to qmail-queue.orig and add it to the delivery queue after SpamAssassin.

Example /var/qmail/bin/qmail-queue file

No Format

 #!/bin/bash
 /usr/bin/spamc | /var/qmail/bin/mailparser | /var/qmail/bin/qmail-queue.orig

Challenge-response and Email passwords

If you're willing to make senders jump through hoops to reach you, you can begin rejecting all mails except for ones known to be legitimate. Some believe this solution is worse than the disease.

  • Principles of a Challenge-Response system by Brad Templeton
  • TMDA is the best known Challenge-Response system
  • Email passwords by David Wheeler are another implementation

Contributors