How to stop more spam

A couple of years ago, we set up a Linux box running Postfix, SpamAssassin and Amavisd to try and reduce the amount of spam we were getting on our mail server. We used the latest versions of each product. It has done pretty well but we have noticed in the past few weeks that more spam is getting through. Writing new rules doesn't seem to make much of a difference. What can we look at to start reducing the level of incoming spam?

A couple of years ago, we set up a Linux box running Postfix, SpamAssassin and Amavisd to try and reduce the amount of spam we were getting on our mail server. We used the latest versions of each product. It has done pretty well but we have noticed in the past few weeks that more spam is getting through. Writing new rules doesn't seem to make much of a difference. What can we look at to start reducing the level of incoming spam?

--Via the Internet

If you haven't made any changes lately, first find out the versions of the installed packages on the server. Then find out what the latest versions are that you will be upgrading to. Untar the packages and look through any of the readme files as well as any references to upgrades. Now would be a good time to back up the main.cf and master.cf for Postfix, amavisd.conf for Amavisd and local.cf for SpamAssassin. Depending on the upgrade you're doing, you could need the old copies of these files to get things back up and running in a short period of time.

After you get the upgrade done and have verified everything is OK, there are several things you may want to think about implementing to further reduce incoming spam. Use the tail command as follows - tail -f /var/log/maillog | grep SPAM. This will reduce the amount of info displayed by the tail command so you can see just what SpamAssassin is stopping. The default level to discard incoming e-mail and send them to a quarantine mailbox if so configured is 5.0. I found out recently that in the combination of packages you mentioned the spam level is controlled by amasisd.conf and not local.cf in SpamAssassin. In this case, your default spam tag level may be higher than 5. I have run a SpamAssassin server as low as a score of 4 and have not had any false positives.

In upgrading SpamAssassin to the latest version, you are also upgrading to the latest rule set that ships with it. You're also implementing a newer SpamAssassin engine that should help catch some of the latest graphic-content-based e-mail that may be nothing more than a .gif file for the body of the message. I would also suggest you take a look at the SARE ruleset. This is an excellent collection of rules that are periodically updated. Subscribe to the SpamAssassin listserv and you will find other references to rules available for download. Some you may want and not others. That's the nice thing about open source, you can pick and choose things to get them to where you want them to be.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies