Introduction: How to Fight Spam Using Spamassassin, Dnsbl, and Procmail

Picture of How to Fight Spam Using Spamassassin, Dnsbl,  and Procmail

I run my own mail server, and I check my email most of the time using pine. Over the years I had set up spam filters in pine to weed out spam. But I have also been known to use my blackberry to check email using squirrelmail. Well my pine filters did not work on squirrelmail. Plus more spam had been coming through lately.

This instructable will show you how to set up spamassassin on Fedora using procmail to move messages marked as spam to a spam folder automatically.



Step 1: Install Prerequisites

Picture of Install Prerequisites

You'll want to install your prerequisites:

joe@fletcher ~$ sudo yum install sendmail-cf sendmail procmail spamassassin spammass-milter

Step 2: Sendmail Configuration

Picture of Sendmail Configuration

You want to check that sendmail is using the DNS Blacklist.

Edit sendmail.mc and add the lines below

joe@fletcher ~$ vi /etc/mail/sendmail.mc
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `cbl.abuseat.org', `"Spam blocked see: http://cbl.abuseat.org/lookup.cgi?ip="$&{client_addr}')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `"Spam blocked see: http://spamhaus.org/query/bl?ip="$&{client_addr}')dnl
FEATURE(`dnsbl', `list.dsbl.org', `"Spam blocked see: http://dsbl.org/listing?"$&{client_addr}')dnl

While you have that open, add procmail as the default mailer:
MAILER(procmail)dnl

Step 3: Sendmail Restart

Picture of Sendmail Restart

After you have made your changes to sendmails mc file you should restart the sendmail service to rebuild the config file (sendmail.cf)

joe@fletcher ~$ sudo service sendmail restart

Step 4: Set Up Procmail Logging

Picture of Set Up Procmail Logging

joe@fletcher ~$ sudo vi /etc/procmailrc
LOGFILE=/var/log/procmail.log
#Uncomment below for troubleshooting
#VERBOSE=YES
#LOGABSTRACT=YES

You can check procmail now by tailing the log file under /var/log

joe@fletcher ~$ tail /var/log/procmail

Step 5: Local Procmail Config

Picture of Local Procmail Config
Create a .procmailrc in your home directory
joe@fletcher ~$ vi .~/procmailrc
:0:
  • X-Spam-Status: Yes
/home/joe/mail/spam

Step 6: Custom Milters

Picture of Custom Milters

You will want to create a set of custom filters/miters.

Apache.org has a great write up on creating your own custom rules here:
Wiki Page

I am sure you have noticed that spam is follows patterns. For instance I get the same spam about candy deals with similar subject lines for a few months at a time. You could write a rule looking for a few of these things.

joe@fletcher ~$ sudo vi /etc/mail/spamassassin/local.cf
header CANDY_1 From =~ /hard/i
header CANDY_2 From =~ /candy/i
header CANDY_3 Subject =~ /hard/i
header CANDY_4 Subject =~ /candy/i
header CANDY_5 Subject =~ /urban decay/i
meta CANDY_MULTI_TEST ((CANDY_1 + CANDY_2 + CANDY_3 + CANDY_5) > 1.0 )
score CANDY_MULTI_TEST 5.0

If any two of the above conditions are met, then mark it as spam.

Another option is to blacklist certain domains:
blacklist_from *@citylinenews.com

Or if you know the subject you do not want to receive:
header WARRANTY_CHECK Subject =~ /Home Warranty/i
score WARRANTY_CHECK 5.0

Step 7: Check Rules

Picture of Check Rules

Check the rules you have created:

joe@fletcher ~$ spamassassin --lint -D

If it has no errors, restart spamassassin:
joe@fletcher ~$ sudo service spamassassin restart

Step 8: Bayes

Picture of Bayes

You can train spamassassin to identify spam using bayesian filters.

First point it at your spam folder:
joe@fletcher ~$ sa-learn --mbox --spam /home/joe/mail/spam

Then your inbox:
joe@fletcher ~$ sa-learn --mbox --nonspam /var/mail/joe

It will begin using the filters when you have > 200 spams and hams.

Step 9: Done.

Picture of Done.

At this point you have completed your first step towards a spam free inbox.

You'll have to keep looking in your spam folder for the first week or so to see if everything marked as spam is in fact spam. If spam is getting through be sure to look at the headers and see if there is anything you can identify as a pattern and write a new rule for it.

I usually just tail /var/log/procmail and check to see if any non spam has been incorrectly marked.

Good luck!

-Joe

Comments

Siebe (author)2008-09-30

i like ham not really

mchenson (author)2008-08-26

You should also join Spamcop - as you know the Spammer's address is invariably bogus, and the Subject line subject change with the hour. The only real way to stop Spammers is to go after the Open Relays and Ports they use to send their Spam from. And of course make sure your SMTP-relay is as secure as possible!

About This Instructable

10,460views

5favorites

License:

Bio: I like to tinker with just about anything, sometimes it works out in the end. Have fun looking at the projects, try tearing something open ... More »
More by joe:Intel Edison Garage Monitor and Alert SystemIntel Edison Fat Bike Tire AnalyzerIntel Galileo Garage Monitor
Add instructable to: