SpamAssassin: Spam Filtering

Quick Navigator

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
* Sign Up! *

Support
Customer Portal
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits

Introduction

SpamAssassin is the long-standing open-source spam filter. It scores each message against hundreds of rules — suspicious phrasing, forged headers, known-bad URLs, blocklist hits, and (once trained) a Bayesian statistical filter — and tags anything over a threshold so it can be filed into a Junk folder or rejected outright.

This page assumes you have already set up Sendmail and Dovecot as described on The Mail Server. Setting SpamAssassin up has two halves: wiring it into the system, and tuning SpamAssassin's own configuration.

At the System Level

Install SpamAssassin and the small "milter" that lets Sendmail hand each message to it, then pull down the current rule set (SpamAssassin ships with almost none, on purpose, so they stay fresh) and run it as a fast background daemon — spamd — rather than starting the Perl interpreter for every message.

On FreeBSD 15:

# pkg install spamassassin spamass-milter # sa-update # download the latest rules # sysrc spamd_enable=YES # sysrc spamd_flags="-c -m 5 --max-conn-per-child=16" # -c = use per-user prefs # service sa-spamd start # sysrc spamass_milter_enable=YES # service spamass-milter start

On Rocky Linux 10: (the packages are in EPEL — see Installing Software)

# dnf install spamassassin spamass-milter # sa-update # download the latest rules # systemctl enable --now spamassassin # the spamd daemon # systemctl enable --now spamass-milter

Then tell Sendmail to consult the milter by adding this line to its .mc file and rebuilding (editing and rebuilding .mc is covered on the mail server page). The socket path differs slightly between the two systems:

# FreeBSD INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl # Rocky Linux INPUT_MAIL_FILTER(`spamassassin', `S=local:/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl

Finally, keep the rules current automatically — stale rules are far less effective. Add a nightly sa-update to root's crontab:

# FreeBSD 17 4 * * * /usr/local/bin/sa-update && /usr/sbin/service sa-spamd reload # Rocky Linux 17 4 * * * /usr/bin/sa-update && /usr/bin/systemctl reload spamassassin

Tuning SpamAssassin

SpamAssassin's own settings live in local.cf — under /usr/local/etc/mail/spamassassin/ on FreeBSD, or /etc/mail/spamassassin/ on Rocky Linux. The most commonly adjusted settings:

required_score 5.0 # score at/above which mail is marked spam (lower = more aggressive) rewrite_header Subject [SPAM] # prefix the Subject of spam so a client rule can file it report_safe 1 # attach the original as a safe .eml, rather than altering it inline # Bayesian learning -- improves a lot once it has seen some mail use_bayes 1 bayes_auto_learn 1 # Always-allow and always-deny senders (note the underscores) allowlist_from *@trusted-partner.com denylist_from *@spammy-domain.example # Trust your own network so internal/relayed mail isn't penalized trusted_networks 127.0.0.0/8

After editing local.cf, check that it parses and reload the daemon:

# spamassassin --lint # report any configuration errors (silence = good) # service sa-spamd reload # FreeBSD (Rocky: systemctl reload spamassassin)

Training the Bayesian Filter

Training the Bayesian filter is what turns SpamAssassin from "decent" into "very good." Feed it examples of each kind of mail; the more it sees, the sharper it gets:

$ sa-learn --spam ~/Maildir/.Junk/cur # these are spam $ sa-learn --ham ~/Maildir/cur # these are legitimate $ sa-learn --dump magic # show how many messages it has learned

A practical workflow: tell your users to drag misfiled mail into (or out of) their Junk folder, then run sa-learn over those folders nightly from cron, so the filter keeps adapting to the mail your server actually receives.

TIP: Test your setup end-to-end with the GTUBE string — a harmless, standardized test pattern that SpamAssassin always scores as spam. Send yourself a message whose body is the GTUBE line (search "SpamAssassin GTUBE" for the exact text) and confirm it gets tagged. That proves the milter, spamd, and your scoring are all wired together. SpamAssassin is also CPU- and memory-hungry on a small VPS — if you run ClamAV alongside it, watch top to confirm there is headroom.

Documentation

The spamassassin(1), spamd(1), sa-learn(1), and Mail::SpamAssassin::Conf(3) manual pages cover the command-line tools and every configuration option. The project also publishes a full wiki:

SpamAssassin Documentation