2017-10-22 19:31:54 +02:00
|
|
|
|
---
|
|
|
|
|
categories: mail
|
|
|
|
|
title: Howto SpamAssassin
|
|
|
|
|
...
|
|
|
|
|
|
|
|
|
|
* Documentation : <http://spamassassin.apache.org/doc.html>
|
|
|
|
|
|
2022-09-07 14:33:17 +02:00
|
|
|
|
[SpamAssassin](http://spamassassin.apache.org/) est un filtre pour évaluer si des emails sont des spams ou pas.
|
2017-10-22 19:31:54 +02:00
|
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
|
2018-06-08 16:40:05 +02:00
|
|
|
|
Son intégration demande seulement l'installation des paquets suivants :
|
2017-10-22 19:31:54 +02:00
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# apt install spamassassin spamc
|
|
|
|
|
~~~
|
|
|
|
|
|
2022-05-12 16:26:31 +02:00
|
|
|
|
Le service systemd n'est plus nécessaire car SpamAssassin est maintenant intégré dans [Amavis](/HowtoAmavis).
|
2017-10-22 19:31:54 +02:00
|
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
required_score 5
|
|
|
|
|
report_safe 0
|
|
|
|
|
rewrite_header Subject [SPAM]
|
|
|
|
|
add_header all Report _REPORT_
|
|
|
|
|
|
|
|
|
|
# filtre bayesien
|
|
|
|
|
# mkdir -p /var/spool/spam
|
|
|
|
|
use_bayes 1
|
|
|
|
|
bayes_auto_learn 1
|
|
|
|
|
bayes_path /var/spool/spam/bayes
|
|
|
|
|
bayes_file_mode 0777
|
|
|
|
|
|
|
|
|
|
# AWL : AutoWhitelist
|
|
|
|
|
# mkdir -p /var/spool/spam
|
|
|
|
|
loadplugin Mail::SpamAssassin::Plugin::AWL
|
|
|
|
|
use_auto_whitelist 1
|
|
|
|
|
auto_whitelist_path /var/spool/spam/auto_whitelist
|
|
|
|
|
auto_whitelist_file_mode 0666
|
|
|
|
|
|
|
|
|
|
# LANG TESTS
|
|
|
|
|
Mail::SpamAssassin::Plugin::TextCat
|
|
|
|
|
ok_languages en fr es it
|
|
|
|
|
ok_locales en fr es it
|
|
|
|
|
|
|
|
|
|
score BODY_8BITS 1.500
|
|
|
|
|
score CHARSET_FARAWAY 3.200
|
|
|
|
|
score CHARSET_FARAWAY_HEADER 3.200
|
|
|
|
|
score HTML_CHARSET_FARAWAY 0.500
|
|
|
|
|
score MIME_CHARSET_FARAWAY 2.450
|
|
|
|
|
score UNWANTED_LANGUAGE_BODY 2.800
|
|
|
|
|
|
|
|
|
|
# DCC
|
|
|
|
|
# use_dcc 1 => un plugin maintenant...
|
|
|
|
|
score DCC_CHECK 2.9
|
|
|
|
|
|
|
|
|
|
# RAZOR : <http://razor.sourceforge.net>
|
|
|
|
|
use_razor2 1
|
|
|
|
|
razor_timeout 10
|
|
|
|
|
score RAZOR2_CHECK 2.9
|
|
|
|
|
score RAZOR2_CF_RANGE_51_100 1.3
|
|
|
|
|
|
|
|
|
|
# pyzor : <http://pyzor.sourceforge.net/>
|
|
|
|
|
use_pyzor 0
|
|
|
|
|
|
|
|
|
|
# RBL (Realtime Blackhole List)
|
|
|
|
|
skip_rbl_checks 0
|
|
|
|
|
score RCVD_IN_BL_SPAMCOP_NET 3
|
|
|
|
|
|
|
|
|
|
# misc
|
|
|
|
|
score HELO_DYNAMIC_IPADDR 0.3
|
|
|
|
|
score BIZ_TLD 0.1
|
|
|
|
|
score PRIORITY_NO_NAME 0.2
|
|
|
|
|
|
|
|
|
|
# disable HTML tests
|
|
|
|
|
|
|
|
|
|
score HTML_MESSAGE 0
|
|
|
|
|
score HTML_00_10 0
|
|
|
|
|
score HTML_10_20 0
|
|
|
|
|
score HTML_20_30 0
|
|
|
|
|
score HTML_30_40 0
|
|
|
|
|
score HTML_40_50 0
|
|
|
|
|
score HTML_50_60 0
|
|
|
|
|
score HTML_60_70 0
|
|
|
|
|
score HTML_70_80 0
|
|
|
|
|
score HTML_80_90 0
|
|
|
|
|
score HTML_90_100 0
|
|
|
|
|
#score HTML_COMMENT_8BITS 0
|
|
|
|
|
score UPPERCASE_25_50 0
|
|
|
|
|
score UPPERCASE_50_75 0
|
|
|
|
|
score UPPERCASE_75_100 0
|
|
|
|
|
score MIME_HTML_ONLY 0.1
|
|
|
|
|
# From <http://maxime.ritter.eu.org/Spam/user_prefs>
|
|
|
|
|
