1 2Important Note For Users Upgrading From Earlier Versions 3-------------------------------------------------------- 4 5SpamAssassin no longer includes code to handle local mail delivery, as it 6was not reliable enough, compared to procmail. So now, if you relied on 7spamassassin to write the mail into your mail folder, you'll have to 8change your setup to use procmail as detailed below. 9 10If you used spamassassin to filter your mail and then something else wrote 11it into a folder for you, then you should be fine. 12 13Steps to take for every installation: 14 15 - Install Mail::SpamAssassin on your mail server, as per the INSTALL 16 document. 17 18 - Test it: 19 20 spamassassin -t < sample-nonspam.txt > nonspam.out 21 spamassassin -t < sample-spam.txt > spam.out 22 23 Verify (using a text viewer, ie. "less" or "notepad") that nonspam.out 24 has not been tagged as spam, and that spam.out has. The files should 25 contain the full text and headers of the messages, the "spam.out" 26 message should contain the header "X-Spam-Flag: YES" and be annotated 27 with a report from SpamAssassin, and there should be no errors when you 28 run the commands. 29 30 Even though sample-nonspam.txt is not spam, nonspam.out will 31 contain a SpamAssassin report anyway. This is a side-effect of 32 the "-t" (test) switch. However, there should be less than 5 33 points accumulated; when the "-t" switch is not in use, the report 34 text would not be added. For more verbose (debugging) output, add 35 the "-D" switch. 36 37 If the commands do not work, DO NOT PROCEED TO THE NEXT STEP, as you 38 will lose mail! 39 40 41 42If you use KMail: 43 44 - http://kmail.kde.org/tools.html mentions: 45 46 The filter setup is the work of five minutes (if that!) if you have a 47 working spamassassin set up. 48 49 The filter in question is "<any header><matches regexp> ." 50 51 The action is "<pipe through> spamassassin" 52 53 Then, in the advanced options, uncheck the "If this filter matches, 54 stop processing here" box. If you keep this filter at the top, it will 55 analyze any incoming mail, decide whether it's spam or not, and flag 56 it accordingly. 57 58 [Then add] a second filter behind it, which searches for the added 59 spam-flags and diverts them into a specific spam folder. [...] 60 61 62 63If you use procmail, or haven't decided on any of the above examples: 64 65 - Make a backup of your .procmailrc (if you already have one). 66 67 cp ~/.procmailrc ~/.procmailrc.bak 68 69 - add the line from procmailrc.example to ~/.procmailrc, at the top of 70 the file before any existing recipes. 71 72 That'll process all mail through SA, and refile spam messages to 73 a folder called "caughtspam" in your home directory. 74 75 - Send yourself a mail message, and ensure it gets to you. If it does 76 not, copy your old backed-up .procmailrc file back into place and ask 77 your sysadmin for help! Here's commands to do that: 78 79 cp ~/.procmailrc.bak ~/.procmailrc 80 echo "Help!" | mail root 81 82 83 84If you want to use SpamAssassin site-wide: 85 86 - take a look at the notes on the Wiki website, currently at 87 <http://wiki.apache.org/spamassassin/UsingSiteWide>. You will probably 88 want to use 'spamd' (see below). You may want to investigate the 89 new Apache mod_perl module, in the 'spamd-apache2' directory, too. 90 91 - *PLEASE* let your users know you've installed it, and how to turn it 92 off! This is our #1 tech support query, and the users are usually 93 pretty frustrated once it reaches that stage. 94 95 - *PLEASE* consider setting it up as "off by default" for most accounts, 96 and let users opt-in to using it. Quite a few folks prefer not to 97 have their mail filtered, presumably because they don't use their 98 email address publicly and do not get much spam. 99 100 - Note that procmail users adding spamc to /etc/procmailrc should 101 add the line 'DROPPRIVS=yes' at the top of the file. 102 103 104The Auto-Whitelist 105------------------ 106 107The auto-whitelist is enabled using the 'use_auto_whitelist' option. 108(See http://wiki.apache.org/spamassassin/AutoWhitelist for details on 109how it works, if you're curious.) 110 111 112Other Installation Notes 113------------------------ 114 115 116 - Hashcash is a useful system; it requires that senders exercise a 117 CPU-intensive task before they can send mail to you, so we give that 118 some bonus points. However, it requires that you list what addresses 119 you expect to receive mail for, by adding 'hashcash_accept' lines to 120 your ~/.spamassassin/user_prefs or /etc/mail/spamassassin/local.cf 121 files. See the Mail::SpamAssassin::Plugin::Hashcash manual page for 122 details on how to specify these. 123 124 125 - SpamAssassin now uses a temporary file in /tmp (or $TMPDIR, if that's 126 set in the environment) for Pyzor and DCC checks. Make sure that this 127 directory is either (a) not writable by other users, or (b) not shared 128 over NFS, for security. 