[afnog] Spamassassin warning

Hervey Allen hervey at nsrc.org
Mon Nov 14 15:56:47 EAT 2005


I posted a long reply to someone asking about how to setup
up Spamassassin to "automatically update" and scan for Spam
on their mailserver here:

Much of this discusses the bits and pieces of Spamassasin
that are cpu or network intensive and what you may or may
not want to do when configuring Spamassasin on your system.
The original message is here:

http://www.apnic.net/mailing-lists/pacnog/archive/2005/06/msg00017.html

And, here's a copy of the email:

> Hello Everyone:
> 
> I thought this was a very timely question so I asked
> Hermann if I could respond to this to the entire list. If
> you install SpamAssassin to run with your MTA (in our
> case Exim), then by default SpamAssassin will query a set
> of Realtime Blackhole Lists, i.e. DNS Blocklists to
> determine if an incoming message is spam. You should read
> this section of the SpamAssassin documentation to see how
> you can further configure this option:
> 
> http://wiki.apache.org/spamassassin/DnsBlocklists
> 
> You don't need to update anything in this case as
> SpamAssassin is querying services that automatically
> update themselves. What you should, however, do is run a
> local, caching nameserver so that the results from these
> DNS requests are cached on your local network. The
> SpamAssassin documentation concerning this is here:
> 
> http://wiki.apache.org/spamassassin/CachingNameserver
> 
> If you wish to use some of the checksum-based systems
> that are available:
> 
> * pyzor       http://pyzor.sourceforge.net/ 
> * dcc:        http://www.rhyolite.com/anti-spam/dcc/ 
> * razor:      http://razor.sourceforge.net/
> 
> then you need to download and install each one. The
> default SpamAssassin build and configuration file checks
> to see if these are available when you start the spamd
> (SpamAssassin Server) service. If any/all are found, then
> SpamAssassin will use them. Remember during the workshop
> we turned these off during install as they increase
> overhead on your system. All three of these systems are
> automatically updated and you do not need to do anything
> other than install the software that lets SpamAssassin
> use the services. You can see a summary of this here:
> 
> http://wiki.apache.org/spamassassin/NetworkTests
> 
> Generally speaking you'll want to install, maybe, one of
> these at a time to see what affect they have on your
> mailserver's performance.
> 
> If you search this page:
> 
> http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html
> 
> 
> for "pyzor", "razor", and "dcc" you'll see where and how
> to set SpamAssassin support for each item in your
> SpamAssasin configuration file. Under FreeBSD this file
> resides here:
> 
> /usr/local/etc/mail/spamassassin
> 
> and is called "local.cf"
> 
> 
> The configuration file we created in class turned off
> everything except the included default SpamAssassin
> filter rules. Our file looked like this:
> 
> use_dcc 0 use_pyzor 0 use_razor2 0 skip_rbl_checks 1 
> use_bayes 0
> 
> The default SpamAssassin filtering rules are here:
> 
> http://wiki.apache.org/spamassassin/SpamAssassinRules
> 
> In order to update these you need to update your version
> of SpamAssassin. The reality is that the SpamAssassin
> filtering rules do not change all that often as creating
> a good filter set is complex. See this entry in the
> SpamAssassin Wiki for a quick discussion of this:
> 
> http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates?highlight=%28update%29
> 
> 
> Finally, an MTA like Exim also has support for checking
> email against DNS Blocklists (RBLs). To see how you do
> this read the enabling DNS Blocklists page from the Exim
> site here:
> 
> http://www.exim.org/howto/rbl.html
> 
> and, from the Exim manual here's how you would use the
> results from using DNS blocklists with your Exim Access
> Control Lists to take action:
> 
> http://www.exim.org/exim-html-4.20/doc/html/spec_37.html
> 
> But, generally speaking, if you are going to run
> SpamAssassin, then this is not necessary.
> 
> Take a look at our workshop presentation about Handling
> Unwanted Email here:
> 
> http://ws.edu.isoc.org/workshops/2005/PACNOG-I/day1/mail/SpamTalk.pdf
> 
> 
> as you go about implementing any of these solutions. A
> more in-depth discussion about using Exim's DNS Blocklist
> support and content-filtering can be found here:
> 
> http://ws.edu.isoc.org/workshops/2005/PACNOG-I/day1/mail/junkmail-conf.htm
> 
> 
> Finally, if you find that your mail server performance
> begins to lag as you implement some of these solutions
> take a look at the SpamAssasin pages for suggestions on
> increasing performance:
> 
> http://wiki.apache.org/spamassassin/FasterPerformance
> 
> In addition consider your use of Bayesian logic for
> detecting spam on your system. This is cpu-intesive. See
> these pages for some discussion:
> 
> http://wiki.apache.org/spamassassin/BayesInSpamAssassin?highlight=%28bayes%29
>  http://wiki.apache.org/spamassassin/BayesFaq
> 
> With all of these checks for spam available you may find
> that not all of them are necessary to reach the level of
> accuracy you need for your user base. You'll probably
> need to do some testing, or pay attention to how things
> are working to configure and tune your mailserver
> appropriately.
> 
> It's a lot of information, but I hope it helps. The
> critical point here is that if you run SpamAssassin in
> it's default configuration it will use Bayesian logic
> tests, DNS Blocklists and checksum systems (razor, pyzor,
> dcc) if installed. The DNS Blockliss and checksum systems
> are udpated at their end automatically - you just
> communicate with them via the SpamAssassin service.
> 
> Cheers everyone, - Hervey
> 
> 



More information about the afnog mailing list