dcsimg

SpamAssassin

Welcome to our newest feature in Linux Magazine, the Project of the Month. If you've ever visited Freshmeat (http:// freshmeat.net) or SourceForge (http://sourceforge.net), the open source world's two most popular software directories, you know that there are simply too many interesting projects to keep an eye on. Each month we will highlight one open source project selected by our editors.

Welcome to our newest feature in Linux Magazine, the Project of the Month. If you’ve ever visited Freshmeat (http:// freshmeat.net) or SourceForge (http://sourceforge.net), the open source world’s two most popular software directories, you know that there are simply too many interesting projects to keep an eye on. Each month we will highlight one open source project selected by our editors.

Project (SpamAssassin)

Project Summary

SpamAssassin (SA for short) is all about eliminating spam (unwanted e-mail). It’s a rapidly evolving suite of tools for detecting and filtering spam.

How It Works

At its core, SA is a library of Perl code that can apply a set of tests to an e-mail message and give it a score based on how many tests the message “passes.” The tests are written in a Perl-like format that should still be readable to the average Linux user.

A simple rule is illustrated in Figure One. The first line tells SA that this test, MAKE_MONEY_FAST, should only be applied to the message header — specifically, the Subject line. It checks if the message subject contains “Make Money Fast” no matter how the phrase is capitalized (the trailing i means the search is case-insensitive).




Figure One: A Simple SpamAssassin Rule


header MAKE_MONEY_FAST Subject =~ /Make Money Fast/i
describe MAKE_MONEY_FAST Subject is known spam.
score MAKE_MONEY_FAST 4.0

The second line is a human-readable description of the test. If a message is caught by this test, the description “Subject is known spam” might be added to the message.

The last line assigns a score to this test. If a message matches, its score is increased by whatever value you assign. The value can be negative, so it’s possible to construct tests which decrease a message’s overall score.

After SA has run all of its tests, it must decide if the message is spam or not. It compares the message’s accumulated score with the threshold value, defined by the required_hits directive. The default threshold is 5.0.

SA comes with a lot of built-in tests, but you can add tests to your personal .spamassassin.cf file to extend its behavior. You can also alter the scores of SA’s existing rules.

Using It

SA can be used on an individual basis via procmail or as a Mail::Audit plug-in, or it can be used in a site-wide configuration, either by plugging directly into the MTA (qmail, postfix, exim, sendmail) or via a system-wide procmail configuration.

SA is most often used during the mail delivery process. It accepts an e-mail message on standard input and spits it back out on standard output. If the message is spam, it will prepend the subject with the string “***** SPAM *****” and insert a test summary into the body of the message that lists the tests that were triggered as well as their scores. It’ll also add an X-Spam-Status header to each mail message, listing the message score.

The end result is that once SA has checked your messages, you can easily spot spam by looking at the subject line or route it to a separate mailbox.

But Wait! There’s More…

The creators of SA made sure it could work with existing spam prevention systems. SA can see if the sending host is listed in any of the popular DNS-based blacklists. It can also check messages against another of the rising stars in spam prevention, Vipul’s Razor spam filtering network (http://razor.sourceforge.net).

Other SA features that you may find useful include the ability to scan incoming mail via the spamc/spamd client/server pair, the ability to “whitelist” known friends, and the ability to store user preferences in a relational database instead of the home directory.

If you want a great spam detection tool, check out SpamAssassin. It’s a great piece of software with an active development community behind it.



Have an idea for a project we should feature? Drop a note to potm@linux-mag.com and let us know.

Fatal error: Call to undefined function aa_author_bios() in /opt/apache/dms/b2b/linux-mag.com/site/www/htdocs/wp-content/themes/linuxmag/single.php on line 62