Hey all.
Have spent the last couple of days pouring through Qmail and SA documentation. This thread is meant to be a community contrib whereby we help each other reduce amount of spam delivered to our respective clients.
On my end the server was a bit, let’s say, rusty. First things first, make sure your system is up-to-date. In my case I needed the EPEL and RpmForge repos added (rusty indeed) in order to get the latest packages for my Centos 5.x install.
Next up, see what’s missing functionality-wise in default SA install.
/usr/bin/spamassassin -D --lint
You’ll likely see entries like, “module not installed: …”. In my case I was missing Mail::SPF, Geo::IP and a few others. Yum search for applicable missing modules filled in the missing blanks (most are optional so don’t sweat it if yum searches come up empty in some cases). Can install a la
yum install 'perl(Module::Name)'
Ok, now run through
/etc/mail/spamassassin/*.pre
files and explore available plugins.
RelayCountry is a nice way to block our friends the enemy from sending any mail to our server (e.g. country code CN for starters in your local.cf). With the Geo::IP module installed as per above you can enable/uncomment the RelayCountry plugin line in your
/etc/mail/spamassassin/init.pre
. I also enabled DKIM and Rule2XSBody plugins (after yum installing of course). The latter allows you to
sa-compile
rules to binary which should give a nice speed up on the rule processing front. Check out the Perl doc for other plugins that might be of interest in your setup.
Next, deal with the URIBL blocking your DNS lookups (if you’re affected you’ll see “URIBL_BLOCKED” in your X-Spam-Status line of mime headers). Since we get DJBDNS and nameserver caching for free with Interworx, can just add
dns_server 127.0.0.1
to your local.cf. Should point out that if I add 127.0.0.1 to my /etc/resolve.conf all dns lookups become exceptionally slow. Personally I just roll with Google’s 8.8.8.8 and 8.8.4.4 in my /etc/resolve.conf. If everything works you’ll be seeing “URIBl_Black” and friends in X-Spam-Status line.
Have yet to tweak SA rules from default scores, some of them seem a bit too tolerant for my likeing. At any rate with above enhancements clients are already reporting spam symptom relief 
More work to do but at least some progress in place of powerlessness.
p.s. this may be the default, but if not and your users are all on western charset,
ok_locales en
in your local.cf to at least reduce the spam deluge to characters you and your users can read.
p.p.s. I turned off Bayes as none of my clients were training the filter and it seemed to be doing more harm than good (i.e. jacking up spam score for every inbound message, spam or not). I’ll enable it again once SA itself is fully tuned (another iworx user suggested server-wide Bayes with autolearn off).