129 130 131 - You can create your own system-wide rules files in 132 /etc/mail/spamassassin; their filenames should end in ".cf". Multiple 133 files will be read, and SpamAssassin will not overwrite these files 134 when installing a new version. 135 136 137 - You should not modify the files in /usr/share/spamassassin; these 138 will be overwritten when you upgrade. Any changes you make in 139 files in the /etc/mail/spamassassin directory, however, will 140 override these files. 141 142 143 - Rules can be turned off by setting their scores to 0 in a 144 configuration or user-preference file. 145 146 147 - Speakers of Chinese, Japanese, Korean or Arabic may find it useful to 148 turn off the rules listed at the end of the "user_prefs.template" 149 file; we've found out that these rules are still triggering on 150 non-spam CJK mails. 151 152 153 - If you have an unusual network configuration, you should probably 154 set 'trusted_networks'. This allows SpamAssassin to determine where 155 your internal network ends and the internet begins, and allows DNS 156 checks to be more accurate. If your mail host is NATed, you will 157 almost certainly need to set 'trusted_networks' to get correct 158 results. 159 160 161 - A very handy new feature is SPF support, which allows you to check 162 that the message sender is permitted by their domain to send from the 163 IP address used. This has the potential to greatly cut down on mail 164 forgery. (see http://spf.pobox.com/ for more details.) 165 166 167 - MDaemon users should add this line to their "local.cf" file: 168 169 report_safe_copy_headers X-MDRcpt-To X-MDRemoteIP X-MDaemon-Deliver-To 170 171 Otherwise, MDaemon's internal delivery will fail when SpamAssassin 172 rewrites a message as spam. 173 174 175 - The distribution includes 'spamd', a daemonized version of 176 SpamAssassin which runs persistently. Using its counterpart, 177 'spamc', a lightweight client written in C, an MTA can process 178 large volumes of mail through SpamAssassin without having to 179 fork/exec a perl interpreter for each message. Take a look in the 180 'spamd' and 'spamc' directories for more details. 181 182 183 - The distribution also includes 'spamd-apache2', a mod_perl module 184 allowing the Apache HTTP server to be used as a platform for a 185 daemonized SpamAssassin, in an upwardly-compatible fashion from 186 'spamd'. If you don't require some of the spamd features it does not 187 implement (such as switching UIDs to read per-user configuration from 188 user home directories), this may be much faster than spamd. Take a 189 look at the 'spamd-apache2' directory for details. 190 191 192 - spamc can now be built as a shared library for use with milters or 193 to link into other existing programs; simply run "make libspamc.so" 194 to build this. 195 196 197 - If you get spammed, it is helpful to everyone else if you re-run 198 spamassassin with the "-r" option to report the message in question as 199 "verified spam". This will add it to Vipul's Razor, DCC and Pyzor, 200 assuming you've set these up appropriately. 201 202 spamassassin -r < spam-message 203 204 If you use mutt as your mail reader, this macro will bind the X key to 205 report a spam message. 206 207 macro index X "| spamassassin -r" 208 209 This is, of course, optional -- but you'll get lots of good-netizen 210 karma. ;) 211 212 213 - Quite often, if you've been on the internet for a while, you'll have 214 accumulated a few old email accounts that nowadays get nothing but 215 spam. You can set these up as spam traps using SpamAssassin; see the 216 ''SPAM TRAPPING'' section of the spamassassin manual page for details. 217 218 If you don't want to go to the bother of setting up a system yourself 219 to do this, take a look here [1] for a simple forwarding-based 220 alternative. 221 222 [1]: http://wiki.apache.org/spamassassin/SpamTrapping 223 224 225 - Scores and other user preferences can now be loaded from, and Bayes 226 and automatic reputation data can be stored in, an SQL database; see 227 the 'sql' subdirectory for more details. 228 229 If you are setting up a large 'spamd' system-wide installation, with 230 Bayes and/or automatic reputation, we strongly recommend using SQL as 231 storage. It has proven more reliable than the default DB_File storage 232 backend at several large sites. For Bayes, you should always use the 233 new Redis backend (see Mail::SpamAssassin::BayesStore::Redis). 234 235 236 - If you are running SpamAssassin under a disk quota, or are setting up 237 'spamd' with users with disk quotas, be warned that the DB_File 238 database module used by SpamAssassin for Bayes, TxRep, and AWL storage 239 seems to be unreliable in the face of quotas (bug 3796). In this 240 situation, we recommend using SQL storage for those databases, instead 241 of DB_File. 242 243 244 - Lots more ways to integrate SpamAssassin can be read at 245 http://wiki.SpamAssassin.org/ . 246 247 248(end of USAGE) 249 250// vim:tw=74: 251