Ultimate Setup Guide

UPDATED: 7/16/2011
This page contains Warren’s tips to tweak a default SpamAssassin deployment for maximum spam detection, but without sacrificing safety or speed.

  • Install Complete Spamassassin Stack
    • See instructions here for Debian and Ubuntu.
    • Read here for Warren’s custom RPM packages and release notes for RHEL, CentOS or Scientific Linux.
  • URGENT Temporary Configurations
    • Nothing currently.
  • Common Mistakes
    • Many people think it would be a good idea to lower the spam detection threshold below the default 5 points. This is a bad idea. See Justin Mason’s excellent blog entry on this topic including charts.
    • Do not use SARE and RulesDuJure.  These collections of rules died years ago and are now dangerous to use. This site documents literally *all* rules that have been tested to be safe.  Do not use anything listed on the horribly outdated CustomRulesets page. It should probably be wiped out to avoid confusing people.
    • Spamassassin-3.2.x and earlier are UNSUPPORTED AND DANGEROUS to use.  You really should upgrade to the latest version.
    • Be aware of the usage limits of free network rules as if your server exceeds these limits, they may block your IP address, causing significant problems to your mail delivery both in speed and spam detection accuracy.  You could be losing mail!
    • You should NEVER need to use CPAN on a RPM or DEB based Linux distribution.  You can easily create difficult to support situations where you have CPAN installed perl modules separate from your distribution’s perl modules.
  • List your Outbound MTA IP Address in DNSWL
    • Read here to learn why DNSWL is useful, and learn about DNSWL’s four levels.
  • ADD-ON DNSBL’s and recommended scores
    • Justin Mason’s SOUGHT is very safe and effective.  SOUGHT contains spam patterns that are updated daily in an independent sa-update channel. Fedora, RHEL6 and my RHEL5 package have SOUGHT already enabled by default, but if you are using other distributions you may need to install it manually and configure cron to sa-update its channel on an automated basis.
    • Steve Freegard’s SMF_BRACKETS_TO
    • You should really install these plugins. They require no configuration, they are VERY effective (Razor catches ~73% of spam) and they are very easy to install.
    • RHEL/CentOS/Fedora: yum install pyzor perl-Razor-Agent
    • Debian/Ubuntu: apt-get install razor pyzor
    • DCC is good too, but you need to build it manually. You need only the dccproc binary.

Have any suggestions?  You may e-mail me, or post a comment here.