# Trop de faux negatifs avec BAYES_(0|1|2|3|4)*
|
|
|
|
|
score BAYES_00 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_01 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_10 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_20 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_30 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_40 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_44 0 0 -0.01 -0.01
|
|
|
|
|
score BAYES_50 0 0 0.1 0.1
|
|
|
|
|
score BAYES_56 0 0 0.5 0.5
|
|
|
|
|
score BAYES_60 0 0 1.0 1.0
|
|
|
|
|
score BAYES_70 0 0 2.5 2.5
|
|
|
|
|
score BAYES_80 0 0 3.5 3.5
|
|
|
|
|
score BAYES_90 0 0 4.5 4.5
|
|
|
|
|
score BAYES_99 0 0 8.0 8.0
|
|
|
|
|
|
|
|
|
|
score RCVD_IN_SORBS_DUL 0.3
|
|
|
|
|
score SUBJ_ILLEGAL_CHARS 0
|
|
|
|
|
score RCVD_IN_NJABL_DUL 0.3
|
|
|
|
|
|
|
|
|
|
score ADDRESS_IN_SUBJECT 0.1
|
|
|
|
|
|
|
|
|
|
score HELO_LH_HOME 1.0
|
|
|
|
|
|
|
|
|
|
#internal_networks 192.168.XXX/24
|
|
|
|
|
trusted_networks 31.170.8.33 31.170.8.15 62.212.111.216 88.179.18.233 85.118.59.50
|
|
|
|
|
#score ALL_TRUSTED 0.3
|
|
|
|
|
score HELO_DYNAMIC_IPADDR 0.3
|
|
|
|
|
|
|
|
|
|
score FORGED_MUA_OUTLOOK 0.5
|
|
|
|
|
|
|
|
|
|
# Eudora sucks
|
|
|
|
|
score EXTRA_MPART_TYPE 0.1
|
|
|
|
|
score MIME_BOUND_EQ_REL 0.1
|
|
|
|
|
score MIME_QP_LONG_LINE 0.1
|
|
|
|
|
|
|
|
|
|
# SMTP senders *have* dynamic IP addresses
|
|
|
|
|
# A.B.C.D.dnsbl.sorbs.net -> 127.0.0.10
|
|
|
|
|
score RCVD_IN_DYNABLOCK 0
|
|
|
|
|
score HELO_DYNAMIC_IPADDR 0.3
|
|
|
|
|
score RCVD_IN_SORBS 0.1
|
|
|
|
|
score RCVD_IN_PBL 0.1
|
|
|
|
|
score RCVD_IN_SORBS_DUL 0
|
|
|
|
|
|
|
|
|
|
# old bug...
|
|
|
|
|
score FH_DATE_PAST_20XX 0.0
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
### AWL : AutoWhiteList
|
|
|
|
|
|
|
|
|
|
SpamAssassin a un puissant outil d’AWL si l’on définit bien une liste d’emails / expéditeurs avant de l’initialiser.
|
|
|
|
|
Néanmoins, il faut le maintenir.
|
|
|
|
|
|
|
|
|
|
Pour lister sa whitelist (couple email / 2 1er octets de l’IP)
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# sa-awl /var/spool/spam/auto_whitelist
|
|
|
|
|
|
|
|
|
|
AVG (TOTSCORE/COUNT) -- EMAIL|ip=IPBASE
|
|
|
|
|
|
|
|
|
|
AVG est le score moyen
|
|
|
|
|
TOTSCORE est le score total des mails
|
|
|
|
|
COUNT est le nombre de mails
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Pour supprimer les entrées “vues” moins de 2 fois :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# sa-awl --clean --min 2 /var/spool/spam/auto_whitelist
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Pour supprimer des entrées particulières :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# spamassassin --remove-addr-from-whitelist=foo@bar
|
|
|
|
|
SpamAssassin auto-whitelist: removing address: foo@bar
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Administration
|
|
|
|
|
|
|
|
|
|
### Whitelist / blacklist
|
|
|
|
|
|
|
|
|
|
Par utilisateur (`~/.spamassassin/user_prefs`) ou global :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
whitelist_from jdoe@example.org
|
|
|
|
|
whitelist_from *@example.com
|
|
|
|
|
blacklist_from bad@example.net
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
|