SpamAssassin : Tweaks for new Spam methods

There have been lately a huge increase in spam due mainly to botnets, spammers also have shifted their spam methods, using embedded images and obfuscating techniques to avoid OCRs.

This two factors together mean that I’ve got a lot more work maintaining my spamassassin installation :) and also that the standard config or some deviations on the scoring is not good enough, even with score tweaking I still got lots of Stocks and embedded gif spam, after some checking around I found some solutions in Rules Emporium. Also updating is a must so try always to keep up to date, right now I’m running Spam Assassin 3.1.7.
Finally after some tweaking and more tweaking I arrived to this config:

  • Auto White-list and Bayes using MySQL DB Engine
  • user_pref integrated into our user control panel
  • Razor2 integration
  • SPF Integration
  • Score tweaking
  • New rules added using Rules Emporium ImageInfo and Stock Rules

With this method the false positives have gone down and the stock and image spam is being stopped (finally!).

The Rules Emporium ImageInfo plugin consumes a lot less CPU than using an OCR plug-in and even if it’s based on broader rules it catches even the hardest embedded image spam, you can get the plugin here. Also the stock ruleset got rid of most of the stock spam that I was receiving, this spam is quite hard to guess indeed! You can get the ruleset here.
Here is the final tweaked local.cf config in SpamAssassin

Also it’s important to have this modules loaded in your v310.pre file:

The way to install the additional config and plugins should be as follows:

Copy the new .cf (configuration) files into the directory where SpamAssassin keeps the configuration in your install. In Red Hat machines this directory is /usr/share/spamassassin.

Copy the new .pm (modules) into the SpamAssassin PlugIn module which is by default /usr/lib/perl5/vendor_perl/5.8.3/Mail/SpamAssassin/Plugin/ (this directory of course, is for Perl version 5.8.3, change the version to the one you have installed).

Don’t forget to restart SpamAssassin after adding the new files!

It’s always a good idea to start spamd with -D after activating modules, since most of the times you’re missing a perl module which one of your modules have a dependency with.

This configuration is not really CPU hungry so it’s great for people who are running on a tight server budget.

2 thoughts on “SpamAssassin : Tweaks for new Spam methods

  1. kuriharu says:

    How do I install the plugins? I downloaded them from the sites you mentioned, but don’t have any clue as to how to install them. Please offer a suggestion. Thanks!

  2. lynxman says:

    Ok, how to install… I’ll add that to the article too.

    To add the .cf files you must copy them into the directory where spamassassin keeps all the .cf files, in my configuration that is /usr/share/spamassassin.

    The .pm module have to go where the SpamAssassin Plugins are, if you install SpamAssassin through a package try to list the package and you’ll see a directory /usr/lib/perl5/vendor_perl/5.8.3/Mail/SpamAssassin/Plugin/ like this.

Leave a Reply

Your email address will not be published. Required fields are marked *